[neon/ubuntu-core/ago/generate-model-in-ci] debian: Add CI scripts to commit model files

Antoine Gonzalez null at kde.org
Wed Jul 17 15:22:24 BST 2024 

Git commit 5d1e6fc14530fc6a9ea38611c1657689e4e6754c by Antoine Gonzalez.
Committed on 17/07/2024 at 14:22.
Pushed by daspood into branch 'ago/generate-model-in-ci'.

Add CI scripts to commit model files

M  +3    -1    debian/.gitlab-ci-neon.yml
A  +52   -0    debian/snap-image-model-dangerous.yml
A  +52   -0    debian/snap-image-model-signed.yml

https://invent.kde.org/neon/ubuntu-core/-/commit/5d1e6fc14530fc6a9ea38611c1657689e4e6754c

diff --git a/debian/.gitlab-ci-neon.yml b/debian/.gitlab-ci-neon.yml
index 34baa18..a82ce43 100644
--- a/debian/.gitlab-ci-neon.yml
+++ b/debian/.gitlab-ci-neon.yml
@@ -5,7 +5,9 @@ include:
   - project: sysadmin/ci-utilities
     file:
       - /gitlab-templates/snap-image-dangerous.yml
-#      - /gitlab-templates/snap-image-signed.ymlv
+#      - /gitlab-templates/snap-image-signed.yml
+      - ./snap-image-model-dangerous.yml
+#      - ./snap-image-model-signed.yml
 default:
   before_script:
     - echo KDECI_GITLAB_TOKEN=$KDECI_GITLAB_TOKEN
\ No newline at end of file
diff --git a/debian/snap-image-model-dangerous.yml b/debian/snap-image-model-dangerous.yml
new file mode 100644
index 0000000..f4f4da2
--- /dev/null
+++ b/debian/snap-image-model-dangerous.yml
@@ -0,0 +1,52 @@
+include:
+  - /gitlab-templates/blocks/snap-base.yml
+  - /gitlab-templates/blocks/workflow.yml
+
+snap_image_model_dangerous:
+  extends: .snap_base
+  inherit:
+    default: true
+  script:  # Have to duplicate most of the snap-image code as the default `make` command will remove the model file
+    # make sure there is a snap specific so gpg deosn't freak out
+    - mkdir -p -m 0700 ¬/.snap/gnupg/
+    - mkdir -p -m 0700 ¬/.snap/gnupg/private-keys-v1.d/
+    # export it as a env var for convenience
+    - export GNUPGHOME=¬/.snap/gnupg/
+    # test the env var
+    - echo $GNUPGHOME
+    # copy in the required exported login creds so that snapcraft whoami works
+    - echo $KDE_NEON_CORE_IMAGE_KEY > kde-neon-core-image-key
+    # feed snap's gpg the required key
+    - echo $PRIVATE_KEY | base64 --decode | gpg --batch --import
+    # make sure the key is trusted
+    - gpg --import-ownertrust <(echo "$OWNER_TRUST")
+    # test the keys
+    - gpg --list-keys
+    # test the login
+    - snapcraft whoami
+    # build the model with the project's tooling
+    - echo re-generating model for $KDE_SNAP_MODULE_NAME in dangerous mode ...
+    - make kde-neon-core-dangerous-amd64.model 2>&1 | tee task.log
+    # make the artifacts dir
+    - mkdir -p $CI_PROJECT_DIR/.kde-ci-packages/
+    # copy the new model to the artifacts dir
+    - cp -vf ./*.model  $CI_PROJECT_DIR/.kde-ci-packages/
+    # push the new model to gitlab
+    - git config user.email "kde-neon-core-model-bot at kde.net"
+    - git config user.name "kde-neon-core-model-bot"
+    - git remote add gitlab_origin https://oauth2:$UBUNTU_NEON_CORE_ACCESS_TOKEN@invent.kde.org:neon/ubuntu-core.git
+    - git add kde-neon-core-dangerous-amd64.model
+    - git commit -m "Update signed model file"
+    - git push gitlab_origin HEAD:main -o ci.skip
+  interruptible: true
+  after_script:
+    # delete the gpg keyring
+    - rm -rf ¬/.snap/gnupg
+    # delete the snapcraft auth creds
+    - rm kde-neon-core-image-key
+  rules:
+    changes:
+      - kde-neon-core-amd64.json  # Only re-generate the models when the base model file is changed
+  only:
+    refs:
+      - master  # Only re-generate the models for changes that make it to master
diff --git a/debian/snap-image-model-signed.yml b/debian/snap-image-model-signed.yml
new file mode 100644
index 0000000..d84d5f0
--- /dev/null
+++ b/debian/snap-image-model-signed.yml
@@ -0,0 +1,52 @@
+include:
+  - /gitlab-templates/blocks/snap-base.yml
+  - /gitlab-templates/blocks/workflow.yml
+
+snap_image_model_signed:
+  extends: .snap_base
+  inherit:
+    default: true
+  script:  # Have to duplicate most of the snap-image code as the default `make` command will remove the model file
+    # make sure there is a snap specific so gpg deosn't freak out
+    - mkdir -p -m 0700 ¬/.snap/gnupg/
+    - mkdir -p -m 0700 ¬/.snap/gnupg/private-keys-v1.d/
+    # export it as a env var for convenience
+    - export GNUPGHOME=¬/.snap/gnupg/
+    # test the env var
+    - echo $GNUPGHOME
+    # copy in the required exported login creds so that snapcraft whoami works
+    - echo $KDE_NEON_CORE_IMAGE_KEY > kde-neon-core-image-key
+    # feed snap's gpg the required key
+    - echo $PRIVATE_KEY | base64 --decode | gpg --batch --import
+    # make sure the key is trusted
+    - gpg --import-ownertrust <(echo "$OWNER_TRUST")
+    # test the keys
+    - gpg --list-keys
+    # test the login
+    - snapcraft whoami
+    # build the model with the project's tooling
+    - echo re-generating model for $KDE_SNAP_MODULE_NAME in signed mode ...
+    - make kde-neon-core-dangerous-amd64.model 2>&1 | tee task.log
+    # make the artifacts dir
+    - mkdir -p $CI_PROJECT_DIR/.kde-ci-packages/
+    # copy the new model to the artifacts dir
+    - cp -vf ./*.model  $CI_PROJECT_DIR/.kde-ci-packages/
+    # push the new model to gitlab
+    - git config user.email "kde-neon-core-model-bot at kde.org"
+    - git config user.name "kde-neon-core model-bot"
+    - git remote add gitlab_origin https://oauth2:$UBUNTU_NEON_CORE_ACCESS_TOKEN@invent.kde.org:neon/ubuntu-core.git
+    - git add kde-neon-core-signed-amd64.model
+    - git commit -m "Update signed model file"
+    - git push gitlab_origin HEAD:main -o ci.skip
+  interruptible: true
+  after_script:
+    # delete the gpg keyring
+    - rm -rf ¬/.snap/gnupg
+    # delete the snapcraft auth creds
+    - rm kde-neon-core-image-key
+  rules:
+    changes:
+      - kde-neon-core-amd64.json  # Only re-generate the models when the base model file is changed
+  only:
+    refs:
+      - master  # Only re-generate the models for changes that make it to master

More information about the Neon-commits mailing list