diff --git a/.github/docker/debian/bookworm/amd64/public.release.Dockerfile b/.github/docker/debian/bookworm/amd64/public.release.Dockerfile new file mode 100644 index 0000000000..e6ec64661e --- /dev/null +++ b/.github/docker/debian/bookworm/amd64/public.release.Dockerfile @@ -0,0 +1,103 @@ +ARG BUILDER_IMAGE=debian:bookworm-20240513 + +FROM ${BUILDER_IMAGE} AS builder + +ARG MAINTAINER_NAME="Andrey Volk" +ARG MAINTAINER_EMAIL="andrey@signalwire.com" + +# Credentials +ARG REPO_DOMAIN=freeswitch.signalwire.com +ARG REPO_USERNAME=user + +ARG BUILD_NUMBER=42 +ARG GIT_SHA=0000000000 + +ARG DATA_DIR=/data +ARG CODENAME=bookworm +ARG GPG_KEY="/usr/share/keyrings/signalwire-freeswitch-repo.gpg" + +MAINTAINER "${MAINTAINER_NAME} <${MAINTAINER_EMAIL}>" + +SHELL ["/bin/bash", "-c"] + +RUN apt-get -q update && \ + DEBIAN_FRONTEND=noninteractive apt-get -yq install \ + apt-transport-https \ + build-essential \ + ca-certificates \ + cmake \ + curl \ + debhelper \ + devscripts \ + dh-autoreconf \ + dos2unix \ + doxygen \ + git \ + graphviz \ + libglib2.0-dev \ + libssl-dev \ + lsb-release \ + pkg-config \ + wget + +RUN update-ca-certificates --fresh + +RUN echo "export CODENAME=${CODENAME}" | tee ~/.env && \ + chmod +x ~/.env + +RUN . ~/.env && cat < /etc/apt/sources.list.d/freeswitch.list +deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-release ${CODENAME} main +deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-release ${CODENAME} main +EOF + +RUN git config --global --add safe.directory '*' \ + && git config --global user.name "${MAINTAINER_NAME}" \ + && git config --global user.email "${MAINTAINER_EMAIL}" + +# Bootstrap and Build +COPY . ${DATA_DIR} +WORKDIR ${DATA_DIR} +RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a ~/.env + +RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x +RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME} + +RUN --mount=type=secret,id=REPO_PASSWORD,required=true \ + printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ + printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ + printf "password " >> /etc/apt/auth.conf && \ + cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \ + sha512sum /run/secrets/REPO_PASSWORD && \ + curl \ + --fail \ + --netrc-file /etc/apt/auth.conf \ + --output ${GPG_KEY} \ + https://${REPO_DOMAIN}/repo/deb/debian-release/signalwire-freeswitch-repo.gpg && \ + file ${GPG_KEY} && \ + apt-get --quiet update && \ + mk-build-deps \ + --install \ + --remove debian/control \ + --tool "apt-get --yes --no-install-recommends" && \ + apt-get --yes --fix-broken install && \ + rm -f /etc/apt/auth.conf + +ENV DEB_BUILD_OPTIONS="parallel=1" +RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ + --force-distribution -D "${CODENAME}" "Nightly build, ${GIT_SHA}" + +RUN . ~/.env && ./debian/util.sh create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x + +RUN dpkg-source \ + --diff-ignore=.* \ + --compression=xz \ + --compression-level=9 \ + --build \ + . \ + && debuild -b -us -uc \ + && mkdir OUT \ + && mv -v ../*.{deb,dsc,changes,tar.*} OUT/. + +# Artifacts image (mandatory part, the resulting image must have a single filesystem layer) +FROM scratch +COPY --from=builder /data/OUT/ / diff --git a/.github/docker/debian/bookworm/amd64/Dockerfile b/.github/docker/debian/bookworm/amd64/public.unstable.Dockerfile similarity index 100% rename from .github/docker/debian/bookworm/amd64/Dockerfile rename to .github/docker/debian/bookworm/amd64/public.unstable.Dockerfile diff --git a/.github/docker/debian/bookworm/arm32v7/public.release.Dockerfile b/.github/docker/debian/bookworm/arm32v7/public.release.Dockerfile new file mode 100644 index 0000000000..d636a0c6ea --- /dev/null +++ b/.github/docker/debian/bookworm/arm32v7/public.release.Dockerfile @@ -0,0 +1,102 @@ +ARG BUILDER_IMAGE=arm32v7/debian:bookworm-20240513 + +FROM --platform=linux/arm32 ${BUILDER_IMAGE} AS builder + +ARG MAINTAINER_NAME="Andrey Volk" +ARG MAINTAINER_EMAIL="andrey@signalwire.com" + +# Credentials +ARG REPO_DOMAIN=freeswitch.signalwire.com +ARG REPO_USERNAME=user + +ARG BUILD_NUMBER=42 +ARG GIT_SHA=0000000000 + +ARG DATA_DIR=/data +ARG CODENAME=bookworm +ARG GPG_KEY="/usr/share/keyrings/signalwire-freeswitch-repo.gpg" + +MAINTAINER "${MAINTAINER_NAME} <${MAINTAINER_EMAIL}>" + +SHELL ["/bin/bash", "-c"] + +RUN apt-get -q update && \ + DEBIAN_FRONTEND=noninteractive apt-get -yq install \ + apt-transport-https \ + build-essential \ + ca-certificates \ + cmake \ + curl \ + debhelper \ + devscripts \ + dh-autoreconf \ + dos2unix \ + doxygen \ + git \ + graphviz \ + libglib2.0-dev \ + libssl-dev \ + lsb-release \ + pkg-config \ + wget + +RUN update-ca-certificates --fresh + +RUN echo "export CODENAME=${CODENAME}" | tee ~/.env && \ + chmod +x ~/.env + +RUN . ~/.env && cat < /etc/apt/sources.list.d/freeswitch.list +deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-release ${CODENAME} main +deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-release ${CODENAME} main +EOF + +RUN git config --global --add safe.directory '*' \ + && git config --global user.name "${MAINTAINER_NAME}" \ + && git config --global user.email "${MAINTAINER_EMAIL}" + +# Bootstrap and Build +COPY . ${DATA_DIR} +WORKDIR ${DATA_DIR} +RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a ~/.env + +RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x +RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME} + +RUN --mount=type=secret,id=REPO_PASSWORD,required=true \ + printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ + printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ + printf "password " >> /etc/apt/auth.conf && \ + cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \ + sha512sum /run/secrets/REPO_PASSWORD && \ + curl \ + --fail \ + --netrc-file /etc/apt/auth.conf \ + --output ${GPG_KEY} \ + https://${REPO_DOMAIN}/repo/deb/rpi/debian-release/signalwire-freeswitch-repo.gpg && \ + file ${GPG_KEY} && \ + apt-get --quiet update && \ + mk-build-deps \ + --install \ + --remove debian/control \ + --tool "apt-get --yes --no-install-recommends" && \ + apt-get --yes --fix-broken install && \ + rm -f /etc/apt/auth.conf + +ENV DEB_BUILD_OPTIONS="parallel=1" +RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ + --force-distribution -D "${CODENAME}" "Nightly build, ${GIT_SHA}" +RUN . ~/.env && ./debian/util.sh create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x + +RUN dpkg-source \ + --diff-ignore=.* \ + --compression=xz \ + --compression-level=9 \ + --build \ + . \ + && debuild -b -us -uc \ + && mkdir OUT \ + && mv -v ../*.{deb,dsc,changes,tar.*} OUT/. + +# Artifacts image (mandatory part, the resulting image must have a single filesystem layer) +FROM scratch +COPY --from=builder /data/OUT/ / diff --git a/.github/docker/debian/bookworm/arm32v7/Dockerfile b/.github/docker/debian/bookworm/arm32v7/public.unstable.Dockerfile similarity index 100% rename from .github/docker/debian/bookworm/arm32v7/Dockerfile rename to .github/docker/debian/bookworm/arm32v7/public.unstable.Dockerfile diff --git a/.github/docker/debian/bookworm/arm64v8/public.release.Dockerfile b/.github/docker/debian/bookworm/arm64v8/public.release.Dockerfile new file mode 100644 index 0000000000..5c34022d29 --- /dev/null +++ b/.github/docker/debian/bookworm/arm64v8/public.release.Dockerfile @@ -0,0 +1,102 @@ +ARG BUILDER_IMAGE=arm64v8/debian:bookworm-20240513 + +FROM --platform=linux/arm64 ${BUILDER_IMAGE} AS builder + +ARG MAINTAINER_NAME="Andrey Volk" +ARG MAINTAINER_EMAIL="andrey@signalwire.com" + +# Credentials +ARG REPO_DOMAIN=freeswitch.signalwire.com +ARG REPO_USERNAME=user + +ARG BUILD_NUMBER=42 +ARG GIT_SHA=0000000000 + +ARG DATA_DIR=/data +ARG CODENAME=bookworm +ARG GPG_KEY="/usr/share/keyrings/signalwire-freeswitch-repo.gpg" + +MAINTAINER "${MAINTAINER_NAME} <${MAINTAINER_EMAIL}>" + +SHELL ["/bin/bash", "-c"] + +RUN apt-get -q update && \ + DEBIAN_FRONTEND=noninteractive apt-get -yq install \ + apt-transport-https \ + build-essential \ + ca-certificates \ + cmake \ + curl \ + debhelper \ + devscripts \ + dh-autoreconf \ + dos2unix \ + doxygen \ + git \ + graphviz \ + libglib2.0-dev \ + libssl-dev \ + lsb-release \ + pkg-config \ + wget + +RUN update-ca-certificates --fresh + +RUN echo "export CODENAME=${CODENAME}" | tee ~/.env && \ + chmod +x ~/.env + +RUN . ~/.env && cat < /etc/apt/sources.list.d/freeswitch.list +deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-release ${CODENAME} main +deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-release ${CODENAME} main +EOF + +RUN git config --global --add safe.directory '*' \ + && git config --global user.name "${MAINTAINER_NAME}" \ + && git config --global user.email "${MAINTAINER_EMAIL}" + +# Bootstrap and Build +COPY . ${DATA_DIR} +WORKDIR ${DATA_DIR} +RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a ~/.env + +RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x +RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME} + +RUN --mount=type=secret,id=REPO_PASSWORD,required=true \ + printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ + printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ + printf "password " >> /etc/apt/auth.conf && \ + cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \ + sha512sum /run/secrets/REPO_PASSWORD && \ + curl \ + --fail \ + --netrc-file /etc/apt/auth.conf \ + --output ${GPG_KEY} \ + https://${REPO_DOMAIN}/repo/deb/debian-release/signalwire-freeswitch-repo.gpg && \ + file ${GPG_KEY} && \ + apt-get --quiet update && \ + mk-build-deps \ + --install \ + --remove debian/control \ + --tool "apt-get --yes --no-install-recommends" && \ + apt-get --yes --fix-broken install && \ + rm -f /etc/apt/auth.conf + +ENV DEB_BUILD_OPTIONS="parallel=1" +RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ + --force-distribution -D "${CODENAME}" "Nightly build, ${GIT_SHA}" +RUN . ~/.env && ./debian/util.sh create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x + +RUN dpkg-source \ + --diff-ignore=.* \ + --compression=xz \ + --compression-level=9 \ + --build \ + . \ + && debuild -b -us -uc \ + && mkdir OUT \ + && mv -v ../*.{deb,dsc,changes,tar.*} OUT/. + +# Artifacts image (mandatory part, the resulting image must have a single filesystem layer) +FROM scratch +COPY --from=builder /data/OUT/ / diff --git a/.github/docker/debian/bookworm/arm64v8/Dockerfile b/.github/docker/debian/bookworm/arm64v8/public.unstable.Dockerfile similarity index 100% rename from .github/docker/debian/bookworm/arm64v8/Dockerfile rename to .github/docker/debian/bookworm/arm64v8/public.unstable.Dockerfile diff --git a/.github/docker/debian/bullseye/amd64/public.release.Dockerfile b/.github/docker/debian/bullseye/amd64/public.release.Dockerfile new file mode 100644 index 0000000000..94c5e335b2 --- /dev/null +++ b/.github/docker/debian/bullseye/amd64/public.release.Dockerfile @@ -0,0 +1,102 @@ +ARG BUILDER_IMAGE=debian:bullseye-20240513 + +FROM ${BUILDER_IMAGE} AS builder + +ARG MAINTAINER_NAME="Andrey Volk" +ARG MAINTAINER_EMAIL="andrey@signalwire.com" + +# Credentials +ARG REPO_DOMAIN=freeswitch.signalwire.com +ARG REPO_USERNAME=user + +ARG BUILD_NUMBER=42 +ARG GIT_SHA=0000000000 + +ARG DATA_DIR=/data +ARG CODENAME=bullseye +ARG GPG_KEY="/usr/share/keyrings/signalwire-freeswitch-repo.gpg" + +MAINTAINER "${MAINTAINER_NAME} <${MAINTAINER_EMAIL}>" + +SHELL ["/bin/bash", "-c"] + +RUN apt-get -q update && \ + DEBIAN_FRONTEND=noninteractive apt-get -yq install \ + apt-transport-https \ + build-essential \ + ca-certificates \ + cmake \ + curl \ + debhelper \ + devscripts \ + dh-autoreconf \ + dos2unix \ + doxygen \ + git \ + graphviz \ + libglib2.0-dev \ + libssl-dev \ + lsb-release \ + pkg-config \ + wget + +RUN update-ca-certificates --fresh + +RUN echo "export CODENAME=${CODENAME}" | tee ~/.env && \ + chmod +x ~/.env + +RUN . ~/.env && cat < /etc/apt/sources.list.d/freeswitch.list +deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-release ${CODENAME} main +deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-release ${CODENAME} main +EOF + +RUN git config --global --add safe.directory '*' \ + && git config --global user.name "${MAINTAINER_NAME}" \ + && git config --global user.email "${MAINTAINER_EMAIL}" + +# Bootstrap and Build +COPY . ${DATA_DIR} +WORKDIR ${DATA_DIR} +RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a ~/.env + +RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x +RUN . ~/.env && ./debian/util.sh prep-create-dsc ${CODENAME} + +RUN --mount=type=secret,id=REPO_PASSWORD,required=true \ + printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ + printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ + printf "password " >> /etc/apt/auth.conf && \ + cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \ + sha512sum /run/secrets/REPO_PASSWORD && \ + curl \ + --fail \ + --netrc-file /etc/apt/auth.conf \ + --output ${GPG_KEY} \ + https://${REPO_DOMAIN}/repo/deb/debian-release/signalwire-freeswitch-repo.gpg && \ + file ${GPG_KEY} && \ + apt-get --quiet update && \ + mk-build-deps \ + --install \ + --remove debian/control \ + --tool "apt-get --yes --no-install-recommends" && \ + apt-get --yes --fix-broken install && \ + rm -f /etc/apt/auth.conf + +ENV DEB_BUILD_OPTIONS="parallel=1" +RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ + --force-distribution -D "${CODENAME}" "Nightly build, ${GIT_SHA}" +RUN . ~/.env && ./debian/util.sh create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x + +RUN dpkg-source \ + --diff-ignore=.* \ + --compression=xz \ + --compression-level=9 \ + --build \ + . \ + && debuild -b -us -uc \ + && mkdir OUT \ + && mv -v ../*.{deb,dsc,changes,tar.*} OUT/. + +# Artifacts image (mandatory part, the resulting image must have a single filesystem layer) +FROM scratch +COPY --from=builder /data/OUT/ / diff --git a/.github/docker/debian/bullseye/amd64/Dockerfile b/.github/docker/debian/bullseye/amd64/public.unstable.Dockerfile similarity index 100% rename from .github/docker/debian/bullseye/amd64/Dockerfile rename to .github/docker/debian/bullseye/amd64/public.unstable.Dockerfile diff --git a/.github/docker/debian/bullseye/arm32v7/public.release.Dockerfile b/.github/docker/debian/bullseye/arm32v7/public.release.Dockerfile new file mode 100644 index 0000000000..200b8dca1a --- /dev/null +++ b/.github/docker/debian/bullseye/arm32v7/public.release.Dockerfile @@ -0,0 +1,102 @@ +ARG BUILDER_IMAGE=arm32v7/debian:bullseye-20240513 + +FROM --platform=linux/arm32 ${BUILDER_IMAGE} AS builder + +ARG MAINTAINER_NAME="Andrey Volk" +ARG MAINTAINER_EMAIL="andrey@signalwire.com" + +# Credentials +ARG REPO_DOMAIN=freeswitch.signalwire.com +ARG REPO_USERNAME=user + +ARG BUILD_NUMBER=42 +ARG GIT_SHA=0000000000 + +ARG DATA_DIR=/data +ARG CODENAME=bullseye +ARG GPG_KEY="/usr/share/keyrings/signalwire-freeswitch-repo.gpg" + +MAINTAINER "${MAINTAINER_NAME} <${MAINTAINER_EMAIL}>" + +SHELL ["/bin/bash", "-c"] + +RUN apt-get -q update && \ + DEBIAN_FRONTEND=noninteractive apt-get -yq install \ + apt-transport-https \ + build-essential \ + ca-certificates \ + cmake \ + curl \ + debhelper \ + devscripts \ + dh-autoreconf \ + dos2unix \ + doxygen \ + git \ + graphviz \ + libglib2.0-dev \ + libssl-dev \ + lsb-release \ + pkg-config \ + wget + +RUN update-ca-certificates --fresh + +RUN echo "export CODENAME=${CODENAME}" | tee ~/.env && \ + chmod +x ~/.env + +RUN . ~/.env && cat < /etc/apt/sources.list.d/freeswitch.list +deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-release ${CODENAME} main +deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/rpi/debian-release ${CODENAME} main +EOF + +RUN git config --global --add safe.directory '*' \ + && git config --global user.name "${MAINTAINER_NAME}" \ + && git config --global user.email "${MAINTAINER_EMAIL}" + +# Bootstrap and Build +COPY . ${DATA_DIR} +WORKDIR ${DATA_DIR} +RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a ~/.env + +RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x +RUN . ~/.env && ./debian/util.sh prep-create-dsc -a armhf ${CODENAME} + +RUN --mount=type=secret,id=REPO_PASSWORD,required=true \ + printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ + printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ + printf "password " >> /etc/apt/auth.conf && \ + cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \ + sha512sum /run/secrets/REPO_PASSWORD && \ + curl \ + --fail \ + --netrc-file /etc/apt/auth.conf \ + --output ${GPG_KEY} \ + https://${REPO_DOMAIN}/repo/deb/rpi/debian-release/signalwire-freeswitch-repo.gpg && \ + file ${GPG_KEY} && \ + apt-get --quiet update && \ + mk-build-deps \ + --install \ + --remove debian/control \ + --tool "apt-get --yes --no-install-recommends" && \ + apt-get --yes --fix-broken install && \ + rm -f /etc/apt/auth.conf + +ENV DEB_BUILD_OPTIONS="parallel=1" +RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ + --force-distribution -D "${CODENAME}" "Nightly build, ${GIT_SHA}" +RUN . ~/.env && ./debian/util.sh create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x + +RUN dpkg-source \ + --diff-ignore=.* \ + --compression=xz \ + --compression-level=9 \ + --build \ + . \ + && debuild -b -us -uc \ + && mkdir OUT \ + && mv -v ../*.{deb,dsc,changes,tar.*} OUT/. + +# Artifacts image (mandatory part, the resulting image must have a single filesystem layer) +FROM scratch +COPY --from=builder /data/OUT/ / diff --git a/.github/docker/debian/bullseye/arm32v7/Dockerfile b/.github/docker/debian/bullseye/arm32v7/public.unstable.Dockerfile similarity index 100% rename from .github/docker/debian/bullseye/arm32v7/Dockerfile rename to .github/docker/debian/bullseye/arm32v7/public.unstable.Dockerfile diff --git a/.github/docker/debian/bullseye/arm64v8/public.release.Dockerfile b/.github/docker/debian/bullseye/arm64v8/public.release.Dockerfile new file mode 100644 index 0000000000..5476c22192 --- /dev/null +++ b/.github/docker/debian/bullseye/arm64v8/public.release.Dockerfile @@ -0,0 +1,102 @@ +ARG BUILDER_IMAGE=arm64v8/debian:bullseye-20240513 + +FROM --platform=linux/arm64 ${BUILDER_IMAGE} AS builder + +ARG MAINTAINER_NAME="Andrey Volk" +ARG MAINTAINER_EMAIL="andrey@signalwire.com" + +# Credentials +ARG REPO_DOMAIN=freeswitch.signalwire.com +ARG REPO_USERNAME=user + +ARG BUILD_NUMBER=42 +ARG GIT_SHA=0000000000 + +ARG DATA_DIR=/data +ARG CODENAME=bullseye +ARG GPG_KEY="/usr/share/keyrings/signalwire-freeswitch-repo.gpg" + +MAINTAINER "${MAINTAINER_NAME} <${MAINTAINER_EMAIL}>" + +SHELL ["/bin/bash", "-c"] + +RUN apt-get -q update && \ + DEBIAN_FRONTEND=noninteractive apt-get -yq install \ + apt-transport-https \ + build-essential \ + ca-certificates \ + cmake \ + curl \ + debhelper \ + devscripts \ + dh-autoreconf \ + dos2unix \ + doxygen \ + git \ + graphviz \ + libglib2.0-dev \ + libssl-dev \ + lsb-release \ + pkg-config \ + wget + +RUN update-ca-certificates --fresh + +RUN echo "export CODENAME=${CODENAME}" | tee ~/.env && \ + chmod +x ~/.env + +RUN . ~/.env && cat < /etc/apt/sources.list.d/freeswitch.list +deb [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-release ${CODENAME} main +deb-src [signed-by=${GPG_KEY}] https://${REPO_DOMAIN}/repo/deb/debian-release ${CODENAME} main +EOF + +RUN git config --global --add safe.directory '*' \ + && git config --global user.name "${MAINTAINER_NAME}" \ + && git config --global user.email "${MAINTAINER_EMAIL}" + +# Bootstrap and Build +COPY . ${DATA_DIR} +WORKDIR ${DATA_DIR} +RUN echo "export VERSION=$(cat ./build/next-release.txt | tr -d '\n')" | tee -a ~/.env + +RUN . ~/.env && ./debian/util.sh prep-create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x +RUN . ~/.env && ./debian/util.sh prep-create-dsc -a arm64 ${CODENAME} + +RUN --mount=type=secret,id=REPO_PASSWORD,required=true \ + printf "machine ${REPO_DOMAIN} " > /etc/apt/auth.conf && \ + printf "login ${REPO_USERNAME} " >> /etc/apt/auth.conf && \ + printf "password " >> /etc/apt/auth.conf && \ + cat /run/secrets/REPO_PASSWORD >> /etc/apt/auth.conf && \ + sha512sum /run/secrets/REPO_PASSWORD && \ + curl \ + --fail \ + --netrc-file /etc/apt/auth.conf \ + --output ${GPG_KEY} \ + https://${REPO_DOMAIN}/repo/deb/debian-release/signalwire-freeswitch-repo.gpg && \ + file ${GPG_KEY} && \ + apt-get --quiet update && \ + mk-build-deps \ + --install \ + --remove debian/control \ + --tool "apt-get --yes --no-install-recommends" && \ + apt-get --yes --fix-broken install && \ + rm -f /etc/apt/auth.conf + +ENV DEB_BUILD_OPTIONS="parallel=1" +RUN . ~/.env && dch -b -M -v "${VERSION}-${BUILD_NUMBER}-${GIT_SHA}~${CODENAME}" \ + --force-distribution -D "${CODENAME}" "Nightly build, ${GIT_SHA}" +RUN . ~/.env && ./debian/util.sh create-orig -n -V${VERSION}-${BUILD_NUMBER}-${GIT_SHA} -x + +RUN dpkg-source \ + --diff-ignore=.* \ + --compression=xz \ + --compression-level=9 \ + --build \ + . \ + && debuild -b -us -uc \ + && mkdir OUT \ + && mv -v ../*.{deb,dsc,changes,tar.*} OUT/. + +# Artifacts image (mandatory part, the resulting image must have a single filesystem layer) +FROM scratch +COPY --from=builder /data/OUT/ / diff --git a/.github/docker/debian/bullseye/arm64v8/Dockerfile b/.github/docker/debian/bullseye/arm64v8/public.unstable.Dockerfile similarity index 100% rename from .github/docker/debian/bullseye/arm64v8/Dockerfile rename to .github/docker/debian/bullseye/arm64v8/public.unstable.Dockerfile diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 37e29568a8..49e99e8b48 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,15 +14,14 @@ concurrency: group: ${{ github.head_ref || github.ref }} jobs: - excludes: - name: 'Excludes' - # if: github.event.pull_request.head.repo.full_name == github.repository + preconfig: runs-on: ubuntu-latest outputs: deb: ${{ steps.deb.outputs.excludes }} + release: ${{ steps.release.outputs.release }} steps: - - id: deb - name: Generate Matrix excludes for DEB + - name: Generate Matrix excludes for DEB + id: deb run: | JSON="[]" @@ -51,14 +50,30 @@ jobs: echo "excludes=$(echo $JSON | jq -c .)" | tee -a $GITHUB_OUTPUT - deb: - name: 'DEB' - # if: github.event.pull_request.head.repo.full_name == github.repository + - name: Get release type based on branch + id: release + run: | + if [[ '${{ github.event_name }}' == 'pull_request' ]]; then + if [[ '${{ github.base_ref }}' == 'master' ]]; then + echo 'release=unstable' | tee -a $GITHUB_OUTPUT + elif [[ '${{ github.base_ref }}' == 'v1.10' ]]; then + echo 'release=release' | tee -a $GITHUB_OUTPUT + fi + elif [[ '${{ github.ref }}' == 'refs/heads/master' ]]; then + echo 'release=unstable' | tee -a $GITHUB_OUTPUT + elif [[ '${{ github.ref }}' == 'refs/heads/v1.10' ]]; then + echo 'release=release' | tee -a $GITHUB_OUTPUT + else + exit 1 + fi + + deb-public: + name: 'DEB-PUBLIC' permissions: id-token: write contents: read needs: - - excludes + - preconfig uses: signalwire/actions-template/.github/workflows/cicd-docker-build-and-distribute.yml@main strategy: # max-parallel: 1 @@ -76,16 +91,18 @@ jobs: runner: linux-arm64-4-core-public - name: arm64v8 runner: linux-arm64-4-core-public - exclude: ${{ fromJson(needs.excludes.outputs.deb) }} + release: + - ${{ needs.preconfig.outputs.release }} + exclude: ${{ fromJson(needs.preconfig.outputs.deb) }} with: RUNNER: ${{ matrix.platform.runner }} ARTIFACTS_PATTERN: '.*\.(deb|dsc|changes|tar.bz2|tar.gz|tar.lzma|tar.xz)$' - DOCKERFILE: .github/docker/${{ matrix.os }}/${{ matrix.version }}/${{ matrix.platform.name }}/Dockerfile + DOCKERFILE: .github/docker/${{ matrix.os }}/${{ matrix.version }}/${{ matrix.platform.name }}/public.${{ matrix.release }}.Dockerfile MAINTAINER: 'Andrey Volk ' - META_FILE_PATH_PREFIX: /var/www/freeswitch/${{ github.ref_name }}/${{ github.run_id }}-${{ github.run_number }} + META_FILE_PATH_PREFIX: /var/www/freeswitch/public/${{ matrix.release }}/${{ github.ref_name }}/${{ github.run_id }}-${{ github.run_number }} PLATFORM: ${{ matrix.platform.name }} - REPO_DOMAIN: freeswitch.signalwire.com - TARGET_ARTIFACT_NAME: ${{ matrix.os }}-${{ matrix.version }}-${{ matrix.platform.name }}-artifact + REPO_DOMAIN: 'freeswitch.signalwire.com' + TARGET_ARTIFACT_NAME: ${{ matrix.os }}-${{ matrix.version }}-${{ matrix.platform.name }}-public-${{ matrix.release }}-artifact UPLOAD_BUILD_ARTIFACTS: ${{ github.event_name != 'pull_request' || contains(github.event.pull_request.title, ':upload-artifacts') }} secrets: GH_BOT_DEPLOY_TOKEN: ${{ secrets.PAT }} @@ -100,13 +117,13 @@ jobs: name: 'Publish build data to meta-repo' if: ${{ github.event_name != 'pull_request' || contains(github.event.pull_request.title, ':upload-artifacts') }} needs: - - deb + - deb-public permissions: id-token: write contents: read uses: signalwire/actions-template/.github/workflows/meta-repo-content.yml@main with: - META_CONTENT: '/var/www/freeswitch/${{ github.ref_name }}/${{ github.run_id }}-${{ github.run_number }}' + META_CONTENT: '/var/www/freeswitch/public/{release,unstable}/${{ github.ref_name }}/${{ github.run_id }}-${{ github.run_number }}' META_REPO: signalwire/bamboo_gha_trigger META_REPO_BRANCH: trigger/freeswitch/${{ github.ref_name }} secrets: