This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Upload HSM Engine | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| - name: Install Dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y build-essential libssl-dev libcurl4-openssl-dev libjson-c-dev cmake devscripts dpkg-dev gnupg lintian debhelper-compat | |
| - name: Import GPG key (check early) | |
| run: | | |
| echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --yes --pinentry-mode=loopback --passphrase "${{ secrets.GPG_PASSPHRASE }}" --import | |
| gpg --list-keys | |
| - name: Build HSM Engine | |
| run: | | |
| cd src | |
| mkdir -p build | |
| cd build | |
| cmake .. | |
| make | |
| - name: Verify e_akv.so exists | |
| run: | | |
| if [ ! -f src/build/e_akv.so ]; then | |
| echo "e_akv.so is missing!" | |
| exit 1 | |
| fi | |
| - name: Copy e_akv.so to DEBIAN Directory | |
| run: | | |
| mkdir -p ~/hsm-engine-deb/usr/lib/x86_64-linux-gnu/engines-1.1/ | |
| cp src/build/e_akv.so ~/hsm-engine-deb/usr/lib/x86_64-linux-gnu/engines-1.1/ | |
| - name: Create DEBIAN Directory and Control File | |
| run: | | |
| mkdir -p ~/hsm-engine-deb/DEBIAN | |
| mkdir -p ~/hsm-engine-deb/debian | |
| mkdir -p ~/hsm-engine-deb/debian/source | |
| echo "Source: hsm-engine" > ~/hsm-engine-deb/debian/control | |
| echo "Standards-Version: 4.5.1" >> ~/hsm-engine-deb/debian/control | |
| echo "Section: utils" >> ~/hsm-engine-deb/debian/control | |
| echo "Priority: optional" >> ~/hsm-engine-deb/debian/control | |
| echo "Maintainer: Andrey V <[email protected]>" >> ~/hsm-engine-deb/debian/control | |
| echo "Build-Depends: debhelper-compat (= 13), cmake, libssl-dev, libcurl4-openssl-dev, libjson-c-dev" >> ~/hsm-engine-deb/debian/control | |
| echo "" >> ~/hsm-engine-deb/debian/control | |
| echo "Package: hsm-engine" >> ~/hsm-engine-deb/debian/control | |
| echo "Architecture: amd64" >> ~/hsm-engine-deb/debian/control | |
| echo "Depends: \${shlibs:Depends}, \${misc:Depends}" >> ~/hsm-engine-deb/debian/control | |
| echo "Description: Azure Key Vault and Managed HSM Engine for OpenSSL" >> ~/hsm-engine-deb/debian/control | |
| echo "3.0 (quilt)" > ~/hsm-engine-deb/debian/source/format | |
| - name: Create debian directory and changelog | |
| run: | | |
| mkdir -p ~/hsm-engine-deb/debian | |
| echo "hsm-engine (1.0-1) jammy; urgency=low" > ~/hsm-engine-deb/debian/changelog | |
| echo "" >> ~/hsm-engine-deb/debian/changelog | |
| echo " * Initial release" >> ~/hsm-engine-deb/debian/changelog | |
| echo "" >> ~/hsm-engine-deb/debian/changelog | |
| echo " -- Andrey V <[email protected]> $(date -R)" >> ~/hsm-engine-deb/debian/changelog | |
| - name: Create debian/rules | |
| run: | | |
| echo "#!/usr/bin/make -f" > ~/hsm-engine-deb/debian/rules | |
| echo "%:" >> ~/hsm-engine-deb/debian/rules | |
| echo -e "\tdh \$@" >> ~/hsm-engine-deb/debian/rules | |
| chmod +x ~/hsm-engine-deb/debian/rules | |
| - name: Create Source Tarball | |
| run: | | |
| cd ~ | |
| tar -czf hsm-engine_1.0.orig.tar.gz hsm-engine-deb | |
| - name: Build Source Package | |
| run: | | |
| cd ~/hsm-engine-deb | |
| debuild -S -sa | |
| - name: Sign and Upload to PPA | |
| env: | |
| GPG_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| LAUNCHPAD_USERNAME: ${{ secrets.LAUNCHPAD_USERNAME }} | |
| run: | | |
| export GPG_TTY=$(tty) | |
| echo "${GPG_KEY}" | gpg --batch --yes --pinentry-mode=loopback --passphrase "${GPG_PASSPHRASE}" --import | |
| gpg --pinentry-mode=loopback --batch --yes --passphrase "${GPG_PASSPHRASE}" --sign-key ${{ secrets.GPG_KEY_ID }} | |
| debsign --re-sign -k${{ secrets.GPG_KEY_ID }} hsm-engine_1.0-1_source.changes | |
| dput ppa:${{ secrets.LAUNCHPAD_USERNAME }}/kima-hsm-ppa hsm-engine_1.0-1_source.changes |