Skip to content
.github/workflows/CI.yaml

Update CI.yaml #18

Sign in to view logs

Update CI.yaml

Update CI.yaml #18

Workflow file for this run

.github/workflows/CI.yaml at b5e47ea
#!/bin/bash
##############################################################################################
set -eE -o functrace
failure() {
local lineno=\$2
local fn=\$3
local exitstatus=\$4
local msg=\$5
local lineno_fns=\${1% 0}
if [[ "\$lineno_fns" != "0" ]] ; then
lineno="\${lineno} \${lineno_fns}"
fi
echo "\${BASH_SOURCE[1]}:\${fn}[\${lineno}] Failed with status \${exitstatus}: \$msg"

Check failure on line 14 in .github/workflows/CI.yaml

View workflow run for this annotation

GitHub Actions / .github/workflows/CI.yaml

Invalid workflow file 

You have an error in your yaml syntax on line 14
}
trap 'failure "\${BASH_LINENO[*]}" "\$LINENO" "\${FUNCNAME[*]:-script}" "\$?" "\$BASH_COMMAND"' ERR
##############################################################################################
apt -qq update;
apt install ca-certificates curl gnupg lsb-release software-properties-common wget git vagrant python3-venv direnv python3-pip linux-headers-\$(uname -r) ansible -y >/dev/null;
mkdir -m 0755 -p /etc/apt/keyrings;
curl -fsSL https://download.docker.com/linux/debian/gpg -o gpg.asc
echo "1500c1f56fa9e26b9b8f42452a553675796ade0807cdce11975eb98170b3a570 gpg.asc" | shasum -a 256 -c;
sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg --yes < gpg.asc;
echo "deb [arch=\$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
apt -qq update;
apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y >/dev/null;
apt-add-repository "deb http://download.virtualbox.org/virtualbox/debian \$(lsb_release -sc) contrib";
wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc;
echo "49e6801d45f6536232c11be6cdb43fa8e0198538d29d1075a7e10165e1fbafe2 oracle_vbox_2016.asc" | shasum -a 256 -c;
apt-key add oracle_vbox_2016.asc;
apt -qq update
apt install virtualbox-6.1 -y >/dev/null;
eval "\$(direnv hook bash)";
cd source
cp .env.example .env
cp .envrc.example .envrc
/usr/bin/python3 -m venv ./local/python_venv;
echo "load_prefix local/python_venv" >> .envrc;
export VERSION="${array[2]}"
echo "ZCASH_VERSION=\$VERSION" >> .env;
echo "ZCASH_GIT_REPO_URL=https://github.com/${array[0]}/${array[1]}" >> .env;
cat .env
direnv allow;
/sbin/vboxconfig;
vagrant plugin install --local;
vagrant plugin install --local;
gpg --quick-generate-key --batch --passphrase '' "Lyra Silvertongue (zcash gitian) <[email protected]>"
echo "GPG_KEY_ID=\$(gpg --list-keys --with-fingerprint --with-colons | grep fpr: | head -n 1 | sed 's/fpr://g' | sed 's/://g')" >> .env;
echo "GPG_KEY_NAME=lyra.silvertongue" >> .env;
git config --global user.name "Lyra Silvertongue"
git config --global user.email "[email protected]"
direnv allow;
direnv exec \$(pwd) vagrant up zcash-build;
vagrant ssh zcash-build -c "gpg --quick-generate-key --batch --passphrase '' \"Lyra Silvertongue (zcash gitian) <[email protected]>\" || echo ''"
vagrant ssh zcash-build -c ./gitian-parallel-build.sh || exit 1
vagrant ssh zcash-build -c "head -n 8 gitian.sigs/\$VERSION*/lyra.silvertongue/*.assert" > assert.txt
tr -d \$'\r' < assert.txt > assert2.txt
echo "#### sigs ####"
for i in \$(cat assert2.txt | grep -E "zcash-*" | grep -v git: | sed 's/ //g' | sed 's/ /-->/g'); do
echo \$i
done
export OS=\$(vagrant ssh zcash-build -c "ls zcash-binaries/\$VERSION" | tr -d '\r')
for i in \$OS; do vagrant ssh zcash-build -c "mkdir \$i; tar Cxvzf \$i zcash-binaries/*/\$i/zcash-*-linux64.tar.gz"; done
versions=\$(for i in \$OS; do echo " \$i==>"; vagrant ssh zcash-build -c "./\$i/zcash-*/bin/zcashd --version | head -n 1 | tr -d '\n'"; done)
for i in "\${versions[@]}"
do
echo \$i
done
# get keys
gsutil -q rm -r gs://${{ secrets.GCP_PROJECT_ID_PROD }}-apt-packages/127.0.0.1 || echo ""
gsutil -q cp gs://${{ secrets.GCP_PROJECT_ID_PROD }}-apt-packages/encrypted_gpg.kms \$HOME/encrypted_gpg.kms
gsutil -q cp gs://${{ secrets.GCP_PROJECT_ID_PROD }}-apt-packages/public.asc \$HOME/public.asc
current_dir=\$(pwd)
cd \$HOME
gcloud kms decrypt \
--key gpg \
--keyring gpg \
--location global \
--plaintext-file private.pgp \
--ciphertext-file encrypted_gpg.kms
cd \$current_dir
gpg --import \$HOME/private.pgp
vagrant scp :gitian.sigs .
for i in \$OS;
do
mkdir -p debs/\$i;
mkdir -p ./\$i-extract
vagrant ssh zcash-build -c "mkdir /home/vagrant/"\$i"-extract";
vagrant ssh zcash-build -c "tar -xvf /home/vagrant/zcash-binaries/"\$VERSION"/"\$i"/zcash-*-linux64.tar.gz -C /home/vagrant/"\$i"-extract";
docker run -d --name \$i debian:\$i bash -c "while true; do sleep 2; done";
docker exec \$i bash -c "mkdir -p /home/vagrant/\$i-deb-build && cd /home/vagrant/\$i-deb-build && apt -qq update && apt install git dpkg-dev lintian -y && git clone -b ${array[2]} https://github.com/${array[0]}/${array[1]}.git .";
vagrant scp :/home/vagrant/\$i-extract/zcash-*/bin/zcash-tx ./\$i-extract/
vagrant scp :/home/vagrant/\$i-extract/zcash-*/bin/zcash-fetch-params ./\$i-extract/
vagrant scp :/home/vagrant/\$i-extract/zcash-*/bin/zcashd ./\$i-extract/
vagrant scp :/home/vagrant/\$i-extract/zcash-*/bin/zcash-cli ./\$i-extract/
vagrant scp :/home/vagrant/\$i-extract/zcash-*/bin/zcashd-wallet-tool ./\$i-extract/
docker cp ./\$i-extract \$i:/home/vagrant/\$i-deb-build/
docker exec -w /home/vagrant/\$i-deb-build \$i bash -c "rm -rf src && mv \$i-extract src && ./zcutil/build-debian-package.sh"
docker cp \$i:/tmp/zcbuild ./debs/\$i
done
vagrant scp :/home/vagrant/zcash-binaries ./
for i in \$OS;
do
cd ./zcash-binaries/\$VERSION/\$i
for j in \$(ls *linux64.tar.gz); do
mv \$j \$(echo \$j | sed 's/.tar.gz/-debian-'\$i'.tar.gz/g')
done
for j in \$(ls *debug.tar.gz); do
mv \$j \$(echo \$j | sed 's/.tar.gz/-debian-'\$i'.tar.gz/g')
done
gpg -u [email protected] --armor --digest-algo SHA256 --detach-sign *debug-debian-\$i.tar.gz
gpg -u [email protected] --armor --digest-algo SHA256 --detach-sign *linux64-debian-\$i.tar.gz
cd \$current_dir
done
export final_version=\$(cat assert2.txt | awk '{print \$2}' | grep "desc.yml" | head -n 1 | sed 's/-desc.yml//g')
gsutil -q -m rsync -r ./debs gs://${{ secrets.GCP_PROJECT_ID_PROD }}-apt-packages/debs
gsutil -q -m rsync -r ./zcash-binaries gs://${{ secrets.GCP_PROJECT_ID_PROD }}-apt-packages/zcash-binaries
apt install aptly -y >/dev/null
# generate apt
mkdir aptserver
cd aptserver
gsutil -q -m cp -r gs://${{ secrets.GCP_PROJECT_ID_PROD }}-apt-server/pool/main/z/zcash/ .
cd zcash
cp -a ../../debs/buster/zcbuild/*.deb \$final_version-amd64-buster.deb
cp -a ../../debs/bullseye/zcbuild/*.deb \$final_version-amd64-bullseye.deb
cp -a ../../debs/bookworm/zcbuild/*.deb \$final_version-amd64-bookworm.deb
ls \$final_version-amd64-buster.deb || exit 1
ls \$final_version-amd64-bullseye.deb || exit 1
ls \$final_version-amd64-bookworm.deb || exit 1
aptly repo create --distribution buster --comment "" --component main zcash_buster_amd64_repo
aptly repo create --distribution bullseye --comment "" --component main zcash_bullseye_amd64_repo
aptly repo create --distribution bookworm --comment "" --component main zcash_bookworm_amd64_repo
aptly repo create --distribution stretch --comment "" --component main zcash_stretch_amd64_repo
for i in \$(ls *.deb | grep buster); do
aptly repo add zcash_buster_amd64_repo \$i
done
for i in \$(ls *.deb | grep bullseye); do
aptly repo add zcash_bullseye_amd64_repo \$i
done
for i in \$(ls *.deb | grep stretch); do
aptly repo add zcash_stretch_amd64_repo \$i
done
for i in \$(ls *.deb | grep bookworm); do
aptly repo add zcash_bookworm_amd64_repo \$i
done
aptly snapshot create bookworm_snapshot from repo zcash_bookworm_amd64_repo
aptly snapshot create buster_snapshot from repo zcash_buster_amd64_repo
aptly snapshot create bullseye_snapshot from repo zcash_bullseye_amd64_repo
aptly snapshot create stretch_snapshot from repo zcash_stretch_amd64_repo
export key=\$(gpg --list-secret-keys --keyid-format=long [email protected] | head -n 2 | grep -v sec)
aptly publish snapshot --distribution buster --component main --architectures amd64 --gpg-key="\$key" --passphrase="" buster_snapshot
aptly publish snapshot --distribution bookworm --component main --architectures amd64 --gpg-key="\$key" --passphrase="" bookworm_snapshot
aptly publish snapshot --distribution bullseye --component main --architectures amd64 --gpg-key="\$key" --passphrase="" bullseye_snapshot
aptly publish snapshot --distribution stretch --component main --architectures amd64 --gpg-key="\$key" --passphrase="" stretch_snapshot
apt install nginx-extras -y >/dev/null
cat << EOH > /etc/nginx/sites-enabled/default
server {
listen 80 default_server;
root /var/www/public;
location / {
autoindex on;
}
server_name _;
}
EOH
# get apt server
cp -a /root/.aptly/public /var/www/
chown -R www-data:www-data /var/www
/etc/init.d/nginx restart
mkdir \$HOME/mirror
cd \$HOME/mirror
wget -q -r 127.0.0.1
cp \$HOME/public.asc \$HOME/mirror/127.0.0.1/zcash.asc
cd \$HOME/mirror
gsutil -q -m rsync -r ./127.0.0.1 gs://${{ secrets.GCP_PROJECT_ID_PROD }}-apt-packages/127.0.0.1
cd 127.0.0.1
if ! [[ ${array[2]} == *"-rc"* ]]; then
gsutil -q -m rsync -r ./ gs://${{ secrets.GCP_PROJECT_ID_PROD }}-apt-server/
fi