Set target repository

.gitlab-ci.yml

@@ -1,141 +1,135 @@
+---
+include:
+  - remote: 'https://git.scc.kit.edu/KIT-CERT/publish/-/raw/main/gitlab-ci/build_image.yml'
+  - remote: 'https://git.scc.kit.edu/KIT-CERT/publish/-/raw/main/gitlab-ci/python-pkg.yml'
+
+variables:
+  BUILD_CONTEXT: ci_container
+  BUILD_FILE: Dockerfile
+  IMAGE_NAME: pkg_build-exim-encrypt-dlfunc/bullseye
+  TARGET_REPOSITORY: "bullseye"
+
+
 stages:
-    - build
+  - build_image
-    - debian-package
+  - build_pkg
-    - release
+  - debian-package
 
 .image-buster:
-    image: '${CONTAINER_REGISTRY_NAME}/exim-encrypt-dlfunc-build-buster'
+  IMAGE_NAME: pkg_build-exim-encrypt-dlfunc/buster
 
 .image-bullseye:
-    image: '${CONTAINER_REGISTRY_NAME}/exim-encrypt-dlfunc-build-bullseye'
+  IMAGE_NAME: pkg_build-exim-encrypt-dlfunc/bullseye
 
-.image-focal:
+.image-jammy:
-    image: '${CONTAINER_REGISTRY_NAME}/exim-encrypt-dlfunc-build-focal'
+  variables:
+    IMAGE_NAME: pkg_build-exim-encrypt-dlfunc/jammy
+    BUILD_FILE: Dockerfile.jammy
 
-.code-coverage:
+build_pkg_image_jammy:
-    stage: build
+  extends:
-    script:
+    - .image-jammy
-        - "export PATH=/usr/local/sbin:/usr/local/bin:${PATH}"
+    - build_pkg_image
-        - meson build -Db_coverage=true
-        - cd build
-        - ninja
-        - ninja test
-        - ninja coverage-xml
-        - grep -Eo 'line-rate="[^"]+"' meson-logs/coverage.xml | head -n 1 |
-            grep -Eo '[0-9.]+' | awk '{ printf "coverage\x3a %.2f%% of statements\n", $1 * 100 }'
-        - ninja coverage-html
-        - mv meson-logs/coveragereport ../coverage
-    artifacts:
-        paths:
-            - coverage/
-        reports:
-            cobertura: build/meson-logs/coverage.xml
 
-.build:
+#.code-coverage:
-    stage: build
+#    stage: build
-    script:
+#    script:
-        - which meson
+#        - "export PATH=/usr/local/sbin:/usr/local/bin:${PATH}"
-        - meson build
+#        - meson build -Db_coverage=true
-        - cd build
+#        - cd build
-        - ninja
+#        - ninja
-        - ninja test
+#        - ninja test
-    artifacts:
+#        - ninja coverage-xml
-        paths:
+#        - grep -Eo 'line-rate="[^"]+"' meson-logs/coverage.xml | head -n 1 |
-            - build/src/libexim-encrypt-dlfunc.so
+#            grep -Eo '[0-9.]+' | awk '{ printf "coverage\x3a %.2f%% of statements\n", $1 * 100 }'
-            - build/src/libexim-encrypt-dlfunc-genkeys
+#        - ninja coverage-html
-            - build/src/libexim-encrypt-dlfunc-decrypt-secretbox
+#        - mv meson-logs/coveragereport ../coverage
-            - build/src/libexim-encrypt-dlfunc-decrypt-sealedbox
+#    artifacts:
-
+#        paths:
-.debian-package:
+#            - coverage/
-    stage: debian-package
+#        reports:
-    script:
+#            cobertura: build/meson-logs/coverage.xml
-        - mkdir ~/.gnupg; chown root:root ~/.gnupg; chmod 700 ~/.gnupg
+#
-        - eval $(gpg-agent --batch --sh --disable-scdaemon)
+#.build:
-        - echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf
+#    stage: build
-        - echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf
+#    script:
-        - gpg-connect-agent /bye
+#        - which meson
-        - echo $DEBIAN_SIGNING_KEY_ASC | base64 -d | gpg --batch --import --always-trust --yes
+#        - meson build
-        - echo "1DC7C2770DC111723D505DD61614D5CDEE1555A7:6:" | gpg --import-ownertrust
+#        - cd build
-        - dpkg-buildpackage --sign-key=1DC7C2770DC111723D505DD61614D5CDEE1555A7
+#        - ninja
-        - mv -t . ../*.deb ../*.dsc ../*.tar.gz ../*.changes ../*.buildinfo
+#        - ninja test
-    artifacts:
+#    artifacts:
-        paths:
+#        paths:
-            - ./*.deb
+#            - build/src/libexim-encrypt-dlfunc.so
-            - ./*.dsc
+#            - build/src/libexim-encrypt-dlfunc-genkeys
-            - ./*.tar.gz
+#            - build/src/libexim-encrypt-dlfunc-decrypt-secretbox
-            - ./*.changes
+#            - build/src/libexim-encrypt-dlfunc-decrypt-sealedbox
-            - ./*.buildinfo
+#
-
+#.debian-package:
-code-coverage:
+#    stage: debian-package
-    extends:
+#    script:
-        - .image-bullseye
+#        - mkdir ~/.gnupg; chown root:root ~/.gnupg; chmod 700 ~/.gnupg
-        - .code-coverage
+#        - eval $(gpg-agent --batch --sh --disable-scdaemon)
-    needs: [ ]
+#        - echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf
-
+#        - echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf
-build:bullseye:
+#        - gpg-connect-agent /bye
-    extends:
+#        - echo $DEBIAN_SIGNING_KEY_ASC | base64 -d | gpg --batch --import --always-trust --yes
-        - .image-bullseye
+#        - echo "1DC7C2770DC111723D505DD61614D5CDEE1555A7:6:" | gpg --import-ownertrust
-        - .build
+#        - dpkg-buildpackage --sign-key=1DC7C2770DC111723D505DD61614D5CDEE1555A7
-        - .code-coverage
+#        - mv -t . ../*.deb ../*.dsc ../*.tar.gz ../*.changes ../*.buildinfo
-    needs: [ ]
+#    artifacts:
-
+#        paths:
-build:focal:
+#            - ./*.deb
-    extends:
+#            - ./*.dsc
-        - .image-focal
+#            - ./*.tar.gz
-        - .build
+#            - ./*.changes
-    needs: [ ]
+#            - ./*.buildinfo
-
+#
-build:buster:
+#code-coverage:
-    extends:
+#    extends:
-        - .build
+#        - .image-bullseye
-        - .image-buster
+#        - .code-coverage
-    needs: [ ]
+#    needs: [ ]
-
+#
-debian-package:bullseye:
+#build:bullseye:
-    extends:
+#    extends:
-        - .image-bullseye
+#        - .image-bullseye
-        - .debian-package
+#        - .build
-    dependencies:
+#        - .code-coverage
-        - build:bullseye
+#    needs: [ ]
-    needs: [ "build:bullseye" ]
+#
-
+#build:focal:
-debian-package:focal:
+#    extends:
-    extends:
+#        - .image-focal
-        - .image-focal
+#        - .build
-        - .debian-package
+#    needs: [ ]
-    dependencies:
+#
-        - build:focal
+#build:buster:
-    needs: [ "build:focal" ]
+#    extends:
-
+#        - .build
-debian-package:buster:
+#        - .image-buster
-    extends:
+#    needs: [ ]
-        - .image-buster
+#
-        - .debian-package
+#debian-package:bullseye:
-    dependencies:
+#    extends:
-        - build:buster
+#        - .image-bullseye
-    needs: [ "build:buster" ]
+#        - .debian-package
-
+#    dependencies:
-prepare_job:
+#        - build:bullseye
-  stage: prepare                                              # This stage must run before the release stage
+#    needs: [ "build:bullseye" ]
-  rules:
+#
-    - if: $CI_COMMIT_TAG
+#debian-package:focal:
-      when: never                                             # Do not run this job when a tag is created manually
+#    extends:
-#    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH             # Run this job when commits are pushed or merged to the default branch
+#        - .image-focal
-  script:
+#        - .debian-package
-    - echo "TAG=v$(cat VERSION)" >> variables.env             # and append to the variables.env file
+#    dependencies:
-  artifacts:
+#        - build:focal
-    reports:
+#    needs: [ "build:focal" ]
-      dotenv: variables.env                                   # Use artifacts:reports:dotenv to expose the variables to other jobs
+#
-
+#debian-package:buster:
-release_job:
+#    extends:
-  stage: release
+#        - .image-buster
-  image: registry.gitlab.com/gitlab-org/release-cli:latest
+#        - .debian-package
-  rules:
+#    dependencies:
-    - if: $CI_COMMIT_TAG                                      # Run this job when a tag is created manually
+#        - build:buster
-  script:
+#    needs: [ "build:buster" ]
-    - echo "running release_job"
-  release:
-    name: 'Release $CI_COMMIT_TAG'
-    description: 'Created using the release-cli'
-    tag_name: '$CI_COMMIT_TAG'
-    ref: '$CI_COMMIT_TAG'

ci_container/Dockerfile

@@ -18,18 +18,17 @@ RUN apt-get update; \
         openssl \
         pkg-config \
         python3-pip \
-        libxml2-utils; \
+        libxml2-utils \
-    DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install --no-install-recommends -y \
         debhelper \
         debsigs \
         devscripts \
         dh-make \
         git-buildpackage \
         gpgv1 \
-        meson; \
+        meson \
-    DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install --no-install-recommends -y \
         less \
         mc \
+        rsync \
         openssh-client \
         vim; \
     DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get clean; \

ci_container/Dockerfile.jammy

@@ -0,0 +1,40 @@
+FROM docker.io/library/ubuntu:jammy
+
+LABEL org.opencontainers.image.created=${BUILDTIMESTAMP} \
+      org.opencontainers.image.authors="Heiko Reese <reese@kit.edu>" \
+      org.opencontainers.image.title="exim build container" \
+      org.opencontainers.image.description="A buld environment for exim-encrypt-dlfunc" \
+      org.opencontainers.image.source="https://git.scc.kit.edu/mail/exim-encrypt-dlfunc/" \
+      org.opencontainers.image.licenses="Apache-2.0"
+
+
+RUN apt-get update; \
+    DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install --no-install-recommends -y \
+        build-essential \
+        exim4-daemon-heavy \
+        exim4-dev \
+        gcovr \
+        git \
+        libsodium-dev \
+        openssl \
+        pkg-config \
+        python3-pip \
+        libxml2-utils \
+        debhelper \
+        debsigs \
+        devscripts \
+        dh-make \
+        git-buildpackage \
+        gpgv1 \
+        meson \
+        less \
+        mc \
+        openssh-client \
+        vim; \
+    DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get clean; \
+    rm -rf /var/lib/apt/lists/*;
+
+RUN pip3 install --upgrade meson ninja; \
+    rm -rf ~/.cache/pip/*;
+
+WORKDIR /mnt/