Merge branch 'deb-with-gbp' into 'main'

Create debian packages with gbp

See merge request mail/exim-encrypt-dlfunc!8

.gitlab-ci.yml

@@ -1,105 +1,155 @@
+---
+include:
+  - remote: 'https://git.scc.kit.edu/KIT-CERT/publish/-/raw/main/gitlab-ci/ssh-config.yml'
+  - remote: 'https://git.scc.kit.edu/KIT-CERT/publish/-/raw/main/gitlab-ci/build_image.yml'
+  - remote: 'https://git.scc.kit.edu/KIT-CERT/publish/-/raw/main/gitlab-ci/gbp-pkg.yml'
+
 stages:
-    - build
+  - build_image
-    - debian-package
+  - build_pkg
-    - prepare
-    - release
 
-#.image-buster:
+variables:
-#    image: '${CONTAINER_REGISTRY_NAME}/exim-encrypt-dlfunc-build-buster'
+  BUILD_CONTEXT: ci_container
+  BUILD_FILE: Dockerfile
+  IMAGE_NAME: pkg_build-exim-encrypt-dlfunc/bullseye
+  TARGET_REPOSITORY: "bullseye"
 
-.image-bullseye:
-    image: '${CONTAINER_REGISTRY_NAME}/exim-encrypt-dlfunc-build-bullseye'
 
-#.image-focal:
+.image-buster:
-#    image: '${CONTAINER_REGISTRY_NAME}/exim-encrypt-dlfunc-build-focal'
+  variables:
+    IMAGE_NAME: pkg_build-exim-encrypt-dlfunc/buster
+    BUILD_FILE: Dockerfile.buster
+    TARGET_REPOSITORY: "buster"
 
-.code-coverage:
+.image-jammy:
-    stage: build
+  variables:
-    script:
+    IMAGE_NAME: pkg_build-exim-encrypt-dlfunc/jammy
-        - "export PATH=/usr/local/sbin:/usr/local/bin:${PATH}"
+    TARGET_REPOSITORY: "jammy"
-        - meson build -Db_coverage=true
+    BUILD_FILE: Dockerfile.jammy
-        - cd build
-        - ninja
-        - ninja test
-        - ninja coverage-xml
-        - grep -Eo 'line-rate="[^"]+"' meson-logs/coverage.xml | head -n 1 |
-            grep -Eo '[0-9.]+' | awk '{ printf "coverage\x3a %.2f%% of statements\n", $1 * 100 }'
-        - ninja coverage-html
-        - mv meson-logs/coveragereport ../coverage
-    artifacts:
-        paths:
-            - coverage/
-        reports:
-            cobertura: build/meson-logs/coverage.xml
 
-.build:
+.image-focal:
-    stage: build
+  variables:
-    script:
+    IMAGE_NAME: pkg_build-exim-encrypt-dlfunc/focal
-        - which meson
+    TARGET_REPOSITORY: "focal"
-        - meson build
+    BUILD_FILE: Dockerfile.focal
-        - cd build
-        - ninja
-        - ninja test
-    artifacts:
-        paths:
-            - build/src/libexim-encrypt-dlfunc.so
-            - build/src/libexim-encrypt-dlfunc-genkeys
-            - build/src/libexim-encrypt-dlfunc-decrypt-secretbox
-            - build/src/libexim-encrypt-dlfunc-decrypt-sealedbox
 
-.debian-package:
+build_pkg_image_buster:
-    stage: debian-package
+  extends:
-    script:
+    - .image-buster
-        - mkdir ~/.gnupg; chown root:root ~/.gnupg; chmod 700 ~/.gnupg
+    - build_pkg_image
-        - eval $(gpg-agent --batch --sh --disable-scdaemon)
-        - echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf
-        - echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf
-        - gpg-connect-agent /bye
-        - echo $DEBIAN_SIGNING_KEY_ASC | base64 -d | gpg --batch --import --always-trust --yes
-        - echo "1DC7C2770DC111723D505DD61614D5CDEE1555A7:6:" | gpg --import-ownertrust
-        - dpkg-buildpackage --sign-key=1DC7C2770DC111723D505DD61614D5CDEE1555A7
-        - mv -t . ../*.deb ../*.dsc ../*.tar.gz ../*.changes ../*.buildinfo
-    artifacts:
-        paths:
-            - ./*.deb
-            - ./*.dsc
-            - ./*.tar.gz
-            - ./*.changes
-            - ./*.buildinfo
 
-code-coverage:
+build_pkg_image_jammy:
-    extends:
+  extends:
-        - .image-bullseye
+    - .image-jammy
-        - .code-coverage
+    - build_pkg_image
-    needs: [ ]
 
-build:bullseye:
+build_pkg_image_focal:
-    extends:
+  extends:
-        - .image-bullseye
+    - .image-focal
-        - .build
+    - build_pkg_image
-        - .code-coverage
-    needs: [ ]
 
+pkg_buster:
+  extends:
+    - .image-buster
+    - gbp_pkg
+
+pkg_focal:
+  extends:
+    - .image-focal
+    - gbp_pkg
+
+pkg_jammy:
+  extends:
+    - .image-jammy
+    - gbp_pkg
+
+#.code-coverage:
+#    stage: build
+#    script:
+#        - "export PATH=/usr/local/sbin:/usr/local/bin:${PATH}"
+#        - meson build -Db_coverage=true
+#        - cd build
+#        - ninja
+#        - ninja test
+#        - ninja coverage-xml
+#        - grep -Eo 'line-rate="[^"]+"' meson-logs/coverage.xml | head -n 1 |
+#            grep -Eo '[0-9.]+' | awk '{ printf "coverage\x3a %.2f%% of statements\n", $1 * 100 }'
+#        - ninja coverage-html
+#        - mv meson-logs/coveragereport ../coverage
+#    artifacts:
+#        paths:
+#            - coverage/
+#        reports:
+#            cobertura: build/meson-logs/coverage.xml
+#
+#.build:
+#    stage: build
+#    script:
+#        - which meson
+#        - meson build
+#        - cd build
+#        - ninja
+#        - ninja test
+#    artifacts:
+#        paths:
+#            - build/src/libexim-encrypt-dlfunc.so
+#            - build/src/libexim-encrypt-dlfunc-genkeys
+#            - build/src/libexim-encrypt-dlfunc-decrypt-secretbox
+#            - build/src/libexim-encrypt-dlfunc-decrypt-sealedbox
+#
+#.debian-package:
+#    stage: debian-package
+#    script:
+#        - mkdir ~/.gnupg; chown root:root ~/.gnupg; chmod 700 ~/.gnupg
+#        - eval $(gpg-agent --batch --sh --disable-scdaemon)
+#        - echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf
+#        - echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf
+#        - gpg-connect-agent /bye
+#        - echo $DEBIAN_SIGNING_KEY_ASC | base64 -d | gpg --batch --import --always-trust --yes
+#        - echo "1DC7C2770DC111723D505DD61614D5CDEE1555A7:6:" | gpg --import-ownertrust
+#        - dpkg-buildpackage --sign-key=1DC7C2770DC111723D505DD61614D5CDEE1555A7
+#        - mv -t . ../*.deb ../*.dsc ../*.tar.gz ../*.changes ../*.buildinfo
+#    artifacts:
+#        paths:
+#            - ./*.deb
+#            - ./*.dsc
+#            - ./*.tar.gz
+#            - ./*.changes
+#            - ./*.buildinfo
+#
+#code-coverage:
+#    extends:
+#        - .image-bullseye
+#        - .code-coverage
+#    needs: [ ]
+#
+#build:bullseye:
+#    extends:
+#        - .image-bullseye
+#        - .build
+#        - .code-coverage
+#    needs: [ ]
+#
 #build:focal:
 #    extends:
 #        - .image-focal
 #        - .build
 #    needs: [ ]
-
+#
 #build:buster:
 #    extends:
 #        - .build
 #        - .image-buster
 #    needs: [ ]
-
+#
-debian-package:bullseye:
+#debian-package:bullseye:
-    extends:
+#    extends:
-        - .image-bullseye
+#        - .image-bullseye
-        - .debian-package
+#        - .debian-package
-    dependencies:
+#    dependencies:
-        - build:bullseye
+#        - build:bullseye
-    needs: [ "build:bullseye" ]
+#    needs: [ "build:bullseye" ]
-
+#
 #debian-package:focal:
 #    extends:
 #        - .image-focal
@@ -107,7 +157,7 @@ debian-package:bullseye:
 #    dependencies:
 #        - build:focal
 #    needs: [ "build:focal" ]
-
+#
 #debian-package:buster:
 #    extends:
 #        - .image-buster
@@ -115,29 +165,3 @@ debian-package:bullseye:
 #    dependencies:
 #        - build:buster
 #    needs: [ "build:buster" ]
-
-prepare_job:
-  stage: prepare
-  rules:
-    - if: $CI_COMMIT_TAG
-  script:
-    - echo "TAG=v$(cat VERSION)" >> variables.env
-  artifacts:
-    reports:
-      dotenv: variables.env
-
-release_job:
-  stage: release
-  image: registry.gitlab.com/gitlab-org/release-cli:latest
-  needs:
-    - job: prepare_job
-      artifacts: true
-  rules:
-    - if: $CI_COMMIT_TAG
-  script:
-    - echo "running release_job for $TAG"
-  release:
-    name: 'Release $CI_COMMIT_TAG'
-    description: 'Created using the release-cli'
-    tag_name: '$CI_COMMIT_TAG'
-    ref: '$CI_COMMIT_SHA'

ci_container/Dockerfile

@@ -18,18 +18,17 @@ RUN apt-get update; \
         openssl \
         pkg-config \
         python3-pip \
-        libxml2-utils; \
+        libxml2-utils \
-    DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install --no-install-recommends -y \
         debhelper \
         debsigs \
         devscripts \
         dh-make \
         git-buildpackage \
         gpgv1 \
-        meson; \
+        meson \
-    DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install --no-install-recommends -y \
         less \
         mc \
+        rsync \
         openssh-client \
         vim; \
     DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get clean; \

ci_container/Dockerfile.buster

@@ -0,0 +1,40 @@
+FROM debian:latest
+
+LABEL org.opencontainers.image.created=${BUILDTIMESTAMP} \
+      org.opencontainers.image.authors="Heiko Reese <reese@kit.edu>" \
+      org.opencontainers.image.title="exim build container" \
+      org.opencontainers.image.description="A buld environment for exim-encrypt-dlfunc" \
+      org.opencontainers.image.source="https://git.scc.kit.edu/mail/exim-encrypt-dlfunc/" \
+      org.opencontainers.image.licenses="Apache-2.0"
+
+RUN apt-get update; \
+    DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install --no-install-recommends -y \
+        build-essential \
+        exim4-daemon-heavy \
+        exim4-dev \
+        gcovr \
+        git \
+        libsodium-dev \
+        openssl \
+        pkg-config \
+        python3-pip \
+        libxml2-utils \
+        debhelper \
+        debsigs \
+        devscripts \
+        dh-make \
+        git-buildpackage \
+        gpgv1 \
+        meson \
+        less \
+        mc \
+        rsync \
+        openssh-client \
+        vim; \
+    DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get clean; \
+    rm -rf /var/lib/apt/lists/*;
+
+RUN pip3 install --upgrade meson ninja; \
+    rm -rf ~/.cache/pip/*;
+
+WORKDIR /mnt/

ci_container/Dockerfile.focal

@@ -0,0 +1,41 @@
+FROM docker.io/library/ubuntu:focal
+
+LABEL org.opencontainers.image.created=${BUILDTIMESTAMP} \
+      org.opencontainers.image.authors="Heiko Reese <reese@kit.edu>" \
+      org.opencontainers.image.title="exim build container" \
+      org.opencontainers.image.description="A buld environment for exim-encrypt-dlfunc" \
+      org.opencontainers.image.source="https://git.scc.kit.edu/mail/exim-encrypt-dlfunc/" \
+      org.opencontainers.image.licenses="Apache-2.0"
+
+
+RUN apt-get update; \
+    DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install --no-install-recommends -y \
+        build-essential \
+        exim4-daemon-heavy \
+        exim4-dev \
+        gcovr \
+        git \
+        libsodium-dev \
+        openssl \
+        pkg-config \
+        python3-pip \
+        libxml2-utils \
+        debhelper \
+        debsigs \
+        devscripts \
+        dh-make \
+        git-buildpackage \
+        gpgv1 \
+        meson \
+        less \
+        mc \
+		rsync \
+        openssh-client \
+        vim; \
+    DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get clean; \
+    rm -rf /var/lib/apt/lists/*;
+
+RUN pip3 install --upgrade meson ninja; \
+    rm -rf ~/.cache/pip/*;
+
+WORKDIR /mnt/

ci_container/Dockerfile.jammy

@@ -0,0 +1,41 @@
+FROM docker.io/library/ubuntu:jammy
+
+LABEL org.opencontainers.image.created=${BUILDTIMESTAMP} \
+      org.opencontainers.image.authors="Heiko Reese <reese@kit.edu>" \
+      org.opencontainers.image.title="exim build container" \
+      org.opencontainers.image.description="A buld environment for exim-encrypt-dlfunc" \
+      org.opencontainers.image.source="https://git.scc.kit.edu/mail/exim-encrypt-dlfunc/" \
+      org.opencontainers.image.licenses="Apache-2.0"
+
+
+RUN apt-get update; \
+    DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get install --no-install-recommends -y \
+        build-essential \
+        exim4-daemon-heavy \
+        exim4-dev \
+        gcovr \
+        git \
+        libsodium-dev \
+        openssl \
+        pkg-config \
+        python3-pip \
+        libxml2-utils \
+        debhelper \
+        debsigs \
+        devscripts \
+        dh-make \
+        git-buildpackage \
+        gpgv1 \
+        meson \
+        less \
+        mc \
+		rsync \
+        openssh-client \
+        vim; \
+    DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical apt-get clean; \
+    rm -rf /var/lib/apt/lists/*;
+
+RUN pip3 install --upgrade meson ninja; \
+    rm -rf ~/.cache/pip/*;
+
+WORKDIR /mnt/

debian/rules

@@ -17,7 +17,6 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all
 %:
 	dh $@
 
-
 # dh_make generated override targets
 # This is example for Cmake (See https://bugs.debian.org/641051 )
 #override_dh_auto_configure: