-
Notifications
You must be signed in to change notification settings - Fork 6
/
run
executable file
·134 lines (118 loc) · 4.04 KB
/
run
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
#!/bin/bash
#
# Copyright (C) 2022 Nethesis S.r.l.
# SPDX-License-Identifier: GPL-2.0-only
#
#
# Launch podman image to build nethsecurity
# As default the script mounts as volume staging and build dirs to speedup successibe builds
#
workdir=$(pwd)
image_tag=${IMAGE_TAG}
if [ -z "$image_tag" ]; then
# use latest tag for the builder
image_tag=$(git describe --tags --abbrev=0)
fi
image="ghcr.io/nethserver/nethsecurity-builder:$image_tag"
VALID_ARGS=$(getopt -o n --long no-cache -- "$@")
if [[ $? -ne 0 ]]; then
exit 1;
fi
cache=1
opts=""
eval set -- "$VALID_ARGS"
while [ : ]; do
case "$1" in
-n | --no-cache)
echo "Disable caching"
cache=0
shift
;;
--) shift;
break
;;
esac
done
# Setup output dir
# Delete existing backup, but save current output before starting the build
if [ -d bin ]; then
rm -rf bin.bak
mv bin bin.bak
fi
# Setup cache volumes
if [ $cache -ge 1 ]; then
opts=" -v nethsecurity-build_dir:/home/build/openwrt/build_dir:z -v nethsecurity-staging_dir:/home/build/openwrt/staging_dir:z -v nethsecurity-ccache:/home/build/openwrt/.ccache -v nethsecurity-download:/home/build/openwrt/download"
fi
# Download latest image
podman pull $image
# Remove existing container
if [ "$(podman ps -a --format '{{.Names}}')" == "nethsec-builder" ]; then
podman rm nethsec-builder
fi
# Use VERSION from the environment, need for CI
# VERSION has the following format: 8-<owrt_release>-ns.<nethsecurity_release>[-<commit_since_last_tag>-g<commit_hash>]
if [ -z "${VERSION}" ]; then
# Setup version from git if the env var is not set
# Make sure to fetch all history to generate a correct git-descrive
git fetch --prune --unshallow &> /dev/null
VERSION=$(git describe)
fi
# OWRT_VERSION is like 23.05.2
OWRT_VERSION=$(echo $VERSION | cut -d'-' -f1)
# NS_VERSION is a semver release like '1.0.0' for stable and '1.0.0-alpha1' or '1.0.0-234-g1bc543c' for dev
NS_VERSION=$(echo $VERSION | cut -d- -f2- | cut -d. -f2-)
if [[ "$NS_VERSION" =~ ^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-((0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(\+([0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*))?$ ]]; then
MAJOR="${BASH_REMATCH[1]}"
MINOR="${BASH_REMATCH[2]:-""}"
PATCH="${BASH_REMATCH[3]:-""}"
PRE_RELEASE="${BASH_REMATCH[5]:-""}"
BUILD_METADATA="${BASH_REMATCH[10]:-""}"
fi
# Publish to dev channel for tagged unstable versions and dev builds
if [ -z "$PRE_RELEASE" ]; then
REPO_CHANNEL="stable"
else
REPO_CHANNEL="dev"
fi
export REPO_CHANNEL
export OWRT_VERSION
export VERSION
# Set target architechture, default to x86_64
if [ -z "${TARGET}" ]; then
TARGET=x86_64
fi
echo "Building version $VERSION for $TARGET"
export TARGET
# Setup CI when pushing to Github.
if [[ -n "${CI}" ]]; then
# Set output value for Github Actions
echo "VERSION=$VERSION" >> "${GITHUB_ENV}"
echo "::notice title=VERSION::$VERSION"
echo "REPO_CHANNEL=$REPO_CHANNEL" >> "${GITHUB_ENV}"
echo "OWRT_VERSION=$OWRT_VERSION" >> "${GITHUB_ENV}"
echo "::notice title=REPOSITORY::$REPO_CHANNEL/$OWRT_VERSION"
echo "::notice title=TARGET::$TARGET"
fi
# Run podman with local mounted dirs
podman run -ti --name nethsec-builder \
--security-opt label=disable \
--env=USIGN_PUB_KEY --env=USIGN_PRIV_KEY \
--env=NETIFYD_ACCESS_TOKEN \
--env=VERSION --env=REPO_CHANNEL --env=OWRT_VERSION --env=TARGET \
-v ./config:/config:z -v ./files:/files:z -v ./packages:/nspackages:z -v ./patches:/patches:z \
$opts $image "$@"
# When executed inside CI, do not execute next setps on error
ret=$?
if [[ $ret -gt 0 && -n "${CI}" ]]; then
exit $ret
fi
podman cp nethsec-builder:/home/build/openwrt/bin/ $workdir/
if [ $? -eq 0 ]; then
podman rm nethsec-builder
else
echo
echo "Export of built binaries failed: the container has not been removed"
echo "To remove the container use: podman rm nethsec-builder"
echo "To re-try export built binaries: podman cp nethsec-builder:/home/build/openwrt/bin/ $workdir/"
echo
fi