Commit de6adfe4 authored by georg's avatar georg

CI: Introduce job to build Debian package

This enables us to get fast(er) feedback in merge requests regarding the
Debian-side of things. It allows to spot errors and to find breaking
changes earlier.

Besides, this will reduce the time between the upstream release and the
upload to Debian. It enables to do necessary Debian packaging changes
while the new upstream version is still in development, in contrast to
postpone if after the actual release, which was the situation before
this commit.

Less pain, more joy to come. \m/

Relates #324
parent 18862ce1
......@@ -2,6 +2,7 @@
stages:
- static
- test
- debian:build
- docker
cache:
......@@ -126,3 +127,58 @@ build_docker_image:
- unset HISTFILE
- echo $CI_JOB_TOKEN | docker login -u gitlab-ci-token --password-stdin $CI_REGISTRY
- docker push $IMAGE_TAG
debian:build:
stage: debian:build
variables:
APT_INSTALL_PACKAGES: build-essential ca-certificates dpkg-dev fakeroot git git-buildpackage
<<: *setup_prerequisites
script:
# Ensure we work with the latest state pushed to the git repository.
- git fetch --all --quiet
# Setting the git user email is needed, otherwise, merging fails.
- git config user.email team@schleuder.org
# We're keeping the current Debian packaging state in a separate branch. Therefore, we need to pull in this.
- git merge --allow-unrelated-histories --no-edit --quiet origin/debian/unstable
# TODO: Find a way to integrate this into the common "APT install" step above.
# The tricky part about this: This comes in quite late, it's not available any sooner. We're relying on GitLab CI
# variables to tell APT what needs to be installed. These variables are evaluated at the very beginning of the job.
- export APT_BUILD_DEPENDS=`perl -ne 'next if /^#/; $p=(s/^Build-Depends:\s*/ / or (/^ / and $p)); s/,|\n|\([^)]+\)//mg; print if $p' < debian/control`
- apt-get install -qq -y $APT_BUILD_DEPENDS
# Get the latest upstream version from the Debian changelog. This is needed to ensure the tarball we'll create
# is found by gbp, the tool we're using to build the Debian package.
- export UPSTREAM_VERSION=`dpkg-parsechangelog --show-field Version | cut -d- -f1`
# We're relying on .gitattribute to exclude files and directories if creating the upstream release tarball
# via git archive.
# While this makes sense normally, doing so here leads to dpkg-source (which is called from gbp) being unhappy,
# due to "local changes detected, the modified files are ..." as there are some files, which don't exist in the
# tarball, but which do exist in our current working directory. Therefore, create the tarball manually (which
# ignores the existing .gitattributes file), to ensure it contains all (without the .git/ directory) content of
# the current working directory.
# Besides this, we're caching APT packages within vendor/. Currently, GitLab CI is only able to cache stuff within
# the working directory. However, again in this case, this leads to the same error as described above. Therefore,
# move the vendor/ directory temporarily out of the way. We'll move it back after the build was done, further below.
- mv vendor/ /tmp
- tar --exclude='./.git' -czf /tmp/schleuder_$UPSTREAM_VERSION.orig.tar.gz .
# Normally, we're checking the signature of the upstream release, to ensure the code we're pulling into Debian
# wasn't tampered with along the way. However, as we're creating the tarball on our own, there is no signature.
# During the check for packaging errors later on via lintian this would lead to a warning. Therefore, create a
# "dummy" signature file.
- touch /tmp/schleuder_$UPSTREAM_VERSION.orig.tar.gz.asc
# Check if we're good to go regarding the installed packages.
- dpkg-checkbuilddeps
# TODO: Use sbuild to be closer to the common Debian package build environment. This needs chroot creation upfront,
# though. Creating the chroot needs a mounted /proc filesystem. This works if running a privileged container,
# however, in our case it fails due to "mount(2) system call failed: Too many levels of symbolic links".
# I'm not sure why is that, currently, or how to solve it.
- gbp buildpackage --git-ignore-branch --git-ignore-new --git-tarball-dir=/tmp --git-upstream-branch="$CI_COMMIT_REF_NAME" --git-upstream-tree=BRANCH -us -uc --lintian-opts --no-lintian
# Move the vendor/ directory back into the current working directory to ensure it gets cached.
- mv /tmp/vendor .
# Store and upload the artifacts to make them available for the subsequent jobs.
- mkdir results
- cp ../{*.buildinfo,*.changes,*.deb,*.dsc,*.xz} /tmp/schleuder_* results/
allow_failure: true
artifacts:
expire_in: 1 day
paths:
- results/
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment