From 634946285bd3f1c2997e14467ee7756b2141e0c8 Mon Sep 17 00:00:00 2001 From: Alya Sirko Date: Sun, 4 Sep 2022 09:30:24 +0300 Subject: [PATCH] Ops: add Drone CI pipelines (debug and release) and Flakes-powered Nix shell environment (#110) Co-authored-by: Alya Sirko Reviewed-on: https://git.selfprivacy.org/kherel/selfprivacy.org.app/pulls/110 Co-authored-by: Alya Sirko Co-committed-by: Alya Sirko --- .drone.yml | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++++ flake.lock | 26 ++++++++++++ flake.nix | 22 ++++++++++ 3 files changed, 163 insertions(+) create mode 100644 .drone.yml create mode 100644 flake.lock create mode 100644 flake.nix diff --git a/.drone.yml b/.drone.yml new file mode 100644 index 00000000..eedcec9b --- /dev/null +++ b/.drone.yml @@ -0,0 +1,115 @@ +kind: pipeline +type: exec +name: Continuous Integration + +steps: + - name: Build Debug Artifacts + commands: + - flutter build apk --debug --split-per-abi + - mv build/app/outputs/flutter-apk/*-debug.apk . + - rename app pro.kherel.selfprivacy *.apk && rename debug "$DRONE_COMMIT" *.apk + - ls *.apk + +trigger: + event: + - push + - pull_request + +node: + server: builder + +--- + +kind: pipeline +type: exec +name: Release + +steps: + - name: Prepare for Build + commands: + # Reset building environment + - nixos-container stop isolated + - nixos-container start isolated + # Prepare SSH keys + - eval `ssh-agent -s` + - echo "$SSH_PRIVATE_KEY" | ssh-add - + # Copy sources to the building environment + - scp -r `pwd` builder@isolated:~ + environment: + SSH_PRIVATE_KEY: + from_secret: SSH_PRIVATE_KEY + + - name: Build Intermediate Release Artifact + commands: + # Prepare SSH keys + - eval `ssh-agent -s` + - echo "$SSH_PRIVATE_KEY" | ssh-add - + # Build intermediate release artifact + - ssh builder@isolated "cd src && flutter build apk --release" + # Fetch the release artifact + - scp builder@isolated:src/build/app/outputs/flutter-apk/app-release.apk . + environment: + SSH_PRIVATE_KEY: + from_secret: SSH_PRIVATE_KEY + + - name: Sign Release Artifact for Standalone Use + commands: + # Get app build ID + - export APP_BUILD_ID=`yq '.version' pubspec.yaml | cut -d "+" -f2` + # Prepare SSH keys + - eval `ssh-agent -s` + - echo "$SSH_PRIVATE_KEY" | ssh-add - + # Upload and sign the artifact + - scp app-release.apk builder@isolated:~ + - ssh builder@isolated "zipalign -f -v 4 app-release.apk standalone_app-release.apk && apksigner sign --ks /run/secrets/standalone-keystore --ks-key-alias standalone --ks-pass file:/run/secrets/standalone-keystore-pass standalone_app-release.apk" + # Fetch the signed artifact + - scp builder@isolated:standalone_app-release.apk standalone_pro.kherel.selfprivacy_"$APP_BUILD_ID".apk + - scp builder@isolated:standalone_app-release.apk.idsig standalone_pro.kherel.selfprivacy_"$APP_BUILD_ID".apk.idsig + environment: + SSH_PRIVATE_KEY: + from_secret: SSH_PRIVATE_KEY + + - name: Sign Release Artifact for F-Droid Repository + commands: + # Get app build ID + - export APP_BUILD_ID=`yq '.version' pubspec.yaml | cut -d "+" -f2` + # Prepare SSH keys + - eval `ssh-agent -s` + - echo "$SSH_PRIVATE_KEY" | ssh-add - + # Upload and sign the artifact + - scp app-release.apk fdroid@isolated:unsigned/pro.kherel.selfprivacy_"$APP_BUILD_ID".apk + - ssh fdroid@isolated 'export FDROID_KEY_STORE_PASS=`cat /run/secrets/fdroid-keystore-pass` && fdroid publish && fdroid update' + - scp -r fdroid@isolated:repo . + environment: + SSH_PRIVATE_KEY: + from_secret: SSH_PRIVATE_KEY + + - name: Create Release on Gitea Repository + commands: + # Get app build ID + - export APP_BUILD_ID=`yq '.version' pubspec.yaml | cut -d "+" -f2` + # Prepare tea CLI + - tea login add --token "$GITEA_RELEASE_TOKEN" --url https://git.selfprivacy.org + # Create release and push artifacts + - tea releases create --repo "$DRONE_REPO" --tag "$DRONE_SEMVER" --title "$DRONE_SEMVER" --asset standalone_pro.kherel.selfprivacy_"$APP_BUILD_ID".apk --asset standalone_pro.kherel.selfprivacy_"$APP_BUILD_ID".apk.idsig + environment: + GITEA_RELEASE_TOKEN: + from_secret: GITEA_RELEASE_TOKEN + + - name: Deploy F-Droid Repository + commands: + # Prepare SSH keys + - eval `ssh-agent -s` + - echo "$SSH_PRIVATE_KEY" | ssh-add - + # Copy the repository to the production server + - scp -r repo/* deployer@production:/var/www/fdroid.selfprivacy.org + environment: + SSH_PRIVATE_KEY: + from_secret: SSH_PRIVATE_KEY + +trigger: + event: + - tag + +node: + server: builder diff --git a/flake.lock b/flake.lock new file mode 100644 index 00000000..ca75926d --- /dev/null +++ b/flake.lock @@ -0,0 +1,26 @@ +{ + "nodes": { + "nixpkgs-unstable": { + "locked": { + "lastModified": 1662019588, + "narHash": "sha256-oPEjHKGGVbBXqwwL+UjsveJzghWiWV0n9ogo1X6l4cw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2da64a81275b68fdad38af669afeda43d401e94b", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, + "root": { + "inputs": { + "nixpkgs-unstable": "nixpkgs-unstable" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 00000000..ed8dad75 --- /dev/null +++ b/flake.nix @@ -0,0 +1,22 @@ +{ + inputs.nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; + + outputs = { self, nixpkgs-unstable }: + let + pkgs = import nixpkgs-unstable { config.allowUnfree = true; config.android_sdk.accept_license = true; }; + androidComposition = pkgs.androidenv.composeAndroidPackages { + toolsVersion = "26.1.1"; + platformToolsVersion = "33.0.2"; + buildToolsVersions = [ "30.0.3" ]; + platformVersions = [ "31" "30" "29" ]; + }; + in { + devShell.x86_64-linux = pkgs.mkShell { + JAVA_HOME = "${pkgs.openjdk11_headless.home}"; + ANDROID_HOME = "${androidComposition.androidsdk}/libexec/android-sdk"; + ANDROID_SDK_ROOT = "${androidComposition.androidsdk}/libexec/android-sdk"; + + buildInputs = with pkgs; [ bash git androidComposition.androidsdk flutter openjdk11_headless ]; + }; + }; +}