Ops: refactor CI/CD pipeline, isolated Podman environment, various Linux builds (#112)

- New Podman-based building environment
  - caches everything
  - can build artifacts without the Internet
  - rootless, needs no system capabilities (only when uses FUSE, well)
  - the cost is it's VERY HUGE, but useful
- Refactored CI/CD pipeline
  - now it's a Python script, not a bunch of shell commands
  - optional nix flake for development environment and building a derivation
  - uploads all artifacts as a Gitea release
- New targets
  - AppImage bundle
  - Flatpak bundle
  - simple archive with binaries

Co-authored-by: Alya Sirko <alya@selfprivacy.org>
Reviewed-on: https://git.selfprivacy.org/kherel/selfprivacy.org.app/pulls/112
Reviewed-by: Inex Code <inex.code@selfprivacy.org>
Co-authored-by: Alya Sirko <alya.sirko@tuta.io>
Co-committed-by: Alya Sirko <alya.sirko@tuta.io>
This commit is contained in:
Alya Sirko 2022-09-10 18:10:27 +03:00 committed by Inex Code
parent 634946285b
commit 78f6dff028
8 changed files with 560 additions and 90 deletions

View file

@ -3,12 +3,13 @@ type: exec
name: Continuous Integration name: Continuous Integration
steps: steps:
- name: Build Debug Artifacts - name: Prepare
commands: commands:
- flutter build apk --debug --split-per-abi - ln -s /var/lib/drone-runner-exec/.local $HOME/.local
- mv build/app/outputs/flutter-apk/*-debug.apk .
- rename app pro.kherel.selfprivacy *.apk && rename debug "$DRONE_COMMIT" *.apk - name: Build
- ls *.apk commands:
- ./ci.py --run-ci-build
trigger: trigger:
event: event:
@ -25,84 +26,89 @@ type: exec
name: Release name: Release
steps: steps:
- name: Prepare for Build - name: Prepare
commands: commands:
# Reset building environment - ln -s /var/lib/drone-runner-exec/.local $HOME/.local
- nixos-container stop isolated - if podman volume exists src; then podman volume rm -f src; podman volume create src; else podman volume create src; fi
- nixos-container start isolated - git archive --format=tar HEAD | podman volume import src -
# Prepare SSH keys
- eval `ssh-agent -s`
- echo "$SSH_PRIVATE_KEY" | ssh-add -
# Copy sources to the building environment
- scp -r `pwd` builder@isolated:~
environment:
SSH_PRIVATE_KEY:
from_secret: SSH_PRIVATE_KEY
- name: Build Intermediate Release Artifact - name: Build Intermediate Linux Release Artifact (Binary)
commands: commands:
# Prepare SSH keys - ./ci.py --build-linux
- eval `ssh-agent -s`
- echo "$SSH_PRIVATE_KEY" | ssh-add -
# Build intermediate release artifact
- ssh builder@isolated "cd src && flutter build apk --release"
# Fetch the release artifact
- scp builder@isolated:src/build/app/outputs/flutter-apk/app-release.apk .
environment: environment:
SSH_PRIVATE_KEY: STANDALONE_KEYSTORE_PASS:
from_secret: SSH_PRIVATE_KEY from_secret: STANDALONE_KEYSTORE_PASS
FDROID_KEYSTORE_PASS:
from_secret: FDROID_KEYSTORE_PASS
- name: Sign Release Artifact for Standalone Use - name: Build Intermediate Android Release Artifact (.APK)
commands: commands:
# Get app build ID - ./ci.py --build-apk
- export APP_BUILD_ID=`yq '.version' pubspec.yaml | cut -d "+" -f2`
# Prepare SSH keys
- eval `ssh-agent -s`
- echo "$SSH_PRIVATE_KEY" | ssh-add -
# Upload and sign the artifact
- scp app-release.apk builder@isolated:~
- ssh builder@isolated "zipalign -f -v 4 app-release.apk standalone_app-release.apk && apksigner sign --ks /run/secrets/standalone-keystore --ks-key-alias standalone --ks-pass file:/run/secrets/standalone-keystore-pass standalone_app-release.apk"
# Fetch the signed artifact
- scp builder@isolated:standalone_app-release.apk standalone_pro.kherel.selfprivacy_"$APP_BUILD_ID".apk
- scp builder@isolated:standalone_app-release.apk.idsig standalone_pro.kherel.selfprivacy_"$APP_BUILD_ID".apk.idsig
environment: environment:
SSH_PRIVATE_KEY: STANDALONE_KEYSTORE_PASS:
from_secret: SSH_PRIVATE_KEY from_secret: STANDALONE_KEYSTORE_PASS
FDROID_KEYSTORE_PASS:
from_secret: FDROID_KEYSTORE_PASS
- name: Sign Release Artifact for F-Droid Repository - name: Sign Android Release Artifact (.APK) for Standalone Use
commands: commands:
# Get app build ID - ./ci.py --sign-apk-standalone
- export APP_BUILD_ID=`yq '.version' pubspec.yaml | cut -d "+" -f2`
# Prepare SSH keys
- eval `ssh-agent -s`
- echo "$SSH_PRIVATE_KEY" | ssh-add -
# Upload and sign the artifact
- scp app-release.apk fdroid@isolated:unsigned/pro.kherel.selfprivacy_"$APP_BUILD_ID".apk
- ssh fdroid@isolated 'export FDROID_KEY_STORE_PASS=`cat /run/secrets/fdroid-keystore-pass` && fdroid publish && fdroid update'
- scp -r fdroid@isolated:repo .
environment: environment:
SSH_PRIVATE_KEY: STANDALONE_KEYSTORE_PASS:
from_secret: SSH_PRIVATE_KEY from_secret: STANDALONE_KEYSTORE_PASS
FDROID_KEYSTORE_PASS:
from_secret: FDROID_KEYSTORE_PASS
- name: Create Release on Gitea Repository - name: Sign Android Release Artifact (.APK) for F-Droid Repository
commands: commands:
# Get app build ID - ./ci.py --sign-apk-fdroid
- export APP_BUILD_ID=`yq '.version' pubspec.yaml | cut -d "+" -f2` environment:
# Prepare tea CLI STANDALONE_KEYSTORE_PASS:
- tea login add --token "$GITEA_RELEASE_TOKEN" --url https://git.selfprivacy.org from_secret: STANDALONE_KEYSTORE_PASS
# Create release and push artifacts FDROID_KEYSTORE_PASS:
- tea releases create --repo "$DRONE_REPO" --tag "$DRONE_SEMVER" --title "$DRONE_SEMVER" --asset standalone_pro.kherel.selfprivacy_"$APP_BUILD_ID".apk --asset standalone_pro.kherel.selfprivacy_"$APP_BUILD_ID".apk.idsig from_secret: FDROID_KEYSTORE_PASS
- name: Package Linux AppImage Artifact
commands:
- ./ci.py --package-linux-appimage
- name: Package Linux Flatpak Artifact
commands:
- ./ci.py --package-linux-flatpak
- name: Package Linux Archive Artifact
commands:
- ./ci.py --package-linux-archive
trigger:
event:
- tag
node:
server: builder
---
kind: pipeline
type: exec
name: Deploy
steps:
- name: Prepare
commands:
- ln -s /var/lib/drone-runner-exec/.local $HOME/.local
- podman unshare podman volume mount src
- name: Create Release and Deploy Artifacts
commands:
- podman unshare ./ci.py --deploy-gitea-release
environment: environment:
GITEA_RELEASE_TOKEN: GITEA_RELEASE_TOKEN:
from_secret: GITEA_RELEASE_TOKEN from_secret: GITEA_RELEASE_TOKEN
- name: Deploy F-Droid Repository - name: Deploy F-Droid Repo
commands: commands:
# Prepare SSH keys - podman unshare ./ci.py --deploy-fdroid-repo
- eval `ssh-agent -s`
- echo "$SSH_PRIVATE_KEY" | ssh-add -
# Copy the repository to the production server
- scp -r repo/* deployer@production:/var/www/fdroid.selfprivacy.org
environment: environment:
SSH_PRIVATE_KEY: SSH_PRIVATE_KEY:
from_secret: SSH_PRIVATE_KEY from_secret: SSH_PRIVATE_KEY
@ -113,3 +119,6 @@ trigger:
node: node:
server: builder server: builder
depends_on:
- Release

48
Dockerfile Normal file
View file

@ -0,0 +1,48 @@
FROM ubuntu:22.04
ENV PACKAGES "build-essential openjdk-11-jdk-headless clang cmake curl git jq libblkid1 libblkid-dev libc6 libc6-dev libc-bin libcrypt1 libdbus-1-3 libexpat1 libffi7 libgcc-s1 libgcrypt20 libgcrypt20-dev libglib2.0-0 libglib2.0-dev libglu1-mesa libgpg-error0 libgtk-3-0 libgtk-3-dev liblz4-1 liblz4-dev liblzma5 liblzma-dev libmount1 libpcre3 libselinux1 libsepol2 libstdc++-10-dev libstdc++6 libuuid1 ninja-build pkg-config rsync unzip xz-utils zlib1g unzip libsecret-1-dev libsecret-tools libsecret-1-0 libjsoncpp-dev fuse flatpak-builder binutils coreutils desktop-file-utils fakeroot fuse libgdk-pixbuf2.0-dev patchelf python3-pip python3-setuptools squashfs-tools strace util-linux zsync"
ENV ANDROID_SDK_TOOLS_VERSION "commandlinetools-linux-8512546_latest"
ENV ANDROID_SDK_TOOLS_URL "https://dl.google.com/android/repository/commandlinetools-linux-8512546_latest.zip"
ENV FLUTTER_VERSION "flutter_linux_3.3.1-stable"
ENV FLUTTER_URL "https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_3.3.1-stable.tar.xz"
ENV FREEDESKTOP_SDK_VERSION "22.08"
# Update packages
RUN apt-get update && apt-get upgrade -y && apt-get install -y $PACKAGES
# Add a non-privileged user
RUN useradd -d /var/lib/builder -m -r -s /bin/bash builder
USER builder
WORKDIR /var/lib/builder
# Install Android SDK
ADD --chown=builder $ANDROID_SDK_TOOLS_URL .
RUN mkdir -p android-sdk/cmdline-tools && unzip $ANDROID_SDK_TOOLS_VERSION.zip \
&& rm $ANDROID_SDK_TOOLS_VERSION.zip && mv cmdline-tools android-sdk/cmdline-tools/latest
# Install Flutter
ADD --chown=builder $FLUTTER_URL .
RUN tar -vxf $FLUTTER_VERSION.tar.xz && rm $FLUTTER_VERSION.tar.xz
ENV ANDROID_HOME "/var/lib/builder/android-sdk"
ENV ANDROID_SDK_ROOT "/var/lib/builder/android-sdk"
ENV PATH "$PATH:$ANDROID_SDK_ROOT/cmdline-tools/latest/bin:/var/lib/builder/flutter/bin:/var/lib/builder/.local/bin"
# Install needed Android SDK packages
RUN yes | sdkmanager 'build-tools;30.0.3' 'platforms;android-29' 'platforms;android-30' 'platforms;android-31'
# Prepare dependencies for offline build
RUN git clone --depth=1 --single-branch https://git.selfprivacy.org/kherel/selfprivacy.org.app.git deps
WORKDIR /var/lib/builder/deps
RUN flutter build linux
RUN flutter build apk
WORKDIR /var/lib/builder
RUN rm -rf deps
# Install AppImage Builder
RUN pip3 install --user appimage-builder
# Install Flatpak dependencies
RUN flatpak --user remote-add flathub https://flathub.org/repo/flathub.flatpakrepo \
&& flatpak --user install -y org.freedesktop.Sdk/x86_64/$FREEDESKTOP_SDK_VERSION \
org.freedesktop.Platform/x86_64/$FREEDESKTOP_SDK_VERSION

53
appimage.yml Normal file
View file

@ -0,0 +1,53 @@
# appimage-builder recipe see https://appimage-builder.readthedocs.io for details
version: 1
script:
- rm -rf AppDir || true
- cp -r build/linux/x64/release/bundle AppDir
- install -Dm644 assets/images/icon/logo.svg AppDir/usr/share/icons/hicolor/scalable/apps/pro.kherel.selfprivacy.svg
AppDir:
path: AppDir
app_info:
id: pro.kherel.selfprivacy
name: SelfPrivacy
icon: pro.kherel.selfprivacy
version: 0.6.0
exec: selfprivacy
exec_args: $@
apt:
arch:
- amd64
allow_unauthenticated: true
sources:
- sourceline: deb http://archive.ubuntu.com/ubuntu/ jammy main restricted
- sourceline: deb http://archive.ubuntu.com/ubuntu/ jammy-updates main restricted
- sourceline: deb http://archive.ubuntu.com/ubuntu/ jammy universe
- sourceline: deb http://archive.ubuntu.com/ubuntu/ jammy-updates universe
- sourceline: deb http://archive.ubuntu.com/ubuntu/ jammy multiverse
- sourceline: deb http://archive.ubuntu.com/ubuntu/ jammy-updates multiverse
- sourceline: deb http://archive.ubuntu.com/ubuntu/ jammy-backports main restricted universe multiverse
- sourceline: deb http://security.ubuntu.com/ubuntu/ jammy-security main restricted
- sourceline: deb http://security.ubuntu.com/ubuntu/ jammy-security universe
- sourceline: deb http://security.ubuntu.com/ubuntu/ jammy-security multiverse
include:
- libjsoncpp-dev
- libsecret-1-0
- xdg-desktop-portal
test:
fedora-30:
image: appimagecrafters/tests-env:fedora-30
command: ./AppRun
debian-stable:
image: appimagecrafters/tests-env:debian-stable
command: ./AppRun
archlinux-latest:
image: appimagecrafters/tests-env:archlinux-latest
command: ./AppRun
centos-7:
image: appimagecrafters/tests-env:centos-7
command: ./AppRun
ubuntu-xenial:
image: appimagecrafters/tests-env:ubuntu-xenial
command: ./AppRun
AppImage:
arch: x86_64
update-information: guess

View file

@ -0,0 +1,9 @@
<svg width="186" height="186" viewBox="0 0 186 186" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M181.85 0H179.81C180.898 0 181.782 0.882482 181.782 1.96861V180.23C181.782 181.316 180.898 182.199 179.81 182.199H14.7574C13.6692 182.199 12.7852 181.316 12.7852 180.23V181.859C12.7852 184.167 14.6893 186 16.9336 186H181.85C184.162 186 185.998 184.167 185.998 181.859V4.14088C186.066 1.83285 184.162 0 181.85 0Z" fill="#EFCD29"/>
<path d="M87.0484 106.577C87.1164 106.577 87.1164 106.645 87.1164 106.645L81.1999 131.287H105.478L99.5617 106.645C99.5617 106.577 99.5617 106.577 99.6297 106.577C105.138 104.133 109.015 98.6347 109.015 92.2537C109.015 80.9172 96.9774 72.4318 84.9402 78.8129C82.832 79.9669 80.9958 81.7318 79.9077 83.8362C74.7392 93.4756 79.2277 103.183 87.0484 106.577Z" fill="#FFDD00"/>
<path d="M87.0484 106.577C87.1164 106.577 87.1164 106.645 87.1164 106.645L81.1999 131.287H105.478L99.5617 106.645C99.5617 106.577 99.5617 106.577 99.6297 106.577C105.138 104.133 109.015 98.6347 109.015 92.2537C109.015 80.9172 96.9774 72.4318 84.9402 78.8129C82.832 79.9669 80.9958 81.7318 79.9077 83.8362C74.7392 93.4756 79.2277 103.183 87.0484 106.577Z" fill="#FFDD00"/>
<path d="M14.7574 182.199H179.81C180.898 182.199 181.782 181.316 181.782 180.23V1.96861C181.782 0.882482 180.898 0 179.81 0H17.0016H14.8254C13.7372 0 12.8532 0.882482 12.8532 1.96861V4.14088V46.3642H95.2092L125.336 82.4102L127.444 84.9898V148.257H12.7852V160.612V180.23C12.7852 181.316 13.6692 182.199 14.7574 182.199Z" fill="#FFDD00"/>
<path d="M14.7574 182.199H179.81C180.898 182.199 181.782 181.316 181.782 180.23V1.96861C181.782 0.882482 180.898 0 179.81 0H17.0016H14.8254C13.7372 0 12.8532 0.882482 12.8532 1.96861V4.14088V46.3642H95.2092L125.336 82.4102L127.444 84.9898V148.257H12.7852V160.612V180.23C12.7852 181.316 13.6692 182.199 14.7574 182.199Z" fill="#FFDD00"/>
<path d="M125.336 145.677V82.4102L95.2093 46.3643H12.7853H0V145.677H125.336ZM79.9078 83.9037C81.0639 81.7993 82.8321 80.0343 84.9403 78.8803C96.9095 72.4993 109.015 80.9847 109.015 92.3212C109.015 98.7022 105.138 104.201 99.6298 106.645C99.5618 106.645 99.5618 106.712 99.5618 106.712L105.478 131.354H81.2L87.1165 106.712C87.1165 106.645 87.1165 106.645 87.0485 106.645C79.2278 103.182 74.7393 93.4752 79.9078 83.9037Z" fill="#404548"/>
<path d="M127.444 148.257V84.9902L125.336 82.4785V145.678H0L12.7853 160.68V148.257H127.444Z" fill="#333638"/>
</svg>

After

Width:  |  Height:  |  Size: 2.4 KiB

139
ci.py Executable file
View file

@ -0,0 +1,139 @@
#!/usr/bin/env python3
import os
import subprocess
import yaml
import argparse
CONTAINER_IMAGE = "localhost/flutter-build-env"
HOST_HOME = "/var/lib/drone-runner-exec"
CONTAINER_HOME = "/var/lib/builder"
APP_NAME = "pro.kherel.selfprivacy"
APP_VERSION_FULL = yaml.safe_load(open("pubspec.yaml", "r"))['version']
APP_SEMVER = APP_VERSION_FULL[:APP_VERSION_FULL.find("+")]
APP_BUILD_ID = APP_VERSION_FULL[APP_VERSION_FULL.find("+"):][1::]
HOST_MOUNTED_VOLUME = f"{HOST_HOME}/.local/share/containers/storage/volumes/src/_data"
# Environments
def podman_offline(dir, *args):
subprocess.run(["podman", "run", "--rm", "--network=none", f"--workdir={dir}",
"-v", f"src:{CONTAINER_HOME}/src:U",
"-v", f"{HOST_HOME}/fdroid:{CONTAINER_HOME}/fdroid:U",
"-v", f"{HOST_HOME}/fdroid-keystore:{CONTAINER_HOME}/fdroid/fdroid-keystore:U",
"-v", f"{HOST_HOME}/standalone-keystore:{CONTAINER_HOME}/fdroid/standalone-keystore:U",
"--env", "FDROID_KEYSTORE_PASS=" + os.environ.get('FDROID_KEYSTORE_PASS'),
"--env", "STANDALONE_KEYSTORE_PASS=" + os.environ.get('STANDALONE_KEYSTORE_PASS'),
CONTAINER_IMAGE, "bash", "-c", ' '.join(args)
])
def podman_online(dir, *args):
subprocess.run(["podman", "run", "--rm", "--privileged", f"--workdir={dir}",
"-v", f"src:{CONTAINER_HOME}/src:U",
CONTAINER_IMAGE, "bash", "-c", ' '.join(args)
])
def podman_ci(dir, *args):
subprocess.run(["podman", "run", "--rm", "--privileged", f"--workdir={dir}",
"-v", os.getcwd() + f":{CONTAINER_HOME}/src:U",
CONTAINER_IMAGE, "bash", "-c", ' '.join(args)
])
# Targets
def build_linux():
podman_offline(f"{CONTAINER_HOME}/src", "flutter pub get --offline")
podman_offline(f"{CONTAINER_HOME}/src", "flutter build linux")
def build_apk():
podman_offline(f"{CONTAINER_HOME}/src", "flutter pub get --offline")
podman_offline(f"{CONTAINER_HOME}/src", "flutter build apk")
def sign_apk_standalone():
podman_offline(f"{CONTAINER_HOME}/fdroid",
"zipalign -f -v 4 ../src/build/app/outputs/flutter-apk/app-release.apk",
f"standalone_{APP_NAME}-{APP_SEMVER}.apk")
podman_offline(f"{CONTAINER_HOME}/fdroid",
"apksigner sign --ks standalone-keystore --ks-key-alias standalone --ks-pass",
f"env:STANDALONE_KEYSTORE_PASS standalone_{APP_NAME}-{APP_SEMVER}.apk")
def sign_apk_fdroid():
podman_offline(f"{CONTAINER_HOME}/fdroid", f"rm -rf {CONTAINER_HOME}/fdroid/unsigned/*")
podman_offline(f"{CONTAINER_HOME}/fdroid",
f"test ! -f {CONTAINER_HOME}/fdroid/repo/{APP_NAME}_{APP_BUILD_ID}.apk",
"&& cp ../src/build/app/outputs/flutter-apk/app-release.apk",
f"unsigned/{APP_NAME}_{APP_BUILD_ID}.apk || echo exist")
podman_offline(f"{CONTAINER_HOME}/fdroid", "fdroid publish")
podman_offline(f"{CONTAINER_HOME}/fdroid", "fdroid update")
def package_linux_appimage():
podman_online(f"{CONTAINER_HOME}/src", "appimage-builder --recipe appimage.yml")
def package_linux_flatpak():
podman_online(f"{CONTAINER_HOME}/src", "flatpak-builder --disable-rofiles-fuse --force-clean --repo=flatpak-repo flatpak-build flatpak.yml")
podman_online(f"{CONTAINER_HOME}/src", f"flatpak build-bundle flatpak-repo {APP_NAME}-{APP_SEMVER}.flatpak pro.kherel.selfprivacy")
def package_linux_archive():
podman_online(f"{CONTAINER_HOME}/src", f"tar -C build/linux/x64/release/bundle -vacf {APP_NAME}-{APP_SEMVER}.tar.zstd .")
def deploy_gitea_release():
subprocess.run(["tea", "login", "add", "--token", os.environ.get('GITEA_RELEASE_TOKEN'),
"--url", "https://git.selfprivacy.org"])
subprocess.run(["tea", "releases", "create", "--repo", os.environ.get('DRONE_REPO'),
"--tag", os.environ.get('DRONE_SEMVER'), "--title", os.environ.get('DRONE_SEMVER'),
"--asset", f"{HOST_HOME}/fdroid/standalone_{APP_NAME}-{APP_SEMVER}.apk",
"--asset", f"{HOST_HOME}/fdroid/standalone_{APP_NAME}-{APP_SEMVER}.apk.idsig",
"--asset", f"{HOST_MOUNTED_VOLUME}/SelfPrivacy-{APP_SEMVER}-x86_64.AppImage",
"--asset", f"{HOST_MOUNTED_VOLUME}/SelfPrivacy-{APP_SEMVER}-x86_64.AppImage.zsync",
"--asset", f"{HOST_MOUNTED_VOLUME}/{APP_NAME}-{APP_SEMVER}.flatpak",
"--asset", f"{HOST_MOUNTED_VOLUME}/{APP_NAME}-{APP_SEMVER}.tar.zstd"])
def deploy_fdroid_repo():
subprocess.run([f"""eval $(ssh-agent -s) &&
echo \"$SSH_PRIVATE_KEY\" | tr -d '\r' | ssh-add - &&
scp -oStrictHostKeyChecking=no -oUserKnownHostsFile=/dev/null -r {HOST_HOME}/fdroid/repo/* deployer@selfprivacy.org:/var/www/fdroid.selfprivacy.org
"""], shell=True)
def run_ci_build():
podman_ci(f"{CONTAINER_HOME}/src", "flutter build linux --debug")
podman_ci(f"{CONTAINER_HOME}/src", "flutter build apk --debug")
# Arguments
if __name__ == "__main__":
parser = argparse.ArgumentParser()
group = parser.add_mutually_exclusive_group()
group.add_argument("--build-linux", action="store_true", help="depends on podman src volume")
group.add_argument("--build-apk", action="store_true", help="depends on podman src volume")
group.add_argument("--sign-apk-standalone", action="store_true", help="depends on $STANDALONE_KEYSTORE_PASS")
group.add_argument("--sign-apk-fdroid", action="store_true", help="depends on $FDROID_KEYSTORE_PASS")
group.add_argument("--package-linux-appimage", action="store_true")
group.add_argument("--package-linux-flatpak", action="store_true")
group.add_argument("--package-linux-archive", action="store_true")
group.add_argument("--deploy-gitea-release", action="store_true", help="depends on $GITEA_RELEASE_TOKEN")
group.add_argument("--deploy-fdroid-repo", action="store_true", help="depends on $SSH_PRIVATE_KEY")
group.add_argument("--run-ci-build", action="store_true")
args = parser.parse_args()
if args.build_linux:
build_linux()
elif args.build_apk:
build_apk()
elif args.sign_apk_standalone:
sign_apk_standalone()
elif args.sign_apk_fdroid:
sign_apk_fdroid()
elif args.package_linux_appimage:
package_linux_appimage()
elif args.package_linux_flatpak:
package_linux_flatpak()
elif args.package_linux_archive:
package_linux_archive()
elif args.deploy_gitea_release:
deploy_gitea_release()
elif args.deploy_fdroid_repo:
deploy_fdroid_repo()
elif args.run_ci_build:
run_ci_build()

View file

@ -1,23 +1,89 @@
{ {
"nodes": { "nodes": {
"nixpkgs-unstable": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1662019588, "lastModified": 1659877975,
"narHash": "sha256-oPEjHKGGVbBXqwwL+UjsveJzghWiWV0n9ogo1X6l4cw=", "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixgl": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1661367362,
"narHash": "sha256-Qc8MXcV+YCPREu8kk6oggk23ZBKLqeQRAIsLbHEviPE=",
"owner": "guibou",
"repo": "nixGL",
"rev": "7165ffbccbd2cf4379b6cd6d2edd1620a427e5ae",
"type": "github"
},
"original": {
"owner": "guibou",
"repo": "nixGL",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1660551188,
"narHash": "sha256-a1LARMMYQ8DPx1BgoI/UN4bXe12hhZkCNqdxNi6uS0g=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "441dc5d512153039f19ef198e662e4f3dbb9fd65",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1662096612,
"narHash": "sha256-R+Q8l5JuyJryRPdiIaYpO5O3A55rT+/pItBrKcy7LM4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2da64a81275b68fdad38af669afeda43d401e94b", "rev": "21de2b973f9fee595a7a1ac4693efff791245c34",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-unstable", "ref": "nixpkgs-unstable",
"type": "indirect" "type": "indirect"
} }
}, },
"root": { "root": {
"inputs": { "inputs": {
"nixpkgs-unstable": "nixpkgs-unstable" "flake-utils": "flake-utils",
"nixgl": "nixgl",
"nixpkgs": "nixpkgs_2"
} }
} }
}, },

114
flake.nix
View file

@ -1,22 +1,122 @@
{ {
inputs.nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; nixConfig.bash-prompt = "\[selfprivacy\]$ ";
outputs = { self, nixpkgs-unstable }: inputs.nixpkgs.url = "nixpkgs/nixpkgs-unstable";
inputs.flake-utils.url = "github:numtide/flake-utils";
inputs.nixgl.url = "github:guibou/nixGL";
outputs = { self, nixpkgs, flake-utils, nixgl }:
flake-utils.lib.eachDefaultSystem (system:
let let
pkgs = import nixpkgs-unstable { config.allowUnfree = true; config.android_sdk.accept_license = true; }; pkgs = import nixpkgs {
config.allowUnfree = true;
config.android_sdk.accept_license = true;
system = "x86_64-linux";
overlays = [ nixgl.overlay ];
};
androidComposition = pkgs.androidenv.composeAndroidPackages { androidComposition = pkgs.androidenv.composeAndroidPackages {
toolsVersion = "26.1.1"; toolsVersion = "26.1.1";
platformToolsVersion = "33.0.2"; platformToolsVersion = "33.0.2";
buildToolsVersions = [ "30.0.3" ]; buildToolsVersions = [ "30.0.3" ];
platformVersions = [ "31" "30" "29" ]; platformVersions = [ "31" "30" "29" ];
}; };
in {
devShell.x86_64-linux = pkgs.mkShell { buildDeps = with pkgs; [
gtk3
glib
pcre
util-linux
libselinux
libsepol
libthai
libdatrie
xorg.libXdmcp
xorg.libXtst
libxkbcommon
dbus
at-spi2-core
libsecret
jsoncpp
xorg.libX11
libepoxy
libgcrypt
libgpg-error
];
nativeBuildDeps = with pkgs; [
flutter.unwrapped
bash
curl
flutter.dart
git
unzip
which
xz
cmake
ninja
pkg-config
wrapGAppsHook
autoPatchelfHook
androidComposition.androidsdk
openjdk11_headless
clang
];
releaseDerivation = pkgs.flutter.mkFlutterApp rec {
pname = "selfprivacy";
version = "0.6.0";
vendorHash = "sha256-7cbiAyIlaz3HqEsZN/nZxaLZjseJv5CmiIHqsoGa4ZI=";
nativeBuildInputs = [ pkgs.nixgl.auto.nixGLDefault ];
src = ./.;
desktopItem = pkgs.makeDesktopItem {
name = "${pname}";
exec = "@out@/bin/${pname}";
desktopName = "SelfPrivacy";
};
postInstall = ''
rm $out/bin/$pname
printf "#!/bin/sh\n${pkgs.nixgl.auto.nixGLDefault}/bin/nixGL $out/app/${pname}" > $out/bin/$pname
patchShebangs $out/bin/$pname
chmod +x $out/bin/$pname
wrapProgram $out/bin/$pname --set PATH ${pkgs.lib.makeBinPath [ pkgs.xdg-user-dirs ]}
mkdir -p $out/share/applications
cp $desktopItem/share/applications/*.desktop $out/share/applications
substituteInPlace $out/share/applications/*.desktop --subst-var out
'';
};
in
{
packages = {
release = releaseDerivation;
};
defaultPackage = releaseDerivation;
devShell = pkgs.mkShell {
buildInputs = buildDeps;
nativeBuildInputs = nativeBuildDeps;
JAVA_HOME = "${pkgs.openjdk11_headless.home}"; JAVA_HOME = "${pkgs.openjdk11_headless.home}";
ANDROID_HOME = "${androidComposition.androidsdk}/libexec/android-sdk"; ANDROID_HOME = "${androidComposition.androidsdk}/libexec/android-sdk";
ANDROID_SDK_ROOT = "${androidComposition.androidsdk}/libexec/android-sdk"; ANDROID_SDK_ROOT = "${androidComposition.androidsdk}/libexec/android-sdk";
buildInputs = with pkgs; [ bash git androidComposition.androidsdk flutter openjdk11_headless ]; NIX_LDFLAGS = "-rpath ${pkgs.lib.makeLibraryPath buildDeps}";
}; NIX_CFLAGS_COMPILE = "-I${pkgs.xorg.libX11}/include";
LD_LIBRARY_PATH = pkgs.lib.makeLibraryPath buildDeps;
shellHook = ''
export TMP=$(mktemp -d)
export HOME="$TMP"
export PUB_CACHE=''${PUB_CACHE:-"$HOME/.pub-cache"}
export ANDROID_EMULATOR_USE_SYSTEM_LIBS=1
'';
}; };
});
} }

46
flatpak.yml Normal file
View file

@ -0,0 +1,46 @@
app-id: pro.kherel.selfprivacy
runtime: org.freedesktop.Platform
runtime-version: '22.08'
sdk: org.freedesktop.Sdk
command: selfprivacy
finish-args:
- "--share=ipc"
- "--socket=x11"
- "--socket=fallback-x11"
- "--socket=wayland"
- "--share=network"
- "--own-name=pro.kherel.selfprivacy"
modules:
- name: selfprivacy
buildsystem: simple
build-commands:
- cp -r * /app
- mkdir /app/bin
- ln -s /app/selfprivacy /app/bin/selfprivacy
- install -Dm644 logo.svg /app/share/icons/hicolor/scalable/apps/pro.kherel.selfprivacy.svg
- install -Dm644 pro.kherel.selfprivacy.desktop /app/share/applications/pro.kherel.selfprivacy.desktop
sources:
- type: dir
path: build/linux/x64/release/bundle
- type: file
path: assets/images/icon/logo.svg
- type: file
path: pro.kherel.selfprivacy.desktop
- name: libsecret
buildsystem: meson
config-opts:
- "-Dvapi=false"
- "-Dgtk_doc=false"
sources:
- type: git
url: https://gitlab.gnome.org/GNOME/libsecret.git
tag: 0.20.5
- name: libjsoncpp
buildsystem: meson
config-opts:
- "--buildtype=release"
- "--default-library=shared"
sources:
- type: git
url: https://github.com/open-source-parsers/jsoncpp.git
tag: 1.9.5