diff --git a/.github/workflows/pkg-rpm.yml b/.github/workflows/pkg-rpm.yml deleted file mode 100644 index 2be68f2..0000000 --- a/.github/workflows/pkg-rpm.yml +++ /dev/null @@ -1,308 +0,0 @@ -# GitHub Actions workflow for building and testing Routinator O/S RPM packages. -# Uses GitHub Actions caching to avoid rebuilding Rust cargo-generate-rpm and -# Routinator dependencies on every run. -# -# Note: at the time of writing the GH cache contents expire after a -# week if not used so the next build may be much slower as it will -# have to re-download/build/install lots of Rust crates. -# -# Packages are built inside Docker containers as GH Runners have extra libraries -# and packages installed which can cause package building to succeed but package -# installation on a real target O/S to fail, due to being built against too -# recent version of a package such as libssl or glibc. -# -# Packages are tested inside LXC/LXD containers because Docker containers don't -# by default support init managers such as systemd but we want to test systemd -# service unit installation and activation. - -name: Packaging RPM -on: - push: - branches: - - main - tags: - - v* - -defaults: - run: - # see: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#using-a-specific-shell - shell: bash --noprofile --norc -eo pipefail -x {0} - -jobs: - # Use the cargo-generate-rpm Rust crate to build an RPM package for installing - # Routinator. See: https://github.com/cat-in-136/cargo-generate-rpm - rpm-pkg: - strategy: - matrix: - image: # can't use complex values here, only primitive values are allowed - - "centos:7" - - "centos:8" - env: - CARGO_GENERATE_RPM_VER: 0.4.0 - # A Routinator version of the form 'x.y.z-dev' denotes a dev build that is - # newer than the released x.y.z version but is not yet a new release. - NEXT_VER_LABEL: dev - name: rpm-pkg - runs-on: ubuntu-latest - # Build on the oldest platform we are targeting in order to avoid - # https://github.com/rust-lang/rust/issues/57497. Specifying container - # causes all of the steps in this job to run inside a Docker container. - container: ${{ matrix.image }} - - steps: - - name: Set vars - id: setvars - shell: bash - run: | - # Get the operating system and release name (e.g. centos and 7) from - # the image name (e.g. centos:7) by extracting only the parts before - # and after but not including the colon: - echo "OS_NAME=${MATRIX_IMAGE%:*}" >> $GITHUB_ENV - echo "OS_REL=${MATRIX_IMAGE#*:}" >> $GITHUB_ENV - env: - MATRIX_IMAGE: ${{ matrix.image }} - - # Git clone the Routinator code in the branch we were invoked on. - - name: Checkout repository - uses: actions/checkout@v1 - - # Install Rust the hard way rather than using a GH Action because the action - # doesn't work inside a Docker container. - - name: Install Rust - run: | - yum update -y - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --profile minimal -y - echo "$HOME/.cargo/bin" >> $GITHUB_PATH - - - name: Install compilation and other dependencies - run: | - yum install epel-release -y - yum update -y - yum install -y jq rpmlint - yum groupinstall -y "Development Tools" - - # Speed up Routinator Rust builds by caching unchanged built dependencies. - # See: https://github.com/actions/cache/blob/master/examples.md#rust---cargo - - name: Cache Dot Cargo - uses: actions/cache@v2 - with: - path: | - ~/.cargo/registry - ~/.cargo/git - target - key: ${{ matrix.image }}-cargo-${{ hashFiles('**/Cargo.lock') }} - - # Speed up cargo-generate-rpm installation by only re-downloading and re-building its - # dependent crates if we change the version of cargo-generate-rpm that we are using. - - name: Cache Cargo Generate RPM binary - id: cache-cargo-generate-rpm - uses: actions/cache@v2 - with: - path: ~/.cargo/bin/cargo-generate-rpm - key: ${{ matrix.image }}-cargo-generate-rpm-${{ env.CARGO_GENERATE_RPM_VER }} - - # Only install cargo-generate-rpm if not already fetched from the cache. - - name: Install Cargo Generate RPM - if: steps.cache-cargo-generate-rpm.outputs.cache-hit != 'true' - run: | - # Temporary workaround for https://github.com/cat-in-136/cargo-generate-rpm/issues/21 - rustup toolchain install 1.52.0 - cargo +1.52.0 install cargo-generate-rpm --version ${CARGO_GENERATE_RPM_VER} --locked - - # Instruct cargo-generate-rpm to build the RPM package using the config section - # in Cargo.toml. - - name: Create the RPM package - run: | - # Handle the release candidate case where the version string needs to have - # dash replaced by tilda. The cargo build command won't work if the version - # key in Cargo.toml contains a tilda but we have to put the tilda there for - # when we run cargo generate-rpm so that it uses it. - # - # For background on RPM versioning see: - # https://docs.fedoraproject.org/en-US/packaging-guidelines/Versioning/ - # - # Finally, sometimes we want a version to be NEWER than the latest - # release but without having to decide what higher semver number to bump - # to. In this case we do NOT want dash '-' to become '~' because `-` - # is treated as higher and tilda is treated as lower. - ROUTINATOR_VER=$(cargo read-manifest | jq -r '.version') - ROUTINATOR_NEW_VER=$(echo $ROUTINATOR_VER | tr '-' '~') - RPM_ROUTINATOR_VER=$(echo $ROUTINATOR_NEW_VER | sed -e "s/~$NEXT_VER_LABEL/-$NEXT_VER_LABEL/") - - # Build and strip Routinator as cargo generate-rpm doesn't do this for us - cargo build --release --locked - strip -s target/release/routinator - - # Fix the version string to be used for the RPM package - sed -i -e "s/$ROUTINATOR_VER/$RPM_ROUTINATOR_VER/" Cargo.toml - - # Select the correct systemd service unit file for the target operating system - case ${MATRIX_IMAGE} in - centos:7) - SYSTEMD_SERVICE_UNIT_FILE="routinator-minimal.routinator.service" - ;; - *) - SYSTEMD_SERVICE_UNIT_FILE="routinator.routinator.service" - ;; - esac - - # Copy the chosen systemd service unit file to where Cargo.toml expects it to be - mkdir -p target/rpm - cp pkg/common/${SYSTEMD_SERVICE_UNIT_FILE} target/rpm/routinator.service - - cargo generate-rpm - env: - MATRIX_IMAGE: ${{ matrix.image }} - - # See what rpmlint thinks of our package. - - name: Verify the RPM package - run: | - # cargo generate-rpm creates RPMs that rpmlint considers to have - # errors so don't use the rpmlint exit code otherwise we will always - # abort the workflow. - rpmlint target/generate-rpm/*.rpm || true - - # Upload the produced RPM package. The artifact will be available - # via the GH Actions job summary and build log pages, but only to - # users logged in to GH with sufficient rights in this project. The - # uploaded artifact is also downloaded by the next job (see below) - # to sanity check that it can be installed and results in a working - # Routinator installation. - - name: Upload RPM package - uses: actions/upload-artifact@v2 - with: - name: ${{ env.OS_NAME }}_${{ env.OS_REL }} - path: target/generate-rpm/*.rpm - - # Download and sanity check on target operating systems the packages created - # by previous jobs (see above). Don't test on GH runners as they come with - # lots of software and libraries pre-installed and thus are not representative - # of the actual deployment targets, nor do GH runners support all targets that - # we want to test. Don't test in Docker containers as they do not support - # systemd. - rpm-pkg-test: - name: rpm-pkg-test - needs: rpm-pkg - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - image: # can't use complex values here, only primitive values are allowed - - "centos:7" - - "centos:8" - steps: - # Set some environment variables that will be available to "run" steps below - # in this job, and some output variables that will be available in GH Action - # step definitions below. - - name: Set vars - id: setvars - shell: bash - run: | - # Get the operating system and release name (e.g. centos and 7) from - # the image name (e.g. centos:7) by extracting only the parts before - # and after but not including the colon: - OS_NAME=${MATRIX_IMAGE%:*} - OS_REL=${MATRIX_IMAGE#*:} - - echo "OS_NAME=${OS_NAME}" >> $GITHUB_ENV - echo "OS_REL=${OS_REL}" >> $GITHUB_ENV - echo "LXC_IMAGE=images:${OS_NAME}/${OS_REL}/cloud" >> $GITHUB_ENV - env: - MATRIX_IMAGE: ${{ matrix.image }} - - - name: Download RPM package - uses: actions/download-artifact@v2 - with: - name: ${{ env.OS_NAME }}_${{ env.OS_REL }} - - - name: Add current user to LXD group - run: | - sudo usermod --append --groups lxd $(whoami) - - - name: Initialize LXD - run: | - sudo lxd init --auto - - - name: Check LXD configuration - run: | - sg lxd -c "lxc info" - - # Use of IPv6 sometimes prevents yum update being able to resolve mirrorlist.centos.org - - name: Disable LXD assignment of IPv6 addresses - run: | - sg lxd -c "lxc network set lxdbr0 ipv6.address none" - - - name: Launch LXC container - run: | - # security.nesting=true is needed to avoid error "Failed to set up mount - # namespacing: Permission denied". - sg lxd -c "lxc launch ${LXC_IMAGE} -c security.nesting=true testcon" - - # Run yum update and install man and sudo support (missing in some LXC/LXD - # O/S images) but first wait for cloud-init to finish otherwise the network - # isn't yet ready. Don't use cloud-init status --wait as that isn't supported - # on older O/S's. - - name: Prepare container - shell: bash - run: | - echo "Waiting for cloud-init.." - while ! sudo lxc exec testcon -- ls -la /var/lib/cloud/data/result.json; do - sleep 1s - done - sg lxd -c "lxc exec testcon -- yum update -y" - sg lxd -c "lxc exec testcon -- yum install -y man" - - - name: Copy RPM into LXC container - run: | - RPM_FILE=$(ls -1 *.rpm) - sg lxd -c "lxc file push ${RPM_FILE} testcon/tmp/" - echo "RPM_FILE=${RPM_FILE}" >> $GITHUB_ENV - - - name: Install new RPM package - run: | - sg lxd -c "lxc exec testcon -- yum install -y /tmp/${RPM_FILE}" - - - name: Test installed packages - run: | - echo -e "\nROUTINATOR VERSION:" - sg lxd -c "lxc exec testcon -- routinator --version" - - echo -e "\nROUTINATOR CONF:" - sg lxd -c "lxc exec testcon -- cat /etc/routinator/routinator.conf" - - echo -e "\nROUTINATOR DATA DIR:" - sg lxd -c "lxc exec testcon -- ls -la /var/lib/routinator" - - echo -e "\nROUTINATOR SERVICE STATUS BEFORE ENABLE:" - sg lxd -c "lxc exec testcon -- systemctl status routinator || true" - - echo -e "\nINIT ROUTINATOR:" - sg lxd -c "lxc exec testcon -- routinator-init --accept-arin-rpa" - - echo -e "\nROUTINATOR DATA DIR AFTER INIT:" - sg lxd -c "lxc exec testcon -- ls -la /var/lib/routinator" - - echo -e "\nENABLE ROUTINATOR SERVICE:" - sg lxd -c "lxc exec testcon -- systemctl enable routinator" - - echo -e "\nROUTINATOR SERVICE STATUS AFTER ENABLE:" - sg lxd -c "lxc exec testcon -- systemctl status routinator || true" - - echo -e "\nSTART ROUTINATOR SERVICE:" - sg lxd -c "lxc exec testcon -- systemctl start routinator" - - sleep 15s - echo -e "\nROUTINATOR LOGS AFTER START:" - sg lxd -c "lxc exec testcon -- journalctl --unit=routinator" - - echo -e "\nROUTINATOR SERVICE STATUS AFTER START:" - sg lxd -c "lxc exec testcon -- systemctl status routinator" - - echo -e "\nROUTINATOR MAN PAGE:" - sg lxd -c "lxc exec testcon -- man -P cat routinator" - - echo -e "\nROUTINATOR TALS DIR:" - sg lxd -c "lxc exec testcon -- ls -la /var/lib/routinator/tals/" - - echo -e "\nROUTINATOR RPKI CACHE DIR (first 20 lines of ls output only):" - sg lxd -c "lxc exec testcon -- ls -ltR /var/lib/routinator/rpki-cache/ | head -n 20"