From f54beadaa988d133f911fa6ca9db1329a962ad46 Mon Sep 17 00:00:00 2001 From: Jason Rhinelander Date: Sat, 23 May 2020 00:36:30 -0300 Subject: [PATCH] Add tar+upload to builds.lokinet.dev of static build Relies on an SSH_KEY secret being set in the repository. Also move the linked library check to a bash script because escaping a value in jsonnet (escape once) that gets passed through yaml (escape twice) and then bash (escape again) is too painful. --- .drone.jsonnet | 17 ++++---- contrib/ci/drone-check-static-libs.sh | 13 ++++++ contrib/ci/drone-static-upload.sh | 58 +++++++++++++++++++++++++++ 3 files changed, 81 insertions(+), 7 deletions(-) create mode 100755 contrib/ci/drone-check-static-libs.sh create mode 100755 contrib/ci/drone-static-upload.sh diff --git a/.drone.jsonnet b/.drone.jsonnet index 2d15e3b3a..8be9f0e38 100644 --- a/.drone.jsonnet +++ b/.drone.jsonnet @@ -22,6 +22,7 @@ local debian_pipeline(name, image, name: 'build', image: image, [if allow_fail then "failure"]: "ignore", + environment: { SSH_KEY: { from_secret: "SSH_KEY" } }, commands: [ 'echo "man-db man-db/auto-update boolean false" | debconf-set-selections', 'apt-get update', @@ -69,13 +70,6 @@ local debian_pipeline(name, image, debian_pipeline("Ubuntu focal (amd64)", "ubuntu:focal"), debian_pipeline("Ubuntu bionic (amd64)", "ubuntu:bionic", deps='g++-8 ' + default_deps_base, cmake_extra='-DCMAKE_C_COMPILER=gcc-8 -DCMAKE_CXX_COMPILER=g++-8 -DDOWNLOAD_SODIUM=ON'), - debian_pipeline("Ubuntu bionic/static (amd64)", "ubuntu:bionic", deps='g++-8 python3-dev', - cmake_extra='-DBUILD_SHARED_LIBS=OFF -DSTATIC_LINK=ON -DCMAKE_C_COMPILER=gcc-8 -DCMAKE_CXX_COMPILER=g++-8 ' + - '-DDOWNLOAD_SODIUM=ON -DDOWNLOAD_CURL=ON -DDOWNLOAD_UV=ON -DWITH_SYSTEMD=OFF', - extra_cmds=['if ldd daemon/lokinet | grep -Ev "(linux-vdso|ld-linux-x86-64|lib(pthread|dl|rt|stdc\\\\+\\\\+|gcc_s|c|m))\\\\.so"; ' + - 'then /bin/echo -e "\\\\e[31;1mlokinet links to unexpected libraries\\\\e[0m"; false; ' + - 'else /bin/echo -e "\\\\e[32;1mNo unexpected linked libraries found\\\\e[0m"; ' + - 'fi']), // ARM builds (ARM64 and armhf) debian_pipeline("Ubuntu bionic (ARM64)", "ubuntu:bionic", arch="arm64", deps='g++-8 ' + default_deps_base, @@ -83,6 +77,15 @@ local debian_pipeline(name, image, debian_pipeline("Debian sid (ARM64)", "debian:sid", arch="arm64"), debian_pipeline("Debian buster (armhf)", "arm32v7/debian:buster", arch="arm64", cmake_extra='-DDOWNLOAD_SODIUM=ON'), + // Static build (on bionic) which gets uploaded to builds.lokinet.dev: + debian_pipeline("Static (focal amd64)", "ubuntu:bionic", deps='g++-8 python3-dev', lto=true, + cmake_extra='-DBUILD_SHARED_LIBS=OFF -DSTATIC_LINK=ON -DCMAKE_C_COMPILER=gcc-8 -DCMAKE_CXX_COMPILER=g++-8 ' + + '-DDOWNLOAD_SODIUM=ON -DDOWNLOAD_CURL=ON -DDOWNLOAD_UV=ON -DWITH_SYSTEMD=OFF', + extra_cmds=[ + '../contrib/ci/drone-check-static-libs.sh', + '../contrib/ci/drone-static-upload.sh' + ]), + // Macos build { kind: 'pipeline', diff --git a/contrib/ci/drone-check-static-libs.sh b/contrib/ci/drone-check-static-libs.sh new file mode 100755 index 000000000..040bb04ff --- /dev/null +++ b/contrib/ci/drone-check-static-libs.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +# Script used with Drone CI to check that a statically build lokinet only links against the expected +# base system libraries. Expects to be run with pwd of the build directory. + +set -o errexit + +if ldd daemon/lokinet | grep -Ev '(linux-vdso|ld-linux-x86-64|lib(pthread|dl|rt|stdc\+\+|gcc_s|c|m))\.so'; then + echo -e "\n\n\n\n\e[31;1mlokinet links to unexpected libraries\e[0m\n\n\n" + exit 1 +fi + +echo -e "\n\n\n\n\e[32;1mNo unexpected linked libraries found\e[0m\n\n\n" diff --git a/contrib/ci/drone-static-upload.sh b/contrib/ci/drone-static-upload.sh new file mode 100755 index 000000000..627bbc2d5 --- /dev/null +++ b/contrib/ci/drone-static-upload.sh @@ -0,0 +1,58 @@ +#!/bin/bash + +# Script used with Drone CI to upload build artifacts (because specifying all this in +# .drone.jsonnet is too painful). + + + +set -o errexit + +if [ -z "$SSH_KEY" ]; then + echo -e "\n\n\n\e[31;1mUnable to upload artifact: SSH_KEY not set\e[0m" + # Just warn but don't fail, so that this doesn't trigger a build failure for untrusted builds + exit 0 +fi + +echo "$SSH_KEY" >~/ssh_key + +set -o xtrace # Don't start tracing until *after* we write the ssh key + +chmod 600 ~/ssh_key + +if [ -n "$DRONE_TAG" ]; then + # For a tag build use something like `lokinet-linux-amd64-v1.2.3` + base="lokinet-linux-$DRONE_STAGE_ARCH-$DRONE_TAG" +else + # Otherwise build a length name from the datetime and commit hash, such as: + # lokinet-linux-amd64-20200522T212342Z-04d7dcc54 + base="lokinet-linux-$DRONE_STAGE_ARCH-$(date --date=@$DRONE_BUILD_CREATED +%Y%m%dT%H%M%SZ)-${DRONE_COMMIT:0:9}" +fi + +mkdir -v "$base" +mv -v daemon/lokinet "$base" +cp -av ../lokinet-bootstrap "$base" +tar cJvf "${base}.tar.xz" "$base" + +upload_to="builds.lokinet.dev/${DRONE_REPO// /_}/${DRONE_BRANCH// /_}" + +# sftp doesn't have any equivalent to mkdir -p, so we have to split the above up into a chain of +# -mkdir a/, -mkdir a/b/, -mkdir a/b/c/, ... commands. The leading `-` allows the command to fail +# without error. +upload_dirs=(${upload_to//\// }) +mkdirs= +dir_tmp="" +for p in "${upload_dirs[@]}"; do + dir_tmp="$dir_tmp$p/" + mkdirs="$mkdirs +-mkdir $dir_tmp" +done + +sftp -i ~/ssh_key -b - -o StrictHostKeyChecking=off drone@builds.lokinet.dev <