diff options
| author | Kristian Klausen <kristian@klausen.dk> | 2022-05-29 14:56:16 +0200 |
|---|---|---|
| committer | Kristian Klausen <kristian@klausen.dk> | 2022-05-29 16:34:09 +0200 |
| commit | d04c827450880f60d015e910f53da65971635b01 (patch) | |
| tree | 37067a7159a65ce79cf1630b50678608714600d7 | |
| parent | 88226fafa52f2997f00f05fbf16071f820375a13 (diff) | |
Use GitLab's package registry for releases instead of tags
It is a bit odd to use git tags for every release, when the code isn't
changing, it is just newer packages. Using GitLab's package registry[1],
means new releases can be uploaded without messing with git tags and it
is also a bit easier to purge old releases, which is needed to keep the
storage under control.
Old releases are purged after 90 days, which match the number of days
the releases are kept on the mirrors (6 releases are kept on the mirrors
and we are releasing biweekly).
[1] https://docs.gitlab.com/ee/user/packages/generic_packages/
Fix #118
| -rw-r--r-- | .gitlab-ci.yml | 60 |
1 files changed, 24 insertions, 36 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8830fa6..3e7bb28 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -6,6 +6,7 @@ stages: - build - test - publish + - cleanup shellcheck: stage: lint @@ -28,14 +29,7 @@ shfmt: before_script: - pacman -Syu --needed --noconfirm gptfdisk arch-install-scripts qemu-headless jq script: - - | - # If we're building a tagged release, use the tag (without the 'v' prefix) as the - # BUILD_VERSION. Otherwise, determine a new BUILD_VERSION. - if [[ -n "$CI_COMMIT_TAG" ]]; then - echo "BUILD_VERSION=${CI_COMMIT_TAG/v/}" > build.env - else - echo "BUILD_VERSION=$(date +%Y%m%d).$CI_JOB_ID" > build.env - fi + - echo "BUILD_VERSION=$(date +%Y%m%d).$CI_JOB_ID" > build.env - export $(< build.env) - ./build-inside-vm.sh "${BUILD_VERSION}" after_script: @@ -59,7 +53,6 @@ build: except: - master@archlinux/arch-boxes - schedules@archlinux/arch-boxes - - tags@archlinux/arch-boxes build:secure: extends: .build @@ -69,7 +62,6 @@ build:secure: only: - master@archlinux/arch-boxes - schedules@archlinux/arch-boxes - - tags@archlinux/arch-boxes test-vagrant-boxes-format: stage: test @@ -126,41 +118,37 @@ test-cloudimg-qemu: - timeout 15m sh -c "while ! sshpass -e ssh -o ConnectTimeout=2 -o StrictHostKeyChecking=no arch@localhost -p 2222 pacman -Q bat tmux tree; do sleep 1; done" - timeout 15m sh -c "while ! sshpass -e ssh -o ConnectTimeout=2 -o StrictHostKeyChecking=no arch@localhost -p 2222 test -f /runcmd_successful ; do sleep 1; done" -tag_release: - stage: publish - tags: - - secure - only: - refs: - - schedules@archlinux/arch-boxes - variables: - - $SCHEDULED_PUBLISH == "TRUE" - before_script: - - pacman -Syu --needed --noconfirm httpie - script: - - > - export ASSET_LINKS="{ \"links\": [ \ - { \"name\": \"Vagrant Cloud Release\", \"url\": \"https://app.vagrantup.com/archlinux/boxes/archlinux/versions/$BUILD_VERSION\" }, \ - { \"name\": \"Browse artifacts\", \"url\": \"https://gitlab.archlinux.org/archlinux/arch-boxes/-/jobs/artifacts/v$BUILD_VERSION/browse/output?job=build:secure\" } \ - ]}" - - http --ignore-stdin "$CI_API_V4_URL/projects/$CI_PROJECT_ID/releases" - "JOB-TOKEN:$CI_JOB_TOKEN" - "name=v$BUILD_VERSION" - "tag_name=v$BUILD_VERSION" - "ref=$CI_COMMIT_SHA" - "assets:=$ASSET_LINKS" - publish: stage: publish tags: - secure - only: - - tags@archlinux/arch-boxes + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $SCHEDULED_PUBLISH == "TRUE" before_script: - pacman -Syu --needed --noconfirm vagrant script: + - | + for file in output/*; do + base="$(basename "${file}")" + curl -sSf --header "JOB-TOKEN: ${CI_JOB_TOKEN}" --upload-file "${file}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/images/v${BUILD_VERSION}/${base}" + done - vagrant cloud auth login --token "${VAGRANT_API_TOKEN}" - vagrant cloud auth login --check - vagrant cloud box show archlinux/archlinux - vagrant cloud publish archlinux/archlinux "${BUILD_VERSION}" libvirt output/Arch-Linux-x86_64-libvirt-*.box --release -f - vagrant cloud publish archlinux/archlinux "${BUILD_VERSION}" virtualbox output/Arch-Linux-x86_64-virtualbox-*.box --release -f + +cleanup: + stage: cleanup + needs: [] + tags: + - secure + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CLEANUP_PACKAGE_REGISTRY == "TRUE" + before_script: + - pacman -Syu --noconfirm jq + script: + - | + for id in $(curl --silent --fail --show-error "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages?per_page=100&order_by=created_at&sort=asc" | jq '.[] | select(.created_at | split("T")[0] | . < (now-60*60*24*90|strflocaltime("%Y-%m-%d"))) | .id'); do + curl --silent --fail --show-error --request DELETE --header "PRIVATE-TOKEN: ${GITLAB_PROJECT_TOKEN}" "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/${id}" + done |