diff --git a/.github/workflows/build-deb.yaml b/.github/workflows/build-deb.yaml new file mode 100644 index 0000000000..8a05bc73c9 --- /dev/null +++ b/.github/workflows/build-deb.yaml @@ -0,0 +1,126 @@ +name: Build debian packages + +on: + push: + branches: + - main + tags: + - "*" + pull_request: + +env: + UBUNTU_VERSIONS: | + ["noble", "devel"] + CARGO_VENDOR_FILTERER_VERSION: 0.5.16 + +jobs: + define-versions: + name: Define build versions + runs-on: ubuntu-latest + outputs: + ubuntu-versions: ${{ env.UBUNTU_VERSIONS }} + steps: + - run: 'true' + + build-deb-package: + name: Build ubuntu package + runs-on: ubuntu-latest + needs: define-versions + strategy: + fail-fast: false + matrix: + ubuntu-version: ${{ fromJSON(needs.define-versions.outputs.ubuntu-versions) }} + outputs: + run-id: ${{ github.run_id }} + pkg-src-changes: ${{ env.PKG_SOURCE_CHANGES }} + + steps: + - name: Checkout authd code + uses: actions/checkout@v4 + + - name: Build debian packages and sources + uses: canonical/desktop-engineering/gh-actions/common/build-debian@main + with: + docker-image: ubuntu:${{ matrix.ubuntu-version }} + extra-source-build-deps: | + ca-certificates + git + libssl-dev + extra-source-build-script: | + cargo install --locked --root=/usr \ + cargo-vendor-filterer@${{ env.CARGO_VENDOR_FILTERER_VERSION }} + command -v cargo-vendor-filterer + + check-modified-files: + name: Check modified files + runs-on: ubuntu-latest + needs: + - build-deb-package + outputs: + list: ${{ fromJSON(steps.git-diff.outputs.modified_files) }} + + steps: + - name: Checkout authd code + uses: actions/checkout@v4 + with: + fetch-depth: 100 + + - id: git-diff + name: Check modified files + run: | + set -ue + + base_ref=${{ github.event.pull_request.base.sha }} + if [ -z "${base_ref}" ]; then + base_ref=${{ github.event.before }} + fi + if [ -z "${base_ref}" ]; then + base_ref=$(git log --root --reverse -n1 --format=%H) + fi + + # Build a JSON array of modified paths. + modified_files=$(git diff --name-only "${base_ref}" HEAD | \ + while read line; do + jq -n --arg path "$line" '$path' + done | jq -n '. |= [inputs]') + echo "${modified_files}" + + escaped_json=$(echo "${modified_files}" | jq '.| tostring') + echo "modified_files=${escaped_json}" >> "${GITHUB_OUTPUT}" + + run-autopkgtests: + name: Run autopkgtests + runs-on: ubuntu-latest + needs: + - define-versions + - build-deb-package + - check-modified-files + strategy: + fail-fast: false + matrix: + ubuntu-version: ${{ fromJSON(needs.define-versions.outputs.ubuntu-versions) }} + + # Run autopkgtests only on: + # - Push events to main + # - When a file in the debian subdir is modified + # - When this file is modified + # - On new tags + # - On github release + if: ${{ (github.event_name == 'push' && github.ref == 'refs/heads/main') || + contains(needs.check-modified-files.outputs.list, 'debian/') || + contains(needs.check-modified-files.outputs.list, '.github/workflows/build-deb.yaml') || + startsWith(github.ref, 'refs/tags/') || + github.event_name == 'release' }} + + steps: + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + run-id: ${{ needs.build-deb-package.outputs.run-id }} + merge-multiple: true + + - name: Run autopkgtests + uses: canonical/desktop-engineering/gh-actions/common/run-autopkgtest@main + with: + lxd-image: ubuntu:${{ matrix.ubuntu-version }} + source-changes: ${{ needs.build-deb-package.outputs.pkg-src-changes }} diff --git a/debian/changelog b/debian/changelog index 31f05a9f26..40b4d57d98 100644 --- a/debian/changelog +++ b/debian/changelog @@ -152,7 +152,7 @@ authd (0.2) noble; urgency=medium - libc - simple_logger - tokio - * Update tools and CI dependencies not related to package + * Update tools and CI dependencies not related to package functionality - google.golang.org/protobuf diff --git a/debian/copyright b/debian/copyright index 7b116b3acb..34d759aa6d 100644 --- a/debian/copyright +++ b/debian/copyright @@ -80,10 +80,6 @@ Files: vendor/github.com/charmbracelet/* Copyright: 2019-2023 Charmbracelet, Inc License: MIT -Files: vendor/github.com/containerd/console/* -Copyright: The containerd Authors. -License: Apache-2.0 - Files: vendor/github.com/coreos/* Copyright: 2015-2018 CoreOS, Inc. / 2014 Docker, Inc. License: Apache-2.0 @@ -100,10 +96,6 @@ Files: vendor/github.com/godbus/* Copyright: 2013 Georg Reinke (), Google License: BSD-2 -Files: vendor/github.com/golang/protobuf/* -Copyright: Copyright: 2010 The Go Authors. -License: BSD-3 - Files: vendor/github.com/google/uuid/* Copyright: 2009, 2014-2017, 2021 Google Inc. License: BSD-3 @@ -244,12 +236,10 @@ Files: vendor_rust/anyhow/* vendor_rust/fastrand/* vendor_rust/fixedbitset/* vendor_rust/hermit-abi/* - vendor_rust/home/* vendor_rust/indexmap/* vendor_rust/itertools/* vendor_rust/itoa/* vendor_rust/linux-raw-sys/* - vendor_rust/num_cpus/* vendor_rust/once_cell/* vendor_rust/paste/* vendor_rust/petgraph/* @@ -291,7 +281,6 @@ License: MIT Files: vendor_rust/backtrace/* vendor_rust/cc/* vendor_rust/cfg-if/* - vendor_rust/match_cfg/* vendor_rust/rustc-demangle/* vendor_rust/socket2/* Copyright: 2014 Alex Crichton @@ -321,10 +310,6 @@ Files: vendor_rust/errno/* Copyright: 2014 Chris Wong License: MIT -Files: vendor_rust/error-chain/* -Copyright: 2017 The Error-Chain Project Developers -License: MIT - Files: vendor_rust/fnv/* Copyright: 2017 Contributors License: MIT @@ -449,10 +434,6 @@ Files: vendor_rust/tokio/* Copyright: 2019, 2023 Tokio Contributors License: MIT -Files: vendor_rust/tokio-io-timeout/* -Copyright: 2017 The tokio-io-timeout Developers -License: MIT - Files: vendor_rust/tonic/* vendor_rust/tonic-build/* Copyright: 2020 Lucio Franco @@ -468,18 +449,6 @@ Files: vendor_rust/try-lock/* Copyright: 2018 Sean McArthur / 2016 Alex Crichton License: MIT -Files: vendor_rust/version_check/* -Copyright: 2017-2018 Sergio Benitez -License: MIT - -Files: vendor_rust/which/* -Copyright: 2015 fangyuanziti -License: MIT - -Files: vendor_rust/winapi*/* -Copyright: 2015-2018 The winapi-rs Developers -License: MIT - Files: vendor_rust/windows*/* Copyright: Microsoft Corporation. License: MIT diff --git a/debian/get-depends-go-bin-path.sh b/debian/get-depends-go-bin-path.sh new file mode 100755 index 0000000000..d63a45c7b7 --- /dev/null +++ b/debian/get-depends-go-bin-path.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +set -eu + +debian_path=$(dirname "$0") +backported_go_version=$(grep-dctrl -s Build-Depends -n - "${debian_path}"/control | \ + sed -n "s,.*\bgolang-\([0-9.]\+\)\b.*,\1,p") + +if [ -n "${backported_go_version}" ]; then + echo "/usr/lib/go-${backported_go_version}/bin" +fi diff --git a/debian/rules b/debian/rules index f4e36955d8..6449654853 100755 --- a/debian/rules +++ b/debian/rules @@ -50,8 +50,7 @@ export DH_GOLANG_BUILDPKG := $(AUTHD_GO_PACKAGE)/... \ # We add the required backported version to the $PATH so that if it exists, then # we can use it. Otherwise we default to the go installed in original $PATH that # always matches with the latest available go version in the archive. -AUTHD_BACKPORTED_GO_VERSION := $(shell grep-dctrl -s Build-Depends -n - ./debian/control | sed -n "s,.*\bgolang-\([0-9.]\+\)\b.*,\1,p") -export PATH := $(shell printenv PATH):/usr/lib/go-$(AUTHD_BACKPORTED_GO_VERSION)/bin +export PATH := $(shell printenv PATH):$(shell ./debian/get-depends-go-bin-path.sh) BUILDDIR := $(CURDIR)/obj-$(DEB_HOST_GNU_TYPE) diff --git a/debian/tests/run-tests.sh b/debian/tests/run-tests.sh index 10bdda5fa4..29aeb2df73 100755 --- a/debian/tests/run-tests.sh +++ b/debian/tests/run-tests.sh @@ -6,4 +6,7 @@ export AUTHD_SKIP_EXTERNAL_DEPENDENT_TESTS=1 export GOPROXY=off export GOTOOLCHAIN=local +PATH=$PATH:$("$(dirname "$0")"/../get-depends-go-bin-path.sh) +export PATH + go test -v ./...