Merge pull request #3013 from ann0see/debrepo

Autobuild: Create Debian repository on release

.github/workflows/autobuild.yml

@@ -445,3 +445,98 @@ jobs:
       - name:                       Perform CodeQL Analysis
         if:                         matrix.config.run_codeql
         uses:                       github/codeql-action/analyze@v2
+
+  create_deb_repo:
+    name:                           Create files for .deb repository (if requested)
+    runs-on:                        ubuntu-22.04
+    needs:                          [create_release, release_assets]
+    if:                             needs.create_release.outputs.publish_to_release == 'true'
+    # Set permissions to allow uploading artifact, uploading to release
+    permissions:
+      checks:                       write
+      contents:                     write
+    steps:
+      - name:                       Import GPG key
+        env:
+          GPG_PRIVATE_KEY:          ${{ secrets.GPG_PRIVATE_KEY }}
+        run:                        |
+          set -eu
+
+          [[ "${GPG_PRIVATE_KEY:-}" ]] || {
+              echo "Missing Github secret GPG_PRIVATE_KEY. Please set it on GitHub to enable deb repository releases. Skipping step..."
+              echo "GPG_REPO_KEY_MISSING=true" >> ${GITHUB_ENV}
+              exit 0
+          }
+
+          echo "GPG_REPO_KEY_MISSING=false" >> ${GITHUB_ENV}
+          mkdir -p gpghome
+          chmod 700 gpghome
+          echo "${GPG_PRIVATE_KEY}" | gpg --homedir gpghome --import -
+      # Unfortunately download-artifact action doesn't support wild card downloads. Thus downloading all artifacts
+      - name:                       Download all artifacts
+        if:                         env.GPG_REPO_KEY_MISSING == 'false'
+        uses:                       actions/download-artifact@v3
+        with:
+          path:                     releasedl/
+      - name:                       Create Debian repository
+        if:                         env.GPG_REPO_KEY_MISSING == 'false'
+        run:                        |
+          set -eu
+
+          # Create and cd into repo directory
+          mkdir repo
+          mv releasedl/*.deb/*.deb repo/
+          pushd repo
+
+          # create repo files
+          apt-ftparchive packages . > Packages
+          apt-ftparchive release . > Release
+          gpg --homedir "../gpghome" --armor --yes --clearsign --output InRelease --detach-sign Release
+          gpg --homedir "../gpghome" --armor --export > "key.asc"
+
+          popd
+
+      - name:                       Upload Packages file to release
+        if:                         env.GPG_REPO_KEY_MISSING == 'false'
+        id:                         deb-upload-packagesfile
+        uses:                       actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN:             ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url:               ${{ needs.create_release.outputs.upload_url }}
+          asset_path:               repo/Packages
+          asset_name:               Packages
+          asset_content_type:       text/plain
+      - name:                       Upload Release file to release
+        if:                         env.GPG_REPO_KEY_MISSING == 'false'
+        id:                         deb-upload-releasefile
+        uses:                       actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN:             ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url:               ${{ needs.create_release.outputs.upload_url }}
+          asset_path:               repo/Release
+          asset_name:               Release
+          asset_content_type:       message/rfc822
+      - name:                       Upload InRelease file to release
+        if:                         env.GPG_REPO_KEY_MISSING == 'false'
+        id:                         deb-upload-inreleasefile
+        uses:                       actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN:             ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url:               ${{ needs.create_release.outputs.upload_url }}
+          asset_path:               repo/InRelease
+          asset_name:               InRelease
+          asset_content_type:       text/PGP
+      - name:                       Upload Key file to release
+        if:                         env.GPG_REPO_KEY_MISSING == 'false'
+        id:                         deb-upload-keyascfile
+        uses:                       actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN:             ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url:               ${{ needs.create_release.outputs.upload_url }}
+          asset_path:               repo/key.asc
+          asset_name:               key.asc
+          asset_content_type:       application/pgp-keys

linux/setup_repo.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+
+# This script installs a Jamulus repository to Debian based systems
+
+if [[ ${EUID} -ne 0 ]]; then
+     echo "Error: This script must be run as root."
+     exit 1
+fi
+
+REPO_FILE=/etc/apt/sources.list.d/jamulus.list
+KEY_FILE=/etc/apt/trusted.gpg.d/jamulus.asc
+GITHUB_REPOSITORY="jamulussoftware/jamulus"
+
+echo "Setting up Jamulus repo at ${REPO_FILE}..."
+echo "deb https://github.com/${GITHUB_REPOSITORY}/releases/latest/download/ ./" > ${REPO_FILE}
+echo "Installing Jamulus GPG key at ${KEY_FILE}..."
+curl --fail --show-error -sLo "${KEY_FILE}" https://github.com/${GITHUB_REPOSITORY}/releases/latest/download/key.asc
+
+CURL_EXITCODE=$?
+if [[ ${CURL_EXITCODE} -ne 0 ]]; then
+      echo "Error: Download of gpg key failed. Please try again later."
+      exit ${CURL_EXITCODE}
+fi
+
+echo "Running apt update..."
+apt -qq update
+echo "You should now be able to install a full Jamulus package via"
+echo "  apt install jamulus"
+echo "or a server-only, dependency-reduced build via"
+echo "  apt install jamulus-headless"
+echo
+echo "This package will automatically be updated when you perform system updates."