From c5f442616ee68acda82e3591652f51cd66cf071c Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Wed, 12 Mar 2025 14:05:48 +0100 Subject: [PATCH] gitlab-ci: "PUBLISH" job to test in the signing server's setup --- .gitlab-ci.yml | 64 ++++++++++++++++++++++++++++++++++++++++++++++++ tests/config.yml | 2 ++ 2 files changed, 66 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6ebc12da..2e48c0bb 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -710,3 +710,67 @@ docker: fi - docker push $RELEASE_IMAGE - docker push $RELEASE_IMAGE-bookworm + + +# PUBLISH is the signing server. It has a very minimal manual setup. +PUBLISH: + image: debian:bullseye-backports + script: + - apt-get update + - apt-get -qy upgrade + - apt-get -qy install --no-install-recommends -t bullseye-backports + androguard + apksigner + curl + default-jdk-headless + git + gpg + gpg-agent + python3-asn1crypto + python3-defusedxml + python3-git + python3-ruamel.yaml + python3-yaml + rsync + + # Run only relevant parts of the test suite, other parts will fail + # because of this minimal base setup. + - python3 -m unittest + tests/test_gpgsign.py + tests/test_metadata.py + tests/test_publish.py + tests/test_signindex.py + + - cd tests + - mkdir archive + - mkdir unsigned + - cp urzip-release-unsigned.apk unsigned/info.guardianproject.urzip_100.apk + - grep '^key.*pass' config.yml | sed 's,\x3a ,=,' > $CI_PROJECT_DIR/variables + - sed -Ei 's,^(key.*pass|keystore)\x3a.*,\1\x3a {env\x3a \1},' config.yml + - printf '\ngpghome\x3a {env\x3a gpghome}\n' >> config.yml + - | + tee --append $CI_PROJECT_DIR/variables <