CringeStudios/element-desktop
5
0
Fork 0
mirror of https://github.com/CringeStudios/element-desktop.git synced 2025-01-18 23:44:59 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Guard reprepro db via concurrency limits (#555)

Browse Source
This commit is contained in:
Michael Telatynski 2023-03-02 16:54:57 +00:00 committed by GitHub
parent 88ef8deb78
commit 68d2e34841
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 91 additions and 67 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
.github/workflows/build_and_deploy.yaml vendored
View File

@ -39,9 +39,7 @@ on:
required: true required: true
type: boolean type: boolean
default: true default: true
concurrency: concurrency: ${{ github.workflow }}
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env: env:
# XXX: UPDATE THIS BEFORE WHEN GOING LIVE # XXX: UPDATE THIS BEFORE WHEN GOING LIVE
R2_BUCKET: "packages-element-io-test" R2_BUCKET: "packages-element-io-test"
@ -99,12 +97,12 @@ jobs:
needs: prepare needs: prepare
name: Linux name: Linux
uses: ./.github/workflows/build_linux.yaml uses: ./.github/workflows/build_linux.yaml
secrets: inherit
with: with:
sqlcipher: system sqlcipher: system
deploy-mode: true
version: ${{ needs.prepare.outputs.linux-version }} version: ${{ needs.prepare.outputs.linux-version }}
# This deploy job only handles Windows & macOS as those are stateless and static.
# Linux will be deployed via reprepro after it, but we list it as a dependency to abort if it fails.
deploy: deploy:
needs: needs:
- macos - macos
@ -113,7 +111,7 @@ jobs:
- windows_64bit - windows_64bit
runs-on: ubuntu-latest runs-on: ubuntu-latest
name: Deploy name: Deploy
if: always() && (github.event != 'workflow_dispatch' || inputs.deploy) if: github.event != 'workflow_dispatch' || (inputs.deploy && (inputs.macos || inputs.windows_32bit || inputs.windows_64bit))
environment: packages.element.io environment: packages.element.io
steps: steps:
- name: Download artifacts - name: Download artifacts
@ -122,18 +120,7 @@ jobs:
name: packages.element.io name: packages.element.io
path: packages.element.io path: packages.element.io
- name: Deploy debian repo
if: github.event_name != 'workflow_dispatch' || inputs.linux
run: |
mv packages.element.io/debian .
aws s3 cp --recursive debian/ s3://$R2_BUCKET/debian --endpoint-url $R2_URL --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
R2_URL: ${{ secrets.CF_R2_S3_API }}
- name: Deploy artifacts - name: Deploy artifacts
if: github.event_name != 'workflow_dispatch' || inputs.macos || inputs.windows_32bit || inputs.windows_64bit
run: | run: |
aws s3 cp --recursive packages.element.io/ s3://$R2_BUCKET/$DEPLOYMENT_DIR --endpoint-url $R2_URL --region auto aws s3 cp --recursive packages.element.io/ s3://$R2_BUCKET/$DEPLOYMENT_DIR --endpoint-url $R2_URL --region auto
env: env:
@ -141,3 +128,15 @@ jobs:
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }} AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
R2_URL: ${{ secrets.CF_R2_S3_API }} R2_URL: ${{ secrets.CF_R2_S3_API }}
DEPLOYMENT_DIR: ${{ inputs.mode == 'release' && 'desktop' || 'nightly' }} DEPLOYMENT_DIR: ${{ inputs.mode == 'release' && 'desktop' || 'nightly' }}
reprepro:
needs:
- linux
# We queue this after the other deploy stage as we want to abort if that fails
- deploy
name: Run reprepro
if: github.event != 'workflow_dispatch' || (inputs.deploy && inputs.linux)
uses: ./.github/workflows/reprepro.yaml
secrets: inherit
with:
artifact-name: linux-sqlcipher-system

52
.github/workflows/build_linux.yaml vendored
View File

@ -3,17 +3,6 @@
# the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch. # the correct cache scoping, and additional care must be taken to not run untrusted actions on the develop branch.
on: on:
workflow_call: workflow_call:
secrets:
GPG_PRIVATE_KEY:
required: false
GPG_PASSPHRASE:
required: false
CF_R2_ACCESS_KEY_ID:
required: false
CF_R2_TOKEN:
required: false
CF_R2_S3_API:
required: false
inputs: inputs:
version: version:
type: string type: string
@ -23,14 +12,9 @@ on:
type: string type: string
required: true required: true
description: "How to link sqlcipher, one of 'system' | 'static'" description: "How to link sqlcipher, one of 'system' | 'static'"
deploy-mode:
type: string
required: false
description: "Whether to arrange artifacts in the arrangement needed for deployment, skipping unrelated ones, this uses reprepro and requires 'packages.element.io' environment"
jobs: jobs:
build: build:
runs-on: ubuntu-latest runs-on: ubuntu-latest
environment: ${{ inputs.deploy-mode && 'packages.element.io' || '' }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
@ -88,41 +72,9 @@ jobs:
scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }} --deb-custom-control=debcontrol scripts/generate-builder-config.ts ${{ steps.nightly.outputs.config-args }} --deb-custom-control=debcontrol
yarn build --publish never -l --config electron-builder.json yarn build --publish never -l --config electron-builder.json
- name: Load GPG key
if: inputs.deploy-mode
uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
fingerprint: 75741890063E5E9A46135D01C2850B265AC085BD
- name: Prepare artifacts for deployment (reprepro)
if: inputs.deploy-mode
run: |
# Clear out the template packages.element.io directory, it has a dedicated deploy workflow
rm -R packages.element.io/*
# Install reprepro
sudo apt-get install -y reprepro
# Fetch reprepro database
aws s3 cp --recursive s3://$R2_BUCKET debian/db/ --endpoint-url $R2_URL --region auto
grep Codename debian/conf/distributions | sed -n 's/Codename: //p' | while read -r target ; do
reprepro -b debian includedeb "$target" ./dist/*.deb
done
# Store reprepro database
aws s3 cp --recursive debian/db/ s3://$R2_BUCKET --endpoint-url $R2_URL --region auto
env:
R2_BUCKET: packages-element-io-db
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
R2_URL: ${{ secrets.CF_R2_S3_API }}
- name: Upload Artifacts - name: Upload Artifacts
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
with: with:
name: ${{ inputs.deploy-mode && 'packages.element.io' || format('linux-sqlcipher-{0}', inputs.sqlcipher) }} name: linux-sqlcipher-${{ inputs.sqlcipher }}
path: ${{ inputs.deploy-mode && 'packages.element.io' || 'dist' }} path: dist
retention-days: 1 retention-days: 1

73
.github/workflows/reprepro.yaml vendored Normal file
View File

@ -0,0 +1,73 @@
on:
workflow_call:
inputs:
artifact-name:
type: string
required: true
description: "The name of the artifact containing the debs to include"
secrets:
GPG_PRIVATE_KEY:
required: false
GPG_PASSPHRASE:
required: false
CF_R2_ACCESS_KEY_ID:
required: false
CF_R2_TOKEN:
required: false
CF_R2_S3_API:
required: false
# Protect reprepro database using concurrency
concurrency: reprepro
jobs:
reprepro:
name: Deploy debian package
environment: packages.element.io
runs-on: ubuntu-latest
env:
# XXX: UPDATE THIS BEFORE WHEN GOING LIVE
R2_BUCKET: "packages-element-io-test"
R2_DB_BUCKET: packages-element-io-db
R2_URL: ${{ secrets.CF_R2_S3_API }}
steps:
- uses: actions/checkout@v3
- name: Download artifacts
uses: actions/download-artifact@v3
with:
name: ${{ inputs.artifact-name }}
path: dist
- name: Load GPG key
uses: crazy-max/ghaction-import-gpg@111c56156bcc6918c056dbef52164cfa583dc549 # v5
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
fingerprint: 75741890063E5E9A46135D01C2850B265AC085BD
- name: Install reprepro
run: sudo apt-get install -y reprepro
- name: Fetch database
run: aws s3 cp --recursive s3://$R2_DB_BUCKET debian/db/ --endpoint-url $R2_URL --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
- name: Run reprepro
run: |
grep Codename debian/conf/distributions | sed -n 's/Codename: //p' | while read -r target ; do
reprepro -b debian includedeb "$target" ./dist/*.deb
done
- name: Deploy debian repo
run: |
aws s3 cp --recursive packages.element.io/debian/ s3://$R2_BUCKET/debian --endpoint-url $R2_URL --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}
- name: Store database
run: aws s3 cp --recursive debian/db/ s3://$R2_DB_BUCKET --endpoint-url $R2_URL --region auto
env:
AWS_ACCESS_KEY_ID: ${{ secrets.CF_R2_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.CF_R2_TOKEN }}