From 18389530f5d32e7c75e44421637454293ed35170 Mon Sep 17 00:00:00 2001
From: Tim Kimber <tkimber@mobius.org.uk>
Date: Wed, 22 Feb 2023 22:19:30 +0000
Subject: [PATCH] Working release-and-package workflow

---
 .github/workflows/release-and-package.yml | 103 +++++++++++++++-------
 RELEASE.md                                |  32 +++++++
 2 files changed, 103 insertions(+), 32 deletions(-)
 create mode 100644 RELEASE.md

diff --git a/.github/workflows/release-and-package.yml b/.github/workflows/release-and-package.yml
index 2e5ab09..d6907e0 100644
--- a/.github/workflows/release-and-package.yml
+++ b/.github/workflows/release-and-package.yml
@@ -1,5 +1,19 @@
-# Hacked together from https://github.com/qemu-riscv-xpack/.github/workflows/build-all.yml
-# and https://github.com/palmetto/palm-cli/blob/develop/.github/workflows/pypi-deploy.yaml
+# ==========================
+# Can test locally using act (https://github.com/nektos/act)
+# ==========================
+# ./bin/act -s GITHUB_TOKEN=<fine-grained-token> --directory runner --workflows "../.github/workflows/" -e ../payloads.json --no-skip-checkout -j deploy
+#
+# where payloads.json is:
+# {
+# 	"inputs": {
+#         "tags": "2.47"
+#     }
+# }
+#
+# ==========================
+# Can debug remotely on github actions instance by uncommenting the 'tmate' section below
+# ==========================
+
 
 name: Deploy getssl
 
@@ -15,15 +29,33 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
+      - name: prepare
+        # Keep the outputs persistent outside the docker container to use for the other steps
+        run: |
+          mkdir -p ${{ github.workspace }}/bin
+          mkdir -p ${{ github.workspace }}/debbuild/BUILD
+          mkdir -p ${{ github.workspace }}/debbuild/DEBS/all
+          mkdir -p ${{ github.workspace }}/debbuild/SDEBS
+          mkdir -p ${{ github.workspace }}/debbuild/SOURCES
+          mkdir -p ${{ github.workspace }}/debbuild/SPECS
+          mkdir -p ${{ github.workspace }}/rpmbuild/SOURCES
+          mkdir -p ${{ github.workspace }}/rpmbuild/RPMS/noarch
+          mkdir -p ${{ github.workspace }}/rpmbuild/RPMS/SRPMS
+
       - name: Checkout
         uses: actions/checkout@v3
         with:
-          path: "getssl"
+          path: source
 
       - name: Get version number
         id: get_version
         run: |
-          echo ::set-output name=VERSION::$(bash ./getssl/getssl --version)
+          echo "VERSION=$(bash ${{ github.workspace }}/source/getssl --version)" >> $GITHUB_OUTPUT
+
+      - name: Get release
+        id: get_release
+        run: |
+          echo "RELEASE=$(grep Release source/getssl.spec | awk '{ print $2 }')" >> $GITHUB_OUTPUT
 
       - name: Check version matches tag
         run: |
@@ -35,23 +67,26 @@ jobs:
       - name: build .deb package
         id: build_deb
         run: |
-          sudo apt-get update
-          sudo apt-get install -y build-essential devscripts debhelper pax liblocale-gettext-perl
+          sudo apt-get update -qq
+          sudo apt-get install --no-install-recommends -qq -y build-essential devscripts debhelper pax liblocale-gettext-perl wget
           wget https://github.com/debbuild/debbuild/releases/download/22.02.1/debbuild_22.02.1-0ubuntu20.04_all.deb
           sudo dpkg --install debbuild_22.02.1-0ubuntu20.04_all.deb
           # Line 1959 has an extra ")" bracket
-          sudo patch /usr/bin/debbuild < ./getssl/debbuild.patch
-          mkdir -p /root/debbuild/BUILD
-          mkdir -p /root/debbuild/DEBS/all
-          mkdir -p /root/debbuild/SDEBS
-          mkdir -p /root/debbuild/SOURCES
-          mkdir -p /root/debbuild/SPECS
-          tar -czf /root/debbuild/SOURCES/getssl-${{ github.event.inputs.tags }}.tar.gz ./getssl/* --transform "s/getssl\//getssl-${{ github.event.inputs.tags }}\//"
-          tar --append -f /root/getssl-${{ github.event.inputs.tags }}.sdeb /root/debbuild/SOURCES/getssl-${{ github.event.inputs.tags }}.tar.gz --transform 's,\.,SOURCES,'
-          tar --append -f /root/getssl-${{ github.event.inputs.tags }}.sdeb -C ./getssl getssl.crontab getssl.logrotate --transform 's,^,SOURCES/,'
-          tar --append -f /root/getssl-${{ github.event.inputs.tags }}.sdeb -C ./getssl getssl.spec --transform 's,^,SPECS/,'
-          debbuild --install /root/getssl-${{ github.event.inputs.tags }}.sdeb
-          debbuild -vv -ba /root/debbuild/SPECS/getssl.spec
+          sudo chmod +w /usr/bin/debbuild
+          sudo patch /usr/bin/debbuild < ${GITHUB_WORKSPACE}/source/debbuild.patch
+          tar --absolute-names -czf ${GITHUB_WORKSPACE}/getssl-${{ github.event.inputs.tags }}.tar.gz ${GITHUB_WORKSPACE}/source/* --transform "s,${GITHUB_WORKSPACE}/source,getssl-${{ github.event.inputs.tags }},"
+          tar --absolute-names -cf ${GITHUB_WORKSPACE}/debbuild/SDEBS/getssl-${{ github.event.inputs.tags }}.sdeb ${GITHUB_WORKSPACE}/getssl-${{ github.event.inputs.tags }}.tar.gz --transform "s,${GITHUB_WORKSPACE},SOURCES,"
+          tar --append -f ${GITHUB_WORKSPACE}/debbuild/SDEBS/getssl-${{ github.event.inputs.tags }}.sdeb -C ${GITHUB_WORKSPACE}/source getssl.crontab getssl.logrotate --transform 's,^,SOURCES/,'
+          tar --append -f ${GITHUB_WORKSPACE}/debbuild/SDEBS/getssl-${{ github.event.inputs.tags }}.sdeb -C ${GITHUB_WORKSPACE}/source getssl.spec --transform 's,^,SPECS/,'
+          ln -s ${GITHUB_WORKSPACE}/debbuild ${HOME}/debbuild
+          /usr/bin/debbuild -vv --install ${GITHUB_WORKSPACE}/debbuild/SDEBS/getssl-${{ github.event.inputs.tags }}.sdeb
+          /usr/bin/debbuild -vv -ba ${GITHUB_WORKSPACE}/debbuild/SPECS/getssl.spec
+          echo "getssl_deb=${GITHUB_WORKSPACE}/debbuild/DEBS/all/getssl_${{ github.event.inputs.tags }}-${{ steps.get_release.outputs.RELEASE }}_all.deb" >> $GITHUB_OUTPUT
+
+      # *** Uncomment this to debug remotely ***
+      # - name: Setup tmate session
+      #   if: ${{ failure() }}
+      #   uses: mxschmitt/action-tmate@v3
 
       - name: build .rpm package
         id: build_rpm
@@ -59,16 +94,20 @@ jobs:
         uses: addnab/docker-run-action@v3
         with:
           image: rockylinux:8
-          options: -v ${{ github.workspace }}:/root/getssl -e GITHUB_REF=${{ github.ref }}
+          options: -v ${{ github.workspace }}:/root -e GITHUB_REF=${{ github.ref }}
           run: |
-            sudo yum install -y rpm-build make
-            mkdir -p /root/rpmbuild/SOURCES /root/rpmbuild/RPMS/SRPMS /root/rpmbuild/RPMS/noarch
-            tar -czf /root/rpmbuild/SOURCES/getssl-${{ github.event.inputs.tags }}.tar.gz /root/getssl/* --transform "s/root\/getssl\//getssl-${{ github.event.inputs.tags }}\//"
-            cp /root/getssl/getssl.crontab /root/rpmbuild/SOURCES
-            cp /root/getssl/getssl.logrotate /root/rpmbuild/SOURCES
-            rpmbuild -ba /root/getssl/getssl.spec
-            cp /root/rpmbuild/SRPMS/getssl-*.rpm /root/getssl
-            cp /root/rpmbuild/RPMS/noarch/getssl-*.rpm /root/getssl
+            yum install -y rpm-build make
+            tar -czf /root/rpmbuild/SOURCES/getssl-${{ github.event.inputs.tags }}.tar.gz /root/source/* --transform "s/root\/source\//getssl-${{ github.event.inputs.tags }}\//"
+            cp /root/source/getssl.crontab /root/rpmbuild/SOURCES
+            cp /root/source/getssl.logrotate /root/rpmbuild/SOURCES
+            rpmbuild -ba /root/source/getssl.spec
+
+      - name: output .rpm packages
+        id: output_rpm
+        if: ${{ success() }}
+        run: |
+          echo "getssl_rpm=${GITHUB_WORKSPACE}/rpmbuild/RPMS/noarch/getssl-${{ github.event.inputs.tags }}-${{ steps.get_release.outputs.RELEASE }}.noarch.rpm" >> $GITHUB_OUTPUT
+          echo "getssl_srpm=${GITHUB_WORKSPACE}/rpmbuild/SRPMS/getssl-${{ github.event.inputs.tags }}-${{ steps.get_release.outputs.RELEASE }}.src.rpm" >> $GITHUB_OUTPUT
 
       - name: create_release
         id: create_release
@@ -77,12 +116,12 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          tag: ${{ github.ref }}
-          name: Draft Release ${{ github.ref }}
+          tag: ${{ github.event.inputs.tags }}
+          name: Draft Release ${{ github.event.inputs.tags }}
           generateReleaseNotes: true
           draft: true
           prerelease: false
           artifacts: |
-            /root/debbuild/DEBS/all/getssl_${{ github.event.inputs.tags }}-*_all.deb
-            /root/getssl-${{ github.event.inputs.tags }}-*.src.rpm
-            /root/getssl-${{ github.event.inputs.tags }}-*.noarch.rpm
+            ${{ steps.build_deb.outputs.getssl_deb }}
+            ${{ steps.output_rpm.outputs.getssl_rpm }}
+            ${{ steps.output_rpm.outputs.getssl_srpm }}
diff --git a/RELEASE.md b/RELEASE.md
new file mode 100644
index 0000000..8f84ebd
--- /dev/null
+++ b/RELEASE.md
@@ -0,0 +1,32 @@
+# How to do a release of getssl
+
+## Update the version and tag the release
+
+1. git pull
+2. git branch -c release_2_nn
+3. git switch release_2_nn
+4. update VERSION in `getssl` and `getssl.spec`
+5. git commit -m"Update version to v2.nn"
+6. git tag -a v2.nn
+7. git push origin release_2_nn
+8. git push --tags
+
+## The github release-and-package action should:
+
+1. Build the .deb and .rpm packages
+2. create a draft release containing the packages and the release note
+
+## Can test the .deb file using the following steps:
+
+1. Change the status from draft to pre-release
+2. Test that the package can be installed using a cloud instance
+   1. Start an Ubuntu ec2 instance from AWS Console (or Azure or Google Cloud)
+   2. Or use the instant-ec2.sh script from my Github gist to start an Ubuntu ec2 instance
+      1. git clone git@gist.github.com:12c297e0645920c413273c9d15edbc68.git instant-ec2
+      2. ./instant-ec2/instant-ec2.sh
+3. download the deb package
+   `wget https://github.com/srvrco/getssl/releases/download/v2.nn/getssl_2.nn-1_all.deb`
+4. install the deb package
+   `dpkg -i getssl_2.nn-1_all.deb`
+5. Check it's installed correctly
+   `getssl --version`