From 3a3bd5629590f22f1f835e32ad9b0133a9a4435e Mon Sep 17 00:00:00 2001 From: Brian Picciano Date: Sat, 25 Mar 2023 15:58:20 +0100 Subject: [PATCH] Implement release script --- README.md | 1 + default.nix | 36 +++++++++++-------------------- docs/dev/releases.md | 32 ++++++++++++++++++++++++++++ flake.nix | 19 ++++------------- nix/pkgs.nix | 9 +++++++- release.nix | 50 ++++++++++++++++++++++++++++++++++++++++++++ release.sh | 34 ++++++++++++++++++++++++++++++ 7 files changed, 141 insertions(+), 40 deletions(-) create mode 100644 docs/dev/releases.md create mode 100644 release.nix create mode 100755 release.sh diff --git a/README.md b/README.md index 8616421..75e1ae8 100644 --- a/README.md +++ b/README.md @@ -100,6 +100,7 @@ Documentation for devs: describing the [pmux](https://code.betamike.com/cryptic-io/pmux) process tree created by `cryptic-net daemon` at runtime. * [Rebuilding Documentation](docs/dev/rebuilding-documentation.md) +* [Releases](docs/dev/releases.md) ## Misc diff --git a/default.nix b/default.nix index 593360d..12f7858 100644 --- a/default.nix +++ b/default.nix @@ -1,21 +1,25 @@ { buildSystem ? builtins.currentSystem, - hostSystem ? builtins.currentSystem, + hostSystem ? buildSystem, + pkgsNix ? (import ./nix/pkgs.nix), revision ? "", - releaseName ? "debug", + releaseName ? "dev", bootstrap ? null, }: let - pkgsNix = (import ./nix/pkgs.nix); - pkgs = pkgsNix.default { inherit buildSystem hostSystem; }; + pkgsNative = pkgsNix.default { + inherit buildSystem; + hostSystem = buildSystem; + }; + garageNix = (import ./nix/garage.nix); in rec { @@ -23,17 +27,15 @@ in rec { version = pkgs.stdenv.mkDerivation { name = "cryptic-net-version"; - inherit buildSystem revision releaseName; + inherit buildSystem hostSystem revision releaseName; repoSrc = ./.; - nativeBuildInputs = [ pkgs.git ]; + nativeBuildInputs = [ pkgsNative.git ]; goVersion = pkgs.go.version; garageVersion = garageNix.version; nixpkgsVersion = pkgsNix.version; - release = "${releaseName}-${hostSystem}"; - builder = builtins.toFile "builder.sh" '' source $stdenv/setup @@ -44,7 +46,8 @@ in rec { revision="$(cd repoSrcCp && git rev-parse HEAD)" fi - echo "Release $release" >> "$versionFile" + echo "Release: $releaseName" >> "$versionFile" + echo "Platform: $hostSystem" >> "$versionFile" echo "Git Revision: $revision" >> "$versionFile" echo "Go Version: $goVersion" >> "$versionFile" echo "Garage Version: $garageVersion" >> "$versionFile" @@ -132,19 +135,4 @@ in rec { mv Cryptic_Net-* "$out"/bin/cryptic-net ''; }; - - release = pkgs.stdenv.mkDerivation { - name = "cryptic-net-release"; - inherit appImage; - - nativeBuildInputs = [ pkgs.coreutils ]; - - builder = builtins.toFile "build.sh" '' - source $stdenv/setup - - mkdir -p "$out" - cp "$appImage" "$out"/cryptic-net - (cd "$out" && sha256sum * > sha256.txt) - ''; - }; } diff --git a/docs/dev/releases.md b/docs/dev/releases.md new file mode 100644 index 0000000..066a3bf --- /dev/null +++ b/docs/dev/releases.md @@ -0,0 +1,32 @@ +# Releases + +A release consists of: + +- A full set of binaries for all supported platforms, compiled from the same + source. +- A text file containing hashes of each binary. +- A file containing a signature of the hash file, created by whoever is building + the release. + +## Building + +*NOTE: This has only been tested from an x86_64 linux machine* + +To create a release only a functional nix installation is required. Simply run +the `./release.sh` script, and input a release name when prompted. + +From here a cryptic-net binary will be cross-compiled for all supported +platforms. This will take a long time the first time you perform it on your +machine. + +Once compilation is completely, the release will be signed using the default GPG +key on your machine, and you will be prompted for its password in order to +create the signature. + +## Releasing + +Releases are uploaded to the repository's Releases page, and release naming +follows the conventional semantic versioning system. Each release should be +accompanied by a set of changes which have occurred since the last release, +described both in the `CHANGELOG.md` file and in the description on the Release +itself. diff --git a/flake.nix b/flake.nix index 0932b0a..938e0c7 100644 --- a/flake.nix +++ b/flake.nix @@ -7,12 +7,7 @@ self, utils, }: let - supportedSystems = [ - "x86_64-linux" - "aarch64-linux" - "armv7l-linux" # rpi, I think? - "i686-linux" - ]; + supportedSystems = (import ./nix/pkgs.nix).supportedSystems; mkPkg = (buildSystem: hostSystem: let @@ -26,15 +21,9 @@ defaultAttrs.appImage ); - #pkgsForBuildSystem = (buildSystem: builtins.foldl' - # (sysPkgs: hostSystem: - # sysPkgs // { "compiled-for-${hostSystem}" = mkPkg buildSystem hostSystem; }) - # { default = mkPkg buildSystem buildSystem; } - # supportedSystems - #); - - pkgsForBuildSystem = (buildSystem: - { default = mkPkg buildSystem buildSystem; }); + pkgsForBuildSystem = (buildSystem: { + default = mkPkg buildSystem buildSystem; + }); in { diff --git a/nix/pkgs.nix b/nix/pkgs.nix index e5a95ec..3a36e49 100644 --- a/nix/pkgs.nix +++ b/nix/pkgs.nix @@ -35,9 +35,16 @@ rec { sha256 = "sha256-eFNm2h6fNbgD7ZpO4MHikCB5pSnCJ7DTmwPisjetmwc="; }; + supportedSystems = [ + "x86_64-linux" + "aarch64-linux" + #"armv7l-linux-musl" # rpi, I think? + "i686-linux" + ]; + default = { buildSystem, - hostSystem, + hostSystem ? buildSystem, }: import src { system = buildSystem; crossSystem.config = hostSystem; diff --git a/release.nix b/release.nix new file mode 100644 index 0000000..3f5f48d --- /dev/null +++ b/release.nix @@ -0,0 +1,50 @@ +{ + releaseName, + + buildSystem ? builtins.currentSystem, + pkgsNix ? (import ./nix/pkgs.nix), + supportedSystems ? pkgsNix.supportedSystems, + +}: let + + pkgs = pkgsNix.default { inherit buildSystem; }; + + mkRelease = hostSystem: let + + appImage = ((import ./default.nix) { + inherit buildSystem hostSystem releaseName; + }).appImage; + + in pkgs.stdenv.mkDerivation { + name = "cryptic-net-release-${hostSystem}"; + inherit releaseName appImage hostSystem; + + builder = builtins.toFile "build.sh" '' + source $stdenv/setup + + mkdir -p "$out"/ + cp "$appImage"/bin/cryptic-net "$out"/cryptic-net-$releaseName-$hostSystem + ''; + }; + + releases = builtins.map mkRelease supportedSystems; + +in + + pkgs.stdenv.mkDerivation { + name = "cryptic-net-release-${releaseName}"; + inherit releases; + + nativeBuildInputs = [ pkgs.coreutils ]; + + builder = builtins.toFile "build.sh" '' + source $stdenv/setup + + mkdir -p "$out" + for p in $releases; do + cp "$p"/cryptic-net-* "$out"/ + done + + (cd "$out" && sha256sum * > sha256.txt) + ''; + } diff --git a/release.sh b/release.sh new file mode 100755 index 0000000..052957d --- /dev/null +++ b/release.sh @@ -0,0 +1,34 @@ +#!/usr/bin/env sh + +set -e + +scriptDir=$(CDPATH='' cd -- "$(dirname -- "$0")" && pwd -P) +cd "$scriptDir" + +printf "Release name (e.g. \"v0.1.2\"): " +read -r releaseName + +releasesDir="$(pwd)/releases" +mkdir -p "$releasesDir" +echo '*' > "$releasesDir"/.gitignore + +out="$releasesDir/$releaseName" + +if [ -e "$out" ]; then + echo "$out already exists, aborting" + exit 1 +fi + +result=$(nix-build \ + --argstr releaseName "$releaseName" \ + --no-out-link \ + release.nix \ + ) + +cp -rL "$result" "$out" +chmod u+w -R "$out" + +cd "$out" +gpg -a --detach-sign -o sha256.txt.gpg ./sha256.txt + +echo "Release successfully created: $out"