downgrade cryptography in poetry settings. #111
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deb | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - ci | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v2 | |
| - name: Generate release tag | |
| id: tag | |
| run: echo "::set-output name=tag::$(date -u +'%s')-testbuild" | |
| - uses: uraimo/[email protected] | |
| name: Build deb | |
| with: | |
| arch: armv6 | |
| distro: bullseye # Equivalent to Raspbian 8 | |
| githubToken: ${{ github.token }} | |
| # Create an artifacts directory | |
| setup: | | |
| mkdir -p "${PWD}/artifacts" | |
| # Mount the artifacts directory as /artifacts in the container | |
| dockerRunArgs: | | |
| --volume "${PWD}/artifacts:/artifacts" | |
| install: | | |
| set -x | |
| apt-get update -q -y | |
| # Install Python, fpm deps (ruby) and the kitchen sink required to build everything... | |
| apt-get install -q -y git python3 python3-venv python3-dev python3-pip build-essential libffi-dev libreadline-gplv2-dev libncursesw5-dev libssl-dev libsqlite3-dev libgdbm-dev libc6-dev libbz2-dev rustc cargo squashfs-tools ruby-full jq libpq-dev postgresql postgresql-contrib | |
| # Install FPM | |
| gem install fpm | |
| # Install Poetry (requires 1.2.0+) | |
| # curl -sSL https://install.python-poetry.org | POETRY_VERSION=1.5.0 python3 - --yes || true | |
| # export PATH=$PATH:/root/.local/bin | |
| # using pip to install poetry, instead of shell script in Adam's work | |
| pip install cryptography==3.4.8 | |
| pip install poetry==1.5.1 | |
| run: | | |
| set -x | |
| # Add Poetry to $PATH | |
| export PATH=$PATH:/root/.local/bin | |
| # We want to write to _actual_ /opt as some installation processes | |
| # are creating hard coded shebangs pointing to the venv location. | |
| mkdir -p /opt | |
| # Create virtualenv | |
| # gabriel: disabling virtual environment. poetry doesn't like it. I don't know why. | |
| # python3 -m venv /opt/hackman | |
| # . /opt/hackman/bin/activate | |
| poetry install --dry-run | |
| source $(poetry env info --path)/bin/activate | |
| pip install cryptography==3.4.8 | |
| pip install gevent==22.10.1 | |
| # https://github.com/python-poetry/poetry/issues/7148#issuecomment-1398322105 | |
| poetry export -f requirements.txt --output requirements.txt | |
| pip install -r requirements.txt | |
| deactivate | |
| pip install -r requirements.txt | |
| # Install dependencies | |
| poetry install --no-interaction --no-root --only main | |
| # Install self into env | |
| poetry build -f wheel -n | |
| pip install --no-deps dist/*.whl | |
| rm -rf dist *.egg-info | |
| # Generate Django static files | |
| env DJANGO_SETTINGS_MODULE=hackman.settings_prod hackman-manage collectstatic | |
| # Create a temporary rootfs directory | |
| mkdir -p rootfs/opt | |
| mv /opt/hackman rootfs/opt/hackman | |
| # Create symlinks to all binaries starting with hackman* or dsl* in /usr/bin | |
| mkdir -p rootfs/usr/bin | |
| for bin in rootfs/opt/hackman/bin/dsl* rootfs/opt/hackman/bin/hackman*; do | |
| ln -s /opt/hackman/bin/$(basename $bin) rootfs/usr/bin/$(basename $bin) | |
| done | |
| # Copy systemd units | |
| mkdir -p rootfs/lib/systemd | |
| cp -rv systemd rootfs/lib/systemd/system | |
| # Copy nginx configuration | |
| cp -rv nginx rootfs/opt/hackman/nginx | |
| # Create a postinstall script that enables all the shipped units | |
| # and symlinks our nginx configuration in place of the default one. | |
| # We also set up the database user in this block | |
| echo "#/bin/sh" > postinstall.sh | |
| for f in ./systemd/*; do | |
| echo "systemctl enable $(basename $f)" >> postinstall.sh | |
| done | |
| echo "ln -sf /opt/hackman/nginx/default /etc/nginx/sites-enabled/default" >> postinstall.sh | |
| # Ugly auto-generated escape sequences galore! \o/ | |
| echo 'echo '"'"'CREATE DATABASE hackman;'"'"' | sudo -u postgres psql' >> postinstall.sh | |
| echo 'echo '"'"'CREATE USER hackman WITH PASSWORD '"'"'"'"'"'"'"'"'hackman'"'"'"'"'"'"'"'"';'"'"' | sudo -u postgres psql' >> postinstall.sh | |
| echo 'echo '"'"'ALTER ROLE hackman SET client_encoding TO '"'"'"'"'"'"'"'"'utf8'"'"'"'"'"'"'"'"';'"'"' | sudo -u postgres psql' >> postinstall.sh | |
| echo 'echo '"'"'ALTER ROLE hackman SET default_transaction_isolation TO '"'"'"'"'"'"'"'"'read committed'"'"'"'"'"'"'"'"';'"'"' | sudo -u postgres psql' >> postinstall.sh | |
| echo 'echo '"'"'ALTER ROLE hackman SET timezone TO '"'"'"'"'"'"'"'"'UTC'"'"'"'"'"'"'"'"';'"'"' | sudo -u postgres psql' >> postinstall.sh | |
| echo 'echo '"'"'GRANT ALL PRIVILEGES ON DATABASE hackman TO hackman;'"'"' | sudo -u postgres psql' >> postinstall.sh | |
| # Reload main systemd units | |
| echo "systemctl start hackman" >> postinstall.sh | |
| echo "systemctl reload nginx" >> postinstall.sh | |
| chmod +x postinstall.sh | |
| # Build deb | |
| version=$(grep '^version' pyproject.toml | cut -d = -f 2 | jq -r) | |
| fpm \ | |
| -s dir \ | |
| -t deb \ | |
| -C rootfs \ | |
| --name hackman \ | |
| --version $version \ | |
| --iteration ${{ steps.tag.outputs.tag }} \ | |
| --description "DSL Hackman" \ | |
| --depends redis-server \ | |
| --depends python3 \ | |
| --depends nginx \ | |
| --depends libffi-dev \ | |
| --depends libpq-dev \ | |
| --depends postgresql \ | |
| --depends postgresql-contrib \ | |
| --after-install ./postinstall.sh \ | |
| . | |
| mv *.deb /artifacts/ | |
| - name: Upload binaries to release | |
| uses: svenstaro/upload-release-action@v2 | |
| with: | |
| repo_token: ${{ secrets.GITHUB_TOKEN }} | |
| file: ./artifacts/* | |
| file_glob: true | |
| tag: ${{ steps.tag.outputs.tag }} | |
| overwrite: true |