From bb5ee8cb80642f23135a12a985e39e2e666cf558 Mon Sep 17 00:00:00 2001
From: Joe Cooper <swelljoe@gmail.com>
Date: Sun, 9 Jul 2023 20:01:26 -0500
Subject: [PATCH] Only build stable on version change and in `virtualmin` repo
 (#10)

* Build stable, published to devel repos for testing

* Include full path, so we can sign packages, too.

* Try to make it writable by build group

* Set group write and scp -p

* Bump revision before calling this done

* Also publish to vm6 repos

* Fix path for vm6 rpm repo

* Try to prevent accidental stable build

* Don't include build date in version on stable:

* Only build if on original virtualmin repo, I hope

* Where the rubber meets the road, hope this works
---
 .github/workflows/build-devel-deb.yaml  |  1 +
 .github/workflows/build-devel-rpm.yaml  |  1 +
 .github/workflows/build-stable-deb.yaml | 30 ++++++++++++++++++++
 .github/workflows/build-stable-rpm.yaml | 37 +++++++++++++++++++++++++
 build-devel-rpm.sh                      |  5 ++--
 build-stable-deb.sh                     | 24 ++++++++++++++++
 build-stable-rpm.sh                     | 31 +++++++++++++++++++++
 module.info                             |  2 +-
 8 files changed, 128 insertions(+), 3 deletions(-)
 create mode 100644 .github/workflows/build-stable-deb.yaml
 create mode 100644 .github/workflows/build-stable-rpm.yaml
 create mode 100755 build-stable-deb.sh
 create mode 100755 build-stable-rpm.sh

diff --git a/.github/workflows/build-devel-deb.yaml b/.github/workflows/build-devel-deb.yaml
index 5d9dd44..d4bfc65 100644
--- a/.github/workflows/build-devel-deb.yaml
+++ b/.github/workflows/build-devel-deb.yaml
@@ -8,6 +8,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-20.04
+    if: github.repository == 'virtualmin/*'
     steps:
       - uses: actions/checkout@v3
         with:
diff --git a/.github/workflows/build-devel-rpm.yaml b/.github/workflows/build-devel-rpm.yaml
index f777257..cc5e374 100644
--- a/.github/workflows/build-devel-rpm.yaml
+++ b/.github/workflows/build-devel-rpm.yaml
@@ -8,6 +8,7 @@ on:
 jobs:
   build:
     runs-on: ubuntu-20.04
+    if: github.repository == 'virtualmin/*'
     steps:
       - uses: actions/checkout@v3
         with:
diff --git a/.github/workflows/build-stable-deb.yaml b/.github/workflows/build-stable-deb.yaml
new file mode 100644
index 0000000..073b7ca
--- /dev/null
+++ b/.github/workflows/build-stable-deb.yaml
@@ -0,0 +1,30 @@
+name: "build-stable-deb"
+
+on:
+  push:
+    branches:
+      - stable
+    paths:
+      - 'module.info'
+
+jobs:
+  build:
+    runs-on: ubuntu-20.04
+    if: github.repository == 'virtualmin/*'
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          path: 'jailkit'
+
+      - name: Install dependencies
+        run: |-
+          sudo apt-get -y update
+          sudo apt-get -y install perl build-essential gnupg curl
+          curl -O https://raw.githubusercontent.com/webmin/webmin/master/mod_def_list.txt
+          curl -O https://raw.githubusercontent.com/webmin/webmin/master/makemoduledeb.pl
+      - name: Build package
+        env:
+          APTLY_USER: ${{ secrets.APTLY_USER }}
+          APTLY_PASSWD: ${{ secrets.APTLY_PASSWD }}
+        run: |-
+          jailkit/build-stable-deb.sh
diff --git a/.github/workflows/build-stable-rpm.yaml b/.github/workflows/build-stable-rpm.yaml
new file mode 100644
index 0000000..b4e8612
--- /dev/null
+++ b/.github/workflows/build-stable-rpm.yaml
@@ -0,0 +1,37 @@
+name: "build-devel-rpm"
+
+on:
+  push:
+    branches:
+      - stable
+    paths:
+      - 'module.info'
+
+jobs:
+  build:
+    runs-on: ubuntu-20.04
+    if: github.repository == 'virtualmin/*'
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          path: 'jailkit'
+
+      - name: Install dependencies
+        run: |-
+          sudo apt-get -y update
+          sudo apt-get -y install rpm perl build-essential gnupg curl
+          curl -O https://raw.githubusercontent.com/webmin/webmin/master/mod_def_list.txt
+          curl -O https://raw.githubusercontent.com/webmin/webmin/master/makemodulerpm.pl
+      - name: Setup ssh
+        env:
+          BUILD_SSH_PRIVATE_KEY: ${{ secrets.BUILD_SSH_PRIVATE_KEY }}
+          BUILD_SSH_KNOWN_HOSTS: ${{ secrets.BUILD_SSH_KNOWN_HOSTS }}
+        run: |-
+          install -m 600 -D /dev/null ~/.ssh/id_ed25519
+          echo "${{ secrets.BUILD_SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
+          echo "${{ secrets.BUILD_SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
+      - name: Build package
+        env:
+          BUILD_SSH_USER: ${{ secrets.BUILD_SSH_USER }}
+        run: |-
+          jailkit/build-stable-rpm.sh
diff --git a/build-devel-rpm.sh b/build-devel-rpm.sh
index bda0230..1674711 100755
--- a/build-devel-rpm.sh
+++ b/build-devel-rpm.sh
@@ -29,7 +29,8 @@ ls "${HOME}/rpmbuild/SPECS"
 perl makemodulerpm.pl --rpm-depends --licence 'GPLv3' --allow-overwrite $epoch "$MOD" "$VERSION"
 
 # Copy to build/deploy server
-scp -i "${HOME}/.ssh/id_ed25519" "${HOME}/rpmbuild/RPMS/noarch/${NAME}-${VERSION}-1.noarch.rpm" "$BUILD_SSH_USER@build.virtualmin.com:/home/build/result/vm/7/gpl-devel/rpm/noarch"
+chmod g+w "${HOME}/rpmbuild/RPMS/noarch/${NAME}-${VERSION}-1.noarch.rpm"
+scp -i "${HOME}/.ssh/id_ed25519" -p "${HOME}/rpmbuild/RPMS/noarch/${NAME}-${VERSION}-1.noarch.rpm" "$BUILD_SSH_USER@build.virtualmin.com:/home/build/result/vm/7/gpl-devel/rpm/noarch"
 # Add it to the publish queue
-ssh -i "${HOME}/.ssh/id_ed25519" "$BUILD_SSH_USER@build.virtualmin.com" "flock /home/build/rpm-publish-queue -c 'echo vm/7/gpl-devel/rpm/noarch >> /home/build/rpm-publish-queue'"
+ssh -i "${HOME}/.ssh/id_ed25519" "$BUILD_SSH_USER@build.virtualmin.com" "flock /home/build/rpm-publish-queue -c 'echo vm/7/gpl-devel/rpm/noarch/${NAME}-${VERSION}-1.noarch.rpm >> /home/build/rpm-publish-queue'"
 
diff --git a/build-stable-deb.sh b/build-stable-deb.sh
new file mode 100755
index 0000000..daeacfd
--- /dev/null
+++ b/build-stable-deb.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+# Build and publish a package, called by github actions
+
+# echo, exit on error/undefined vars
+set -xeu
+
+MOD='jailkit'
+NAME="webmin-$MOD"
+
+# Load module.info to get version
+version=$(grep version $MOD/module.info | cut -d'=' -f2)
+VERSION="${version}"
+
+mkdir tmp
+perl makemoduledeb.pl --deb-depends --licence 'GPLv3' --email 'joe@virtualmin.com' --allow-overwrite --target-dir tmp "$MOD" "$VERSION"
+mv "tmp/${NAME}_${VERSION}_all.deb" .
+
+# Publish to aptly
+curl --user $APTLY_USER:$APTLY_PASSWD -X POST -F file=@${NAME}_${VERSION}_all.deb https://aptly.virtualmin.com/api/files/${NAME}_${VERSION}
+curl --user $APTLY_USER:$APTLY_PASSWD -X POST https://aptly.virtualmin.com/api/repos/virtualmin-7-gpl/file/${NAME}_${VERSION}
+curl -i --user $APTLY_USER:$APTLY_PASSWD -X PUT -H 'Content-Type: application/json' --data '{}' https://aptly.virtualmin.com/api/publish/filesystem:7-gpl:./virtualmin
+curl --user $APTLY_USER:$APTLY_PASSWD -X POST -F file=@${NAME}_${VERSION}_all.deb https://aptly.virtualmin.com/api/files/${NAME}_${VERSION}
+curl --user $APTLY_USER:$APTLY_PASSWD -X POST https://aptly.virtualmin.com/api/repos/virtualmin-gpl-universal/file/${NAME}_${VERSION}
+curl -i --user $APTLY_USER:$APTLY_PASSWD -X PUT -H 'Content-Type: application/json' --data '{}' https://aptly.virtualmin.com/api/publish/filesystem:gpl:./virtualmin-universal
diff --git a/build-stable-rpm.sh b/build-stable-rpm.sh
new file mode 100755
index 0000000..678d7b6
--- /dev/null
+++ b/build-stable-rpm.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+# Build and publish a package, called by github actions
+
+# echo, exit on error/undefined vars
+set -xeu
+
+MOD='jailkit'
+NAME="wbm-$MOD"
+
+# Load module.info to get version
+version=$(grep version $MOD/module.info | cut -d'=' -f2)
+VERSION="${version}"
+
+if [ -f epoch ]; then
+	epoch="--epoch $(cat epoch)"
+else
+	epoch=""
+fi
+
+# FIXME after PR is merged to Webmin
+mkdir -p ${HOME}/rpmbuild/{BUILD,BUILDROOT,RPMS,SOURCES,SPECS,SRPMS}
+mkdir -p "${HOME}/rpmbuild/RPMS/noarch"
+perl makemodulerpm.pl --rpm-depends --licence 'GPLv3' --allow-overwrite $epoch "$MOD" "$VERSION"
+
+# Copy to build/deploy server
+chmod g+w "${HOME}/rpmbuild/RPMS/noarch/${NAME}-${VERSION}-1.noarch.rpm"
+scp -i "${HOME}/.ssh/id_ed25519" -p "${HOME}/rpmbuild/RPMS/noarch/${NAME}-${VERSION}-1.noarch.rpm" "$BUILD_SSH_USER@build.virtualmin.com:/home/build/result/vm/7/gpl/rpm/noarch"
+scp -i "${HOME}/.ssh/id_ed25519" -p "${HOME}/rpmbuild/RPMS/noarch/${NAME}-${VERSION}-1.noarch.rpm" "$BUILD_SSH_USER@build.virtualmin.com:/home/build/result/vm/6/gpl/universal"
+# Add it to the publish queue
+ssh -i "${HOME}/.ssh/id_ed25519" "$BUILD_SSH_USER@build.virtualmin.com" "flock /home/build/rpm-publish-queue -c 'echo vm/7/gpl/rpm/noarch/${NAME}-${VERSION}-1.noarch.rpm >> /home/build/rpm-publish-queue'"
+ssh -i "${HOME}/.ssh/id_ed25519" "$BUILD_SSH_USER@build.virtualmin.com" "flock /home/build/rpm-publish-queue -c 'echo vm/6/gpl/universal/${NAME}-${VERSION}-1.noarch.rpm >> /home/build/rpm-publish-queue'"
diff --git a/module.info b/module.info
index bbf258b..b1500f0 100644
--- a/module.info
+++ b/module.info
@@ -2,4 +2,4 @@ name=Jailkit
 desc=Jailkit Jail Manager
 os_support=*-linux
 category=system
-version=0.7
+version=0.9