Use Azure Pipelines secure files to import private keys
This commit is contained in:
gal20
@@ -1,6 +1,4 @@
|
|||||||
# Flatpak specific environment variables
|
# Flatpak specific environment variables
|
||||||
FLATPAK_ENC_IV
|
|
||||||
FLATPAK_ENC_K
|
|
||||||
FLATPAK_GPG_PUBLIC_KEY
|
FLATPAK_GPG_PUBLIC_KEY
|
||||||
FLATPAK_SSH_HOSTNAME
|
FLATPAK_SSH_HOSTNAME
|
||||||
FLATPAK_SSH_PORT
|
FLATPAK_SSH_PORT
|
||||||
|
|||||||
@@ -9,6 +9,10 @@ AZURE_JOB_ID
|
|||||||
AZURE_REPO_SLUG
|
AZURE_REPO_SLUG
|
||||||
AZURE_TAG
|
AZURE_TAG
|
||||||
|
|
||||||
|
# Path to private keys
|
||||||
|
SSH_KEY
|
||||||
|
GPG_KEY
|
||||||
|
|
||||||
# yuzu specific flags
|
# yuzu specific flags
|
||||||
ENABLE_COMPATIBILITY_REPORTING
|
ENABLE_COMPATIBILITY_REPORTING
|
||||||
USE_DISCORD_PRESENCE
|
USE_DISCORD_PRESENCE
|
||||||
|
|||||||
@@ -6,7 +6,6 @@ YUZU_SRC_DIR="/yuzu"
|
|||||||
BUILD_DIR="$YUZU_SRC_DIR/build"
|
BUILD_DIR="$YUZU_SRC_DIR/build"
|
||||||
REPO_DIR="$YUZU_SRC_DIR/repo"
|
REPO_DIR="$YUZU_SRC_DIR/repo"
|
||||||
STATE_DIR="$YUZU_SRC_DIR/.flatpak-builder"
|
STATE_DIR="$YUZU_SRC_DIR/.flatpak-builder"
|
||||||
KEYS_ARCHIVE="/tmp/keys.tar"
|
|
||||||
SSH_DIR="/upload"
|
SSH_DIR="/upload"
|
||||||
SSH_KEY="/tmp/ssh.key"
|
SSH_KEY="/tmp/ssh.key"
|
||||||
GPG_KEY="/tmp/gpg.key"
|
GPG_KEY="/tmp/gpg.key"
|
||||||
@@ -14,21 +13,14 @@ GPG_KEY="/tmp/gpg.key"
|
|||||||
# Generate flatpak Manifest and AppData files (/tmp/appdata.xml and /tmp/org.yuzu.$REPO_NAME.json)
|
# Generate flatpak Manifest and AppData files (/tmp/appdata.xml and /tmp/org.yuzu.$REPO_NAME.json)
|
||||||
/bin/bash -ex $YUZU_SRC_DIR/.ci/scripts/linux-flatpak/generate-data.sh $1
|
/bin/bash -ex $YUZU_SRC_DIR/.ci/scripts/linux-flatpak/generate-data.sh $1
|
||||||
|
|
||||||
# Extract keys
|
|
||||||
#openssl aes-256-cbc -K $FLATPAK_ENC_K -iv $FLATPAK_ENC_IV -in "$YUZU_SRC_DIR/keys.tar.enc" -out "$KEYS_ARCHIVE" -d
|
|
||||||
#tar -C /tmp -xvf $KEYS_ARCHIVE
|
|
||||||
|
|
||||||
# Configure SSH keys
|
# Configure SSH keys
|
||||||
#eval "$(ssh-agent -s)"
|
eval "$(ssh-agent -s)"
|
||||||
#chmod 700 "$HOME/.ssh"
|
chmod 700 "$HOME/.ssh"
|
||||||
#chmod -R 600 $HOME/.ssh/*
|
ssh-add "$SSH_KEY"
|
||||||
#chown -R yuzu "$HOME/.ssh"
|
echo "[$FLATPAK_SSH_HOSTNAME]:$FLATPAK_SSH_PORT,[$(dig +short $FLATPAK_SSH_HOSTNAME)]:$FLATPAK_SSH_PORT $FLATPAK_SSH_PUBLIC_KEY" > $HOME/.ssh/known_hosts
|
||||||
#chmod 600 "$SSH_KEY"
|
|
||||||
#ssh-add "$SSH_KEY"
|
|
||||||
#echo "[$FLATPAK_SSH_HOSTNAME]:$FLATPAK_SSH_PORT,[$(dig +short $FLATPAK_SSH_HOSTNAME)]:$FLATPAK_SSH_PORT $FLATPAK_SSH_PUBLIC_KEY" > ~/.ssh/known_hosts
|
|
||||||
|
|
||||||
# Configure GPG keys
|
# Configure GPG keys
|
||||||
#gpg2 --import "$GPG_KEY"
|
gpg2 --import "$GPG_KEY"
|
||||||
|
|
||||||
# Set permissions
|
# Set permissions
|
||||||
chown -R yuzu "$YUZU_SRC_DIR"
|
chown -R yuzu "$YUZU_SRC_DIR"
|
||||||
@@ -52,7 +44,5 @@ ln -sv --force $HOME/ccache "$STATE_DIR/ccache"
|
|||||||
chmod -R 700 "$STATE_DIR/ccache"
|
chmod -R 700 "$STATE_DIR/ccache"
|
||||||
|
|
||||||
# Build the yuzu flatpak
|
# Build the yuzu flatpak
|
||||||
#flatpak-builder -v --jobs=4 --ccache --force-clean --state-dir="$STATE_DIR" --gpg-sign="$FLATPAK_GPG_PUBLIC_KEY" --repo="$REPO_DIR" "$BUILD_DIR" "/tmp/org.yuzu.$REPO_NAME.json"
|
flatpak-builder -v --jobs=4 --ccache --force-clean --state-dir="$STATE_DIR" --gpg-sign="$FLATPAK_GPG_PUBLIC_KEY" --repo="$REPO_DIR" "$BUILD_DIR" "/tmp/org.yuzu.$REPO_NAME.json"
|
||||||
#flatpak build-update-repo "$REPO_DIR" -v --generate-static-deltas --gpg-sign="$FLATPAK_GPG_PUBLIC_KEY"
|
flatpak build-update-repo "$REPO_DIR" -v --generate-static-deltas --gpg-sign="$FLATPAK_GPG_PUBLIC_KEY"
|
||||||
flatpak-builder -v --jobs=4 --ccache --force-clean --state-dir="$STATE_DIR" --repo="$REPO_DIR" "$BUILD_DIR" "/tmp/org.yuzu.$REPO_NAME.json"
|
|
||||||
flatpak build-update-repo "$REPO_DIR" -v --generate-static-deltas
|
|
||||||
|
|||||||
@@ -1,14 +1,14 @@
|
|||||||
#!/bin/bash -ex
|
#!/bin/bash -ex
|
||||||
mkdir -p "ccache"
|
mkdir -p "ccache"
|
||||||
|
mkdir -p "$HOME/.ssh"
|
||||||
|
|
||||||
chmod a+x ./.ci/scripts/linux-flatpak/docker.sh
|
chmod a+x ./.ci/scripts/linux-flatpak/docker.sh
|
||||||
|
|
||||||
# the UID for the container yuzu user is 1027
|
# the UID for the container yuzu user is 1027
|
||||||
#sudo chown -R 1027 "$HOME/.ssh"
|
|
||||||
sudo chown -R 1027 "ccache"
|
sudo chown -R 1027 "ccache"
|
||||||
sudo chown -R 1027 $(pwd)
|
sudo chown -R 1027 $(pwd)
|
||||||
docker run --env-file .ci/scripts/linux-flatpak/azure-ci.env --env-file .ci/scripts/linux-flatpak/azure-ci-flatpak.env -v $(pwd):/yuzu -v "$(pwd)/ccache":/home/yuzu/ccache -v "$HOME/.ssh":/home/yuzu/.ssh --privileged meirod/build-environments:linux-flatpak /bin/bash -ex /yuzu/.ci/scripts/linux-flatpak/docker.sh $1
|
sudo chown -R 1027 "$HOME/.ssh"
|
||||||
#sudo chown -R $UID "$HOME/.ssh"
|
docker run --env-file .ci/scripts/linux-flatpak/azure-ci.env --env-file .ci/scripts/linux-flatpak/azure-ci-flatpak.env -v $(pwd):/yuzu -v "$(pwd)/ccache":/home/yuzu/ccache -v "$HOME/.ssh":/home/yuzu/.ssh -v "$SSH_KEY":/tmp/ssh.key -v "$GPG_KEY":/tmp/gpg.key --privileged meirod/build-environments:linux-flatpak /bin/bash -ex /yuzu/.ci/scripts/linux-flatpak/docker.sh $1
|
||||||
|
sudo chown -R $UID "$HOME/.ssh"
|
||||||
sudo chown -R $UID "ccache"
|
sudo chown -R $UID "ccache"
|
||||||
sudo chown -R $UID $(pwd)
|
sudo chown -R $UID $(pwd)
|
||||||
|
|||||||
@@ -13,11 +13,17 @@ steps:
|
|||||||
key: yuzu-v1-$(BuildName)-$(BuildSuffix)-$(CacheSuffix)
|
key: yuzu-v1-$(BuildName)-$(BuildSuffix)-$(CacheSuffix)
|
||||||
path: $(System.DefaultWorkingDirectory)/ccache
|
path: $(System.DefaultWorkingDirectory)/ccache
|
||||||
cacheHitVar: CACHE_RESTORED
|
cacheHitVar: CACHE_RESTORED
|
||||||
|
- task: DownloadSecureFile@1
|
||||||
|
name: sshKey
|
||||||
|
inputs:
|
||||||
|
secureFile: 'ssh.key'
|
||||||
|
- task: DownloadSecureFile@1
|
||||||
|
name: gpgKey
|
||||||
|
inputs:
|
||||||
|
secureFile: 'gpg.key'
|
||||||
- script: chmod a+x ./.ci/scripts/$(ScriptFolder)/exec.sh && ./.ci/scripts/$(ScriptFolder)/exec.sh ${{ parameters['version'] }}
|
- script: chmod a+x ./.ci/scripts/$(ScriptFolder)/exec.sh && ./.ci/scripts/$(ScriptFolder)/exec.sh ${{ parameters['version'] }}
|
||||||
displayName: 'Build'
|
displayName: 'Build'
|
||||||
env:
|
env:
|
||||||
FLATPAK_ENC_IV: $(FLATPAK_ENC_IV)
|
|
||||||
FLATPAK_ENC_K: $(FLATPAK_ENC_K)
|
|
||||||
FLATPAK_GPG_PUBLIC_KEY: $(FLATPAK_GPG_PUBLIC_KEY)
|
FLATPAK_GPG_PUBLIC_KEY: $(FLATPAK_GPG_PUBLIC_KEY)
|
||||||
FLATPAK_SSH_HOSTNAME: $(FLATPAK_SSH_HOSTNAME)
|
FLATPAK_SSH_HOSTNAME: $(FLATPAK_SSH_HOSTNAME)
|
||||||
FLATPAK_SSH_PORT: $(FLATPAK_SSH_PORT)
|
FLATPAK_SSH_PORT: $(FLATPAK_SSH_PORT)
|
||||||
@@ -30,6 +36,8 @@ steps:
|
|||||||
AZURE_JOB_ID: $(System.JobId)
|
AZURE_JOB_ID: $(System.JobId)
|
||||||
AZURE_REPO_SLUG: $(Build.Repository.Name)
|
AZURE_REPO_SLUG: $(Build.Repository.Name)
|
||||||
AZURE_TAG: $(Build.SourceBranch)
|
AZURE_TAG: $(Build.SourceBranch)
|
||||||
|
SSH_KEY: $(sshKey.secureFilePath)
|
||||||
|
GPG_KEY: $(gpgKey.secureFilePath)
|
||||||
- script: chmod a+x ./.ci/scripts/$(ScriptFolder)/finish.sh && ./.ci/scripts/$(ScriptFolder)/finish.sh
|
- script: chmod a+x ./.ci/scripts/$(ScriptFolder)/finish.sh && ./.ci/scripts/$(ScriptFolder)/finish.sh
|
||||||
condition: always()
|
condition: always()
|
||||||
displayName: 'Clean up'
|
displayName: 'Clean up'
|
||||||
|
|||||||
@@ -2,7 +2,9 @@ trigger:
|
|||||||
- master
|
- master
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
DisplayVersion: $[counter(variables['DisplayPrefix'], 1)]
|
- group: flatpak-variables
|
||||||
|
- name: DisplayVersion
|
||||||
|
value: $[counter(variables['DisplayPrefix'], 1)]
|
||||||
|
|
||||||
stages:
|
stages:
|
||||||
- stage: format
|
- stage: format
|
||||||
|
|||||||
Reference in New Issue
Block a user