Feature 3646 client debian packages #3646 (#3654)

* debian build script added * Debian packaging added * release workflow extended
mercedes-benz · Nov 27, 2024 · 00c53a7 · 00c53a7
1 parent 7845eca
commit 00c53a7
Show file tree

Hide file tree

Showing 2 changed files with 149 additions and 50 deletions.
diff --git a/.github/workflows/release-client-server-pds.yml b/.github/workflows/release-client-server-pds.yml
@@ -66,6 +66,9 @@ jobs:
           echo "For PDS release, pds-milestone-number must be provided!"
           exit 1
 
+      - name: Install required packages
+        run: sudo apt-get -y install build-essential dpkg-dev fakeroot graphviz hub
+
       - name: Checkout master
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
         with:
@@ -248,9 +251,6 @@ jobs:
           path: sechub-cli/build/go
           retention-days: 14
 
-      - name: Install graphviz (asciidoc diagrams)
-        run: sudo apt-get --assume-yes install graphviz
-
       # -----------------------------------------
       # Build Documentation
       # -----------------------------------------
@@ -495,64 +495,43 @@ jobs:
       # ******************************************
       # C l i e n t  release
       # ******************************************
-      - name: Create client release ${{ inputs.client-version }}
-        id: create_client_release
-        if: inputs.client-version != ''
-        uses: actions/create-release@0cb9c9b65d5d1901c1f53e5e66eaf4afd303e70e
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
-        with:
-          tag_name: v${{ inputs.client-version }}-client
-          commitish: master
-          release_name: Client Version ${{ inputs.client-version }}
-          body: |
-            Changes in this Release
-            - Some minor changes on client implementation
-
-            For more details please look at [Milestone ${{inputs.client-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.client-milestone-number}}?closed=1)
-          draft: true
-          prerelease: false
-
-      - name: Create client release asset sechub-cli-${{ inputs.client-version }}.zip
+      - name: Create client binary release asset sechub-cli-${{ inputs.client-version }}.zip
         if: inputs.client-version != ''
         run: |
           cd sechub-cli/build/go
           zip -r sechub-cli.zip platform
           sha256sum sechub-cli.zip > sechub-cli.zip.sha256
 
-      - name: Upload Client release asset sechub-cli-${{ inputs.client-version }}.zip
-        if: inputs.client-version != ''
-        uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_client_release.outputs.upload_url }}
-          asset_path: ./sechub-cli/build/go/sechub-cli.zip
-          asset_name: sechub-cli-${{ inputs.client-version }}.zip
-          asset_content_type: application/zip
-
-      - name: Upload Client release asset sechub-cli-${{ inputs.client-version }}.zip.sha256
+      - name: Create client Debian packages
         if: inputs.client-version != ''
-        uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_client_release.outputs.upload_url }}
-          asset_path: ./sechub-cli/build/go/sechub-cli.zip.sha256
-          asset_name: sechub-cli-${{ inputs.client-version }}.zip.sha256
-          asset_content_type: text/plain
+        shell: bash
+        run: sechub-cli/script/build-debian-packages.sh ${{ inputs.client-version }}
 
-      - name: Upload sechub-client.pdf release asset
-        id: upload-sechub-doc-client-release-asset
+      - name: Create client ${{ inputs.client-version }} release draft
         if: inputs.client-version != ''
-        uses: actions/upload-release-asset@e8f9f06c4b078e705bd2ea027f0926603fc9b4d5
+        shell: bash
+        run: |
+          assets=()
+          echo "# Add Client binaries sechub-cli-${{ inputs.client-version }}.zip + checksum"
+          assets+=("-a" "sechub-cli/build/go/sechub-cli.zip#sechub-cli-${{ inputs.client-version }}.zip")
+          assets+=("-a" "sechub-cli/build/go/sechub-cli.zip.sha256#sechub-cli-${{ inputs.client-version }}.zip.sha256")
+          echo "# Add Debian packages"
+          for asset in sechub-cli/build/deb-build/*.deb ; do
+            filename=`basename "$asset"`
+            assets+=("-a" "${asset}#${filename}")
+          done
+          echo "# Add Client documentation sechub-client-${{ inputs.client-version }}.pdf"
+          assets+=("-a" "sechub-doc/build/docs/asciidoc/sechub-client.pdf#sechub-client-${{ inputs.client-version }}.pdf")
+          # Define release data
+          tag_name="v${{ inputs.client-version }}-client"
+          release_title="Client Version ${{ inputs.client-version }}"
+          release_message="Changes in this Release
+          - Some minor changes on client implementation"
+          release_footer="For more details please look at [Milestone ${{inputs.client-milestone-number}}]( https://github.com/mercedes-benz/sechub/milestone/${{inputs.client-milestone-number}}?closed=1)"
+          echo "# Create release draft \"$release_title\" on github"
+          hub release create --draft "${assets[@]}" -m "$release_title" -m "$release_message" -m "$release_footer" "$tag_name"
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_client_release.outputs.upload_url }}
-          asset_path: ./sechub-doc/build/docs/asciidoc/sechub-client.pdf
-          asset_name: sechub-client-${{ inputs.client-version }}.pdf
-          asset_content_type: application/pdf
 
       - name: Create Client ${{ inputs.client-version }} release issue
         if: inputs.client-version != ''

diff --git a/sechub-cli/script/build-debian-packages.sh b/sechub-cli/script/build-debian-packages.sh
@@ -0,0 +1,120 @@
+#!/bin/bash
+# SPDX-License-Identifier: MIT
+set -e
+
+# Debian packaging data
+DEB_PACKAGE_NAME="sechub-client"
+DEB_SECTION="misc"
+DEB_MAINTAINER="SecHub FOSS team <[email protected]>"
+DEB_HOMEPAGE="https://github.com/mercedes-benz/sechub"
+DEB_DESCRIPTION="The SecHub command line client. See $DEB_HOMEPAGE"
+DEB_BIN_PATH="usr/bin" # Where to place the SecHub client executable on install
+
+# Hardware architectures we build Debian packages for
+ARCHITECTURE_LIST="amd64 386 arm arm64" # space separated list
+
+BUILD_DIR="build"
+DEBIAN_BUILD_DIR="deb-build"
+GO_BUILD_DIR="go/platform"
+MANDATORY_EXECUTABLES="dpkg-deb fakeroot" # space separated list
+
+function usage {
+  cat - <<EOF
+
+usage: $0 <version tag>
+
+This script creates Debian packages of the SecHub client for Linux
+It is meant to be used for SecHub client releases
+
+Mandatory argument is the version tag in format <major>.<minor>.<hotfix> with an optional appendix.
+Examples:
+- 1.10.0
+- 1.10.0-gh-build
+- 1.10.0-9
+EOF
+}
+
+function check_executable_is_installed {
+    executable="$1"
+    exe_path=`which $executable`
+    if [ ! -x "$exe_path" ] ; then
+        echo "FATAL: Mandatory executable \"$executable\" not found in PATH. Please install..."
+        exit 1
+    fi
+}
+
+function get_debian_architecture {
+  local deb_architecture
+  # Special case for i386 architecture
+  if [ "$1" = "386" ] ; then
+    deb_architecture="i386"
+  else
+    deb_architecture="$architecture"
+  fi
+  echo $deb_architecture
+}
+
+function build_deb_package {
+  local architecture="$1"
+  local deb_architecture=`get_debian_architecture $architecture`
+  local deb_package_name="sechub-client_${SECHUB_CLIENT_VERSION}_${deb_architecture}"
+  local deb_dir="$DEBIAN_BUILD_DIR/$deb_package_name"
+  local size
+  echo "### Building Debian package $deb_package_name.deb"
+  # create dirs
+  mkdir -p "$deb_dir/DEBIAN" "$deb_dir/$DEB_BIN_PATH"
+  # copy executable into destination dir
+  cp "$GO_BUILD_DIR/linux-$architecture/sechub" "$deb_dir/$DEB_BIN_PATH"
+  # determine file size in bytes
+  size=`cat "$deb_dir/$DEB_BIN_PATH/sechub" | wc --bytes`
+  # Create Debian package meta data
+  cat - <<EOF > "$deb_dir/DEBIAN/control"
+Package: $DEB_PACKAGE_NAME
+Version: $SECHUB_CLIENT_VERSION
+Section: $DEB_SECTION
+Architecture: $deb_architecture
+Priority: optional
+Essential: no
+Installed-Size: $size
+Homepage: $DEB_HOMEPAGE
+Maintainer: $DEB_MAINTAINER
+Description: $DEB_DESCRIPTION
+EOF
+  # Create Debian package
+  fakeroot dpkg-deb --build "$deb_dir"
+}
+
+################
+
+# Check prepreqs
+for i in $MANDATORY_EXECUTABLES ; do
+    check_executable_is_installed $i
+done
+
+SECHUB_CLIENT_VERSION=$1
+
+FAILED=false
+if [ -z "$SECHUB_CLIENT_VERSION" ] ; then
+  echo "Please provide a version tag as 1st argument"
+  FAILED=true
+elif [[ ! "$SECHUB_CLIENT_VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+ ]]; then
+  echo "Provided version tag is invalid"
+  FAILED=true
+fi
+
+cd `dirname $0`/..
+if [ ! -d "$BUILD_DIR/$GO_BUILD_DIR" ] ; then
+  echo "Please build the SecHub client executables first. './gradlew buildGo testGo'"
+  FAILED=true
+fi
+
+if $FAILED ; then
+  usage
+  exit 1
+fi
+
+cd "$BUILD_DIR"
+mkdir -p "$DEBIAN_BUILD_DIR"
+for arch in $ARCHITECTURE_LIST ; do
+  build_deb_package $arch
+done