Skip to content

Build Vaultwarden .deb packages #504

Build Vaultwarden .deb packages

Build Vaultwarden .deb packages #504

Workflow file for this run

name: Build Vaultwarden .deb packages
concurrency: ci-build
on:
- push
- workflow_dispatch
- workflow_call
jobs:
check-version:
runs-on: ubuntu-latest
steps:
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.12
- name: Checkout repository
uses: actions/checkout@v4
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Get latest versions
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
python generate-files.py
if grep -q VW_HAS_UPDATE=true ${GITHUB_ENV} ; then
echo "Upstream changes detected."
exit 1
fi
build-debs:
runs-on: ubuntu-latest
needs: check-version
strategy:
matrix:
debian: ["buster", "bullseye", "bookworm"]
debian-arch: ["amd64"]
steps:
- name: Install dependencies
run: |
sudo apt-get -q update
sudo apt-get -qy install debhelper dpkg-sig
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.12
- name: Checkout repository
uses: actions/checkout@v4
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Import GPG key
id: import_gpg
uses: gvtulder/ghaction-import-gpg@master
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Get latest versions
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
python generate-files.py
- name: Download previous deb files
env:
AWS_S3_ENDPOINT: ${{ secrets.AWS_S3_ENDPOINT }}
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: auto
run: |
mkdir -p repo/dists/${{ matrix.debian }}/main/binary-${{ matrix.debian-arch }}
./sync-s3.sh s3://${{ secrets.AWS_S3_BUCKET }}/dists/${{ matrix.debian }} repo/dists/${{ matrix.debian }}
- name: Build vaultwarden .deb
env:
DEBIAN_TARGET_VERSION: ${{ matrix.debian }}
VW_SERVER_VERSION: ${{ env.VW_SERVER_VERSION }}
VW_WEB_VERSION: ${{ env.VW_WEB_VERSION }}
VW_SERVER_VERSION_DEB: ${{ env.VW_SERVER_VERSION_DEB }}
VW_WEB_VERSION_DEB: ${{ env.VW_WEB_VERSION_DEB }}
run: |
if [[ ! -f repo/dists/${{ matrix.debian }}/main/binary-${{ matrix.debian-arch }}/vaultwarden_${{ env.VW_SERVER_VERSION_DEB }}_${{ matrix.debian-arch }}.deb ]] ; then
cd vaultwarden/
./build-in-docker.sh
dpkg-sig -k ${{ steps.import_gpg.outputs.keyid }} --sign builder vaultwarden_*.deb
mv vaultwarden_*.deb ../repo/dists/${{ matrix.debian }}/main/binary-${{ matrix.debian-arch }}/
cd ..
fi
- name: Build vaultwarden-web-vault .deb
run: |
if [[ ! -f repo/dists/${{ matrix.DEBIAN }}/main/binary-${{ matrix.debian-arch }}/vaultwarden-web-vault_${{ env.VW_WEB_VERSION_DEB }}_all.deb ]] ; then
cd vaultwarden-web-vault/
make deb
dpkg-sig -k ${{ steps.import_gpg.outputs.keyid }} --sign builder ../vaultwarden-web-vault_*.deb
mv ../vaultwarden-web-vault_*.deb ../repo/dists/${{ matrix.debian }}/main/binary-${{ matrix.debian-arch }}/
cd ..
fi
- name: Export public key
run: |
gpg --export ${{ steps.import_gpg.outputs.keyid }} > repo/vaultwarden-deb-repo-keyring.gpg
gpg --armor --export ${{ steps.import_gpg.outputs.keyid }} > repo/vaultwarden-deb-repo-keyring.asc
- name: Create APT repository
run: |
cd repo/
apt-ftparchive packages dists/${{ matrix.debian }}/main/binary-${{ matrix.debian-arch }} > dists/${{ matrix.debian }}/main/binary-${{ matrix.debian-arch }}/Packages
bzip2 -kf dists/${{ matrix.debian }}/main/binary-${{ matrix.debian-arch }}/Packages
apt-ftparchive -o APT::FTPArchive::AlwaysStat="true" \
-o APT::FTPArchive::Release::Codename=${{ matrix.debian }} \
-o APT::FTPArchive::Release::Architectures="${{ matrix.debian-arch }}" \
-o APT::FTPArchive::Release::Components="main" \
-o APT::FTPArchive::DoByHash=true \
release dists/${{ matrix.debian }} > dists/${{ matrix.debian }}/Release
gpg --yes -abs -u ${{ steps.import_gpg.outputs.keyid }} \
-o dists/${{ matrix.debian }}/Release.gpg \
--digest-algo sha256 dists/${{ matrix.debian }}/Release
gpg --yes -abs -u ${{ steps.import_gpg.outputs.keyid }} \
--clearsign -o dists/${{ matrix.debian }}/InRelease \
--digest-algo sha256 dists/${{ matrix.debian }}/Release
cd ..
- name: Upload updated repo
env:
AWS_S3_ENDPOINT: ${{ secrets.AWS_S3_ENDPOINT }}
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: auto
run: |
./sync-s3.sh repo/ s3://${{ secrets.AWS_S3_BUCKET }}/
- name: Archive .deb files, public keys, APT files
uses: actions/upload-artifact@v4
with:
name: output-${{ matrix.debian }}
path: repo/
build-repo:
runs-on: ubuntu-latest
needs: build-debs
steps:
- name: Install dependencies
run: |
sudo apt-get -q update
sudo apt-get -qy install debhelper dpkg-sig
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.9
- name: Checkout repository
uses: actions/checkout@v4
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: Import GPG key
id: import_gpg
uses: gvtulder/ghaction-import-gpg@master
with:
gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
passphrase: ${{ secrets.GPG_PASSPHRASE }}
- name: Download all workflow run artifacts
uses: actions/download-artifact@v4
with:
path: repo-src/
- name: Show all files
run: |
find
- name: Create combined repository
run: |
mkdir -p repo/dists
for release_dir in repo-src/output-*/dists ; do
cp -r $release_dir/* repo/dists
done
- name: Export public key
run: |
gpg --export ${{ steps.import_gpg.outputs.keyid }} > repo/vaultwarden-deb-repo-keyring.gpg
gpg --armor --export ${{ steps.import_gpg.outputs.keyid }} > repo/vaultwarden-deb-repo-keyring.asc
- name: Upload updated repo
env:
AWS_S3_ENDPOINT: ${{ secrets.AWS_S3_ENDPOINT }}
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: auto
run: |
./sync-s3.sh repo/dists/${{ matrix.debian }} s3://${{ secrets.AWS_S3_BUCKET }}/dists/${{ matrix.debian }}
- name: Archive repository files
uses: actions/upload-artifact@v4
with:
name: combined-repository
path: repo/
deploy:
runs-on: ubuntu-latest
needs: build-repo
steps:
- name: Deploy to Cloudflare
env:
CLOUDFLARE_DEPLOY_HOOK: ${{ secrets.CLOUDFLARE_DEPLOY_HOOK }}
run: |
curl -X POST "${CLOUDFLARE_DEPLOY_HOOK}"