Abandon travis-ci for jenkins
moparisthebest/pegh/pipeline/head This commit looks good Details

This commit is contained in:
Travis Burtrum 2020-11-23 22:34:05 -05:00
parent c5e67c801d
commit c38dbae2f1
6 changed files with 110 additions and 81 deletions

43
.ci/Jenkinsfile vendored Normal file
View File

@ -0,0 +1,43 @@
properties(
[
disableConcurrentBuilds()
]
)
node('linux && docker') {
try {
stage('Checkout') {
//branch name from Jenkins environment variables
echo "My branch is: ${env.BRANCH_NAME}"
// this doesn't grab tags pointing to this branch
//checkout scm
// this hack does... https://issues.jenkins.io/browse/JENKINS-45164
checkout([
$class: 'GitSCM',
branches: [[name: 'refs/heads/'+env.BRANCH_NAME]],
extensions: [[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: '']],
userRemoteConfigs: scm.userRemoteConfigs,
])
sh '''
set -euxo pipefail
git checkout "$BRANCH_NAME" --
git reset --hard "origin/$BRANCH_NAME"
'''
}
stage('Build + Deploy') {
sh 'curl --compressed -sL https://code.moparisthebest.com/moparisthebest/self-ci/raw/branch/master/build-ci.sh | bash'
}
currentBuild.result = 'SUCCESS'
} catch (Exception err) {
currentBuild.result = 'FAILURE'
} finally {
stage('Email') {
step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'admin.jenkins@moparisthebest.com', sendToIndividuals: true])
}
sh './bin/build.sh docker-chown'
deleteDir()
}
}

View File

@ -1,12 +1,6 @@
#!/bin/sh #!/bin/sh
ARCH="$1"
set -exu set -exu
# change to the directory this script is in
cd "$(dirname "$0")"
# dependencies to build+test pegh # dependencies to build+test pegh
apk add build-base clang bash libsodium-dev libsodium-static openssl-dev openssl-libs-static apk add build-base clang bash libsodium-dev libsodium-static openssl-dev openssl-libs-static
@ -31,11 +25,37 @@ ldd pegh.static.* || true
export TEST_BINS="./pegh.static.openssl ./pegh.openssl ./pegh.static.libsodium-openssl ./pegh.libsodium-openssl ./pegh.static.libsodium ./pegh.libsodium" export TEST_BINS="./pegh.static.openssl ./pegh.openssl ./pegh.static.libsodium-openssl ./pegh.libsodium-openssl ./pegh.static.libsodium ./pegh.libsodium"
# as of 27-Nov-2020 aarch64 openssl has a bug which causes the tests to fail, should try to report upstream...
[ "$ARCH" == "aarch64" ] && export TEST_BINS="./pegh.static.libsodium-openssl ./pegh.libsodium-openssl ./pegh.static.libsodium ./pegh.libsodium"
# compile dynamically linked versions (with gcc) to openssl and libsodium, then test all 4 against each other # compile dynamically linked versions (with gcc) to openssl and libsodium, then test all 4 against each other
./test.sh ./test.sh
echo "successfully built and tested static pegh against libsodium and openssl!" echo "successfully built and tested static pegh against libsodium and openssl!"
# tests have all passed, move binaries to release directory for later
mkdir -p release
mv pegh.static.libsodium "./release/pegh-linux-$ARCH-libsodium"
# as of 27-Nov-2020 aarch64 openssl has a bug which causes the tests to fail, should try to report upstream...
if [ "$ARCH" == "aarch64" ]
then
rm -f pegh.static.openssl pegh.static.libsodium-openssl
else
mv pegh.static.openssl "./release/pegh-linux-$ARCH-openssl"
mv pegh.static.libsodium-openssl "./release/pegh-linux-$ARCH-libsodium-openssl"
fi
# for our native arch, just once, go ahead and archive the git repo too for later release
if [ "$ARCH" == "amd64" ]
then
apk add git
git archive HEAD -9 --format zip -o ./release/pegh-source.zip
git archive HEAD -9 --format tar.gz -o ./release/pegh-source.tar.gz
fi
if [ "$ARCH" == "amd64" ] || [ "$ARCH" == "i386" ] if [ "$ARCH" == "amd64" ] || [ "$ARCH" == "i386" ]
then then
@ -44,19 +64,27 @@ echo 'going to try to build windows here...'
apk add mingw-w64-gcc curl wine apk add mingw-w64-gcc curl wine
STATIC_LIB_DIR="$(pwd)" STATIC_LIB_DIR="$(pwd)"
LIBSODIUM_VERSION=1.0.18 LIBSODIUM_VERSION='1.0.18'
OPENSSL_VERSION='1.1.1h_3'
OPENSSL_CURL_VERSION='7.73.0_3'
curl -O https://download.libsodium.org/libsodium/releases/libsodium-${LIBSODIUM_VERSION}-stable-mingw.tar.gz -O https://curl.haxx.se/windows/dl-7.67.0_5/openssl-1.1.1d_5-win64-mingw.zip -O https://curl.haxx.se/windows/dl-7.67.0_5/openssl-1.1.1d_5-win32-mingw.zip if [ ! -d "${STATIC_LIB_DIR}/libsodium-win32" ]
then
echo "241d6c88c2d79e13dae9f4943804a5a855c7d2904b21f74ebd31b15d056e3a4f libsodium-${LIBSODIUM_VERSION}-stable-mingw.tar.gz" > libs.sha256 # only need to grab/unpack these once
echo '4f474918a1597d6d1d35e524cf79827623f8ce511259b0047ee95bc0fddbf29c openssl-1.1.1d_5-win32-mingw.zip' >> libs.sha256 curl -L -O https://download.libsodium.org/libsodium/releases/libsodium-${LIBSODIUM_VERSION}-mingw.tar.gz -O https://curl.se/windows/dl-${OPENSSL_CURL_VERSION}/openssl-${OPENSSL_VERSION}-win64-mingw.zip -O https://curl.se/windows/dl-${OPENSSL_CURL_VERSION}/openssl-${OPENSSL_VERSION}-win32-mingw.zip
echo '936260c5a865c8e3f6af35a5394dd1acc43063a40a206c717350f1a341d8d822 openssl-1.1.1d_5-win64-mingw.zip' >> libs.sha256
sha256sum -c libs.sha256 echo "e499c65b1c511cbc6700e436deb3771c3baa737981114c9e9f85f2ec90176861 libsodium-${LIBSODIUM_VERSION}-mingw.tar.gz" > libs.sha256
echo "fcaa181d848ac56150f00bc46d204d81fde4448a9afe9ef3ca04cc21d3132cb4 openssl-${OPENSSL_VERSION}-win32-mingw.zip" >> libs.sha256
echo "913ddfa264ed9bae51f9deaa8ebce9d9450fa89fdf4c74ab41a6dfffb5880c67 openssl-${OPENSSL_VERSION}-win64-mingw.zip" >> libs.sha256
tar xzvf libsodium-${LIBSODIUM_VERSION}-stable-mingw.tar.gz # fail if any of these hashes have changed
unzip openssl-1.1.1d_5-win32-mingw.zip sha256sum -c libs.sha256
unzip openssl-1.1.1d_5-win64-mingw.zip
tar xzvf libsodium-${LIBSODIUM_VERSION}-mingw.tar.gz
unzip openssl-${OPENSSL_VERSION}-win32-mingw.zip
unzip openssl-${OPENSSL_VERSION}-win64-mingw.zip
fi
if [ "$ARCH" == "i386" ] if [ "$ARCH" == "i386" ]
then then
@ -64,10 +92,10 @@ then
make CC=i686-w64-mingw32-cc PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win32" clean all make CC=i686-w64-mingw32-cc PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win32" clean all
mv pegh.exe pegh-windows-i386-libsodium.exe mv pegh.exe pegh-windows-i386-libsodium.exe
make CC=i686-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-1.1.1d-win32-mingw" clean all make CC=i686-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-${OPENSSL_VERSION}-win32-mingw" clean all
mv pegh.exe pegh-windows-i386-openssl.exe mv pegh.exe pegh-windows-i386-openssl.exe
make CC=i686-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-1.1.1d-win32-mingw" PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win32" clean all make CC=i686-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-${OPENSSL_VERSION}-win32-mingw" PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win32" clean all
mv pegh.exe pegh-windows-i386-libsodium-openssl.exe mv pegh.exe pegh-windows-i386-libsodium-openssl.exe
fi fi
@ -82,10 +110,10 @@ export wine="wine64"
make CC=x86_64-w64-mingw32-cc PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win64" clean all make CC=x86_64-w64-mingw32-cc PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win64" clean all
mv pegh.exe pegh-windows-amd64-libsodium.exe mv pegh.exe pegh-windows-amd64-libsodium.exe
make CC=x86_64-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-1.1.1d-win64-mingw" clean all make CC=x86_64-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-${OPENSSL_VERSION}-win64-mingw" clean all
mv pegh.exe pegh-windows-amd64-openssl.exe mv pegh.exe pegh-windows-amd64-openssl.exe
make CC=x86_64-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-1.1.1d-win64-mingw" PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win64" clean all make CC=x86_64-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-${OPENSSL_VERSION}-win64-mingw" PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win64" clean all
mv pegh.exe pegh-windows-amd64-libsodium-openssl.exe mv pegh.exe pegh-windows-amd64-libsodium-openssl.exe
fi fi
@ -95,9 +123,14 @@ strip *.exe
ls -lah *.exe ls -lah *.exe
file *.exe file *.exe
# running the test script sometimes locks up wine, I think due to races on creating ~/.wine, so do that first...
$wine ./pegh-windows-$ARCH-libsodium.exe -h
# now test windows binaries against the static ones with wine # now test windows binaries against the static ones with wine
# no binfmt here where executing .exe *just works*, so do it hacky way :'( # no binfmt here where executing .exe *just works*, so do it hacky way :'(
export TEST_BINS="./pegh.static.openssl ./pegh.static.libsodium-openssl ./pegh.static.libsodium" export TEST_BINS="./release/pegh-linux-$ARCH-openssl ./release/pegh-linux-$ARCH-libsodium-openssl ./release/pegh-linux-$ARCH-libsodium"
# we've really already tested all of the above against each other, let's just test windows against one
export TEST_BINS="./release/pegh-linux-$ARCH-openssl"
for exe in *.exe for exe in *.exe
do do
@ -114,4 +147,13 @@ done
echo "windows binaries pass tests through wine!" echo "windows binaries pass tests through wine!"
killall pegh-windows-amd64-libsodium-openssl.exe pegh-windows-amd64-libsodium.exe pegh-windows-amd64-openssl.exe pegh-windows-i386-libsodium-openssl.exe pegh-windows-i386-libsodium.exe pegh-windows-i386-openssl.exe || true
sleep 5
killall -9 pegh-windows-amd64-libsodium-openssl.exe pegh-windows-amd64-libsodium.exe pegh-windows-amd64-openssl.exe pegh-windows-i386-libsodium-openssl.exe pegh-windows-i386-libsodium.exe pegh-windows-i386-openssl.exe || true
sleep 5
rm -rf ~/.wine /tmp/.wine*
# for later release
mv *.exe ./release/
fi fi

View File

@ -1,35 +0,0 @@
#!/bin/sh
DOCKER_IMAGE="$1"
shift
ARCH="$1"
BUILD_DIR=/tmp/static/
rm -rf "$BUILD_DIR"
mkdir -p "$BUILD_DIR"
cp * .ci/build.sh "$BUILD_DIR"
docker run --rm -v "$BUILD_DIR":/tmp "$DOCKER_IMAGE" /tmp/build.sh "$ARCH" || exit 1
mv "$BUILD_DIR"pegh.static.openssl "./pegh-linux-$ARCH-openssl"
mv "$BUILD_DIR"pegh.static.libsodium "./pegh-linux-$ARCH-libsodium"
mv "$BUILD_DIR"pegh.static.libsodium-openssl "./pegh-linux-$ARCH-libsodium-openssl"
mv "$BUILD_DIR"pegh-*.exe ./
sha256sum pegh-* > pegh-$ARCH-sha256sum.txt
if [ "$ARCH" == "amd64" ]
then
git archive HEAD -9 --format zip -o pegh-source.zip
git archive HEAD -9 --format tar.gz -o pegh-source.tar.gz
sha256sum pegh-source.* > pegh-source-sha256sum.txt
fi
rm -rf "$BUILD_DIR" 2>/dev/null
exit 0

View File

@ -1,22 +0,0 @@
language: minimal
services: docker
matrix:
include:
- env: ARCH='amd64' DOCKER_IMAGE='alpine'
- env: ARCH='i386' DOCKER_IMAGE='i386/alpine'
- env: ARCH='aarch64' DOCKER_IMAGE='alpine'
arch: arm64
script:
- ./.ci/docker_build.sh "$DOCKER_IMAGE" "$ARCH"
deploy:
api_key:
secure: $GITHUB_OAUTH
file_glob: true
file: pegh-*
on:
tags: true
provider: releases
skip_cleanup: true

View File

@ -1,7 +1,7 @@
pegh pegh
---- ----
[![Travis-CI Build Status](https://api.travis-ci.com/moparisthebest/pegh.svg?branch=master)](https://travis-ci.com/moparisthebest/pegh) [![Build Status](https://ci.moparisthe.best/job/moparisthebest/job/pegh/job/master/badge/icon%3Fstyle=plastic)](https://ci.moparisthe.best/job/moparisthebest/job/pegh/job/master/)
pegh is a file encryption tool using passwords with modern, standardized, and authenticated encryption. It is simple, secure, and returns proper exit codes so you can tell whether encryption or decryption failed or not. pegh is a file encryption tool using passwords with modern, standardized, and authenticated encryption. It is simple, secure, and returns proper exit codes so you can tell whether encryption or decryption failed or not.
@ -14,7 +14,7 @@ Releases
[Releases](https://github.com/moparisthebest/pegh/releases) contain static binaries for: [Releases](https://github.com/moparisthebest/pegh/releases) contain static binaries for:
* Linux amd64, i386, aarch64 * Linux amd64, i386, aarch64, armv7, ppc64le
* Windows amd64, i386 * Windows amd64, i386
* more to come? * more to come?

View File

@ -67,9 +67,10 @@ test () {
echo 'encrypting then decrypting with the same key should succeed' echo 'encrypting then decrypting with the same key should succeed'
"$bin" -e "$@" "$key" < "$dummy_file" | "$bin_decrypt" -d "$key" | cmp - "$dummy_file" "$bin" -e "$@" "$key" < "$dummy_file" | "$bin_decrypt" -d "$key" | cmp - "$dummy_file"
echo 'test with -s 32 requiring 2gb of ram should succeed' # this test is so (rightly) slow it makes our CI builds take 6+ hours, disable for now
#echo 'test with -s 32 requiring 2gb of ram should succeed'
# can send -s 32 or -m 2048 to decrypt command with identical effect # can send -s 32 or -m 2048 to decrypt command with identical effect
"$bin" -e "$@" "$key" -s 32 < "$dummy_file" | "$bin_decrypt" -d "$key" -m 2048 | cmp - "$dummy_file" #"$bin" -e "$@" "$key" -s 32 < "$dummy_file" | "$bin_decrypt" -d "$key" -m 2048 | cmp - "$dummy_file"
echo 'encrypting/decrypting with key in file should work, even when key has leading 0s and a trailing newline' echo 'encrypting/decrypting with key in file should work, even when key has leading 0s and a trailing newline'
"$bin" -e "$@" -f "$leading_zero_key" < "$dummy_file" | "$bin_decrypt" -d -f "$leading_zero_key" | cmp - "$dummy_file" "$bin" -e "$@" -f "$leading_zero_key" < "$dummy_file" | "$bin_decrypt" -d -f "$leading_zero_key" | cmp - "$dummy_file"