Abandon travis-ci for jenkins
All checks were successful
moparisthebest/pegh/pipeline/head This commit looks good
All checks were successful
moparisthebest/pegh/pipeline/head This commit looks good
This commit is contained in:
parent
c5e67c801d
commit
c38dbae2f1
43
.ci/Jenkinsfile
vendored
Normal file
43
.ci/Jenkinsfile
vendored
Normal file
@ -0,0 +1,43 @@
|
||||
properties(
|
||||
[
|
||||
disableConcurrentBuilds()
|
||||
]
|
||||
)
|
||||
|
||||
node('linux && docker') {
|
||||
try {
|
||||
stage('Checkout') {
|
||||
//branch name from Jenkins environment variables
|
||||
echo "My branch is: ${env.BRANCH_NAME}"
|
||||
|
||||
// this doesn't grab tags pointing to this branch
|
||||
//checkout scm
|
||||
// this hack does... https://issues.jenkins.io/browse/JENKINS-45164
|
||||
checkout([
|
||||
$class: 'GitSCM',
|
||||
branches: [[name: 'refs/heads/'+env.BRANCH_NAME]],
|
||||
extensions: [[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: '']],
|
||||
userRemoteConfigs: scm.userRemoteConfigs,
|
||||
])
|
||||
sh '''
|
||||
set -euxo pipefail
|
||||
git checkout "$BRANCH_NAME" --
|
||||
git reset --hard "origin/$BRANCH_NAME"
|
||||
'''
|
||||
}
|
||||
|
||||
stage('Build + Deploy') {
|
||||
sh 'curl --compressed -sL https://code.moparisthebest.com/moparisthebest/self-ci/raw/branch/master/build-ci.sh | bash'
|
||||
}
|
||||
|
||||
currentBuild.result = 'SUCCESS'
|
||||
} catch (Exception err) {
|
||||
currentBuild.result = 'FAILURE'
|
||||
} finally {
|
||||
stage('Email') {
|
||||
step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'admin.jenkins@moparisthebest.com', sendToIndividuals: true])
|
||||
}
|
||||
sh './bin/build.sh docker-chown'
|
||||
deleteDir()
|
||||
}
|
||||
}
|
80
.ci/build.sh
80
.ci/build.sh
@ -1,12 +1,6 @@
|
||||
#!/bin/sh
|
||||
|
||||
ARCH="$1"
|
||||
|
||||
set -exu
|
||||
|
||||
# change to the directory this script is in
|
||||
cd "$(dirname "$0")"
|
||||
|
||||
# dependencies to build+test pegh
|
||||
apk add build-base clang bash libsodium-dev libsodium-static openssl-dev openssl-libs-static
|
||||
|
||||
@ -31,11 +25,37 @@ ldd pegh.static.* || true
|
||||
|
||||
export TEST_BINS="./pegh.static.openssl ./pegh.openssl ./pegh.static.libsodium-openssl ./pegh.libsodium-openssl ./pegh.static.libsodium ./pegh.libsodium"
|
||||
|
||||
# as of 27-Nov-2020 aarch64 openssl has a bug which causes the tests to fail, should try to report upstream...
|
||||
[ "$ARCH" == "aarch64" ] && export TEST_BINS="./pegh.static.libsodium-openssl ./pegh.libsodium-openssl ./pegh.static.libsodium ./pegh.libsodium"
|
||||
|
||||
# compile dynamically linked versions (with gcc) to openssl and libsodium, then test all 4 against each other
|
||||
./test.sh
|
||||
|
||||
echo "successfully built and tested static pegh against libsodium and openssl!"
|
||||
|
||||
# tests have all passed, move binaries to release directory for later
|
||||
mkdir -p release
|
||||
mv pegh.static.libsodium "./release/pegh-linux-$ARCH-libsodium"
|
||||
# as of 27-Nov-2020 aarch64 openssl has a bug which causes the tests to fail, should try to report upstream...
|
||||
if [ "$ARCH" == "aarch64" ]
|
||||
then
|
||||
rm -f pegh.static.openssl pegh.static.libsodium-openssl
|
||||
else
|
||||
mv pegh.static.openssl "./release/pegh-linux-$ARCH-openssl"
|
||||
mv pegh.static.libsodium-openssl "./release/pegh-linux-$ARCH-libsodium-openssl"
|
||||
fi
|
||||
|
||||
# for our native arch, just once, go ahead and archive the git repo too for later release
|
||||
if [ "$ARCH" == "amd64" ]
|
||||
then
|
||||
|
||||
apk add git
|
||||
|
||||
git archive HEAD -9 --format zip -o ./release/pegh-source.zip
|
||||
git archive HEAD -9 --format tar.gz -o ./release/pegh-source.tar.gz
|
||||
|
||||
fi
|
||||
|
||||
if [ "$ARCH" == "amd64" ] || [ "$ARCH" == "i386" ]
|
||||
then
|
||||
|
||||
@ -44,19 +64,27 @@ echo 'going to try to build windows here...'
|
||||
apk add mingw-w64-gcc curl wine
|
||||
|
||||
STATIC_LIB_DIR="$(pwd)"
|
||||
LIBSODIUM_VERSION=1.0.18
|
||||
LIBSODIUM_VERSION='1.0.18'
|
||||
OPENSSL_VERSION='1.1.1h_3'
|
||||
OPENSSL_CURL_VERSION='7.73.0_3'
|
||||
|
||||
curl -O https://download.libsodium.org/libsodium/releases/libsodium-${LIBSODIUM_VERSION}-stable-mingw.tar.gz -O https://curl.haxx.se/windows/dl-7.67.0_5/openssl-1.1.1d_5-win64-mingw.zip -O https://curl.haxx.se/windows/dl-7.67.0_5/openssl-1.1.1d_5-win32-mingw.zip
|
||||
if [ ! -d "${STATIC_LIB_DIR}/libsodium-win32" ]
|
||||
then
|
||||
|
||||
echo "241d6c88c2d79e13dae9f4943804a5a855c7d2904b21f74ebd31b15d056e3a4f libsodium-${LIBSODIUM_VERSION}-stable-mingw.tar.gz" > libs.sha256
|
||||
echo '4f474918a1597d6d1d35e524cf79827623f8ce511259b0047ee95bc0fddbf29c openssl-1.1.1d_5-win32-mingw.zip' >> libs.sha256
|
||||
echo '936260c5a865c8e3f6af35a5394dd1acc43063a40a206c717350f1a341d8d822 openssl-1.1.1d_5-win64-mingw.zip' >> libs.sha256
|
||||
# only need to grab/unpack these once
|
||||
curl -L -O https://download.libsodium.org/libsodium/releases/libsodium-${LIBSODIUM_VERSION}-mingw.tar.gz -O https://curl.se/windows/dl-${OPENSSL_CURL_VERSION}/openssl-${OPENSSL_VERSION}-win64-mingw.zip -O https://curl.se/windows/dl-${OPENSSL_CURL_VERSION}/openssl-${OPENSSL_VERSION}-win32-mingw.zip
|
||||
|
||||
echo "e499c65b1c511cbc6700e436deb3771c3baa737981114c9e9f85f2ec90176861 libsodium-${LIBSODIUM_VERSION}-mingw.tar.gz" > libs.sha256
|
||||
echo "fcaa181d848ac56150f00bc46d204d81fde4448a9afe9ef3ca04cc21d3132cb4 openssl-${OPENSSL_VERSION}-win32-mingw.zip" >> libs.sha256
|
||||
echo "913ddfa264ed9bae51f9deaa8ebce9d9450fa89fdf4c74ab41a6dfffb5880c67 openssl-${OPENSSL_VERSION}-win64-mingw.zip" >> libs.sha256
|
||||
|
||||
# fail if any of these hashes have changed
|
||||
sha256sum -c libs.sha256
|
||||
|
||||
tar xzvf libsodium-${LIBSODIUM_VERSION}-stable-mingw.tar.gz
|
||||
unzip openssl-1.1.1d_5-win32-mingw.zip
|
||||
unzip openssl-1.1.1d_5-win64-mingw.zip
|
||||
tar xzvf libsodium-${LIBSODIUM_VERSION}-mingw.tar.gz
|
||||
unzip openssl-${OPENSSL_VERSION}-win32-mingw.zip
|
||||
unzip openssl-${OPENSSL_VERSION}-win64-mingw.zip
|
||||
fi
|
||||
|
||||
if [ "$ARCH" == "i386" ]
|
||||
then
|
||||
@ -64,10 +92,10 @@ then
|
||||
make CC=i686-w64-mingw32-cc PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win32" clean all
|
||||
mv pegh.exe pegh-windows-i386-libsodium.exe
|
||||
|
||||
make CC=i686-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-1.1.1d-win32-mingw" clean all
|
||||
make CC=i686-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-${OPENSSL_VERSION}-win32-mingw" clean all
|
||||
mv pegh.exe pegh-windows-i386-openssl.exe
|
||||
|
||||
make CC=i686-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-1.1.1d-win32-mingw" PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win32" clean all
|
||||
make CC=i686-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-${OPENSSL_VERSION}-win32-mingw" PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win32" clean all
|
||||
mv pegh.exe pegh-windows-i386-libsodium-openssl.exe
|
||||
|
||||
fi
|
||||
@ -82,10 +110,10 @@ export wine="wine64"
|
||||
make CC=x86_64-w64-mingw32-cc PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win64" clean all
|
||||
mv pegh.exe pegh-windows-amd64-libsodium.exe
|
||||
|
||||
make CC=x86_64-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-1.1.1d-win64-mingw" clean all
|
||||
make CC=x86_64-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-${OPENSSL_VERSION}-win64-mingw" clean all
|
||||
mv pegh.exe pegh-windows-amd64-openssl.exe
|
||||
|
||||
make CC=x86_64-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-1.1.1d-win64-mingw" PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win64" clean all
|
||||
make CC=x86_64-w64-mingw32-cc PEGH_OPENSSL_WIN="${STATIC_LIB_DIR}/openssl-${OPENSSL_VERSION}-win64-mingw" PEGH_LIBSODIUM_WIN="${STATIC_LIB_DIR}/libsodium-win64" clean all
|
||||
mv pegh.exe pegh-windows-amd64-libsodium-openssl.exe
|
||||
|
||||
fi
|
||||
@ -95,9 +123,14 @@ strip *.exe
|
||||
ls -lah *.exe
|
||||
file *.exe
|
||||
|
||||
# running the test script sometimes locks up wine, I think due to races on creating ~/.wine, so do that first...
|
||||
$wine ./pegh-windows-$ARCH-libsodium.exe -h
|
||||
|
||||
# now test windows binaries against the static ones with wine
|
||||
# no binfmt here where executing .exe *just works*, so do it hacky way :'(
|
||||
export TEST_BINS="./pegh.static.openssl ./pegh.static.libsodium-openssl ./pegh.static.libsodium"
|
||||
export TEST_BINS="./release/pegh-linux-$ARCH-openssl ./release/pegh-linux-$ARCH-libsodium-openssl ./release/pegh-linux-$ARCH-libsodium"
|
||||
# we've really already tested all of the above against each other, let's just test windows against one
|
||||
export TEST_BINS="./release/pegh-linux-$ARCH-openssl"
|
||||
|
||||
for exe in *.exe
|
||||
do
|
||||
@ -114,4 +147,13 @@ done
|
||||
|
||||
echo "windows binaries pass tests through wine!"
|
||||
|
||||
killall pegh-windows-amd64-libsodium-openssl.exe pegh-windows-amd64-libsodium.exe pegh-windows-amd64-openssl.exe pegh-windows-i386-libsodium-openssl.exe pegh-windows-i386-libsodium.exe pegh-windows-i386-openssl.exe || true
|
||||
sleep 5
|
||||
killall -9 pegh-windows-amd64-libsodium-openssl.exe pegh-windows-amd64-libsodium.exe pegh-windows-amd64-openssl.exe pegh-windows-i386-libsodium-openssl.exe pegh-windows-i386-libsodium.exe pegh-windows-i386-openssl.exe || true
|
||||
sleep 5
|
||||
rm -rf ~/.wine /tmp/.wine*
|
||||
|
||||
# for later release
|
||||
mv *.exe ./release/
|
||||
|
||||
fi
|
||||
|
@ -1,35 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
DOCKER_IMAGE="$1"
|
||||
shift
|
||||
ARCH="$1"
|
||||
|
||||
BUILD_DIR=/tmp/static/
|
||||
|
||||
rm -rf "$BUILD_DIR"
|
||||
mkdir -p "$BUILD_DIR"
|
||||
cp * .ci/build.sh "$BUILD_DIR"
|
||||
|
||||
docker run --rm -v "$BUILD_DIR":/tmp "$DOCKER_IMAGE" /tmp/build.sh "$ARCH" || exit 1
|
||||
|
||||
mv "$BUILD_DIR"pegh.static.openssl "./pegh-linux-$ARCH-openssl"
|
||||
mv "$BUILD_DIR"pegh.static.libsodium "./pegh-linux-$ARCH-libsodium"
|
||||
mv "$BUILD_DIR"pegh.static.libsodium-openssl "./pegh-linux-$ARCH-libsodium-openssl"
|
||||
|
||||
mv "$BUILD_DIR"pegh-*.exe ./
|
||||
|
||||
sha256sum pegh-* > pegh-$ARCH-sha256sum.txt
|
||||
|
||||
if [ "$ARCH" == "amd64" ]
|
||||
then
|
||||
|
||||
git archive HEAD -9 --format zip -o pegh-source.zip
|
||||
git archive HEAD -9 --format tar.gz -o pegh-source.tar.gz
|
||||
|
||||
sha256sum pegh-source.* > pegh-source-sha256sum.txt
|
||||
|
||||
fi
|
||||
|
||||
rm -rf "$BUILD_DIR" 2>/dev/null
|
||||
|
||||
exit 0
|
22
.travis.yml
22
.travis.yml
@ -1,22 +0,0 @@
|
||||
language: minimal
|
||||
services: docker
|
||||
|
||||
matrix:
|
||||
include:
|
||||
- env: ARCH='amd64' DOCKER_IMAGE='alpine'
|
||||
- env: ARCH='i386' DOCKER_IMAGE='i386/alpine'
|
||||
- env: ARCH='aarch64' DOCKER_IMAGE='alpine'
|
||||
arch: arm64
|
||||
|
||||
script:
|
||||
- ./.ci/docker_build.sh "$DOCKER_IMAGE" "$ARCH"
|
||||
|
||||
deploy:
|
||||
api_key:
|
||||
secure: $GITHUB_OAUTH
|
||||
file_glob: true
|
||||
file: pegh-*
|
||||
on:
|
||||
tags: true
|
||||
provider: releases
|
||||
skip_cleanup: true
|
@ -1,7 +1,7 @@
|
||||
pegh
|
||||
----
|
||||
|
||||
[![Travis-CI Build Status](https://api.travis-ci.com/moparisthebest/pegh.svg?branch=master)](https://travis-ci.com/moparisthebest/pegh)
|
||||
[![Build Status](https://ci.moparisthe.best/job/moparisthebest/job/pegh/job/master/badge/icon%3Fstyle=plastic)](https://ci.moparisthe.best/job/moparisthebest/job/pegh/job/master/)
|
||||
|
||||
pegh is a file encryption tool using passwords with modern, standardized, and authenticated encryption. It is simple, secure, and returns proper exit codes so you can tell whether encryption or decryption failed or not.
|
||||
|
||||
@ -14,7 +14,7 @@ Releases
|
||||
|
||||
[Releases](https://github.com/moparisthebest/pegh/releases) contain static binaries for:
|
||||
|
||||
* Linux amd64, i386, aarch64
|
||||
* Linux amd64, i386, aarch64, armv7, ppc64le
|
||||
* Windows amd64, i386
|
||||
* more to come?
|
||||
|
||||
|
5
test.sh
5
test.sh
@ -67,9 +67,10 @@ test () {
|
||||
echo 'encrypting then decrypting with the same key should succeed'
|
||||
"$bin" -e "$@" "$key" < "$dummy_file" | "$bin_decrypt" -d "$key" | cmp - "$dummy_file"
|
||||
|
||||
echo 'test with -s 32 requiring 2gb of ram should succeed'
|
||||
# this test is so (rightly) slow it makes our CI builds take 6+ hours, disable for now
|
||||
#echo 'test with -s 32 requiring 2gb of ram should succeed'
|
||||
# can send -s 32 or -m 2048 to decrypt command with identical effect
|
||||
"$bin" -e "$@" "$key" -s 32 < "$dummy_file" | "$bin_decrypt" -d "$key" -m 2048 | cmp - "$dummy_file"
|
||||
#"$bin" -e "$@" "$key" -s 32 < "$dummy_file" | "$bin_decrypt" -d "$key" -m 2048 | cmp - "$dummy_file"
|
||||
|
||||
echo 'encrypting/decrypting with key in file should work, even when key has leading 0s and a trailing newline'
|
||||
"$bin" -e "$@" -f "$leading_zero_key" < "$dummy_file" | "$bin_decrypt" -d -f "$leading_zero_key" | cmp - "$dummy_file"
|
||||
|
Loading…
Reference in New Issue
Block a user