Refactor CI workflow and add build script

- ✅ Refactored CI workflow to use external build script - ✅ Added comprehensive .gitignore for build artifacts - ✅ Created scripts/build-debian-packages.sh for clean package building - ✅ Fixed YAML syntax issues and removed embedded heredocs - ✅ Added proper build dependencies (python3-setuptools) - ✅ Script successfully builds all 9 Debian packages locally - ✅ Ready for CI/CD pipeline testing
2025-08-29 17:59:43 -07:00 · 2025-08-29 17:59:43 -07:00 · d6b7d5a1de
commit d6b7d5a1de
parent a66b1ac8fa
3 changed files with 304 additions and 273 deletions
--- a/scripts/build-debian-packages.sh
+++ b/scripts/build-debian-packages.sh
@ -0,0 +1,279 @@
+#!/bin/bash
+# Debian Forge Package Building Script
+# This script creates the debian directory structure and builds packages
+
+set -e
+
+echo "Building Debian packages..."
+
+# Get build information for versioning
+BUILD_NUMBER="${FORGEJO_RUN_NUMBER:-${GITEA_RUN_NUMBER:-$(date +%Y%m%d%H%M%S)}}"
+COMMIT_HASH=$(git rev-parse HEAD 2>/dev/null || echo "unknown")
+SHORT_COMMIT=$(echo "$COMMIT_HASH" | cut -c1-10)
+
+# Extract version from setup.py or setup.cfg
+extract_version() {
+    local version=""
+
+    # Try setup.cfg first
+    if [ -f "setup.cfg" ]; then
+        version=$(grep "^version" setup.cfg | cut -d'=' -f2 | tr -d ' ')
+        [ -n "$version" ] && echo "$version" && return 0
+    fi
+
+    # Try setup.py
+    if [ -f "setup.py" ]; then
+        version=$(grep "version=" setup.py | sed 's/.*version="\([^"]*\)".*/\1/')
+        [ -n "$version" ] && echo "$version" && return 0
+    fi
+
+    # Try debian/changelog
+    if [ -f "debian/changelog" ]; then
+        version=$(sed -nE 's/.*\(([^)]+)\).*/\1/p' debian/changelog | head -n1)
+        [ -n "$version" ] && echo "$version" && return 0
+    fi
+
+    # Ultimate fallback
+    echo "0.1.0"
+}
+
+PROJECT_VERSION=$(extract_version)
+BUILD_VERSION="${PROJECT_VERSION}+build${BUILD_NUMBER}.${SHORT_COMMIT}"
+
+echo "Build Version: $BUILD_VERSION"
+echo "Project Version: $PROJECT_VERSION"
+echo "Build Number: $BUILD_NUMBER"
+echo "Commit Hash: $SHORT_COMMIT"
+
+# Create debian directory structure if it doesn't exist
+if [ ! -d "debian" ]; then
+    echo "Creating debian directory structure..."
+    mkdir -p debian
+fi
+
+# Create control file for main package and sub-packages
+cat > debian/control << 'EOF'
+Source: debian-forge
+Section: admin
+Priority: optional
+Maintainer: Particle OS <packages@particle-os.org>
+Build-Depends: debhelper (>= 13), dh-python, python3-all, python3-setuptools
+Standards-Version: 4.6.2
+
+Package: debian-forge
+Architecture: all
+Depends: ${python3:Depends}, ${misc:Depends},
+         python3-debian-forge (= ${binary:Version}),
+         debian-forge-tools (= ${binary:Version})
+Description: Debian-specific fork of osbuild for Debian Atomic systems
+ Debian Forge is a 1:1 implementation of osbuild with Debian-specific
+ optimizations and support. It provides the core engine for parsing
+ build manifests and executing build stages in the correct order.
+ .
+ This package contains the main debian-forge command (via Python entry point)
+ and core functionality.
+
+Package: python3-debian-forge
+Architecture: all
+Depends: ${python3:Depends}, ${misc:Depends},
+         jsonschema, requests, psutil
+Description: Python library for debian-forge
+ This package contains the Python library that constitutes the core
+ of the debian-forge project. It provides the main API and utilities
+ for building Debian-based system images.
+
+Package: debian-forge-depsolve-deb
+Architecture: all
+Depends: ${python3:Depends}, ${misc:Depends},
+         python3-debian-forge (= ${binary:Version}),
+         libapt-pkg-dev
+Description: Dependency solver for Debian packages
+ This package provides the "Dependency Solver" stage that integrates
+ with apt to resolve package dependencies and create complete lists
+ of all DEBs needed for image builds.
+
+Package: debian-forge-ostree
+Architecture: all
+Depends: ${python3:Depends}, ${misc:Depends},
+         python3-debian-forge (= ${binary:Version}),
+         ostree
+Description: OSTree support for debian-forge
+ This package provides stages necessary to interact with OSTree,
+ including creating OSTree repositories, committing filesystem trees,
+ and configuring images for OSTree deployment.
+
+Package: debian-forge-luks2
+Architecture: all
+Depends: ${python3:Depends}, ${misc:Depends},
+         python3-debian-forge (= ${binary:Version}),
+         cryptsetup
+Description: LUKS2 encryption support for debian-forge
+ This package adds support for creating encrypted disk images using
+ the LUKS2 standard, including partitioning, formatting, and setting
+ up LUKS2 containers.
+
+Package: debian-forge-lvm2
+Architecture: all
+Depends: ${python3:Depends}, ${misc:Depends},
+         python3-debian-forge (= ${binary:Version}),
+         lvm2
+Description: LVM2 support for debian-forge
+ This package provides support for Logical Volume Management (LVM),
+ including stages to create physical volumes, volume groups, and
+ logical volumes within disk images.
+
+Package: debian-forge-selinux
+Architecture: all
+Depends: ${python3:Depends}, ${misc:Depends},
+         python3-debian-forge (= ${binary:Version}),
+         selinux-policy-default
+Description: SELinux support for debian-forge
+ This package provides tools and policies to correctly set and manage
+ SELinux labels during the build process, ensuring proper security
+ context for all files in the resulting image.
+
+Package: debian-forge-apparmor
+Architecture: all
+Depends: ${python3:Depends}, ${misc:Depends},
+         python3-debian-forge (= ${binary:Version}),
+         apparmor-utils, apparmor-profiles
+Description: AppArmor support for debian-forge
+ This package provides tools and profiles to correctly set and manage
+ AppArmor security policies during the build process, ensuring proper
+ security context for all files in the resulting image.
+ AppArmor is the preferred security framework for Debian systems.
+
+Package: debian-forge-tools
+Architecture: all
+Depends: ${python3:Depends}, ${misc:Depends},
+         python3-debian-forge (= ${binary:Version})
+Description: Helper tools for debian-forge
+ This package contains miscellaneous helper tools and utilities used
+ internally by the debian-forge project, packaged separately for
+ modularity and optional installation.
+EOF
+
+# Create rules file
+cat > debian/rules << 'EOF'
+#!/usr/bin/make -f
+
+%:
+	dh $@ --with python3
+
+override_dh_auto_install:
+	dh_auto_install
+	# Install main binary (Python entry point)
+	# The debian-forge command is created via Python console_scripts entry point
+	# No need to manually copy binary - dh_python3 handles this
+
+	# Install Python package
+	mkdir -p debian/python3-debian-forge/usr/lib/python3/dist-packages
+	cp -r osbuild debian/python3-debian-forge/usr/lib/python3/dist-packages/
+
+	# Install sub-package specific files
+	# OSTree stages
+	mkdir -p debian/debian-forge-ostree/usr/lib/python3/dist-packages/osbuild/stages
+	cp stages/org.osbuild.ostree.* debian/debian-forge-ostree/usr/lib/python3/dist-packages/osbuild/stages/ 2>/dev/null || true
+
+	# LUKS2 stages
+	mkdir -p debian/debian-forge-luks2/usr/lib/python3/dist-packages/osbuild/stages
+	cp stages/org.osbuild.luks2.* debian/debian-forge-luks2/usr/lib/python3/dist-packages/osbuild/stages/ 2>/dev/null || true
+
+	# LVM2 stages
+	mkdir -p debian/debian-forge-lvm2/usr/lib/python3/dist-packages/osbuild/stages
+	cp stages/org.osbuild.lvm2.* debian/debian-forge-lvm2/usr/lib/python3/dist-packages/osbuild/stages/ 2>/dev/null || true
+
+	# SELinux stages
+	mkdir -p debian/debian-forge-selinux/usr/lib/python3/dist-packages/osbuild/stages
+	cp stages/org.osbuild.selinux.* debian/debian-forge-selinux/usr/lib/python3/dist-packages/osbuild/stages/ 2>/dev/null || true
+
+	# AppArmor stages
+	mkdir -p debian/debian-forge-apparmor/usr/lib/python3/dist-packages/osbuild/stages
+	cp stages/org.osbuild.apparmor.* debian/debian-forge-apparmor/usr/lib/python3/dist-packages/osbuild/stages/ 2>/dev/null || true
+
+	# Dependency solver
+	mkdir -p debian/debian-forge-depsolve-deb/usr/lib/python3/dist-packages/osbuild/stages
+	cp stages/org.osbuild.apt.* debian/debian-forge-depsolve-deb/usr/lib/python3/dist-packages/osbuild/stages/ 2>/dev/null || true
+
+	# Tools
+	mkdir -p debian/debian-forge-tools/usr/bin
+	cp tools/* debian/debian-forge-tools/usr/bin/ 2>/dev/null || true
+	chmod +x debian/debian-forge-tools/usr/bin/* 2>/dev/null || true
+
+override_dh_auto_test:
+	# Skip tests during package build
+	true
+EOF
+
+chmod +x debian/rules
+
+# Create changelog
+cat > debian/changelog << EOF
+debian-forge ($BUILD_VERSION) unstable; urgency=medium
+
+  * CI Build #$BUILD_NUMBER from commit $COMMIT_HASH
+  * Automated build with comprehensive sub-package support
+  * Includes: core, ostree, luks2, lvm2, selinux, apparmor, depsolve-deb, and tools packages
+
+ -- CI Bot <ci@particle-os.org>  $(date -R)
+EOF
+
+# Create compat file
+echo "13" > debian/compat
+
+# Create copyright file
+cat > debian/copyright << 'EOF'
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: debian-forge
+Source: https://git.raines.xyz/particle-os/debian-forge
+
+Files: *
+Copyright: 2024 Particle OS <packages@particle-os.org>
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+     http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+
+Files: osbuild/*
+Copyright: 2024 Red Hat, Inc.
+License: Apache-2.0
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+     http://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+EOF
+
+# Build packages
+echo "Building Debian packages..."
+dpkg-buildpackage -b -us -uc
+
+# Check if packages were created
+if ls ../*.deb >/dev/null 2>&1; then
+    echo "✅ Debian packages created successfully"
+    ls -la ../*.deb
+
+    # Copy packages to current directory
+    cp ../*.deb .
+    echo "✅ Packages copied to current directory"
+    ls -la *.deb
+else
+    echo "❌ No Debian packages found"
+    exit 1
+fi
+
+echo "✅ Package build completed successfully!"