.gitlab-ci.yml 4.85 KB
Newer Older
CapsLock's avatar
CapsLock committed
1
2
image: docker:20

3
services:
CapsLock's avatar
CapsLock committed
4
5
6
7
8
9
10
11
  - name: docker:20-dind
    alias: docker
    command: [ "--tls=false" ]

variables:
  DOCKER_TLS_CERTDIR: ""
  DOCKER_DRIVER: overlay2
  DOCKER_HOST: tcp://docker:2375
12

CapsLock's avatar
CapsLock committed
13
14
stages:
  - build
CapsLock's avatar
CapsLock committed
15
  - checks
16

CapsLock's avatar
CapsLock committed
17
patch_and_build_signal:
CapsLock's avatar
CapsLock committed
18
  stage: build
CapsLock's avatar
CapsLock committed
19
20
  tags:
    - ssd
CapsLock's avatar
CapsLock committed
21
  timeout: 4 hours
CapsLock's avatar
CapsLock committed
22
  before_script:
23
    - "apk add curl"
CapsLock's avatar
CapsLock committed
24
    - "curl $NOTIFICATION_URL/?pipeline_id=$CI_PIPELINE_ID&job_id=$CI_JOB_ID"
CapsLock's avatar
CapsLock committed
25
  script:
CapsLock's avatar
CapsLock committed
26
    - docker ps > /dev/null
CapsLock's avatar
CapsLock committed
27
    - apk add git curl jq
CapsLock's avatar
CapsLock committed
28
    - "export LATEST_SIGNAL_TAG=\"$(curl https://api.github.com/repos/signalapp/Signal-Android/tags | jq -r '.[] .name' | sed '/-/!{s/$/_/}' | sort -V | sed 's/_$//'|tail -n1)\""
CapsLock's avatar
CapsLock committed
29
    #- "export LATEST_SIGNAL_TAG=\"$(git ls-remote --tags https://github.com/signalapp/Signal-Android | sed 's|.*/\\(.*\\)$|\\1|' | grep -v '\\^' | sort -t. -k1,1nr -k2,2nr -k3,3nr|grep -e '^v.*' | head -n 1)\""
CapsLock's avatar
V4.42.1    
CapsLock committed
30
31
    - "if [[ -z \"$LATEST_SIGNAL_TAG\" ]]; then exit 2; fi"
    - "echo \"Latest git version is $LATEST_SIGNAL_TAG\""
CapsLock's avatar
CapsLock committed
32
33
    
    - git clone --depth 1 -b $LATEST_SIGNAL_TAG https://github.com/WhisperSystems/Signal-Android
CapsLock's avatar
CapsLock committed
34
    - cd Signal-Android
CapsLock's avatar
CapsLock committed
35
    
CapsLock's avatar
fix    
CapsLock committed
36
    - "for f in $CI_PROJECT_DIR/0000-*.patch; do echo \"$f\"; git apply \"$f\"; done" # apply our patchs
37
    
38
    - "for f in app/src/main/res/values*/strings.xml; do sed -i 's/<string.*name=\"app_name\".*>.*<\\/string>/<string name=\"app_name\">Langis<\\/string>/g' \"$f\"; done" # app rename
CapsLock's avatar
CapsLock committed
39
40
41
42

    # reverts https://github.com/signalapp/Signal-Android/commit/c98fd1a4523a8ef73dd14597206ada38698a46b3#diff-3d103fc7c312a3e136f88e81cef592424b8af2464c468116545c4d22d6edcf19R1
    # We have not enough RAM, sorry
    - "sed -i 's/org.gradle.jvmargs=-Xmx.*/org.gradle.jvmargs=-Xmx3072m/' gradle.properties"
43
44
    
    - cd reproducible-builds
CapsLock's avatar
CapsLock committed
45
46
47
    - docker build -t signal-android .
    #- docker pull $CI_REGISTRY_IMAGE:latest || true
    #- docker build --cache-from $CI_REGISTRY_IMAGE:latest --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA --tag $CI_REGISTRY_IMAGE:latest .
48
49
50

    
    - cd $CI_PROJECT_DIR/Signal-Android
CapsLock's avatar
CapsLock committed
51
52
    #- docker run --rm -v $(pwd):/project -w /project $CI_REGISTRY_IMAGE:latest ./gradlew clean assembleWebsiteProd
    - docker run --rm -v $(pwd):/project -w /project signal-android ./gradlew clean assembleWebsiteProd
53

CapsLock's avatar
CapsLock committed
54
    - "mkdir -p $CI_PROJECT_DIR/artifacts"
55
    - "mv $(find $CI_PROJECT_DIR/Signal-Android/app/build/outputs/apk/websiteProd/release -name *.apk) $CI_PROJECT_DIR/artifacts"
CapsLock's avatar
CapsLock committed
56
    - "ls -lh $CI_PROJECT_DIR/artifacts"
57
58
59
60
61
62
    # To sign packages ; you'll need a keystore with your certificate
    # signing packages is important, it also allows application update without removing previous installed version of the app
    # To build the keystore used here, we use:
    #   keytool -genkey -v -keystore keystore.keystore -keyalg RSA -keysize 2048 -validity 10000 -alias app
    #   cat keystore.keystore | base64 > keystore.base64
    # then we provide that base64 encoded file to the CI ; you'll get it back to its original format write after this command is run:
CapsLock's avatar
CapsLock committed
63
64
65
66
67
68
69
70
    #- mkdir /ks
    #- "echo \"$KEYSTORE_CRT\" |base64 -d > /ks/keystore.keystore"
    #- "for f in $CI_PROJECT_DIR/artifacts/*unsigned*.apk; do SIGNED_FNAME=\"$(echo $f |sed 's/unsigned/signed/g')\"; echo \"Signing $f\"; /usr/lib/jvm/java-11-openjdk/bin/jarsigner -verbose -sigalg SHA1withRSA -digestalg SHA1 -keystore /keystore.keystore -storepass \"$KEYSTORE_PASSPHR\" $f -signedjar \"$SIGNED_FNAME\" app ;done"
    #- "for f in $CI_PROJECT_DIR/artifacts/*unsigned*.apk; do SIGNED_FNAME=\"$(basename $f |sed 's/unsigned/signed/g').apk\"; docker run --rm -v $CI_PROJECT_DIR/artifacts/:/apks -v /ks:/ks signal-android /usr/local/android-sdk-linux/build-tools/30.0.2/apksigner sign --ks /ks/keystore.keystore --ks-pass pass:$KEYSTORE_PASSPHR --out \"/apks/$SIGNED_FNAME\" \"/apks/$f\" ; done"
    
    - cp $CI_PROJECT_DIR/sign.sh $CI_PROJECT_DIR/artifacts/
    - docker run --rm -v $CI_PROJECT_DIR/artifacts/:/apks -e KEYSTORE_PASSPHR="$KEYSTORE_PASSPHR" -e KEYSTORE_CRT="$KEYSTORE_CRT" signal-android /bin/bash -c "chmod +x /apks/sign.sh && /apks/sign.sh"

71
    - "rm $CI_PROJECT_DIR/artifacts/*unsigned*.apk"
CapsLock's avatar
CapsLock committed
72
    - "cd $CI_PROJECT_DIR/artifacts/ && for f in $(find . -iname \"*signal*.apk\"); do mv \"$f\" \"$(echo $f|sed \"s/[Ss][Ii][Gg][Nn][Aa][Ll]/langis/\")\"; done"
CapsLock's avatar
CapsLock committed
73
    - "ls -lh $CI_PROJECT_DIR/artifacts"
CapsLock's avatar
CapsLock committed
74
    - "curl $NOTIFICATION_URL/?pipeline_id=$CI_PIPELINE_ID&job_id=$CI_JOB_ID"
CapsLock's avatar
CapsLock committed
75
  artifacts:
CapsLock's avatar
CapsLock committed
76
    expire_in: 1 mos
CapsLock's avatar
CapsLock committed
77
    paths:
CapsLock's avatar
CapsLock committed
78
79
      - "$CI_PROJECT_DIR/artifacts/*.apk"

CapsLock's avatar
CapsLock committed
80
upload_vt:
CapsLock's avatar
CapsLock committed
81
82
83
84
85
86
  stage: checks
  tags:
    - ssd
  timeout: 4 hours
  script:
    - UPLOADS=$(ls -1 $CI_PROJECT_DIR/artifacts/langis*prod*universal*.apk)
CapsLock's avatar
CapsLock committed
87
    - if [ "$(echo $UPLOADS|wc -l)" != "1" ]; then echo "No or too many files matched."; exit 2 ; fi
CapsLock's avatar
CapsLock committed
88
89
90
91
92
93
94
    - apk add curl jq bash
    - "chmod +x $CI_PROJECT_DIR/upload-to-vt.sh"
    - "$CI_PROJECT_DIR/upload-to-vt.sh $VT_API_KEY $UPLOADS"
  artifacts:
    expire_in: 1 mos
    paths:
      - "$CI_PROJECT_DIR/artifacts/*.apk"