From 6c2a024157d2852ff0f986a464c4b7f9471002af Mon Sep 17 00:00:00 2001 From: "Joshua M. Boniface" Date: Wed, 13 Aug 2025 00:48:34 -0400 Subject: [PATCH] temp: add Trixie release build --- .github/workflows/release-build-trixie.yaml | 127 ++++++++++++++++++++ 1 file changed, 127 insertions(+) create mode 100644 .github/workflows/release-build-trixie.yaml diff --git a/.github/workflows/release-build-trixie.yaml b/.github/workflows/release-build-trixie.yaml new file mode 100644 index 0000000..c0052d3 --- /dev/null +++ b/.github/workflows/release-build-trixie.yaml @@ -0,0 +1,127 @@ +name: "Release Build Trixie" + +on: + workflow_dispatch: + # Manual trigger (from bot) + inputs: + version: + required: true + type: string + description: 'The server and web stable release tag (i.e. "vX.Y.Z")' + +env: + SDK_VERSION: "9.0.x" + +permissions: + contents: read + +jobs: + Debian: + runs-on: ubuntu-24.04 + strategy: + fail-fast: false + matrix: + release: + - trixie + arch: + - amd64 + - arm64 + continue-on-error: false # true in prod, false for testing + steps: + - name: "Set dated version for unstable builds" + id: version + run: |- + echo "JELLYFIN_VERSION=${{ inputs.version }}" >> $GITHUB_ENV + echo "JELLYFIN_RELEASE_TYPE=stable" >> $GITHUB_ENV + + - name: "Install dependencies" + run: |- + sudo apt-get update + sudo apt-get install --yes python3-git python3-yaml debsigs devscripts + + - name: "Checkout repository" + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: "Prepare repository" + run: |- + ./checkout.py ${{ inputs.version || 'master' }} + + - name: "Run builder for ${{ matrix.version }} ${{ matrix.arch }}" + run: |- + sudo --preserve-env ./build.py ${{ env.JELLYFIN_VERSION }} debian ${{ matrix.arch }} ${{ matrix.release }} ${{ env.DEBUG_FLAG }} + sudo chown --recursive $USER out/debian + + - name: "Import repository signing GPG key" + run: | + echo -n "${{ secrets.DEBIAN_SIGNING_KEY }}" | base64 --decode | gpg --batch --yes --import + + - name: "Sign Debian package and source files" + run: | + for file in out/debian/*.deb; do + debsigs --sign=origin --default-key=${{ secrets.DEBIAN_SIGNING_KEY_ID }} ${file} + done + debsign -k ${{ secrets.DEBIAN_SIGNING_KEY_ID }} out/debian/*.changes + + - name: "Remove repository signing GPG key" + run: | + gpg --batch --yes --delete-secret-keys ${{ secrets.DEBIAN_SIGNING_KEY_ID }} + + - name: "Upload artifacts to repository server" + uses: appleboy/scp-action@917f8b81dfc1ccd331fef9e2d61bdc6c8be94634 # v0.1.7 + with: + host: "${{ secrets.REPO_HOST }}" + username: "${{ secrets.REPO_USER }}" + key: "${{ secrets.REPO_KEY }}" + source: "out/debian/*" + strip_components: 2 + target: "/srv/incoming/server/${{ env.JELLYFIN_VERSION }}/debian/${{ matrix.release }}/${{ matrix.arch }}" + + - name: "Import artifacts into reprepro" + uses: appleboy/ssh-action@2ead5e36573f08b82fbfce1504f1a4b05a647c6f # v1.2.2 + with: + host: "${{ secrets.REPO_HOST }}" + username: "${{ secrets.REPO_USER }}" + key: "${{ secrets.REPO_KEY }}" + debug: false + script: | + set -o xtrace + COMPONENT="main" + # Only include the architecture-dependent deb here, as the others are done only for amd64 + sudo reprepro --waitforlock 30 --basedir /srv/debian --component ${COMPONENT} includedeb ${{ matrix.release }} /srv/incoming/server/${{ env.JELLYFIN_VERSION }}/debian/${{ matrix.release }}/${{ matrix.arch }}/*_${{ matrix.arch }}.deb || exit 1 + if [[ ${{ matrix.arch }} == "amd64" ]]; then + # Only include the architecture-independent packages for amd64; the other architectures are the same and conflict + sudo reprepro --waitforlock 30 --basedir /srv/debian --component ${COMPONENT} includedeb ${{ matrix.release }} /srv/incoming/server/${{ env.JELLYFIN_VERSION }}/debian/${{ matrix.release }}/${{ matrix.arch }}/*_all.deb || exit 1 + # Only include the source DSC for amd64; the other architectures are the same and conflict + sudo reprepro --waitforlock 30 --basedir /srv/debian --component ${COMPONENT} includedsc ${{ matrix.release }} /srv/incoming/server/${{ env.JELLYFIN_VERSION }}/debian/${{ matrix.release }}/${{ matrix.arch }}/*.dsc || exit 1 + fi + + # Only keep the latest point release for a given stable version; i.e. 10.10.14 obsoletes 10.10.13 and removes it, while leaving 10.9.10 + NEW_VERSION=${{ matrix.release }} + NEW_MAJOR_VERSION="${NEW_VERSION#v}" + NEW_MAJOR_VERSION="${NEW_MAJOR_VERSION%.*}" + NEW_POINT_VERSION="${NEW_VERSION##*.}" + if [[ ${NEW_POINT_VERSION} -gt 0 ]]; then + LAST_POINT_VERSION=$(( NEW_POINT_VERSION - 1 )) + LAST_VERSION="${NEW_MAJOR_VERSION}.${LAST_POINT_VERSION}" + for PACKAGE in jellyfin jellyfin-server jellyfin-web; do + for SCRAP_VERSION in $( sudo reprepro --waitforlock 30 --basedir /srv/debian --component ${COMPONENT} list ${{ matrix.release }} | grep "${PACKAGE} " | grep "${LAST_VERSION}" | sort | uniq ); do + sudo reprepro --waitforlock 30 --basedir /srv/debian --component ${COMPONENT} remove ${{ matrix.release }} ${PACKAGE}=${SCRAP_VERSION} + done + done + fi + + - name: "Move artifacts into repository" + uses: appleboy/ssh-action@2ead5e36573f08b82fbfce1504f1a4b05a647c6f # v1.2.2 + with: + host: "${{ secrets.REPO_HOST }}" + username: "${{ secrets.REPO_USER }}" + key: "${{ secrets.REPO_KEY }}" + debug: false + script: | + export BASEDIR="/srv/repository/main/server/debian" + sudo mkdir -p ${BASEDIR}/${{ env.JELLYFIN_RELEASE_TYPE }}/${{ env.JELLYFIN_VERSION }}/${{ matrix.arch }} || exit 1 + sudo mv -t ${BASEDIR}/${{ env.JELLYFIN_RELEASE_TYPE }}/${{ env.JELLYFIN_VERSION }}/${{ matrix.arch }}/ /srv/incoming/server/${{ env.JELLYFIN_VERSION }}/debian/${{ matrix.release }}/${{ matrix.arch }}/* || exit 1 + sudo rm ${BASEDIR}/latest-${{ env.JELLYFIN_RELEASE_TYPE }} || true + sudo ln -sf ${BASEDIR}/${{ env.JELLYFIN_RELEASE_TYPE }}/${{ env.JELLYFIN_VERSION }} ${BASEDIR}/latest-${{ env.JELLYFIN_RELEASE_TYPE }} || exit 1 + sudo rm ${BASEDIR}/latest || true + sudo ln -sf ${BASEDIR}/${{ env.JELLYFIN_RELEASE_TYPE }}/${{ env.JELLYFIN_VERSION }} ${BASEDIR}/latest || exit 1