DO NOT MERGE THIS

freedomofpress · Jan 15, 2021 · d2ee718 · d2ee718
1 parent 14b2f75
commit d2ee718
Showing 1 changed file with 34 additions and 24 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -150,11 +150,12 @@ common-steps:
     run:
       name: Build debian package from committed tarball
       command: |
-        export PKG_PATH=~/project/tarballs/$PKG_NAME-$PKG_VERSION.tar.gz
+        export PKG_PATH=~/$TARBALLDIR/$PKG_NAME-$PKG_VERSION.tar.gz
 
         # Every tarball should be signed
-        gpg --import ~/project/pubkeys/release_key.pub
-        gpg --verify $PKG_PATH.asc
+        # TODO: Enable them after next set of package release
+        #gpg --import ~/project/pubkeys/release_key.pub
+        #gpg --verify $PKG_PATH.asc
 
         # Build debian package
         make $PKG_NAME
@@ -502,49 +503,58 @@ jobs:
             echo ${TARBALL%.tar.gz} | awk -F "-" '{ print $3 }' > ~/sd_version
             echo 'export PKG_NAME=securedrop-client' >> $BASH_ENV
             echo 'export PKG_VERSION=$(cat ~/sd_version)' >> $BASH_ENV
+            echo 'export TARBALLDIR=project/tarballs' >> $BASH_ENV
       - *builddebianpackagefromexistingtarball
       - run:
           name: Test build process reproducibility on latest securedrop-proxy tarball
           command: |
-            export TARBALL=$(ls ~/project/tarballs/securedrop-proxy-*.tar.gz)
-            echo ${TARBALL%.tar.gz} | awk -F "-" '{ print $3 }' > ~/sd_version
-            echo 'export PKG_NAME=securedrop-proxy' >> $BASH_ENV
-            echo 'export PKG_VERSION=$(cat ~/sd_version)' >> $BASH_ENV
-            git checkout origin/main
+            mkdir ~/packaging && cd ~/packaging
+            git clone https://github.com/freedomofpress/securedrop-proxy.git
+            cd securedrop-proxy
+            git checkout update_localwheels_requirements
+            export PKG_NAME="securedrop-proxy"
+            # Enable access to this env var in subsequent run steps
+            echo $PKG_NAME > ~/packaging/sd_package_name
+            echo 'export PKG_NAME=$(cat ~/packaging/sd_package_name)' >> $BASH_ENV
+            export VERSION_TO_BUILD="$(git describe --tags $(git rev-list --tags --max-count=1))"
+            # Enable access to this env var in subsequent run steps
+            echo $VERSION_TO_BUILD > ~/packaging/sd_version
+            echo 'export PKG_VERSION=$(cat ~/packaging/sd_version)' >> $BASH_ENV
+            python3 setup.py sdist
+            echo 'export TARBALLDIR=packaging/securedrop-proxy/dist' >> $BASH_ENV
       - *builddebianpackagefromexistingtarball
       - run:
           name: Test build process reproducibility on latest securedrop-log tarball
           command: |
-            git checkout -
-            export TARBALL=$(ls ~/project/tarballs/securedrop-log-*.tar.gz)
-            echo ${TARBALL%.tar.gz} | awk -F "-" '{ print $3 }' > ~/sd_version
-            echo 'export PKG_NAME=securedrop-log' >> $BASH_ENV
-            echo 'export PKG_VERSION=$(cat ~/sd_version)' >> $BASH_ENV
-            git checkout origin/main
+            cd ~/packaging
+            git clone https://github.com/freedomofpress/securedrop-log.git
+            cd securedrop-log
+            git checkout update_localwheels_requirements
+            export PKG_NAME="securedrop-log"
+            # Enable access to this env var in subsequent run steps
+            echo $PKG_NAME > ~/packaging/sd_package_name
+            echo 'export PKG_NAME=$(cat ~/packaging/sd_package_name)' >> $BASH_ENV
+            export VERSION_TO_BUILD="$(git describe --tags $(git rev-list --tags --max-count=1))"
+            # Enable access to this env var in subsequent run steps
+            echo $VERSION_TO_BUILD > ~/packaging/sd_version
+            echo 'export PKG_VERSION=$(cat ~/packaging/sd_version)' >> $BASH_ENV
+            python3 setup.py sdist
+            echo 'export TARBALLDIR=packaging/securedrop-log/dist' >> $BASH_ENV
       - *builddebianpackagefromexistingtarball
       - run:
           name: Test build process reproducibility on latest securedrop-export tarball
           command: |
-            git checkout -
             export TARBALL=$(ls ~/project/tarballs/securedrop-export-*.tar.gz)
             echo ${TARBALL%.tar.gz} | awk -F "-" '{ print $3 }' > ~/sd_version
             echo 'export PKG_NAME=securedrop-export' >> $BASH_ENV
             echo 'export PKG_VERSION=$(cat ~/sd_version)' >> $BASH_ENV
+            echo 'export TARBALLDIR=project/tarballs' >> $BASH_ENV
       - *builddebianpackagefromexistingtarball
 
 workflows:
   build-packages:
     jobs:
       - tests
-      - build-buster-securedrop-client
-      - build-buster-securedrop-proxy
-      - build-buster-securedrop-workstation-svs-disp
-      - build-buster-securedrop-export
-      - build-buster-securedrop-log
-      - build-buster-securedrop-workstation-grsec
-      - build-buster-securedrop-workstation-config
-      - build-buster-securedrop-keyring
-      - make-dom0-rpm
       - reproducibility-checks
 
   # Nightly jobs for each package are run in series to ensure there are no