feat(packaging): add goreleaser recipe

This commit is contained in:
wpetit 2023-09-22 22:03:28 -06:00
parent fdaffca43f
commit c2f8be504e
8 changed files with 266 additions and 1 deletions

6
.gitignore vendored
View File

@ -4,4 +4,8 @@
/.env /.env
/socks /socks
/host.key /host.key
/custom /custom
/dist
tools/
/CHANGELOG.md
/.chglog

100
.goreleaser.yaml Normal file
View File

@ -0,0 +1,100 @@
project_name: rebound
before:
hooks:
- go mod tidy
builds:
- id: rebound
env:
- CGO_ENABLED=0
ldflags:
- -s
- -w
- -X 'main.Version=${MKT_PROJECT_VERSION}'
gcflags:
- -trimpath="${PWD}"
asmflags:
- -trimpath="${PWD}"
goos:
- linux
goarch:
- amd64
- "386"
main: ./cmd/server
archives:
- id: rebound
builds: ["rebound"]
name_template: '{{ .ProjectName }}_{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ with .Arm }}v{{ . }}{{ end }}{{ with .Mips }}_{{ . }}{{ end }}{{ if not (eq .Amd64 "v1") }}{{ .Amd64 }}{{ end }}'
files:
- README.md
checksum:
name_template: 'checksums.txt'
snapshot:
name_template: "{{ .Version }}"
changelog:
sort: asc
filters:
exclude:
- '^docs:'
- '^test:'
nfpms:
- id: rebound
builds:
- "rebound"
package_name: rebound
homepage: https://forge.cadoles.com/wpetit/rebound
maintainer: William Petit <wpetit@cadoles.com>
description: |-
SSH tunneling for machines behind NATs.
license: AGPL-3.0
formats:
- apk
- deb
- rpm
contents:
# Deb
- src: misc/packaging/systemd/rebound.systemd.service
dst: /usr/lib/systemd/system/rebound.service
packager: deb
- src: misc/packaging/systemd/rebound.env
dst: /etc/rebound/environ
packager: deb
# RPM
- src: misc/packaging/systemd/rebound.systemd.service
dst: /usr/lib/systemd/system/rebound.service
packager: rpm
- src: misc/packaging/systemd/rebound.env
dst: /etc/rebound/environ
packager: rpm
# APK
- src: misc/packaging/openrc/rebound.openrc.sh
dst: /etc/init.d/rebound
file_info:
mode: 0755
packager: apk
- src: misc/packaging/openrc/rebound.conf
dst: /etc/conf.d/rebound
file_info:
mode: 0755
packager: apk
# All
- dst: /var/lib/rebound
type: dir
file_info:
mode: 0700
- dst: /etc/rebound/custom
type: dir
file_info:
mode: 0700
- dst: /usr/share/rebound
type: dir
file_info:
mode: 0700
- dst: /var/log/rebound
type: dir
file_info:
mode: 0700
scripts:
postinstall: "misc/packaging/common/postinstall-rebound.sh"

View File

@ -1,6 +1,15 @@
SHELL := /bin/bash SHELL := /bin/bash
DOKKU_URL := dokku@dev.lookingfora.name:rebound DOKKU_URL := dokku@dev.lookingfora.name:rebound
GORELEASER_VERSION ?= v1.13.1
GORELEASER_ARGS ?= release --snapshot --clean
MKT_GITEA_RELEASE_ORG ?= wpetit
MKT_GITEA_RELEASE_PROJECT ?= rebound
MKT_GITEA_RELEASE_VERSION ?= $(MKT_PROJECT_VERSION)
DEPLOY_TARGET ?= root@cadoles-rebound
all: build all: build
watch: tools/modd/bin/modd watch: tools/modd/bin/modd
@ -34,6 +43,25 @@ dokku-deploy:
$(if $(shell git config remote.dokku.url),, git remote add dokku $(DOKKU_URL)) $(if $(shell git config remote.dokku.url),, git remote add dokku $(DOKKU_URL))
git push -f dokku $(shell git rev-parse HEAD):refs/heads/master git push -f dokku $(shell git rev-parse HEAD):refs/heads/master
.PHONY: dist
dist: .mktools
( set -o allexport && source .env && set +o allexport && VERSION=$(GORELEASER_VERSION) curl -sfL https://goreleaser.com/static/run | GORELEASER_CURRENT_TAG="$(MKT_PROJECT_VERSION)" bash /dev/stdin $(GORELEASER_ARGS) )
.PHONY: release
release: changelog
$(MAKE) MKT_GITEA_RELEASE_ATTACHMENTS="$$(find dist/* -type f -name '*.apk' -or -name '*.deb' -or -name '*.rpm' -or -name 'checksums.txt' -or -name 'CHANGELOG.md' | tr '\n' ' ')" mkt-gitea-release
.PHONY: changelog
changelog: .mktools
$(MAKE) MKT_GIT_CHGLOG_ARGS='--next-tag $(MKT_PROJECT_VERSION) --tag-filter-pattern $(MKT_PROJECT_VERSION_CHANNEL) --output CHANGELOG.md' mkt-changelog
.PHONY: deploy
deploy: dist
FILE=$$(find ./dist -name '*amd64.deb') \
&& ssh $(DEPLOY_TARGET) rm -f ~/rebound_*amd64.deb \
&& scp $${FILE} $(DEPLOY_TARGET):~/ \
&& ssh $(DEPLOY_TARGET) dpkg -i $$(basename $${FILE})
.PHONY: mktools .PHONY: mktools
mktools: mktools:
rm -rf .mktools rm -rf .mktools

View File

@ -0,0 +1,75 @@
#!/bin/sh
use_systemctl="True"
systemd_version=0
if ! command -V systemctl >/dev/null 2>&1; then
use_systemctl="False"
else
systemd_version=$(systemctl --version | head -1 | cut -d ' ' -f 2)
fi
service_name=rebound
cleanup() {
if [ "${use_systemctl}" = "False" ]; then
rm -f /usr/lib/systemd/system/${service_name}.service
else
rm -f /etc/chkconfig/${service_name}
rm -f /etc/init.d/${service_name}
fi
}
cleanInstall() {
printf "\033[32m Post Install of an clean install\033[0m\n"
if [ "${use_systemctl}" = "False" ]; then
if command -V chkconfig >/dev/null 2>&1; then
chkconfig --add ${service_name}
fi
service ${service_name} restart || :
else
if [[ "${systemd_version}" -lt 231 ]]; then
printf "\033[31m systemd version %s is less then 231, fixing the service file \033[0m\n" "${systemd_version}"
sed -i "s/=+/=/g" /usr/lib/systemd/system/${service_name}.service
fi
printf "\033[32m Reload the service unit from disk\033[0m\n"
systemctl daemon-reload || :
printf "\033[32m Unmask the service\033[0m\n"
systemctl unmask ${service_name} || :
printf "\033[32m Set the preset flag for the service unit\033[0m\n"
systemctl preset ${service_name} || :
printf "\033[32m Set the enabled flag for the service unit\033[0m\n"
systemctl enable ${service_name} || :
systemctl restart ${service_name} || :
fi
}
upgrade() {
printf "\033[32m Post Install of an upgrade\033[0m\n"
systemctl daemon-reload || :
systemctl restart ${service_name} || :
}
# Step 2, check if this is a clean install or an upgrade
action="$1"
if [ "$1" = "configure" ] && [ -z "$2" ]; then
action="install"
elif [ "$1" = "configure" ] && [ -n "$2" ]; then
action="upgrade"
fi
case "$action" in
"1" | "install")
cleanInstall
;;
"2" | "upgrade")
printf "\033[32m Post Install of an upgrade\033[0m\n"
upgrade
;;
*)
printf "\033[32m Alpine\033[0m"
cleanInstall
;;
esac
cleanup

View File

@ -0,0 +1,6 @@
export REBOUND_ADDRESS=:2222
export REBOUND_HTTP_CUSTOM_DIR=/etc/rebound/custom
export REBOUND_SSH_PUBLIC_HOST=rebound
export REBOUND_SSH_PUBLIC_PORT=2222
export REBOUND_SSH_SOCK_DIR=/var/lib/rebound/socks
export REBOUND_SSH_HOST_KEY=/etc/rebound/host.key

View File

@ -0,0 +1,11 @@
#!/sbin/openrc-run
command="/usr/bin/rebound"
command_args=""
supervisor=supervise-daemon
output_log="/var/log/rebound.log"
error_log="$output_log"
depend() {
need net
}

View File

@ -0,0 +1,6 @@
REBOUND_ADDRESS=:8080
REBOUND_HTTP_CUSTOM_DIR=/var/lib/rebound/custom
REBOUND_SSH_PUBLIC_HOST=rebound
REBOUND_SSH_PUBLIC_PORT=8080
REBOUND_SSH_SOCK_DIR=/var/lib/rebound/socks
REBOUND_SSH_HOST_KEY=/var/lib/rebound/host.key

View File

@ -0,0 +1,35 @@
[Unit]
Description=rebound service
After=network.target
[Service]
Type=simple
Restart=on-failure
EnvironmentFile=/etc/rebound/environ
ExecStart=/usr/bin/rebound
EnvironmentFile=/etc/rebound/environ
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
PrivateUsers=yes
DynamicUser=yes
StateDirectory=rebound
DevicePolicy=closed
ProtectSystem=true
ProtectHome=read-only
ProtectKernelLogs=yes
ProtectProc=invisible
ProtectClock=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
MemoryDenyWriteExecute=yes
LockPersonality=yes
CapabilityBoundingSet=~CAP_SETUID CAP_SETGID CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_CHOWN CAP_FSETID CAP_SETFCAP CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_FOWNER CAP_IPC_OWNER CAP_NET_ADMIN CAP_WAKE_ALARM CAP_SYS_TTY_CONFIG
[Install]
WantedBy=multi-user.target