v1

.github/workflows/release-docker.yml

@@ -0,0 +1,42 @@
+name: Publish Docker
+
+on:
+  push:
+    tags:
+    - 'v*'
+
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: linuxdeepin/deepin-github
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      - name: Log in to the Container registry
+        uses: docker/login-action@v1
+        with:
+          registry: ${{ env.REGISTRY }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v2
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/release-pbuilder.yml

@@ -0,0 +1,18 @@
+name: Publish Pbuilder
+
+on:
+  push:
+    tags:
+    - 'v*'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@master
+    - name: Build Pbuilder
+      run: mkpbuilder/scripts/build-pbuilder-tgz.sh
+    - name: Upload release artifacts
+      uses: softprops/action-gh-release@v1
+      with:
+        files: pbuilder.tgz

Dockerfile

@@ -0,0 +1,9 @@
+FROM debian:sid-slim
+RUN apt update
+RUN apt install -y sudo pbuilder devscripts ca-certificates
+
+COPY entrypoint.sh /entrypoint.sh
+ADD common /app/common
+ADD repos /app/repos
+
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -0,0 +1,57 @@
+# Deepin Pbuilder Docker Image
+
+[简体中文](./README_zh.md)
+
+## What is this
+
+This is a docker image for build Debian package.
+
+[![Publish Docker](https://github.com/linuxdeepin/deepin-github/actions/workflows/release-docker.yml/badge.svg)](https://github.com/linuxdeepin/deepin-github/actions/workflows/release-docker.yml)
+[![Publish Pbuilder](https://github.com/linuxdeepin/deepin-github/actions/workflows/release-pbuilder.yml/badge.svg)](https://github.com/linuxdeepin/deepin-github/actions/workflows/release-pbuilder.yml)
+
+## How to use this in Github Actions
+
+create Github Action YAML file `.github/workflows/pr.yml`:
+
+``` yaml
+on: [pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/linuxdeepin/deepin-github:latest
+      options: --privileged
+    steps:
+      - uses: actions/checkout@v2
+      - run: /entrypoint.sh
+```
+
+Use deepin-community repository by default, we can use `/entrypoint.sh reponame` to special which repo used for compiling.
+
+The currently maintainly repos could be found in [repos folder](./repos).
+
+
+Multi-repos build Actions example:
+
+``` yaml
+on: [pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/linuxdeepin/deepin-github:latest
+      options: --privileged
+    strategy:
+      matrix:
+        repo: [deepin, buster]
+    steps:
+      - uses: actions/checkout@v2
+      - run: /entrypoint.sh ${{ matrix.repo }}
+```
+
+
+## Why this image required `privileged`
+
+Because we use [Pbuilder](https://pbuilder-team.pages.debian.net/pbuilder) to build package, Pbuilder need permission to mount something like `/proc` ...

README_zh.md

@@ -0,0 +1,57 @@
+# Deepin Pbuilder Docker 镜像
+
+[English](README.md)
+
+## 介绍
+
+这是一个编译 Debian 包的 Docker 镜像
+
+[![Publish Docker](https://github.com/linuxdeepin/deepin-github/actions/workflows/release-docker.yml/badge.svg)](https://github.com/linuxdeepin/deepin-github/actions/workflows/release-docker.yml)
+[![Publish Pbuilder](https://github.com/linuxdeepin/deepin-github/actions/workflows/release-pbuilder.yml/badge.svg)](https://github.com/linuxdeepin/deepin-github/actions/workflows/release-pbuilder.yml)
+
+## 如何在Github Actions 里使用
+
+编辑 `.github/workflows/pr.yml`:
+
+``` yaml
+on: [pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/linuxdeepin/deepin-github:latest
+      options: --privileged
+    steps:
+      - uses: actions/checkout@v2
+      - run: /entrypoint.sh
+```
+
+默认使用Deepin 社区仓库编译,可以通过`/entrypoint.sh 仓库名`来指定使用哪个仓库来编译, 当前支持的仓库可以在 [repos 文件夹](./repos) 中看到
+
+
+多仓库Actions 示例:
+
+``` yaml
+on: [pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/linuxdeepin/deepin-github:latest
+      options: --privileged
+    strategy:
+      matrix:
+        repo: [deepin, buster]
+    steps:
+      - uses: actions/checkout@v2
+      - run: /entrypoint.sh ${{ matrix.repo }}
+```
+
+
+
+
+## 为什么这个镜像要求 `privileged` 权限
+
+因为我们选择使用 [Pbuilder](https://pbuilder-team.pages.debian.net/pbuilder) 来编包, Pbuilder 需要一些权限来挂载 `/proc` 之类的目录

common/in_pbuilder/etc/apt/apt.conf

@@ -0,0 +1,2 @@
+Acquire::http::No-Cache true;
+Acquire::http::Pipeline-Depth 0;

common/scripts/build-package.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -x
+BUILD_DIR="/opt/cache/build"
+dpkg-source -b ./
+sudo /usr/sbin/pbuilder --update --no-targz --buildplace ${BUILD_DIR}
+sudo DEB_BUILD_OPTIONS=nocheck /usr/sbin/pbuilder --build --no-targz --buildplace ${BUILD_DIR} --buildresult /opt/cache/build-result ../*.dsc

common/scripts/change-version.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+set -x
+short_hash=$(git log -n 1 --pretty=format:'%h')
+tag=$(git describe --tags --long | awk -F "-$num-g$short_hash" '{print $1}') || echo
+if [ $tag ]; then
+  version=${tag}+g${short_hash}
+else
+  version=0.0.0+g${short_hash}
+fi
+
+if [[ $(echo $(cat debian/changelog | head -n 1 | awk -F '(' '{print $2}' | awk -F ')' '{print $1}') | grep :) ]]; then
+  prefix=$(cat debian/changelog | head -n 1 | awk -F '(' '{print $2}' | awk -F ')' '{print $1}' | awk -F ':' '{print $1}')
+fi
+
+if [ ${prefix} ]; then
+  version=${prefix}:${version}
+fi
+
+if [ -f debian/source/format ] && [[ $(grep quilt debian/source/format) ]]; then
+  dch -M -bv "${version}-1" -D unstable "hash: ${short_hash}"
+  git deborig --force HEAD
+else
+  dch -M -bv "${version}" -D unstable "hash: ${short_hash}"
+fi

common/scripts/prepare-pbuilder.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+set -x
+BUILD_DIR="/opt/cache/build"
+sudo mkdir -p ${BUILD_DIR}
+wget -q https://github.com/linuxdeepin/deepin-github/releases/latest/download/pbuilder.tgz -O /opt/cache/pbuilder.tgz
+sudo mkdir -p ${BUILD_DIR}
+sudo tar xf /opt/cache/pbuilder.tgz -C ${BUILD_DIR}
+sudo rm -rfv ${BUILD_DIR}/proc
+sudo cp /app/common/in_pbuilder/* ${BUILD_DIR}/ -rv
+sudo cp /app/repos/${repo}/in_pbuilder/* ${BUILD_DIR}/ -rv
+cat ${BUILD_DIR}/etc/apt/sources.list

entrypoint.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+set -x
+repos=$(ls -d /app/repos/* | awk -F '/' '{print $NF}')
+
+for m_repo in $repos; do
+  case "$m_repo" in
+  $1)
+    export repo=$1
+    break
+    ;;
+  *)
+    export repo=deepin
+    ;;
+  esac
+done
+/app/common/scripts/prepare-pbuilder.sh
+/app/common/scripts/change-version.sh
+/app/common/scripts/build-package.sh

mkpbuilder/etc/pbuilderrc

@@ -0,0 +1,11 @@
+DEBOOTSTRAPOPTS=(
+    '--variant=minbase'
+    '--no-check-gpg'
+    "--include=ca-certificates,wget"
+    )
+APTCACHE=""
+HOOKDIR="/var/cache/pbuilder/hook.d/"
+COMPONENTS="main contrib non-free"
+APTCACHEHARDLINK=no
+AUTOCLEANAPTCACHE=yes
+MIRRORSITE=https://deb.debian.org/debian/

mkpbuilder/scripts/build-pbuilder-tgz.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+set -x
+sudo apt update
+sudo apt -y install pbuilder
+sudo install -Dvm644 mkpbuilder/etc/pbuilderrc /etc/pbuilderrc
+sudo install -Dvm755 mkpbuilder/var/cache/pbuilder/hook.d/D10deepin-keyring /var/cache/pbuilder/hook.d/E10deepin-keyring
+cat /etc/pbuilderrc
+sudo pbuilder --create --distribution buster --basetgz ./pbuilder.tgz
+

mkpbuilder/var/cache/pbuilder/hook.d/D10deepin-keyring

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -e
+keyring_deb=/tmp/deepin-keyring.deb
+wget https://community-packages.deepin.com/deepin/pool/main/d/deepin-keyring/deepin-keyring_2021.06.07-1_all.deb -O ${keyring_deb}
+apt -y install ${keyring_deb}
+rm -v ${keyring_deb}

repos/buster/in_pbuilder/etc/apt/sources.list

@@ -0,0 +1 @@
+deb https://deb.debian.org/debian buster main contrib non-free

repos/deepin/in_pbuilder/etc/apt/sources.list

@@ -0,0 +1 @@
+deb https://community-packages.deepin.com/deepin apricot main contrib non-free