-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
153 lines (134 loc) · 4.67 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
image: debian:stretch
variables:
FINGERPRINT: C7D495254D9CC8ADDC5A60BFDEB64CDBAAC4FDA6
SLEEP_TIME: 7
PATCH_FILE: apticron.patch
BUILD_DIRECTORY_NAME: apticron-build-artifacts
stages:
- test
- quality
- artifacts
- deploy
before_script:
- apt-get update -q && apt-get install -qy curl apticron gnupg
- ln -sf $PWD/apticron -t /usr/sbin/
- ln -sf $PWD/apticron.conf -t /etc/apticron/
- sed -i '/^EMAIL=/s/root/alfred.j.kwak@ducks.nl/' /etc/apticron/apticron.conf
- sed -i '/^NOTIFY_NO_UPDATES/c\NOTIFY_NO_UPDATES="1"' /etc/apticron/apticron.conf
- sed -i '/^GPG_SIGN=/s/1/0/' /etc/apticron/apticron.conf
- gpg --batch --import alfreds-keys/alfreds-gpg-key.sec
- gpg --import alfreds-keys/alfreds-gpg-key.pub
testUnencryptedOutput:
stage: test
script:
- apt-get purge -qy gnupg
- apticron && sleep $SLEEP_TIME
- ./test/assertThatMailIsUnencrypted
testMissingPublicKeyOutput:
stage: test
script:
- gpg --batch --yes --delete-secret-keys $FINGERPRINT
- gpg --batch --yes --delete-keys $FINGERPRINT
- apticron && sleep $SLEEP_TIME
- ./test/assertThatMailIsUnencrypted
testEncryptedOutput:
stage: test
script:
- apticron && sleep $SLEEP_TIME
- ./test/assertThatMailIsEncrypted
testUnencryptedOutputWithHeirloom:
stage: test
script:
- apt-get update -q && apt-get install -qy heirloom-mailx
- apt-get purge -qy gnupg
- apticron && sleep $SLEEP_TIME
- ./test/assertThatMailIsUnencrypted
testMissingPublicKeyOutputWithHeirloom:
stage: test
script:
- apt-get update -q && apt-get install -qy heirloom-mailx
- gpg --batch --yes --delete-secret-keys $FINGERPRINT
- gpg --batch --yes --delete-keys $FINGERPRINT
- apticron && sleep $SLEEP_TIME
- ./test/assertThatMailIsUnencrypted
testEncryptedOutputWithHeirloom:
stage: test
script:
- apt-get update -q && apt-get install -qy heirloom-mailx
- apticron && sleep $SLEEP_TIME
- ./test/assertThatMailIsEncrypted
testThatDisablingIsObeyed:
stage: test
script:
- sed -i '/^GPG_ENCRYPT/c\GPG_ENCRYPT="0"' /etc/apticron/apticron.conf
- apticron && sleep $SLEEP_TIME
- ./test/assertThatMailIsUnencrypted
testUnencryptedOutputWithCustomFromSetting:
stage: test
script:
- sed -i '/^EMAIL/c\EMAIL="root"' /etc/apticron/apticron.conf
- sed -i '/# CUSTOM_FROM/c\CUSTOM_FROM="alfred.j.kwak@ducks.nl"' /etc/apticron/apticron.conf
- apticron && sleep $SLEEP_TIME
- if grep -qe "From. alfred.j.kwak@ducks.nl" /var/mail/mail; then exit 0; else exit 1; fi
testEncryptedOutputWithCustomFromSetting:
stage: test
script:
- sed -i '/# CUSTOM_FROM/c\CUSTOM_FROM="alfred.j.kwak@ducks.nl"' /etc/apticron/apticron.conf
- apticron && sleep $SLEEP_TIME
- if grep -q "alfred.j.kwak@ducks.nl" /var/log/exim4/mainlog; then exit 0; else exit 1; fi
testMessageSigningOfEncryptedMessage:
stage: test
script:
- sed -i '/^GPG_SIGN=/c\GPG_SIGN="1"' /etc/apticron/apticron.conf
- apticron && sleep $SLEEP_TIME
- ./test/assertThatMailIsSigned
testMessageSigningWithWrongPassPhrase:
stage: test
script:
- sed -i '/^GPG_SIGN=/c\GPG_SIGN="1"' /etc/apticron/apticron.conf
- if GPG_PASS_PHRASE='veryWrongPassPhraseString' apticron; then exit 1; else exit 0; fi
shellcheck:
stage: quality
before_script:
- apt-get update -q && apt-get install -qy shellcheck
script:
- shellcheck $(find -type f -executable -not -path "./.git*" -not -name apticron -print)
createPatchForDebianRepository:
stage: artifacts
before_script:
- apt-get update -q && apt-get install -qy git
script:
- git remote add debian https://salsa.debian.org/debian/apticron.git
- git fetch debian
- git diff debian/master HEAD apticron apticron.conf > $PATCH_FILE
artifacts:
paths:
- $PATCH_FILE
debianPackageArtifact:
stage: artifacts
before_script:
- apt-get update -q && apt-get install -qy git git-buildpackage dh-exec
script:
- ./build-debian-package
artifacts:
untracked: true
uploadPatchToNC:
only:
- /^master$/
- tags
image:
name: tutum/curl:latest
stage: deploy
before_script: []
script:
- if [[ "x$CI_COMMIT_TAG" =~ ^x$ ]]; then export TARGET="$PATCH_FILE"; else export TARGET="apticron%20($CI_COMMIT_TAG).patch"; fi
- curl -s -D /dev/stderr -X PUT -u $AB_USER:$AB_PW --data-binary @"$PATCH_FILE" "https://penrose.duckdns.org/nextcloud/public.php/webdav/$TARGET"
uploadArtifactsToNC:
only:
- master
image:
name: tutum/curl:latest
stage: deploy
before_script: []
script:
- curl -s -D /dev/stderr -X PUT -u $AB_USER:$AB_PW --data-binary @"$BUILD_DIRECTORY_NAME".tar.gz "https://penrose.duckdns.org/nextcloud/public.php/webdav/"$BUILD_DIRECTORY_NAME".tar.gz"