Cradicle Explorer
heartwood-jj
/ build / build
build
 1  #!/bin/sh
 2  set -e
 3  
 4  main() {
 5    # Use UTC time for everything.
 6    export TZ=UTC0
 7    # Set minimal locale.
 8    export LC_ALL=C
 9    # Set source date. This is honored by `asciidoctor` and other tools.
10    SOURCE_DATE_EPOCH="$(git log -1 --pretty=%ct)"
11    export SOURCE_DATE_EPOCH
12  
13    if ! command -v rad > /dev/null; then
14      echo "fatal: rad is not installed" >&2 ; exit 1
15    fi
16  
17    if ! command -v podman > /dev/null; then
18      echo "fatal: podman is not installed" >&2 ; exit 1
19    fi
20  
21    if ! command -v sha256sum > /dev/null; then
22      echo "fatal: sha256sum is not installed" >&2 ; exit 1
23    fi
24  
25    rev="$(git rev-parse HEAD)"
26    gitarchive="build/heartwood-$rev.tar.gz"
27    keypath="$(rad path)/keys/radicle.pub"
28    version="$(build/version)"
29    image=radicle-build-$version
30    rust_version="$(build/rust-version)"
31  
32    if [ ! -f "$keypath" ]; then
33      echo "fatal: no key found at $keypath" >&2 ; exit 1
34    fi
35    # Authenticate user for signing
36    rad auth
37  
38    echo "Building Radicle $version.."
39    echo "Creating archive of repository at $rev in $gitarchive.."
40    git archive --format tar.gz -o "$gitarchive" HEAD
41  
42    echo "Building image ($image).."
43    podman --cgroup-manager=cgroupfs build \
44      --build-arg "RUST_VERSION=$rust_version" \
45      --build-arg SOURCE_DATE_EPOCH \
46      --build-arg TZ \
47      --build-arg LC_ALL \
48      --build-arg "RADICLE_VERSION=$version" \
49      --build-arg "GIT_HEAD=$rev" \
50      --arch amd64 --tag "$image" -f ./build/Dockerfile - < "$gitarchive"
51  
52    echo "Creating container (radicle-build-container).."
53    podman --cgroup-manager=cgroupfs create --ulimit=host --replace --name radicle-build-container "$image"
54  
55    # Copy build artifacts to output folder.
56    outdir=build/artifacts
57    mkdir -p $outdir
58    podman cp --overwrite radicle-build-container:/builds/. $outdir/
59  
60    while IFS= read -r target
61    do
62      echo "Signing artifacts for $target.."
63  
64      filename="radicle-$version-$target.tar.xz"
65      filepath="$outdir/$filename"
66  
67      # Output SHA256 digest of archive.
68      checksum="$(cd $outdir && sha256sum "$filename")"
69      echo "Checksum of $filepath is $(echo "$checksum" | cut -d' ' -f1)"
70      echo "$checksum" > "${filepath}.sha256"
71  
72      # Sign archive and verify archive.
73      rm -f "${filepath}.sig" # Delete existing signature
74      ssh-keygen -Y sign -n file -f "$keypath" "$filepath"
75      ssh-keygen -Y check-novalidate -n file -s "$filepath.sig" < "$filepath"
76    done < build/TARGETS
77  
78    # Remove build artifacts that aren't needed anymore.
79    podman rm radicle-build-container > /dev/null
80    podman rmi --ignore "localhost/$image"
81  }
82  
83  # Run build.
84  echo "Running build.."
85  main "$@"
86  
87  # Show artifact checksums.
88  echo
89  build/checksums
90  echo
91  
92  echo "Build successful."