From f79f17134460b892e9b50c07ab0fa3d740e87bac Mon Sep 17 00:00:00 2001 From: Hans-Christoph Steiner Date: Thu, 24 Oct 2024 14:58:27 +0200 Subject: [PATCH] gitlab-ci: checkupdates_runner moved to https://gitlab.com/fdroid/checkupdates-runner --- .gitlab-ci.yml | 68 -------------------------------------------------- 1 file changed, 68 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 07f2fd9de8..3737fb8244 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -283,74 +283,6 @@ schedule-issuebot: - apt-get -qy install --no-install-recommends bash curl ca-certificates python3-gitlab - ./tools/schedule-issuebot.py -checkupdates_runner: - stage: prepare - image: debian:bookworm-slim - variables: - GIT_DEPTH: "1" - parallel: 10 - tags: - - fdroid - - pep.security - rules: - - if: $CI_PIPELINE_SOURCE == 'schedule' && $CHECKUPDATES == 'true' - before_script: - - *install_fdroid_server_deb - - export fdroidserver=../fdroidserver - - *install_fdroid_server - - apt-get install -y openssh-client - - git config --global user.email "fdroidci@bubu1.eu" - - git config --global user.name "F-Droid checkupdates bot" - - # gitlab.com was still vulnerable to https://terrapin-attack.com/ when this was added - - printf 'Ciphers -chacha20-poly1305@openssh.com,*-cbc\nMACs -*etm*,*-sha1*\n' - > /etc/ssh/ssh_config.d/0-terrapin-workaround.conf - - - mkdir -p ~/.ssh - - chmod 700 ~/.ssh - - cp "${GITLAB_KNOWN_HOSTS}" ~/.ssh/known_hosts - - chmod 644 ~/.ssh/known_hosts - - eval $(ssh-agent -s) - - echo "${CHECKUPDATES_SSH_DEPLOY_KEY}" | tr -d '\r' | ssh-add - - - url_host=$(echo "${CI_REPOSITORY_URL}" | sed -e 's|https\?://gitlab-ci-token:.*@|ssh://git@|g') - - git remote set-url --push origin "${url_host}" - # reset repo to origin state before adding new commits - - git rebase --abort || true - - rm -fr ".git/rebase-apply" - # https://gitlab.com/gitlab-org/gitlab-runner/-/issues/29187 - - rm -f ".git/logs/HEAD.lock" - - git checkout master || true - - git reset --hard origin/master || true - script: - # Get app IDs in this batch - - | - metadata_files=(metadata/*.yml) - metadata_files_count=${#metadata_files[@]} - batch_size=$((metadata_files_count / CI_NODE_TOTAL + 1)) - metadata_files_batch=("${metadata_files[@]:$(((CI_NODE_INDEX - 1) * batch_size)):$batch_size}") - - declare -a CHECKUPDATES_APPIDS - for file in "${metadata_files_batch[@]}"; do - filename="${file##*/}" - filename_without_extension="${filename%.*}" - CHECKUPDATES_APPIDS=("${CHECKUPDATES_APPIDS[@]}" "$filename_without_extension") - done - - export CHECKUPDATES_APPIDS - - - echo "$metadata_files_count" - - echo "$batch_size" - - echo "${metadata_files_batch[@]}" - - echo "${#metadata_files_batch[@]}" - - echo "${CHECKUPDATES_APPIDS[@]}" - - echo "${#CHECKUPDATES_APPIDS[@]}" - - - fdroid checkupdates --allow-dirty --auto --commit "${CHECKUPDATES_APPIDS[@]}" 2>&1 | tee /tmp/out || true - # when two jobs try to push at the same time they occasionally fail, so try it again - - while ! git push origin HEAD:master; do git pull --rebase --strategy-option=ours origin master; done - - echo "============== Summary =====================" - - 'grep -v "INFO: Processing" /tmp/out || true' - # This job is should be as close as possible to the production # buildserver. It should not include custom setup or methods, except # when there is no other way to make this job work. The docker image