From b1960dd7e78e7df439d8876104677c5bc2ba0c98 Mon Sep 17 00:00:00 2001 From: Brad Warren Date: Tue, 6 Sep 2022 16:16:29 -0700 Subject: [PATCH] split deploy jobs --- .../templates/jobs/snap-deploy-job.yml | 68 +++++++++++++++++++ .../templates/stages/deploy-stage.yml | 68 +------------------ 2 files changed, 69 insertions(+), 67 deletions(-) create mode 100644 .azure-pipelines/templates/jobs/snap-deploy-job.yml diff --git a/.azure-pipelines/templates/jobs/snap-deploy-job.yml b/.azure-pipelines/templates/jobs/snap-deploy-job.yml new file mode 100644 index 000000000..e6034babb --- /dev/null +++ b/.azure-pipelines/templates/jobs/snap-deploy-job.yml @@ -0,0 +1,68 @@ +parameters: +- name: snapReleaseChannel + type: string + default: edge + values: + - edge + - beta + - candidate + +jobs: + # This job relies on credentials used to publish the Certbot snaps. This + # credential file was created by running: + # + # snapcraft logout + # snapcraft export-login --channels=candidate,beta,edge snapcraft.cfg + # (provide the shared snapcraft credentials when prompted) + # + # Then the file was added as a secure file in Azure pipelines + # with the name snapcraft.cfg by following the instructions at + # https://docs.microsoft.com/en-us/azure/devops/pipelines/library/secure-files?view=azure-devops + # including authorizing the file for use in the "nightly" and "release" + # pipelines as described at + # https://docs.microsoft.com/en-us/azure/devops/pipelines/library/secure-files?view=azure-devops#q-how-do-i-authorize-a-secure-file-for-use-in-a-specific-pipeline. + # + # This file has a maximum lifetime of one year and the current file will + # expire on 2023-09-06. The file will need to be updated before then to + # prevent automated deploys from breaking. + # + # Revoking these credentials can be done by changing the password of the + # account used to generate the credentials. See + # https://forum.snapcraft.io/t/revoking-exported-credentials/19031 for + # more info. + - job: publish_snap + pool: + vmImage: ubuntu-22.04 + variables: + - group: certbot-common + strategy: + matrix: + amd64: + SNAP_ARCH: amd64 + arm32v6: + SNAP_ARCH: armhf + arm64v8: + SNAP_ARCH: arm64 + steps: + - bash: | + set -e + sudo apt-get update + sudo apt-get install -y --no-install-recommends snapd + sudo snap install --classic snapcraft + displayName: Install dependencies + - task: DownloadPipelineArtifact@2 + inputs: + artifact: snaps_$(SNAP_ARCH) + path: $(Build.SourcesDirectory)/snap + displayName: Retrieve Certbot snaps + - task: DownloadSecureFile@1 + name: snapcraftCfg + inputs: + secureFile: snapcraft.cfg + - bash: | + set -e + export SNAPCRAFT_STORE_CREDENTIALS=$(cat $(snapcraftCfg.secureFilePath)) + for SNAP_FILE in snap/*.snap; do + tools/retry.sh eval snapcraft upload --release=${{ parameters.snapReleaseChannel }} "${SNAP_FILE}" + done + displayName: Publish to Snap store diff --git a/.azure-pipelines/templates/stages/deploy-stage.yml b/.azure-pipelines/templates/stages/deploy-stage.yml index 15bb35079..4a34d33f2 100644 --- a/.azure-pipelines/templates/stages/deploy-stage.yml +++ b/.azure-pipelines/templates/stages/deploy-stage.yml @@ -1,73 +1,7 @@ -parameters: -- name: snapReleaseChannel - type: string - default: edge - values: - - edge - - beta - - candidate - stages: - stage: Deploy jobs: - # This job relies on credentials used to publish the Certbot snaps. This - # credential file was created by running: - # - # snapcraft logout - # snapcraft export-login --channels=candidate,beta,edge snapcraft.cfg - # (provide the shared snapcraft credentials when prompted) - # - # Then the file was added as a secure file in Azure pipelines - # with the name snapcraft.cfg by following the instructions at - # https://docs.microsoft.com/en-us/azure/devops/pipelines/library/secure-files?view=azure-devops - # including authorizing the file for use in the "nightly" and "release" - # pipelines as described at - # https://docs.microsoft.com/en-us/azure/devops/pipelines/library/secure-files?view=azure-devops#q-how-do-i-authorize-a-secure-file-for-use-in-a-specific-pipeline. - # - # This file has a maximum lifetime of one year and the current file will - # expire on 2023-09-06. The file will need to be updated before then to - # prevent automated deploys from breaking. - # - # Revoking these credentials can be done by changing the password of the - # account used to generate the credentials. See - # https://forum.snapcraft.io/t/revoking-exported-credentials/19031 for - # more info. - - job: publish_snap - pool: - vmImage: ubuntu-22.04 - variables: - - group: certbot-common - strategy: - matrix: - amd64: - SNAP_ARCH: amd64 - arm32v6: - SNAP_ARCH: armhf - arm64v8: - SNAP_ARCH: arm64 - steps: - - bash: | - set -e - sudo apt-get update - sudo apt-get install -y --no-install-recommends snapd - sudo snap install --classic snapcraft - displayName: Install dependencies - - task: DownloadPipelineArtifact@2 - inputs: - artifact: snaps_$(SNAP_ARCH) - path: $(Build.SourcesDirectory)/snap - displayName: Retrieve Certbot snaps - - task: DownloadSecureFile@1 - name: snapcraftCfg - inputs: - secureFile: snapcraft.cfg - - bash: | - set -e - export SNAPCRAFT_STORE_CREDENTIALS=$(cat $(snapcraftCfg.secureFilePath)) - for SNAP_FILE in snap/*.snap; do - tools/retry.sh eval snapcraft upload --release=${{ parameters.snapReleaseChannel }} "${SNAP_FILE}" - done - displayName: Publish to Snap store + - template: ../jobs/snap-deploy-job.yml - job: publish_docker pool: vmImage: ubuntu-22.04