From 7fea1f84c0f5a206ba393e1406b35e82b2163a35 Mon Sep 17 00:00:00 2001
From: Leonard Gram <leo@xlson.com>
Date: Fri, 14 Dec 2018 16:10:16 +0100
Subject: [PATCH] build: release of debs to our debian repo.

---
 .circleci/config.yml                    | 12 +++++++-
 scripts/build/load-signing-key.sh       |  7 +++++
 scripts/build/update_repo/aptly.conf    | 27 ++++++++++++++++++
 scripts/build/update_repo/sign-repo.sh  |  7 +++++
 scripts/build/update_repo/update-deb.sh | 38 +++++++++++++++++++++++++
 scripts/build/update_repo/update-rpm.sh |  1 +
 6 files changed, 91 insertions(+), 1 deletion(-)
 create mode 100644 scripts/build/load-signing-key.sh
 create mode 100644 scripts/build/update_repo/aptly.conf
 create mode 100755 scripts/build/update_repo/sign-repo.sh
 create mode 100755 scripts/build/update_repo/update-deb.sh
 create mode 100755 scripts/build/update_repo/update-rpm.sh

diff --git a/.circleci/config.yml b/.circleci/config.yml
index dba6c5f8bd0..1a1617ed407 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -398,8 +398,9 @@ jobs:
 
   deploy-release:
     docker:
-      - image: grafana/grafana-ci-deploy:1.0.0
+      - image: xlson/aptly-ci:0.1
     steps:
+      - checkout
       - attach_workspace:
           at: .
       - run:
@@ -417,6 +418,15 @@ jobs:
       - run:
           name: Deploy to Grafana.com
           command: './scripts/build/publish.sh'
+      - run:
+          name: Load GPG private key
+          comand: './scripts/build/load-signing-key.sh'
+      - run:
+          name: Update Debian repository
+          command: './scripts/build/update_repo/update-deb.sh "oss" "$GPG_KEY_PASSWORD"'
+      - run:
+          name: Update RPM repository
+          command: 'ls'
 
 workflows:
   version: 2
diff --git a/scripts/build/load-signing-key.sh b/scripts/build/load-signing-key.sh
new file mode 100644
index 00000000000..aa70d289443
--- /dev/null
+++ b/scripts/build/load-signing-key.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+
+set -e
+
+git clone git@github.com:torkelo/private.git ~/private-repo
+gpg --batch --allow-secret-key-import --import ~/private-repo/signing/private.key
+pkill gpg-agent
\ No newline at end of file
diff --git a/scripts/build/update_repo/aptly.conf b/scripts/build/update_repo/aptly.conf
new file mode 100644
index 00000000000..5d2a64cd88d
--- /dev/null
+++ b/scripts/build/update_repo/aptly.conf
@@ -0,0 +1,27 @@
+{
+  "rootDir": "/deb-repo/db",
+  "downloadConcurrency": 4,
+  "downloadSpeedLimit": 0,
+  "architectures": [],
+  "dependencyFollowSuggests": false,
+  "dependencyFollowRecommends": false,
+  "dependencyFollowAllVariants": false,
+  "dependencyFollowSource": false,
+  "dependencyVerboseResolve": false,
+  "gpgDisableSign": false,
+  "gpgDisableVerify": false,
+  "gpgProvider": "gpg2",
+  "downloadSourcePackages": false,
+  "skipLegacyPool": true,
+  "ppaDistributorID": "ubuntu",
+  "ppaCodename": "",
+  "skipContentsPublishing": false,
+  "FileSystemPublishEndpoints": {
+    "repo": {
+      "rootDir": "/deb-repo/repo",
+      "linkMethod": "copy"
+    }
+  },
+  "S3PublishEndpoints": {},
+  "SwiftPublishEndpoints": {}
+}
diff --git a/scripts/build/update_repo/sign-repo.sh b/scripts/build/update_repo/sign-repo.sh
new file mode 100755
index 00000000000..eb2922104fe
--- /dev/null
+++ b/scripts/build/update_repo/sign-repo.sh
@@ -0,0 +1,7 @@
+#!/usr/bin/env expect
+
+set password [lindex $argv 0]
+spawn aptly publish repo grafana filesystem:repo:grafana
+expect "Enter passphrase: "
+send -- "$password\r"
+expect eof
diff --git a/scripts/build/update_repo/update-deb.sh b/scripts/build/update_repo/update-deb.sh
new file mode 100755
index 00000000000..08f5bd7ef6f
--- /dev/null
+++ b/scripts/build/update_repo/update-deb.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+RELEASE_TYPE="${1:-}"
+GPG_PASS="${2:-}"
+
+if [ -z "$RELEASE_TYPE" -o -z "$GPG_PASS" ]; then
+    exit 1
+fi
+
+set -e
+
+# Setup environment
+cp scripts/build/update_repo/aptly.conf /etc/aptly.conf
+mkdir -p /deb-repo/db
+mkdir -p /deb-repo/repo
+
+# Download the database
+gsutil -m rsync -r gs://grafana-aptly-db/repo-db /deb-repo/db
+
+# Add the new release to the repo
+set +e
+aptly publish drop squeeze filesystem:repo:grafana
+set -e
+aptly repo add grafana ./dist
+
+# Setup signing and sign the repo
+
+echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf
+echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf
+
+./scripts/build/update_repo/sign-repo.sh "$GPG_PASS"
+
+# Update the repo and db on gcp
+gsutil -m rsync -r -d /deb-repo/db gs://grafana-aptly-db/repo-db
+gsutil -m rsync -r -d /deb-repo/repo/grafana "gs://grafana-repo/$RELEASE_TYPE/deb"
+
+# usage:
+# deb https://grafana-repo.storage.googleapis.com/oss/deb squeeze main
\ No newline at end of file
diff --git a/scripts/build/update_repo/update-rpm.sh b/scripts/build/update_repo/update-rpm.sh
new file mode 100755
index 00000000000..212c4ba239e
--- /dev/null
+++ b/scripts/build/update_repo/update-rpm.sh
@@ -0,0 +1 @@
+#!/usr/bin/env bash
\ No newline at end of file