UniqAI/nvidia-container-toolkit
1
0
Fork 0
mirror of https://github.com/NVIDIA/nvidia-container-toolkit synced 2025-06-26 18:18:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
92f17e9493
nvidia-container-toolkit/scripts/release-packages.sh
Evan Lezar 0d862efa9c Publish generic deb and rpm repos. 
This change ensures that the centos7 and ubuntu18.04 packages are
published to the generic rpm and deb repos, respectively.

All other packages except the centos8-ppc64le packages are skipped
as these use cases are covered by the generic packages.

Signed-off-by: Evan Lezar <elezar@nvidia.com>
2023-08-09 17:54:41 +02:00

254 lines
7.5 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# Copyright (c) 2021, NVIDIA CORPORATION. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
function assert_usage() {
echo "Incorrect arguments: $*"
echo "$(basename ${BASH_SOURCE[0]}) PACKAGE_REPO_ROOT [SHA]"
echo "\tPACKAGE_REPO_ROOT: The path to the libnvidia-container repository"
echo "\tSHA: The SHA / reference to release. [Default: HEAD]"
exit 1
}
set -e
SCRIPTS_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )"/../scripts && pwd )"
PROJECT_ROOT="$( cd ${SCRIPTS_DIR}/.. && pwd )"
if [[ $# -lt 1 || $# -gt 2 ]]; then
assert_usage $*
fi
source "${SCRIPTS_DIR}"/utils.sh
PACKAGE_REPO_ROOT=$1
if [[ ! -d ${PACKAGE_REPO_ROOT} ]]; then
echo "The specified PACKAGE_REPO_ROOT '${PACKAGE_REPO_ROOT}' must exist"
exit 1
fi
: ${REFERENCE:="HEAD"}
if [[ $# -ge 2 ]]; then
REFERENCE=$2
fi
SHA=$(git rev-parse --short=8 ${REFERENCE})
IMAGE_NAME="registry.gitlab.com/nvidia/container-toolkit/container-toolkit/staging/container-toolkit"
IMAGE_TAG=${SHA}-packaging
: ${VERSION:="$(get_version_from_image ${IMAGE_NAME}:${IMAGE_TAG} ${SHA})"}
REPO="experimental"
if [[ ${VERSION/rc./} == ${VERSION} ]]; then
REPO="stable"
fi
PACKAGE_CACHE=release-${VERSION}-${REPO}
echo "Fetching packages with SHA '${SHA}' as tag '${VERSION}' to ${PACKAGE_CACHE}"
${SCRIPTS_DIR}/pull-packages.sh \
${IMAGE_NAME}:${IMAGE_TAG} \
${PACKAGE_CACHE}
: ${ALL_RPMS:="$(find ${PACKAGE_CACHE} -name "*.rpm" -exec basename {} \; | sort | uniq)"}
: ${ALL_DEBS:="$(find ${PACKAGE_CACHE} -name "*.deb" -exec basename {} \; | sort | uniq)"}
PACKAGE_REPO_ROOT=$(cd "${PACKAGE_REPO_ROOT}" && pwd)
echo "Updating ${REPO} repo at ${PACKAGE_REPO_ROOT}"
docker build \
-t nvidia/toolkit-deb-pkg-signer \
-f ${SCRIPTS_DIR}/Dockerfile.sign.deb \
${SCRIPTS_DIR}
docker build \
-t nvidia/toolkit-rpm-pkg-signer \
-f ${SCRIPTS_DIR}/Dockerfile.sign.rpm \
${SCRIPTS_DIR}
function sync() {
local target=$1
local src_root=$2
local dst_root=$3
local by_package_type=$4
local src_dist=${target%-*}
local dst_dist=${src_dist/amazonlinux/amzn}
local pkg_type=unknown
local arch=${target##*-}
local dst_arch=${arch}
case ${src_dist} in
amazonlinux*) pkg_type=rpm
;;
centos*) pkg_type=rpm
;;
debian*) pkg_type=deb
;;
fedora*) pkg_type=rpm
;;
opensuse-leap*) pkg_type=rpm
;;
ubuntu*) pkg_type=deb
dst_arch=${arch//ppc64le/ppc64el}
;;
*) echo "ERROR: unexpected distribution ${src_dist}"
exit 1
;;
esac
if [[ x"${by_package_type}" == x"true" ]]; then
dst_dist=${pkg_type}
fi
local src=${src_root}/${src_dist}/${arch}
local dst=${dst_root}/${dst_dist}/${dst_arch}
if [[ ! -d ${src} || -z $(ls ${src}/*.${pkg_type}) ]]; then
echo "Skipping ${src}"
return
fi
mkdir -p ${dst}
for f in $(ls ${src}/libnvidia-container*.${pkg_type} ${src}/nvidia-container-toolkit*.${pkg_type}); do
# We never release nvidia-container-toolkit-operator-extensions packages
if [[ "${f/"nvidia-container-toolkit-operator-extensions"/}" != "${f}" ]]; then
echo "Skipping ${f}"
continue
fi
df=${dst}/$(basename ${f})
df_stable=${df//"/experimental/"/"/stable/"}
if [[ -f "${df}" ]]; then
echo "${df} already exists; skipping"
elif [[ ${REPO} == "experimental" && -f ${df_stable} ]]; then
echo "${df_stable} already exists; skipping"
else
cp ${f} ${df}
fi
done
if [[ ${REPO} == "stable" ]]; then
for f in $(ls ${src}/nvidia-container-runtime*.${pkg_type} ${src}/nvidia-docker*.${pkg_type}); do
df=${dst}/$(basename ${f})
df_stable=${df//"/experimental/"/"/stable/"}
if [[ -f "${df}" ]]; then
echo "${df} already exists; skipping"
elif [[ ${REPO} == "experimental" && -f ${df_stable} ]]; then
echo "${df_stable} already exists; skipping"
else
cp ${f} ${df}
fi
done
fi
}
targets=${all[@]}
_current_branch=$(git -C ${PACKAGE_REPO_ROOT} rev-parse --abbrev-ref HEAD)
if [[ x"${_current_branch}" != x"gh-pages" ]]; then
echo "It is expected that the gh-pages branch be checked out"
exit 1
fi
: ${UPSTREAM_REMOTE:="origin"}
: ${UPSTREAM_REFERENCE:="${UPSTREAM_REMOTE}/gh-pages"}
git -C ${PACKAGE_REPO_ROOT} reset --hard ${UPSTREAM_REFERENCE}
git -C ${PACKAGE_REPO_ROOT} clean -fdx ${REPO}
for target in ${targets[@]}; do
echo "checking target=${target}"
by_package_type=
case ${target} in
ubuntu18.04-* | centos7-*)
by_package_type="true"
;;
centos8-ppc64le)
by_package_type="false"
;;
*)
echo "Skipping target ${target}"
continue
;;
esac
sync ${target} ${PACKAGE_CACHE}/packages ${PACKAGE_REPO_ROOT}/${REPO} ${by_package_type}
done
git -C ${PACKAGE_REPO_ROOT} add ${REPO}
if [[ "${REPO}" == "stable" ]]; then
# Stable release
git -C ${PACKAGE_REPO_ROOT} commit -s -F- <<EOF
Add packages for NVIDIA Container Toolkit ${VERSION} release
These include:
* libnvidia-container* ${LIBNVIDIA_CONTAINER_PACKAGE_VERSION}
* nvidia-container-toolkit ${NVIDIA_CONTAINER_TOOLKIT_PACKAGE_VERSION}
* nvidia-container-runtime ${NVIDIA_CONTAINER_RUNTIME_PACKAGE_VERSION}
* nvidia-docker ${NVIDIA_DOCKER_PACKAGE_VERSION}
EOF
else
# Experimental / release candidate release
git -C ${PACKAGE_REPO_ROOT} commit -s -F- <<EOF
Add packages for NVIDIA Container Toolkit ${VERSION} ${REPO} release
These include:
* libnvidia-container* ${LIBNVIDIA_CONTAINER_PACKAGE_VERSION}
* nvidia-container-toolkit ${NVIDIA_CONTAINER_TOOLKIT_PACKAGE_VERSION}
EOF
fi
: ${MASTER_KEY_PATH:? Path to master key MASTER_KEY_PATH must be set}
: ${SUB_KEY_PATH:? Path to sub key SUB_KEY_PATH must be set}
: ${GPG_LOCAL_USER:? GPG_LOCAL_USER must be set}
: ${GNUPG_CONF:=$(mktemp -d -t nvidia-container-toolkit-package-XXXXXXXXXX)}
function sign() {
local pkg_type=$1
docker run -it --rm \
-e ALL_DEBS="${ALL_DEBS}" \
-e ALL_RPMS="${ALL_RPMS}" \
-e GPG_LOCAL_USER="${GPG_LOCAL_USER}" \
-e TARGETS="${targets}" \
-v ${PACKAGE_REPO_ROOT}/${REPO}:/sign-packages \
-v ${MASTER_KEY_PATH}:/keys/master.key:ro \
-v ${SUB_KEY_PATH}:/keys/sub.key:ro \
-v ${SCRIPTS_DIR}:/helpers \
-w /sign-packages \
nvidia/toolkit-${pkg_type}-pkg-signer \
bash -x -c "
export GPG_TTY=\$(tty);
gpg --import /keys/master.key;
gpg --import /keys/sub.key;
/helpers/packages-sign-all.sh;
"
}
sign deb
git -C ${PACKAGE_REPO_ROOT} add ${REPO}
git -C ${PACKAGE_REPO_ROOT} commit -s -m "TOFIX: Sign deb packages for ${VERSION} in ${REPO}"
sign rpm
git -C ${PACKAGE_REPO_ROOT} add ${REPO}
git -C ${PACKAGE_REPO_ROOT} commit -s -m "TOFIX: Sign rpm packages for ${VERSION} in ${REPO}"
echo "To publish changes, go to ${PACKAGE_REPO_ROOT} and run: "
echo " git rebase -i ${UPSTREAM_REFERENCE}"
Reference in New Issue View Git Blame Copy Permalink