ZoneMinder/.github/workflows/build-ai_server.yml at 2c80f6dfa46277ae974f3de00307993a685a6cd8 · connortechnology/ZoneMinder · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: build-ai_server-signed

on:
  push:
    branches: [ ai_server ]
permissions:
  contents: write
env:
  GPG_KEY_ID: ${{ secrets.ZMREPO_GPG_KEY_ID }}
  GPG_PASSPHRASE: ${{ secrets.ZMREPO_GPG_PASSPHRASE }}
  GPG_PRIVATE_KEY_B64: ${{ secrets.ZMREPO_GPG_PRIVATE_KEY_B64 }}
  DEBEMAIL: "info@zoneminder.com"
  DEBFULLNAME: "Github CI"
  TZ: America/New_York
  DEBIAN_FRONTEND: noninteractive
  DEBSIGN_KEYID: ${{ secrets.ZMREPO_GPG_KEY_ID }}

jobs:
  build-debian:
    name: Build & sign .deb (${{ matrix.distro }})
    #if: github.repository == 'ZoneMinder/zoneminder'
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        distro: ["debian:sid", "debian:13", "debian:12", "ubuntu:25.10", "ubuntu:devel", "ubuntu:24.04", "ubuntu:22.04"]
    container:
      image: ${{ matrix.distro }}

    steps:
      - name: Prep apt
        run: |
          set -eux
          if grep -q '^deb http' /etc/apt/sources.list && ! grep -q '^deb-src'\
            /etc/apt/sources.list; then
            sed -n 's/^deb /deb-src /p' /etc/apt/sources.list >> \
              /etc/apt/sources.list
          fi
          if [ -f /etc/apt/sources.list.d/debian.sources ]; then
            sed -i 's/^Types: deb$/Types: deb deb-src/g' \
            /etc/apt/sources.list.d/debian.sources
          fi
          if [ -f /etc/apt/sources.list.d/ubuntu.sources ]; then
            sed -i 's/^Types: deb$/Types: deb deb-src/g' \
            /etc/apt/sources.list.d/ubuntu.sources
          fi
          apt-get update
      - name: Install build tools
        run: |
          set -eux
          apt install -y --no-install-recommends \
            git ca-certificates gnupg lsb-release \
            build-essential devscripts debhelper equivs fakeroot \
            cmake pkg-config ccache curl bash rsync openssh-client
          apt install -y debhelper sphinx-doc dh-linktree dh-apache2 cmake \
            libavcodec-dev libavdevice-dev libavformat-dev libavutil-dev \
            libswresample-dev libswscale-dev libbz2-dev \
            libturbojpeg0-dev default-libmysqlclient-dev \
            libpolkit-gobject-1-dev libv4l-dev libvlc-dev libssl-dev \
            libvncserver-dev libjwt-gnutls-dev libgsoap-dev gsoap \
            libmosquittopp-dev

      - name: Checkout
        uses: actions/checkout@v6
        with:
          fetch-depth: 0

      - name: Import GPG key
        uses: crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.ZMREPO_GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.ZMREPO_GPG_PASSPHRASE }}
          git_user_signingkey: false
          git_commit_gpgsign: false

      - name: Install build-deps from debian/control
        run: |
          set -eux
          ln -sf distros/ubuntu2004 debian
          mk-build-deps -ir -t "apt-get -y --no-install-recommends" \
            debian/control
      - name: Build (signed)
        env:
          DEB_BUILD_OPTIONS: "parallel=$(nproc)"
          # gpg picks passphrase from environment via loopback
        run: |
          cd ../
          ls -l
          ln -sf zoneminder ZoneMinder_ZoneMinder.git
          #git config --global --add safe.directory /__w/zoneminder/zoneminder
          #git submodule init
          #git submodule update --init --recursive
          curl -s -o do_debian_package.sh https://raw.githubusercontent.com/ZoneMinder/zoneminder/refs/heads/master/utils/do_debian_package.sh
          chmod +x do_debian_package.sh

          # Tell gpg to use loopback + passphrase
          export GPG_TTY=$(tty || true)
          ls -l /bin/bash
          ./do_debian_package.sh -s=CURRENT -t=binary
      - name: Cleanup
        run: |
          rm -rf *_zoneminder_release *.build

      - name: Collect .deb artifacts (incl. signed metadata & public key)
        run: |
          set -eux
          mkdir -p artifacts/deb
          ls -l ../
          mv ../*.deb ../*.buildinfo ../*.changes ../*.dsc ../*.tar.xz ../*.tar.gz artifacts/deb/ || true
          # quick verify signatures (non-fatal)
          gpg --verify artifacts/deb/*.changes || true
          gpg --verify artifacts/deb/*.buildinfo || true
      - name: Sanitize Artifact name
        id: prep_artifact_name
        run: |
          # Use `sed` to replace invalid characters with a hyphen
          sanitized_distro_name=$(echo -n "${{ matrix.distro }}" | sed -e 's/[;\\\/:<>"|*?]/_/g' -e 's/__*/_/g')
          echo "artifact_name=binary-${sanitized_distro_name}" >> $GITHUB_ENV

      - name: Upload .deb artifacts
        uses: actions/upload-artifact@v6
        with:
          path: artifacts/deb
          name: ${{ env.artifact_name }}
      - name: Publish to ZMREPO
        uses: easingthemes/ssh-deploy@main
        env:
          SSH_PRIVATE_KEY: ${{ secrets.ZMREPO_SSH_KEY }}
          ARGS: "-rltgoDzvO"
          SOURCE: artifacts/deb/
          REMOTE_HOST: ${{ secrets.ZMREPO_HOST }}
          REMOTE_USER: ${{ secrets.ZMREPO_SSH_USER }}
          TARGET: debian/ai_server/mini-dinstall/incoming/

  release:
    name: Create GitHub Release (on tag)
    needs: build-debian
    if: github.repository == 'ZoneMinder/zoneminder' && startsWith(github.ref, 'refs/tags/')
    runs-on: ubuntu-latest
    steps:
      - name: Download artifacts
        uses: actions/download-artifact@v7
        with:
          path: dist
      - name: Create release
        uses: softprops/action-gh-release@v2
        with:
          files: dist/**/*