[gnome-build-meta/abderrahim/push-to-repo] .gitlab-ci.yml: push the flatpak runtimes to gbm.gnome.org

[Abderrahim Kitouni <akitouni src gnome org>]

commit 9bf0ae05dfef065aa57d910c8a5e437cbfe4c83a
Author: Abderrahim Kitouni <akitouni gnome org>
Date:   Thu Sep 6 13:06:43 2018 +0100

    .gitlab-ci.yml: push the flatpak runtimes to gbm.gnome.org
    
    Based on a patch by Jordan Petridis <jpetridis gnome org>

 .gitlab-ci.yml | 49 ++++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 46 insertions(+), 3 deletions(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index ea9c79b..08251df 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -6,7 +6,9 @@ variables:
   BST: "bst --config build.conf --log-file logs/build.log --colors"
   BST_SHA: '301a393cb6499b3f869d74827a9e8dc61b97d00e' #  1.1.7
   BST_EXTERNAL_SHA: '1622d57dfbde94f6cee84e1d8dfd430c86040251' # 0.3.1
+  OSTREE_RELENG_SHA: 'd7d3984914389849bffec689b243512304dd1aec' # v2016.1-15-gd7d3984
   FLATPAK_BRANCH: master
+  FLATPAK_SERVER_ADDRESS: 'gbm.gnome.org'
 
 stages:
   - build
@@ -34,8 +36,12 @@ before_script:
   - git -C bst-external/ checkout $BST_EXTERNAL_SHA
   - pip3 install bst-external/
 
-  # and flatpak to export the flatpak runtimes
-  - dnf install -y flatpak
+  # flatpak to export the flatpak runtimes, and rsync needed by rsync-repos
+  - dnf install -y flatpak rsync
+
+  # and ostree-releng-scripts for the rsync-repos script to push the result
+  - git clone https://github.com/ostreedev/ostree-releng-scripts.git
+  - git -C ostree-releng-scripts/ checkout "${OSTREE_RELENG_SHA}"
 
   # Ensure the log directory exists
   - mkdir -p logs
@@ -58,11 +64,46 @@ before_script:
           push: true
     EOF
 
+  # and ssh key for pushing to the flatpak repo
+  # FIXME: Protect the key
+  - |
+    if [ -n "$GITLAB_SSH_KEY" ]; then
+        mkdir -p ~/.ssh
+
+        echo "$GITLAB_SSH_KEY" > ~/.ssh/id_rsa
+        chmod 600 ~/.ssh/id_rsa
+        ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub
+
+        cat >> ~/.ssh/config << EOF
+    Host gbm-builder.gnome.org
+        User gbm
+        ProxyJump bastion.gnome.org
+        Hostname vpn.gbm-builder.gnome.org
+
+    Host bastion.gnome.org
+        User gbm
+    EOF
+
+        # Trust the host key of the jump host and release server
+        cat > ~/.ssh/known_hosts << EOF
+    |1|Ec1eaTSoDQshjIpoIPouJCw40R4=|wG59JbBlwNW2K3kznnH7OUZYEhA= ssh-rsa 
AAAAB3NzaC1yc2EAAAABIwAAAQEAz8HWpA/W/0c/jV9+nU9zyZVUjw8flLksl6BNkcM3s12AMJXTG6qLJ+qVeQwI20eDkTioLLQYgOmMsmmFsO68vlivuxHYfAvjFHui6TkDVGXJS3lPGyOCqVwRmpyG0GnrfRWdsdgrYEo6sGbParkRb/ZfXxOuUXg3wWXMmeMyWXhkb09b1uYZTUjuruJpJTQ9kIC3CH8bdl7oiq2ffd+KdAykTkzkq+kFNizNRe0uBKtkcDgYpAZGOPCEJjpjwvDrWinXoE7rvE8zMfAv2/CP5AM4D+8yHrFgWz9tOexJyNsfJAZmQjg5rWuoeYow9tTVNWVloRU3tvF8OvVprgwPAw==
+    |1|DdY9PAqPg4LrkwIatwAUs3JLOXU=|fJqmuz18y1bJLarIIqckB1dH/ts= ecdsa-sha2-nistp256 
AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAGixpYwAfvRyHOlqpKnrpo3iG5zPjQNL0hcay90SlNMfZ4W6+QUoFTZ/rQXDQFbBrOgTXzFDEQxKxxo350n6dw=
+    EOF
+
+    fi
+
 .build-template: &build
   stage: build
   dependencies: []
   script:
     - ${BST} -o arch "${ARCH}" build core.bst flatpak-runtimes.bst
+
+    # Clone the gbm OSTree repo locally
+    - ostree init --repo=repo --mode=archive
+    - ostree remote add --repo=repo origin "https://${FLATPAK_SERVER_ADDRESS}/repo/"; --no-gpg-verify
+    - ostree pull --repo=repo origin --mirror
+
+    # Build the runtimes
     - |
       mkdir runtimes
 
@@ -71,7 +112,9 @@ before_script:
         flatpak build-export --arch="${ARCH}" --files=files repo/ "runtimes/${runtime}" "${FLATPAK_BRANCH}"
       done
 
-    # TODO: push the resulting runtime to sdk.gnome.org
+    # push the resulting runtimes to gbm.gnome.org
+    # FIXME: Only push from protected branches
+    - ostree-releng-scripts/rsync-repos --src repo/ --dest gbm-builder.gnome.org:public_html/repo/
 
   # Store all the downloaded git and ostree repos in the distributed cache.
   # This saves us fetching them from the different repos and further afield