more robust debian packaging (#127)

Makefile

@@ -6,24 +6,32 @@ META := $(shell git rev-parse --abbrev-ref HEAD 2> /dev/null | sed 's:.*/::')
 VERSION := $(shell git fetch --tags --force 2> /dev/null; tags=($$(git tag --sort=-v:refname)) && ([ $${\#tags[@]} -eq 0 ] && echo v0.0.0 || echo $${tags[0]}))
 
 .ONESHELL:
+.PHONY: arm64
+.PHONY: amd64
+.PHONY: armhf
 
 .PHONY: all
 all: bootstrap sync test package bbtest
 
 .PHONY: package
 package:
-	@$(MAKE) bundle-binaries
-	@$(MAKE) bundle-debian
+	@$(MAKE) bundle-binaries-amd64
+	@$(MAKE) bundle-debian-amd64
 	@$(MAKE) bundle-docker
 
-.PHONY: bundle-binaries
-bundle-binaries:
-	@docker-compose run --rm package --arch linux/amd64 --pkg vault-rest
-	@docker-compose run --rm package --arch linux/amd64 --pkg vault-unit
+.PHONY: package-%
+package-%: %
+	@$(MAKE) bundle-binaries-$^
+	@$(MAKE) bundle-debian-$^
 
-.PHONY: bundle-debian
-bundle-debian:
-	@docker-compose run --rm debian -v $(VERSION)+$(META) --arch amd64
+.PHONY: bundle-binaries-%
+bundle-binaries-%: %
+	@docker-compose run --rm package --arch linux/$^ --pkg vault-rest
+	@docker-compose run --rm package --arch linux/$^ --pkg vault-unit
+
+.PHONY: bundle-debian-%
+bundle-debian-%: %
+	@docker-compose run --rm debian -v $(VERSION)+$(META) --arch $^
 
 .PHONY: bundle-docker
 bundle-docker:
@@ -35,47 +43,41 @@ bootstrap:
 
 .PHONY: lint
 lint:
-	@docker-compose run --rm lint --pkg vault-rest || :
-	@docker-compose run --rm lint --pkg vault-unit || :
+	@docker-compose run --rm lint --pkg vault || :
 
 .PHONY: sec
 sec:
-	@docker-compose run --rm sec --pkg vault-rest || :
-	@docker-compose run --rm sec --pkg vault-unit || :
+	@docker-compose run --rm sec --pkg vault || :
 
 .PHONY: sync
 sync:
-	@docker-compose run --rm sync --pkg vault-rest
-	@docker-compose run --rm sync --pkg vault-unit
+	@docker-compose run --rm sync --pkg vault
 
 .PHONY: test
 test:
-	@docker-compose run --rm test --pkg vault-rest
-	@docker-compose run --rm test --pkg vault-unit
+	@docker-compose run --rm test --pkg vault
 
 .PHONY: release
 release:
 	@docker-compose run --rm release -v $(VERSION)+$(META) -t ${GITHUB_RELEASE_TOKEN}
 
 .PHONY: bbtest
 bbtest:
-	@(docker rm -f $$(docker ps -a --filter="name=vault_bbtest" -q) &> /dev/null || :)
+	@(docker rm -f $$(docker ps -a --filter="name=vault_bbtest_amd64" -q) &> /dev/null || :)
 	@docker exec -it $$(\
 		docker run -d -ti \
-			--name=vault_bbtest \
+			--name=vault_bbtest_amd64 \
 			-e UNIT_VERSION="$(VERSION)-$(META)" \
 			-e UNIT_ARCH=amd64 \
 			-v /sys/fs/cgroup:/sys/fs/cgroup:ro \
 			-v /var/run/docker.sock:/var/run/docker.sock \
-      -v /var/lib/docker/containers:/var/lib/docker/containers \
+			-v /var/lib/docker/containers:/var/lib/docker/containers \
 			-v $$(pwd)/bbtest:/opt/bbtest \
 			-v $$(pwd)/reports:/reports \
-			--privileged=true \
-			--security-opt seccomp:unconfined \
 		jancajthaml/bbtest:amd64 \
 	) rspec --require /opt/bbtest/spec.rb \
 		--format documentation \
 		--format RspecJunitFormatter \
 		--out junit.xml \
 		--pattern /opt/bbtest/features/*.feature
-	@(docker rm -f $$(docker ps -a --filter="name=vault_bbtest" -q) &> /dev/null || :)
+	@(docker rm -f $$(docker ps -a --filter="name=vault_bbtest_amd64" -q) &> /dev/null || :)

bbtest/helpers/unit_helper.rb

@@ -18,13 +18,20 @@ def download()
     raise "no version specified" unless ENV.has_key?('UNIT_VERSION')
     raise "no arch specified" unless ENV.has_key?('UNIT_ARCH')
 
-    version = ENV['UNIT_VERSION']
-    parts = version.split(/(?:v)([^-]+)\-(.+)/)
-
-    raise "invalid version #{version}" if parts.length != 3
-
-    version = parts[1]
-    branch = parts[2]
+    version = ENV['UNIT_VERSION'].gsub('v', '')
+    parts = version.split('-')
+
+    docker_version = ""
+    debian_version = ""
+
+    if parts.length > 1
+      branch = version[parts[0].length+1..-1]
+      docker_version = "#{parts[0]}-#{branch}"
+      debian_version = "#{parts[0]}+#{branch}"
+    elsif parts.length == 1
+      docker_version = parts[0]
+      debian_version = parts[0]
+    end
 
     arch = ENV['UNIT_ARCH']
 
@@ -39,7 +46,7 @@ def download()
     begin
       file.write([
         "FROM alpine",
-        "COPY --from=openbank/vault:v#{version}-#{branch} /opt/artifacts/vault_#{version}+#{branch}_#{arch}.deb /opt/artifacts/vault.deb",
+        "COPY --from=openbank/vault:v#{docker_version} /opt/artifacts/vault_#{debian_version}_#{arch}.deb /opt/artifacts/vault.deb",
         "RUN ls -la /opt/artifacts"
       ].join("\n"))
       file.close

dev/lifecycle/debian

@@ -40,24 +40,84 @@ if [ ! "${TARGET_ARCHITECTURE}" ] ; then
   exit 1
 fi
 
+generate_manpage() {
+  mkdir -p ${DEB_SOURCES}/usr/share/man/man8
+
+  target_unit="${DEB_SOURCES}/usr/share/man/man8/vault-unit.8"
+  target_rest="${DEB_SOURCES}/usr/share/man/man8/vault-rest.8"
+
+  if [ -f ${target_unit} ] ; then
+    rm -f ${target_unit}
+  fi
+
+  if [ -f ${target_unit}.gz ] ; then
+    rm -f ${target_unit}.gz
+  fi
+
+  if [ -f ${target_rest} ] ; then
+    rm -f ${target_rest}
+  fi
+
+  if [ -f ${target_rest}.gz ] ; then
+    rm -f ${target_rest}.gz
+  fi
+
+cat > ${target_unit} <<EOL
+.TH VAULT-UNIT 8 2019 "Vault Unit" "OpenBank Account Vault Tenant Unit"
+.SH NAME
+vault \- starts openbank account vault account unit
+.SH DESCRIPTION
+The
+.B pldd
+vault rest provides REST server for accessing and manipulating vault units
+.EE
+EOL
+
+cat > ${target_rest} <<EOL
+.TH VAULT-REST 8 2019 "Vault REST" "OpenBank Account Vault REST Server"
+.SH NAME
+vault \- starts openbank account vault REST server
+.SH DESCRIPTION
+The
+.B pldd
+vault unit stores account journal and negotiates account balance blocation
+.EE
+EOL
+
+  cat ${target_unit} | gzip -n -9 > ${target_unit}.gz
+  rm ${target_unit}
+
+  cat ${target_rest} | gzip -n -9 > ${target_rest}.gz
+  rm ${target_rest}
+}
+
 generate_changelog() {
+  mkdir -p ${DEB_SOURCES}/usr/share/doc/vault
+
+  target="${DEB_SOURCES}/usr/share/doc/vault/changelog"
+
+  if [ -f ${target} ] ; then
+    rm -f ${target}
+  fi
+
+  if [ -f ${target}.Debian.gz ] ; then
+    rm -f ${target}.Debian.gz
+  fi
+
+  touch ${target}
+
   VER="${VERSION}"
   tag=HEAD
   ADDS=$(echo ${VER} | sed -e 's/~.*//' | cut -s -d- -f2 | sed '/^[[:space:]]*$/d')
-  if [ -f ${CHANGELOG} ] ; then
-    rm -f ${CHANGELOG}
-  fi
-
-  touch ${CHANGELOG}
 
   if [[ -z "${ADDS// }" ]] ; then
-    DATE=$(git log -1 --format=%cD ${tag})
-    echo "vault (${VER}) ${DIST}; urgency=low" >> ${CHANGELOG}
-    echo "" >> ${CHANGELOG}
-    echo "  * Includes non-released commits" >> ${CHANGELOG}
-    echo "" >> ${CHANGELOG}
-    echo " -- Jan Cajthaml <jan.cajthaml@gmail.com>  ${DATE}" >> ${CHANGELOG}
-    echo "" >> ${CHANGELOG}
+    DATE=$(date '+%a, %-d %b %Y %H:%M:%S %z')
+    echo "vault (${VER}) unstable; urgency=low" >> ${target}
+    echo "" >> ${target}
+    echo "  * includes non-released commits" >> ${target}
+    echo "" >> ${target}
+    echo " -- Jan Cajthaml <jan.cajthaml@gmail.com>  ${DATE}" >> ${target}
+    echo "" >> ${target}
   fi
 
   PAIRS=()
@@ -78,20 +138,23 @@ generate_changelog() {
 
     if [[ -n "${commits// }" ]] ; then
 
-      echo "vault (${tag_to#v}) ${DIST}; urgency=low" >> ${CHANGELOG}
-      echo "" >> ${CHANGELOG}
+      echo "vault (${tag_to#v}) stable; urgency=low" >> ${target}
+      echo "" >> ${target}
 
       echo "${commits}" | \
       while read note ; do
-        echo "  * $(tr '[:lower:]' '[:upper:]' <<< ${note:0:1})${note:1}" >> ${CHANGELOG}
+        echo "  * $(tr '[:lower:]' '[:upper:]' <<< ${note:0:1})${note:1}" >> ${target}
       done
 
-      echo "" >> ${CHANGELOG}
+      echo "" >> ${target}
 
-      echo " -- Jan Cajthaml <jan.cajthaml@gmail.com>  ${DATE}" >> ${CHANGELOG}
-      echo "" >> ${CHANGELOG}
+      echo " -- Jan Cajthaml <jan.cajthaml@gmail.com>  ${DATE}" >> ${target}
+      echo "" >> ${target}
     fi
   done
+
+  cat ${target} | gzip -n -9 > ${target}.Debian.gz
+  rm ${target}
 }
 
 ################################################################################
@@ -105,50 +168,86 @@ if [ ! -d "${DEB_SOURCES}" ] ; then
   exit 1
 fi
 
-CHANGELOG=${DEB_SOURCES}/DEBIAN/changelog
-CONTROL=${DEB_SOURCES}/DEBIAN/control
-DIST=unstable
-FIRST=1
+if [ ! -f "${BIN_SOURCES}/vault-rest-linux-${TARGET_ARCHITECTURE}" ] ; then
+  (>&2 echo "did not found binary to package at ${BIN_SOURCES}/vault-rest-linux-${TARGET_ARCHITECTURE}")
+  exit 1
+fi
 
 if [ ! -f "${BIN_SOURCES}/vault-unit-linux-${TARGET_ARCHITECTURE}" ] ; then
   (>&2 echo "did not found binary to package at ${BIN_SOURCES}/vault-unit-linux-${TARGET_ARCHITECTURE}")
   exit 1
 fi
 
-if [ ! -f "${BIN_SOURCES}/vault-rest-linux-${TARGET_ARCHITECTURE}" ] ; then
-  (>&2 echo "did not found binary to package at ${BIN_SOURCES}/vault-rest-linux-${TARGET_ARCHITECTURE}")
-  exit 1
+mkdir -p ${DEB_SOURCES}/usr/bin
+if [ -f "${DEB_SOURCES}/usr/bin/vault-rest" ] ; then
+  rm -f ${DEB_SOURCES}/usr/bin/vault-rest
 fi
-
-mkdir -p ${DEB_SOURCES}/openbank/services/vault
-
-if [ -f "${DEB_SOURCES}/openbank/services/vault/vault-unit" ] ; then
-  rm -f ${DEB_SOURCES}/openbank/services/vault/vault-unit
+if [ -f "${DEB_SOURCES}/usr/bin/vault-unit" ] ; then
+  rm -f ${DEB_SOURCES}/usr/bin/vault-unit
 fi
 
-if [ -f "${DEB_SOURCES}/openbank/services/vault/vault-rest" ] ; then
-  rm -f ${DEB_SOURCES}/openbank/services/vault/vault-rest
-fi
+case ${TARGET_ARCHITECTURE} in
+
+  armhf)
+    arm-linux-gnueabihf-objcopy \
+      --strip-debug \
+      --strip-unneeded \
+      "${BIN_SOURCES}/vault-rest-linux-${TARGET_ARCHITECTURE}" \
+      "${DEB_SOURCES}/usr/bin/vault-rest"
+    arm-linux-gnueabihf-objcopy \
+      --strip-debug \
+      --strip-unneeded \
+      "${BIN_SOURCES}/vault-unit-linux-${TARGET_ARCHITECTURE}" \
+      "${DEB_SOURCES}/usr/bin/vault-unit"
+  ;;
 
-du -hs "${BIN_SOURCES}/vault-unit-linux-${TARGET_ARCHITECTURE}"
-du -hs "${BIN_SOURCES}/vault-rest-linux-${TARGET_ARCHITECTURE}"
+  arm64)
+    aarch64-linux-gnu-objcopy \
+      --strip-debug \
+      --strip-unneeded \
+      "${BIN_SOURCES}/vault-rest-linux-${TARGET_ARCHITECTURE}" \
+      "${DEB_SOURCES}/usr/bin/vault-rest"
+    aarch64-linux-gnu-objcopy \
+      --strip-debug \
+      --strip-unneeded \
+      "${BIN_SOURCES}/vault-unit-linux-${TARGET_ARCHITECTURE}" \
+      "${DEB_SOURCES}/usr/bin/vault-unit"
+  ;;
 
-cp \
-  "${BIN_SOURCES}/vault-unit-linux-${TARGET_ARCHITECTURE}" \
-  "${DEB_SOURCES}/openbank/services/vault/vault-unit"
+  amd64)
+    objcopy \
+      --strip-debug \
+      --strip-unneeded \
+      "${BIN_SOURCES}/vault-rest-linux-${TARGET_ARCHITECTURE}" \
+      "${DEB_SOURCES}/usr/bin/vault-rest"
+    objcopy \
+      --strip-debug \
+      --strip-unneeded \
+      "${BIN_SOURCES}/vault-unit-linux-${TARGET_ARCHITECTURE}" \
+      "${DEB_SOURCES}/usr/bin/vault-unit"
+  ;;
 
-cp \
-  "${BIN_SOURCES}/vault-rest-linux-${TARGET_ARCHITECTURE}" \
-  "${DEB_SOURCES}/openbank/services/vault/vault-rest"
+  *)
+    cp \
+      "${BIN_SOURCES}/vault-rest-linux-${TARGET_ARCHITECTURE}" \
+      "${DEB_SOURCES}/usr/bin/vault-unit"
+    cp \
+      "${BIN_SOURCES}/vault-rest-linux-${TARGET_ARCHITECTURE}" \
+      "${DEB_SOURCES}/usr/bin/vault-rest"
+  ;;
 
-file "${DEB_SOURCES}/openbank/services/vault/vault-unit"
-file "${DEB_SOURCES}/openbank/services/vault/vault-rest"
+esac
 
 generate_changelog
-sed -i 's/Version.*/Version: '${VERSION#v}'/' ${CONTROL}
+generate_manpage
 
-find "${BIN_SOURCES}" -type f -name "vault_*_${TARGET_ARCHITECTURE}.deb" -exec rm {} \;
+sed -i 's/Version.*/Version: '${VERSION#v}'/' "${DEB_SOURCES}/DEBIAN/control"
+
+find "${BIN_SOURCES}" -name "vault_*_${TARGET_ARCHITECTURE}.deb" -exec rm -f {} \;
 
 dpkg-deb --build "${DEB_SOURCES}" "${BIN_SOURCES}"
 
+find "${BIN_SOURCES}" -name "vault_*_${TARGET_ARCHITECTURE}.deb" -exec fakeroot lintian --pedantic {} \;
 find "${BIN_SOURCES}" -name "vault_*_${TARGET_ARCHITECTURE}.deb" -exec du -hs {} \;
+
+exit 0

dev/lifecycle/lint

@@ -39,6 +39,7 @@ scan() {
   (/go/bin/gocyclo -over 15 ${1} || :)
   (/go/bin/prealloc ${1} || :)
   (/go/bin/goconst ${1} || :)
+  (/go/bin/ineffassign ${1} || :)
 }
 
 find /go/src/github.com/jancajthaml-openbank/${TARGET_PACKAGE} \