CICD: fix aptly repo management (#5870)

5 files changed, 16 insertions, 61 deletions

diff --git a/.aptly.conf b/.aptly.conf
index 6300abc3b..8badff78d 100644
--- a/.aptly.conf
+++ b/.aptly.conf
@@ -1,5 +1,4 @@
 {
-  "rootDir": "/root/aptly",
   "downloadConcurrency": 4,
   "downloadSpeedLimit": 0,
   "architectures": [],
@@ -27,4 +26,3 @@
   },
   "SwiftPublishEndpoints": {}
 }
-
diff --git a/docker/build/aptly.Dockerfile b/docker/build/aptly.Dockerfile
index 1849d8e5e..24982e741 100644
--- a/docker/build/aptly.Dockerfile
+++ b/docker/build/aptly.Dockerfile
@@ -1,26 +1,16 @@
-FROM ubuntu:20.04
+FROM ubuntu:22.04
 
 ARG ARCH=amd64
-ARG GOLANG_VERSION
-ENV DEBIAN_FRONTEND noninteractive
 
-RUN apt-get update && apt-get install aptly awscli binutils build-essential curl gnupg2 -y
-RUN curl https://dl.google.com/go/go${GOLANG_VERSION}.linux-${ARCH%v*}.tar.gz | tar -xzf - && mv go /usr/local
-ENV GOROOT=/usr/local/go \
-    GOPATH=/root/go \
-    PATH=$GOPATH/bin:$GOROOT/bin:$PATH
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install aptly awscli binutils build-essential curl gnupg2 -y
 
 WORKDIR /root
 COPY .aptly.conf .
-RUN curl https://releases.algorand.com/key.pub | gpg --no-default-keyring --keyring trustedkeys.gpg --import - && \
-    aptly mirror create stable https://releases.algorand.com/deb/ stable main && \
+RUN curl https://releases.algorand.com/key.pub | gpg --no-default-keyring --keyring /root/.gnupg/trustedkeys.gpg --import -
+RUN gpg --no-default-keyring --keyring /root/.gnupg/trustedkeys.gpg --export --output /root/.gnupg/newkeyring.gpg && mv -f /root/.gnupg/newkeyring.gpg /root/.gnupg/trustedkeys.gpg
+RUN aptly mirror create stable https://releases.algorand.com/deb/ stable main && \
     aptly mirror create beta https://releases.algorand.com/deb/ beta main && \
-    aptly repo create -distribution=stable -architectures=amd64 -component=main -comment=mainnet stable && \
-    aptly repo create -distribution=beta -architectures=amd64 -component=main -comment=betanet beta && \
-    aptly mirror update stable && \
-    aptly mirror update beta && \
-    aptly repo import stable stable algorand algorand-devtools && \
-    aptly repo import beta beta algorand-beta algorand-devtools-beta
+    aptly repo create -distribution=stable -architectures=amd64,arm64 -component=main -comment=mainnet stable && \
+    aptly repo create -distribution=beta -architectures=amd64,arm64 -component=main -comment=betanet beta
 
 CMD ["/bin/bash"]
-
diff --git a/docker/build/docker.ubuntu.Dockerfile b/docker/build/docker.ubuntu.Dockerfile
index 5091afefa..e82dba3d7 100644
--- a/docker/build/docker.ubuntu.Dockerfile
+++ b/docker/build/docker.ubuntu.Dockerfile
@@ -3,18 +3,14 @@ ARG ARCH="amd64"
 FROM ${ARCH}/ubuntu:20.04
 ARG GOLANG_VERSION
 ARG ARCH="amd64"
-RUN apt-get update && apt-get install curl python python3.7 python3-pip build-essential apt-transport-https ca-certificates software-properties-common -y && \
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install curl python python3.7 python3-pip build-essential apt-transport-https ca-certificates software-properties-common -y && \
     curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - && \
-    add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" && \
-    apt-get update && apt-get install docker-ce -y
+    DEBIAN_FRONTEND=noninteractive add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" && \
+    apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install docker-ce -y
 
-# Mule needs >= python3.7 so set that as the default.
-RUN update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1 && \
-    update-alternatives --install /usr/bin/python python /usr/bin/python3.7 2 && \
-    update-alternatives --set python /usr/bin/python3.7 && \
-    pip3 install mulecli
+RUN pip3 install mulecli
 
-RUN apt-get update && apt-get install -y autoconf bsdmainutils git && \
+RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y autoconf bsdmainutils git && \
     curl https://dl.google.com/go/go${GOLANG_VERSION}.linux-amd64.tar.gz | tar -xzf - && \
     mv go /usr/local
 
diff --git a/package-deploy.yaml b/package-deploy.yaml
index 871d6ef1f..8daf262ac 100644
--- a/package-deploy.yaml
+++ b/package-deploy.yaml
@@ -30,8 +30,6 @@ agents:
     dockerFilePath: docker/build/aptly.Dockerfile
     image: algorand/aptly
     version: scripts/configure_dev-deps.sh
-    buildArgs:
-      - GOLANG_VERSION=`./scripts/get_golang_version.sh`
     env:
       - AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID
       - AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY
@@ -42,6 +40,8 @@ agents:
     volumes:
       - $XDG_RUNTIME_DIR/gnupg/S.gpg-agent:/root/.gnupg/S.gpg-agent
       - $HOME/.gnupg/pubring.kbx:/root/.gnupg/pubring.kbx
+      - $HOME/.gnupg/secring.gpg:/root/.gnupg/secring.gpg
+      - $HOME/.aptly:/root/.aptly
     workDir: $HOME/projects/go-algorand
 
   - name: rpm
@@ -64,7 +64,6 @@ agents:
       - $HOME/.gnupg/pubring.kbx:/root/.gnupg/pubring.kbx
     workDir: $HOME/projects/go-algorand
 
-
 tasks:
   - task: docker.Make
     name: docker
diff --git a/scripts/release/mule/deploy/deb/deploy.sh b/scripts/release/mule/deploy/deb/deploy.sh
index 395aa7060..c9c4b4b6c 100755
--- a/scripts/release/mule/deploy/deb/deploy.sh
+++ b/scripts/release/mule/deploy/deb/deploy.sh
@@ -32,34 +32,7 @@ aptly mirror update beta
 aptly repo import stable stable algorand algorand-devtools
 aptly repo import beta beta algorand-beta algorand-devtools-beta
 
-KEY_PREFIX="$CHANNEL/$VERSION"
-FILENAME_SUFFIX="${CHANNEL}_linux-amd64_${VERSION}.deb"
-ALGORAND_KEY="$KEY_PREFIX/algorand_${FILENAME_SUFFIX}"
-DEVTOOLS_KEY="$KEY_PREFIX/algorand-devtools_${FILENAME_SUFFIX}"
-
-# `STAGING` could contain a "path" (i.e. "my_bucket/foo/bar"), but the
-# `s3api` api expects it to be only the bucket name (i.e., "my_bucket").
-BUCKET=$(awk -F/ '{ print $1 }' <<< "$STAGING")
-
-# If the strings match then the objects are in the top-level of the bucket.
-if [ "$STAGING" = "$BUCKET" ]
-then
-    BUCKET_PREFIX_PATH="$STAGING"
-else
-    # Remove matching prefix.
-    BUCKET_PREFIX_PATH=${STAGING#$BUCKET"/"}
-fi
-
-for key in {"$ALGORAND_KEY","$DEVTOOLS_KEY"}
-do
-    key="$BUCKET_PREFIX_PATH/$key"
-    if aws s3api head-object --bucket "$BUCKET" --key "$key"
-    then
-        aws s3 cp "s3://$BUCKET/$key" "$PACKAGES_DIR"
-    else
-        echo "[$0] The package \`$key\` failed to download."
-    fi
-done
+cp -f tmp/{algorand,algorand-devtools}_${CHANNEL}_linux-{amd64,arm64}_${VERSION}.deb $PACKAGES_DIR
 
 if ls -A $PACKAGES_DIR
 then
@@ -68,7 +41,7 @@ then
     aptly snapshot create "$SNAPSHOT" from repo "$CHANNEL"
     if ! aptly publish show "$CHANNEL" s3:algorand-releases: &> /dev/null
     then
-        aptly publish snapshot -gpg-key=dev@algorand.com -origin=Algorand -label=Algorand "$SNAPSHOT" s3:algorand-releases:
+        aptly publish -batch snapshot -gpg-key=dev@algorand.com -origin=Algorand -label=Algorand "$SNAPSHOT" s3:algorand-releases:
     else
         aptly publish switch "$CHANNEL" s3:algorand-releases: "$SNAPSHOT"
     fi
@@ -76,4 +49,3 @@ else
     echo "[$0] The packages directory is empty, so there is nothing to add the \`$CHANNEL\` repo."
     exit 1
 fi
-