#!/usr/bin/env bash # This script helps to build release artifacts. # arg1: profile, e.g. emqx | emqx-enterprise # arg2: artifact, e.g. rel | relup | tgz | pkg set -euo pipefail [ "${DEBUG:-0}" -eq 1 ] && set -x PROFILE_ARG="$1" ARTIFACT="$2" is_enterprise() { case "$1" in *enterprise*) echo 'yes' ;; *) echo 'no' ;; esac } PROFILE_ENV="${PROFILE:-${PROFILE_ARG}}" case "$(is_enterprise "$PROFILE_ARG"),$(is_enterprise "$PROFILE_ENV")" in 'yes,yes') true ;; 'no,no') true ;; *) echo "PROFILE env var is set to '$PROFILE_ENV', but '$0' arg1 is '$PROFILE_ARG'" exit 1 ;; esac # make sure PROFILE is exported, it is needed by rebar.config.erl PROFILE=$PROFILE_ARG export PROFILE # ensure dir cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")" PKG_VSN="${PKG_VSN:-$(./pkg-vsn.sh "$PROFILE")}" export PKG_VSN SYSTEM="$(./scripts/get-distro.sh)" ARCH="$(uname -m)" case "$ARCH" in x86_64) ARCH='amd64' ;; aarch64) ARCH='arm64' ;; arm*) ARCH='arm64' ;; esac export ARCH ## ## Support RPM and Debian based linux systems ## if [ "$(uname -s)" = 'Linux' ]; then case "${SYSTEM:-}" in ubuntu*|debian*|raspbian*) PKGERDIR='deb' ;; *) PKGERDIR='rpm' ;; esac fi if [ "${SYSTEM}" = 'windows' ]; then # windows does not like the find FIND="/usr/bin/find" TAR="/usr/bin/tar" export BUILD_WITHOUT_ROCKSDB="on" else FIND='find' TAR='tar' fi log() { local msg="$1" # rebar3 prints ===>, so we print ===< echo "===< $msg" } prepare_erl_libs() { local libs_dir="$1" local erl_libs="${ERL_LIBS:-}" local sep if [ "${SYSTEM}" = 'windows' ]; then sep=';' else sep=':' fi for app in "${libs_dir}"/*; do if [ -d "${app}/ebin" ]; then if [ -n "$erl_libs" ]; then erl_libs="${erl_libs}${sep}${app}" else erl_libs="${app}" fi fi done export ERL_LIBS="$erl_libs" } make_docs() { case "$(is_enterprise "$PROFILE")" in 'yes') SCHEMA_MODULE='emqx_enterprise_schema' ;; 'no') SCHEMA_MODULE='emqx_conf_schema' ;; esac prepare_erl_libs "_build/$PROFILE/checkouts" prepare_erl_libs "_build/$PROFILE/lib" local docdir="_build/docgen/$PROFILE" mkdir -p "$docdir" # shellcheck disable=SC2086 erl -noshell -eval \ "ok = emqx_conf:dump_schema('$docdir', $SCHEMA_MODULE), \ halt(0)." } ## arg1 is the profile for which the following args (as app names) should be excluded assert_no_excluded_deps() { local profile="$1" shift 1 if [ "$PROFILE" != "$profile" ]; then # not currently building the profile which has apps to be excluded return 0 fi local rel_dir="_build/$PROFILE/rel/emqx/lib" local excluded_apps=( "$@" ) local found for app in "${excluded_apps[@]}"; do found="$($FIND "$rel_dir" -maxdepth 1 -type d -name "$app-*")" if [ -n "${found}" ]; then echo "ERROR: ${app} should not be included in ${PROFILE}" echo "ERROR: found ${app} in ${rel_dir}" exit 1 fi done } just_compile() { ./scripts/pre-compile.sh "$PROFILE" # make_elixir_rel always create rebar.lock # delete it to make git clone + checkout work because we use shallow close for rebar deps rm -f rebar.lock # compile all beams ./rebar3 as "$PROFILE" compile make_docs } just_compile_elixir() { ./scripts/pre-compile.sh "$PROFILE" rm -f rebar.lock # shellcheck disable=SC1010 env MIX_ENV="$PROFILE" mix do local.hex --if-missing --force, \ local.rebar rebar3 "${PWD}/rebar3" --if-missing --force, \ deps.get env MIX_ENV="$PROFILE" mix compile } make_rel() { local release_or_tar="${1}" just_compile # now assemble the release tar ./rebar3 as "$PROFILE" "$release_or_tar" assert_no_excluded_deps emqx-enterprise emqx_telemetry } make_elixir_rel() { ./scripts/pre-compile.sh "$PROFILE" export_elixir_release_vars "$PROFILE" # for some reason, this has to be run outside "do"... mix local.rebar --if-missing --force # shellcheck disable=SC1010 mix do local.hex --if-missing --force, \ local.rebar rebar3 "${PWD}/rebar3" --if-missing --force, \ deps.get mix release --overwrite assert_no_excluded_deps emqx-enterprise emqx_telemetry } ## extract previous version .tar.gz files to _build/$PROFILE/rel/emqx before making relup make_relup() { local rel_dir="_build/$PROFILE/rel/emqx" local name_pattern name_pattern="${PROFILE}-$(./pkg-vsn.sh "$PROFILE" --vsn_matcher --long)" local releases=() mkdir -p _upgrade_base while read -r tgzfile ; do local base_vsn base_vsn="$(echo "$tgzfile" | grep -oE "[0-9]+\.[0-9]+\.[0-9]+(-(alpha|beta|rc)\.[0-9])?(-[0-9a-f]{8})?" | head -1)" ## we have to create tmp dir to untar old tgz, as `tar --skip-old-files` is not supported on all plantforms local tmp_dir tmp_dir="$(mktemp -d -t emqx.XXXXXXX)" $TAR -C "$tmp_dir" -zxf "$tgzfile" mkdir -p "${rel_dir}/releases/" cp -npr "$tmp_dir/releases"/* "${rel_dir}/releases/" ## There is for some reason a copy of the '$PROFILE.rel' file to releases dir, ## the content is duplicated to releases/5.0.0/$PROFILE.rel. ## This file seems to be useless, but yet confusing as it does not change after upgrade/downgrade ## Hence we force delete this file. rm -f "${rel_dir}/releases/${PROFILE}.rel" mkdir -p "${rel_dir}/lib/" cp -npr "$tmp_dir/lib"/* "${rel_dir}/lib/" rm -rf "$tmp_dir" releases+=( "$base_vsn" ) done < <("$FIND" _upgrade_base -maxdepth 1 -name "${name_pattern}.tar.gz" -type f) if [ ${#releases[@]} -eq 0 ]; then log "No upgrade base found, relup ignored" return 0 fi RELX_BASE_VERSIONS="$(IFS=, ; echo "${releases[*]}")" export RELX_BASE_VERSIONS ./rebar3 as "$PROFILE" relup --relname emqx --relvsn "${PKG_VSN}" } cp_dyn_libs() { local rel_dir="$1" local target_dir="${rel_dir}/dynlibs" if ! [ "$(uname -s)" = 'Linux' ]; then return 0; fi mkdir -p "$target_dir" while read -r so_file; do cp -L "$so_file" "$target_dir/" done < <("$FIND" "$rel_dir" -type f \( -name "*.so*" -o -name "beam.smp" \) -print0 \ | xargs -0 ldd \ | grep -E '(libcrypto)|(libtinfo)|(libatomic)' \ | awk '{print $3}' \ | sort -u) } ## Re-pack the relx assembled .tar.gz to EMQX's package naming scheme ## It assumes the .tar.gz has been built -- relies on Makefile dependency make_tgz() { local pkgpath="_packages/${PROFILE}" local src_tarball local target_name local target if [ "${IS_ELIXIR:-no}" = "yes" ] then # ensure src_tarball exists ELIXIR_MAKE_TAR=yes make_elixir_rel local relpath="_build/${PROFILE}" full_vsn="$(./pkg-vsn.sh "$PROFILE" --long --elixir)" else # build the src_tarball again to ensure relup is included # elixir does not have relup yet. make_rel tar local relpath="_build/${PROFILE}/rel/emqx" full_vsn="$(./pkg-vsn.sh "$PROFILE" --long)" fi case "$SYSTEM" in macos*) target_name="${PROFILE}-${full_vsn}.zip" ;; windows*) target_name="${PROFILE}-${full_vsn}.zip" ;; *) target_name="${PROFILE}-${full_vsn}.tar.gz" ;; esac target="${pkgpath}/${target_name}" src_tarball="${relpath}/emqx-${PKG_VSN}.tar.gz" tard="$(mktemp -d -t emqx.XXXXXXX)" mkdir -p "${tard}/emqx" mkdir -p "${pkgpath}" if [ ! -f "$src_tarball" ]; then log "ERROR: $src_tarball is not found" fi $TAR zxf "${src_tarball}" -C "${tard}/emqx" if [ -f "${tard}/emqx/releases/${PKG_VSN}/relup" ]; then ./scripts/relup-build/inject-relup.escript "${tard}/emqx/releases/${PKG_VSN}/relup" fi ## try to be portable for tar.gz packages. ## for DEB and RPM packages the dependencies are resoved by yum and apt cp_dyn_libs "${tard}/emqx" case "$SYSTEM" in macos*) # if the flag to sign macos binaries is set, but developer certificate # or certificate password is not configured, reset the flag # could happen, for example, when people submit PR from a fork, in this # case they cannot access secrets if [[ "${APPLE_SIGN_BINARIES:-0}" == 1 && \ ( "${APPLE_DEVELOPER_ID_BUNDLE:-0}" == 0 || \ "${APPLE_DEVELOPER_ID_BUNDLE_PASSWORD:-0}" == 0 ) ]]; then echo "Apple developer certificate is not configured, skip signing" APPLE_SIGN_BINARIES=0 fi if [ "${APPLE_SIGN_BINARIES:-0}" = 1 ]; then ./scripts/macos-sign-binaries.sh "${tard}/emqx" fi ## create zip after change dir ## to avoid creating an extra level of 'emqx' dir in the .zip file pushd "${tard}/emqx" >/dev/null zip -r "../${target_name}" -- * >/dev/null popd >/dev/null mv "${tard}/${target_name}" "${target}" if [ "${APPLE_SIGN_BINARIES:-0}" = 1 ]; then # notarize the package # if fails, check what went wrong with this command: # xcrun notarytool log \ # --apple-id \ # --password # --team-id echo 'Submitting the package for notarization to Apple (normally takes about a minute)' notarytool_output="$(xcrun notarytool submit \ --apple-id "${APPLE_ID}" \ --password "${APPLE_ID_PASSWORD}" \ --team-id "${APPLE_TEAM_ID}" "${target}" \ --no-progress \ --wait)" echo "$notarytool_output" echo "$notarytool_output" | grep -q 'status: Accepted' || { echo 'Notarization failed'; exit 1; } fi # sha256sum may not be available on macos openssl dgst -sha256 "${target}" | cut -d ' ' -f 2 > "${target}.sha256" ;; windows*) pushd "${tard}" >/dev/null 7z a "${target_name}" ./emqx/* >/dev/null popd >/dev/null mv "${tard}/${target_name}" "${target}" sha256sum "${target}" | head -c 64 > "${target}.sha256" ;; *) ## create tar after change dir ## to avoid creating an extra level of 'emqx' dir in the .tar.gz file pushd "${tard}/emqx" >/dev/null $TAR -zcf "../${target_name}" -- * popd >/dev/null mv "${tard}/${target_name}" "${target}" sha256sum "${target}" | head -c 64 > "${target}.sha256" ;; esac log "Archive successfully repacked: ${target}" log "Archive sha256sum: $(cat "${target}.sha256")" } docker_cleanup() { rm -f ./.dockerignore >/dev/null # shellcheck disable=SC2015 [ -f ./.dockerignore.bak ] && mv ./.dockerignore.bak ./.dockerignore >/dev/null || true } ## Build the default docker image based on debian 11. make_docker() { local EMQX_BUILDER_VERSION="${EMQX_BUILDER_VERSION:-5.1-4}" local EMQX_BUILDER_PLATFORM="${EMQX_BUILDER_PLATFORM:-debian11}" local EMQX_BUILDER_OTP="${EMQX_BUILDER_OTP:-25.3.2-2}" local EMQX_BUILDER_ELIXIR="${EMQX_BUILDER_ELIXIR:-1.14.5}" local EMQX_BUILDER=${EMQX_BUILDER:-ghcr.io/emqx/emqx-builder/${EMQX_BUILDER_VERSION}:${EMQX_BUILDER_ELIXIR}-${EMQX_BUILDER_OTP}-${EMQX_BUILDER_PLATFORM}} local EMQX_RUNNER="${EMQX_RUNNER:-${EMQX_DEFAULT_RUNNER}}" local EMQX_DOCKERFILE="${EMQX_DOCKERFILE:-deploy/docker/Dockerfile}" local PKG_VSN="${PKG_VSN:-$(./pkg-vsn.sh)}" # shellcheck disable=SC2155 local VSN_MAJOR="$(scripts/semver.sh "$PKG_VSN" --major)" # shellcheck disable=SC2155 local VSN_MINOR="$(scripts/semver.sh "$PKG_VSN" --minor)" # shellcheck disable=SC2155 local VSN_PATCH="$(scripts/semver.sh "$PKG_VSN" --patch)" local SUFFIX='' if [[ "$PROFILE" = *-elixir ]]; then SUFFIX="-elixir" fi local DOCKER_REGISTRY="${DOCKER_REGISTRY:-docker.io}" local DOCKER_ORG="${DOCKER_ORG:-emqx}" local EMQX_BASE_DOCKER_TAG="${DOCKER_REGISTRY}/${DOCKER_ORG}/${PROFILE%%-elixir}" local default_tag="${EMQX_BASE_DOCKER_TAG}:${PKG_VSN}${SUFFIX}" local EMQX_IMAGE_TAG="${EMQX_IMAGE_TAG:-$default_tag}" local EDITION=Opensource local LICENSE='Apache-2.0' local PRODUCT_URL='https://www.emqx.io' local PRODUCT_DESCRIPTION='Official docker image for EMQX, the most scalable open-source MQTT broker for IoT, IIoT, and connected vehicles.' local DOCUMENTATION_URL='https://www.emqx.io/docs/en/latest/' ## extra_deps is a comma separated list of debian 11 package names local EXTRA_DEPS='' if [[ "$PROFILE" = *enterprise* ]]; then EXTRA_DEPS='libsasl2-2,libsasl2-modules-gssapi-mit' EDITION=Enterprise LICENSE='(Apache-2.0 AND BSL-1.1)' PRODUCT_URL='https://www.emqx.com/en/products/emqx' PRODUCT_DESCRIPTION='Official docker image for EMQX Enterprise, an enterprise MQTT platform at scale. ' DOCUMENTATION_URL='https://docs.emqx.com/en/enterprise/latest/' fi # shellcheck disable=SC2155 local ISO_8601_DATE="$(date -u +"%Y-%m-%dT%H:%M:%SZ")" # shellcheck disable=SC2155 local GIT_REVISION="$(git rev-parse HEAD)" local DOCKER_BUILDX_ARGS=( --build-arg BUILD_FROM="${EMQX_BUILDER}" \ --build-arg RUN_FROM="${EMQX_RUNNER}" \ --build-arg EMQX_NAME="${PROFILE}" \ --build-arg EXTRA_DEPS="${EXTRA_DEPS}" \ --build-arg PKG_VSN="${PKG_VSN}" \ --file "${EMQX_DOCKERFILE}" \ --label org.opencontainers.image.title="${PROFILE}" \ --label org.opencontainers.image.edition="${EDITION}" \ --label org.opencontainers.image.version="${PKG_VSN}" \ --label org.opencontainers.image.revision="${GIT_REVISION}" \ --label org.opencontainers.image.created="${ISO_8601_DATE}" \ --label org.opencontainers.image.source='https://github.com/emqx/emqx' \ --label org.opencontainers.image.url="${PRODUCT_URL}" \ --label org.opencontainers.image.description="${PRODUCT_DESCRIPTION}" \ --label org.opencontainers.image.documentation="${DOCUMENTATION_URL}" \ --label org.opencontainers.image.licenses="${LICENSE}" \ --label org.opencontainers.image.otp.version="${EMQX_BUILDER_OTP}" \ --tag "${EMQX_IMAGE_TAG}" \ --provenance false \ --pull ) if [ "${DOCKER_BUILD_NOCACHE:-false}" = true ]; then DOCKER_BUILDX_ARGS+=(--no-cache) fi if [ "${SUFFIX}" = '-elixir' ]; then DOCKER_BUILDX_ARGS+=(--label org.opencontainers.image.elixir.version="${EMQX_BUILDER_ELIXIR}") fi if [ "${DOCKER_LATEST:-false}" = true ]; then DOCKER_BUILDX_ARGS+=(--tag "${EMQX_BASE_DOCKER_TAG}:latest${SUFFIX}") DOCKER_BUILDX_ARGS+=(--tag "${EMQX_BASE_DOCKER_TAG}:${VSN_MAJOR}.${VSN_MINOR}${SUFFIX}") DOCKER_BUILDX_ARGS+=(--tag "${EMQX_BASE_DOCKER_TAG}:${VSN_MAJOR}.${VSN_MINOR}.${VSN_PATCH}${SUFFIX}") fi if [ "${DOCKER_PLATFORMS:-default}" != 'default' ]; then DOCKER_BUILDX_ARGS+=(--platform "${DOCKER_PLATFORMS}") fi if [ "${DOCKER_PUSH:-false}" = true ]; then DOCKER_BUILDX_ARGS+=(--push) fi # shellcheck disable=SC2015 [ -f ./.dockerignore ] && mv ./.dockerignore ./.dockerignore.bak || true trap docker_cleanup EXIT { echo '/_build' echo '/deps' echo '/*.lock' } >> ./.dockerignore set -x docker buildx build "${DOCKER_BUILDX_ARGS[@]}" . [[ "${DEBUG:-}" -eq 1 ]] || set +x echo "${EMQX_IMAGE_TAG}" > ./.docker_image_tag } function join { local IFS="$1" shift echo "$*" } # used to control the Elixir Mix Release output # see docstring in `mix.exs` export_elixir_release_vars() { local profile="$1" case "$profile" in emqx|emqx-enterprise) export ELIXIR_MAKE_TAR=${ELIXIR_MAKE_TAR:-no} ;; emqx-pkg|emqx-enterprise-pkg) export ELIXIR_MAKE_TAR=${ELIXIR_MAKE_TAR:-yes} ;; *) echo Invalid profile "$profile" exit 1 esac export MIX_ENV="$profile" } log "building artifact=$ARTIFACT for profile=$PROFILE" case "$ARTIFACT" in apps) if [ "${IS_ELIXIR:-}" = "yes" ]; then just_compile_elixir else just_compile fi ;; doc|docs) make_docs ;; rel) make_rel release ;; relup) make_relup ;; tgz) make_tgz ;; pkg) # this only affect build artifacts, such as schema doc export EMQX_ETC_DIR='/etc/emqx/' if [ -z "${PKGERDIR:-}" ]; then log "Skipped making deb/rpm package for $SYSTEM" exit 0 fi export EMQX_REL_FORM="$PKGERDIR" if [ "${IS_ELIXIR:-}" = 'yes' ]; then make_elixir_rel else make_rel tar fi env EMQX_REL="$(pwd)" \ EMQX_BUILD="${PROFILE}" \ make -C "deploy/packages/${PKGERDIR}" clean env EMQX_REL="$(pwd)" \ EMQX_BUILD="${PROFILE}" \ make -C "deploy/packages/${PKGERDIR}" ;; docker) make_docker ;; elixir) make_elixir_rel ;; *) log "Unknown artifact $ARTIFACT" exit 1 ;; esac