Create a common sha-file for all build-files and upload them at the same time

2 files changed, 64 insertions, 59 deletions

diff --git a/ci/buildserver-build.sh b/ci/buildserver-build.sh
index 166dab197d..0f68577803 100755
--- a/ci/buildserver-build.sh
+++ b/ci/buildserver-build.sh
@@ -17,7 +17,6 @@ shopt -s nullglob
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 BUILD_DIR="$SCRIPT_DIR/mullvadvpn-app"
 LAST_BUILT_DIR="$SCRIPT_DIR/last-built"
-PDB_DIR="$SCRIPT_DIR/pdb"
 UPLOAD_DIR="/home/upload/upload"
 
 BRANCHES_TO_BUILD=("origin/master")
@@ -43,29 +42,25 @@ EOF
 }
 
 upload() {
-  for f in MullvadVPN-*.{deb,rpm,exe,pkg,apk,aab}; do
-    sha256sum "$f" > "$f.sha256"
-    case "$(uname -s)" in
-      # Linux is both the build and upload server. Just move directly to target dir
-      Linux*)
-        mv "$f" "$f.sha256" "$UPLOAD_DIR/"
-        ;;
-      # Other platforms need to transfer their artifacts to the Linux build machine.
-      Darwin*|MINGW*|MSYS_NT*)
-        upload_sftp "$f" || return 1
-        upload_sftp "$f.sha256" || return 1
-        ;;
-    esac
-  done
-}
+  version=$1
 
-upload_pdb() {
-  current_hash=$1
-  f="pdb-$current_hash.tar.xz"
+  files=( * )
+  checksums_path="$version+$(hostname).sha256"
+  sha256sum "${files[@]}" > "$checksums_path"
 
-  sha256sum "$f" > "$f.sha256"
-  upload_sftp "$f" || return 1
-  upload_sftp "$f.sha256" || return 1
+  case "$(uname -s)" in
+    # Linux is both the build and upload server. Just move directly to target dir
+    Linux*)
+      mv "${files[@]}" "$checksums_path" "$UPLOAD_DIR/"
+      ;;
+    # Other platforms need to transfer their artifacts to the Linux build machine.
+    Darwin*|MINGW*|MSYS_NT*)
+      for file in "${files[@]}"; do
+        upload_sftp "$file" || return 1
+      done
+      upload_sftp "$checksums_path" || return 1
+      ;;
+  esac
 }
 
 build_ref() {
@@ -105,11 +100,16 @@ build_ref() {
   # Make sure we have the latest Rust and Node toolchains before the build
   rustup update
 
+  version="$(cargo run -q --bin mullvad-version)"
+  artifact_dir="dist/$version"
+  mkdir -p "$artifact_dir"
+
   BUILD_ARGS=(--optimize --sign)
   if [[ "$(uname -s)" == "Darwin" ]]; then
     BUILD_ARGS+=(--universal)
   fi
   ./build.sh "${BUILD_ARGS[@]}" || return 0
+  mv dist/*.{deb,rpm,exe,pkg} "$artifact_dir"
 
   case "$(uname -s)" in
     MINGW*|MSYS_NT*)
@@ -118,14 +118,12 @@ build_ref() {
         ./target/release/mullvad-daemon.pdb \
         ./target/release/mullvad.pdb \
         ./target/release/mullvad-problem-report.pdb \
-        -iname "*.pdb" | tar -cJf $PDB_DIR/pdb-$current_hash.tar.xz -T -
+        -iname "*.pdb" | tar -cJf "$artifact_dir/pdb-$version.tar.xz" -T -
       ;;
     Linux*)
       echo "Building ARM64 installers"
       TARGETS=aarch64-unknown-linux-gnu ./build.sh "${BUILD_ARGS[@]}" || return 0
-
-      #echo "Building Android APK"
-      #./build-apk.sh --app-bundle || return 0
+      mv dist/*.{deb,rpm} "$artifact_dir"
       ;;
   esac
 
@@ -136,20 +134,20 @@ build_ref() {
       version_suffix="+${tag//[^0-9a-z_-]/}"
       # Will only match paths that include *-dev-* which means release builds will not be included
       # Pipes all matching names and their new name to mv
-      pushd dist
-      for original_file in MullvadVPN-*-dev-*{.deb,.rpm,.exe,.pkg,.apk,.aab}; do
-          new_file=$(echo $original_file | sed -nE "s/^(MullvadVPN-.*-dev-.*)(_amd64\.deb|_x86_64\.rpm|_arm64\.deb|_aarch64\.rpm|\.exe|\.pkg|\.apk|\.aab)$/\1$version_suffix\2/p")
-          mv $original_file $new_file
+      pushd "$artifact_dir"
+      for original_file in MullvadVPN-*-dev-*{.deb,.rpm,.exe,.pkg}; do
+          new_file=$(echo "$original_file" | sed -nE "s/^(MullvadVPN-.*-dev-.*)(_amd64\.deb|_x86_64\.rpm|_arm64\.deb|_aarch64\.rpm|\.exe|\.pkg)$/\1$version_suffix\2/p")
+          mv "$original_file" "$new_file"
       done
       popd
+
+      version="$version$version_suffix"
   fi
 
-  (cd dist/ && upload) || return 0
-  case "$(uname -s)" in
-    MINGW*|MSYS_NT*)
-      (cd "$PDB_DIR" && upload_pdb $current_hash) || return 0
-    ;;
-  esac
+  (cd "$artifact_dir" && upload "$version") || return 0
+  # shellcheck disable=SC2216
+  yes | rm -r "$artifact_dir"
+
   touch "$LAST_BUILT_DIR/$current_hash"
   echo "Successfully finished build at $(date)"
 }
diff --git a/ci/buildserver-upload.sh b/ci/buildserver-upload.sh
index e6e50a4383..2bd1a29a8d 100755
--- a/ci/buildserver-upload.sh
+++ b/ci/buildserver-upload.sh
@@ -1,6 +1,7 @@
 #!/usr/bin/env bash
 
 UPLOAD_DIR="/home/upload/upload"
+BUILD_ARTIFACT_EXTENSIONS="deb|rpm|exe|pkg|apk|aab"
 
 set -eu
 shopt -s nullglob
@@ -9,39 +10,45 @@ cd $UPLOAD_DIR
 
 while true; do
   sleep 10
-  for f_checksum in MullvadVPN-*.{deb,rpm,exe,pkg,apk,aab}.sha256; do
+
+  for checksums_path in *.sha256; do
     sleep 1
-    f="${f_checksum/.sha256/}"
-    if ! sha256sum --quiet -c "$f_checksum"; then
-      echo "Failed to verify checksum for $f"
+
+    # Strip everything from the last "+" in the file name to only keep the version and tag (if
+    # present).
+    version="${checksums_path%+*}"
+    if ! sha256sum --quiet -c "$checksums_path"; then
+      echo "Failed to verify checksums for $version"
       continue
     fi
 
-    version=$(echo "$f" | sed -Ee 's/MullvadVPN-(.*)(\.exe|\.pkg|_amd64\.deb|_x86_64\.rpm|_arm64\.deb|_aarch64\.rpm|\.apk|\.aab)/\1/g')
     if [[ $version == *"-dev-"* ]]; then
-        upload_path="builds"
+      upload_path="builds"
     else
-        upload_path="releases"
+      upload_path="releases"
     fi
 
-    rsync -av --rsh='ssh -p 1122' "$f" "build@releases.mullvad.net:$upload_path/$version/" || continue
+    files=$(awk '{print $2}' < "$checksums_path")
+    for file in $files; do
+      file_upload_dir="$upload_path/$version"
+      if [[ ! $file =~ \.($BUILD_ARTIFACT_EXTENSIONS|asc)$ ]]; then
+        file_upload_dir="$file_upload_dir/additional-files"
+      fi
 
-    rm -f "$f.asc"
-    gpg -u A1198702FC3E0A09A9AE5B75D5A1D4F266DE8DDF --pinentry-mode loopback --sign --armor --detach-sign "$f"
-    rsync -av --rsh='ssh -p 1122' "$f.asc" "build@releases.mullvad.net:$upload_path/$version/" || continue
-    yes | rm "$f" "$f_checksum" "$f.asc"
-  done
+      rsync -av --rsh='ssh -p 1122' "$file" "build@releases.mullvad.net:$file_upload_dir/" || continue
 
-  # Upload PDB files (Windows debugging info)
-  for f_checksum in pdb-*.sha256; do
-    sleep 1
-    f="${f_checksum/.sha256/}"
-    if ! sha256sum --quiet -c "$f_checksum"; then
-      echo "Failed to verify checksum for $f"
-      continue
-    fi
+      if [[ $file =~ \.($BUILD_ARTIFACT_EXTENSIONS)$ ]]; then
+        rm -f "$file.asc"
+        gpg -u A1198702FC3E0A09A9AE5B75D5A1D4F266DE8DDF --pinentry-mode loopback --sign --armor --detach-sign "$file"
+        rsync -av --rsh='ssh -p 1122' "$file.asc" "build@releases.mullvad.net:$file_upload_dir/" || continue
+        rm -f "$file.asc"
+      fi
+
+      # shellcheck disable=SC2216
+      yes | rm "$file"
+    done
 
-    rsync -av --rsh='ssh -p 1122' "$f" "build@releases.mullvad.net:builds/pdb/" || continue
-    yes | rm "$f" "$f_checksum"
+    # shellcheck disable=SC2216
+    yes | rm "$checksums_path"
   done
 done