ci: Add Gitlab-CI

Automatic upload to PPA is untested!

.gitlab-ci.yml

@@ -0,0 +1,102 @@
+variables:
+  LANG: "C.UTF-8"
+
+workflow:
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_OPEN_MERGE_REQUESTS
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_PROTECTED == "true"
+    - if: $CI_PIPELINE_SOURCE == "web"
+    - if: $CI_PIPELINE_SOURCE == "webide"
+
+lint:
+  image: python:3.8-slim-bullseye
+  variables:
+    PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
+  cache:
+    paths:
+      - .cache/pip
+      - venv/
+  before_script:
+    - printf '\e[0Ksection_start:%d:%s[collapsed=true]\r\e[0K%s\n' "$(date +%s)" apt 'Install dependencies'
+    - python -V  # Print out python version for debugging
+    - pip install virtualenv
+    - virtualenv venv
+    - . venv/bin/activate
+    - pip install .[dev] --trusted-host git.knut.univention.de --find-links https://git.knut.univention.de/api/v4/projects/590/packages/pypi/simple/python-ldap/
+    - printf '\e[0Ksection_end:%d:%s\r\e[0K\n' "$(date +%s)" apt
+  script:
+    - flake8
+    - isort .
+    - mypy
+
+deb:
+  image: ubuntu:20.04
+  variables:
+    DEBIAN_FRONTEND: noninteractive
+  before_script:
+    - printf '\e[0Ksection_start:%d:%s[collapsed=true]\r\e[0K%s\n' "$(date +%s)" apt 'Install dependencies'
+    - apt-get -qq update
+    - apt-get -q --assume-yes install build-essential
+    - apt-get -q --assume-yes build-dep .
+    - printf '\e[0Ksection_end:%d:%s\r\e[0K\n' "$(date +%s)" apt
+    - find -exec touch -m -h -c -d "@${SOURCE_DATE_EPOCH:-$(dpkg-parsechangelog -STimestamp)}" {} +
+  script:
+    - dpkg-buildpackage --no-sign -S
+    - dpkg-buildpackage --no-sign -b
+    - mv ../*univention-domain-join*_*.* .
+  artifacts:
+    paths:
+      - "*univention-domain-join*_*.*"
+
+deploy:
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_PROTECTED == "true"
+  interruptible: no
+  variables:
+    GIT_STRATEGY: none
+  needs:
+    - job: lint
+    - job: deb
+  image: docker-registry.knut.univention.de/knut/dput
+  script:
+    - dput --force gitlab univention-domain-join_*_source.changes
+    - dput --force gitlab univention-domain-join_*_amd64.changes
+
+upload:
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_PROTECTED == "true"
+      changes:
+        - debian/changelog
+      when: manual
+  interruptible: no
+  variables:
+    GIT_STRATEGY: none
+    KEY: D523B8FD547C464C9EA89D5B5E9F163B66AA3A17  # Univention Corporate Client archive key <packages@univention.de>
+    VAULT_AUTH_ROLE: ubuntu-ppa
+  secrets:
+    GPG_PRIVATE:
+      vault:
+        engine:
+          name: kv-v2
+          path: secret
+        path: secret/ucc/pgp/production/key
+        field: private
+    GPG_SECRET:
+      vault:
+        engine:
+          name: kv-v2
+          path: secret
+        path: secret/ucc/pgp/production/key
+        field: secret
+  needs:
+    - job: lint
+      artifacts: false
+    - job: deb
+  image: docker-registry.knut.univention.de/knut/dput
+  script:
+    - mkdir -p /var/log/apt
+    - apt-get -qq update
+    - apt-get -q --assume-yes --no-install-recommends install gpg devscripts python3-distro-info
+    - gpg --batch --pinentry-mode loopback --passphrase-file "$GPG_SECRET" --import "$GPG_PRIVATE"
+    - debsign --no-conf --no-re-sign -p "gpg --batch --pinentry-mode loopback --passphrase-file $GPG_SECRET" -k "$KEY" univention-domain-join_*_source.changes
+    - dput ppa:univention-dev/ppa univention-domain-join_*_source.changes

.pre-commit-config.yaml

@@ -0,0 +1,25 @@
+repos:
+  - repo: local
+    hooks:
+      - id: isort
+        name: isort
+        stages: [commit]
+        language: system
+        entry: pipenv run isort
+        types: [python]
+
+      - id: flake8
+        name: flake8
+        stages: [commit]
+        language: system
+        entry: pipenv run flake8
+        types: [python]
+        exclude: setup.py
+
+      - id: mypy
+        name: mypy
+        stages: [commit]
+        language: system
+        entry: pipenv run mypy
+        types: [python]
+        pass_filenames: false