Building and pushing snaps using CircleCI

popey · May 26, 2017, 9:20am

I have been playing with CircleCI recently and thought I’d write up some notes on what I did to get a snap auto building and pushing to the store on their CI system.

I want to call out thanks to @FelicianoTech who gave me some help over on the CircleCI forums.

I’ve been testing this out with the emoj project I have on github. Here’s what I did to get it all working.

Firstly, sign up for CircleCI for a free account and hook it up to your github project.

Add a .circleci/config.yml to the project.

Here’s the bones of mine, so you can see what’s needed to get it building a snap:-

version: 2
jobs:
  build:
    working_directory: ~/emoji
    machine: true
    steps:
     - checkout
     - run:
         command: |
           sudo apt update
           sudo apt install -y snapd
           sudo snap install snapcraft --edge --classic
           /snap/bin/snapcraft

Some things to note:-

version: specifies the new 2.0 format of the circleci config.
machine: means we get a real VM rather than a docker container. Currently building a snap inside their docker container won’t work because it’s using the 3.13 Ubuntu 14.04 kernel.
Real VMs might be a paid service in the future, but currently they’re in beta so free
I had to specify the path to snapcraft binary because otherwise it’s not found immediately after the snapd/snapcraft install.

Use snapcraft-config-generator.py to generate the store credentials in .snapcraft/snapcraft.cfg within the project directory.

Important: This file enables you to upload to the edge channel using the snapcraft command so guard it. Add .snapcraft/snapcraft.cfg to .gitignore to prevent sharing it with the world.

Alternatively, move it out of the project tree, and do the next steps elsewhere, then move the encrypted version back into the project tree.

Generate a key somehow to encrypt the snapcraft.cfg, for example:-

``export KEY=$(pwgen 64 1)```

In the CircleCI project web UI go to Build Settings → Environment Variables, add the $KEY environment variable and set it to whatever pwgen generated on your laptop.

Encrypt the snapcraft.cfg as per the CircleCI docs:-

openssl aes-256-cbc -e -in .snapcraft/snapcraft.cfg -out .snapcraft/snapcraft.encrypted -k $KEY

Add the encrypted version to your project and push to github.

Update the .circleci/config.yml to include a section to decrypt the key before uploading to the store:-

openssl aes-256-cbc -d -in .snapcraft/snapcraft.encrypted -out .snapcraft/snapcraft.cfg -k $KEY

So the deploy section should look a bit like this:-

- deploy:
  name: Push to Snap Store
    command: |
      openssl aes-256-cbc -d -in .snapcraft/snapcraft.encrypted -out .snapcraft/snapcraft.cfg -k $KEY
      /snap/bin/snapcraft push *.snap

If all works, you should get a snap pushed to the store.

Here’s the full .circleci/config.yml that I’m using:-

version: 2
jobs:
  build:
    working_directory: ~/emoji
    machine: true
    steps:
     - checkout
     - run:
         command: |
           sudo apt update
           sudo apt install -y snapd
           sudo snap install snapcraft --edge --classic
           /snap/bin/snapcraft
     - deploy:
         name: Push Master to Snap Store
         command: |
           openssl aes-256-cbc -d -in .snapcraft/snapcraft.encrypted -out .snapcraft/snapcraft.cfg -k $KEY
           /snap/bin/snapcraft push *.snap

Suggestions on how to improve this would be welcome.

sergiusens · May 26, 2017, 12:37pm

How about adding this to the snapcraft enable-ci command?

It is really interesting that circle-ci gives you some sort of native up to date build system as you just installed snapd there!

popey · May 26, 2017, 12:54pm

That would be great. I filed a bug to support circleci and I see @elopio has triaged it. https://bugs.launchpad.net/snapcraft/+bug/1693451

I know @kyrofa is interested in getting circleci as a first class citizen, especially given we can install and run classic snaps inside their machine machines. Perhaps this could go on his backlog?

kyrofa · May 30, 2017, 11:09pm

This is still using 14.04, just with a newer kernel. My projects don’t build due to their dependencies not being in the archive.

popey · May 31, 2017, 11:03am

Shame, https://circleci.com/docs/2.0/executor-types/ says “The VM will run Ubuntu 14.04 with a few additional tools installed. It isn’t possible to specify other images.”. I wonder if @FelicianoTech has any idea if CircleCI will eventually move to 16.04 on machine executors?

kyrofa · May 31, 2017, 12:08pm

Nope, I’m doing an about-face here: build in docker, run outside. Kinda painful, would be nice to have a real xenial, but check this out:

version: 2
jobs:
  build:
    working_directory: ~/nextcloud-snap
    machine: true
    steps:
     - checkout
     - run:
         command: |
           sudo apt update
           sudo apt install -y snapd
           docker run -v $(pwd):$(pwd) -t ubuntu:xenial sh -c "apt update -qq && apt install snapcraft -y && cd $(pwd) && snapcraft"
     - run:
         command: |
           sudo snap install *.snap --dangerous
           sudo apt install gcc g++ make qt5-default libqt5webkit5-dev ruby-dev zlib1g-dev -y
           sudo gem install bundle
           cd tests
           bundle install --deployment
           sudo nextcloud.manual-install admin admin
           bundle exec rake test

niemeyer · May 31, 2017, 12:52pm

If they’re being inspired by Travis, they’ll move to 16.04 after 18.04 is out or something.

FelicianoTech · June 1, 2017, 6:47pm

I don’t but I will inquire. I had that same question myself.

I sure hope we don’t take that long.

@popey Would you be okay with me turning this thread into a blog post for the CircleCI blog?

popey · June 1, 2017, 7:13pm

Nothing would make me happier

popey · June 1, 2017, 7:46pm

@FelicianoTech Oh, and make sure you give us a link when it’s posted. We’d love to add the blog post to our portfolio of guides we pass on to developers when we talk to them.

FelicianoTech · June 23, 2017, 5:11pm

22 days later

https://twitter.com/circleci/status/878298278663643136

CC: @elopio

Anything I can do to help with the bug report please let me know.

elopio · June 23, 2017, 6:22pm

That is awesome @FelicianoTech! Thank you.

elopio · June 26, 2017, 5:09pm

@FelicianoTech I was showing your post to our marketing team earlier. We want to re-publish it in http://insights.ubuntu.com/

Is that ok for you?

FelicianoTech · June 26, 2017, 5:32pm

That’s fine with me. I quickly ran the question by blog PM and she said:

Yeah that’s fine - ask them if they will preserve our post as the canonical link for SEO and give us a back link to our homepage

This is great

I plan to update the post or write a new one in the future as Snapcraft matures and we perhaps get even better CI integration.

luciadecastro · June 26, 2017, 5:34pm

Hi @FelicianoTech,

Not sure what you meant with ‘preserve our post’, you can check the sort of guest posts we have: https://insights.ubuntu.com/?s=guest+post - will this work?

Happy to add a link back to your post at the end of the blog entry if that also supports your blog. Let me know!

FelicianoTech · June 26, 2017, 5:56pm

@luciadecastro,

I’m pretty sure she meant a canonical link. If that’s possible, great. If not, that’s fine too.

Either way it’ll be great to share this info out to more people.

luciadecastro · June 26, 2017, 6:29pm

@FelicianoTech will have a look!

It will probably go out later tomorrow or Wednesday morning (UK time). Thanks you for your contribution

luciadecastro · June 28, 2017, 2:08pm

@FelicianoTech this is now live on our blog: https://insights.ubuntu.com/2017/06/28/build-test-and-publish-snap-packages-using-snapcraft/

Sorry I didn’t really have time to look into canonical URL’s, I never used this before so would have to dig a bit to understand how to apply and Im short on time for the matter. Sorry to screw your SEO! Hope its not too bad

Thank you!