diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9f5e67d..d4f1c7f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -168,11 +168,101 @@ jobs: name: fedora-39-latest path: pkg/fedora/out/x86_64 + build-f40: + if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') + + name: Build Fedora 40 package + runs-on: ubuntu-latest + needs: [lint, test] + container: + image: registry.fedoraproject.org/fedora:40 + options: --security-opt seccomp=unconfined + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install build dependencies + run: | + dnf distro-sync -y + dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)' + dnf builddep -y pkg/fedora/surface-dtx-daemon.spec + + - name: Build package + run: | + cd pkg/fedora + # Build the .rpm packages + ./makerpm + + - name: Sign packages + env: + GPG_KEY_ID: 56C464BAAC421453 + GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }} + run: | + cd pkg/fedora/out/x86_64 + + # import GPG key + echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes + + # sign package + rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID" + + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: fedora-40-latest + path: pkg/fedora/out/x86_64 + + build-f41: + if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') + + name: Build Fedora 41 package + runs-on: ubuntu-latest + needs: [lint, test] + container: + image: registry.fedoraproject.org/fedora:41 + options: --security-opt seccomp=unconfined + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install build dependencies + run: | + dnf distro-sync -y + dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)' + dnf builddep -y pkg/fedora/surface-dtx-daemon.spec + + - name: Build package + run: | + cd pkg/fedora + # Build the .rpm packages + ./makerpm + + - name: Sign packages + env: + GPG_KEY_ID: 56C464BAAC421453 + GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }} + run: | + cd pkg/fedora/out/x86_64 + + # import GPG key + echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes + + # sign package + rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID" + + - name: Upload artifacts + uses: actions/upload-artifact@v4 + with: + name: fedora-41-latest + path: pkg/fedora/out/x86_64 + release: if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') name: Publish release - needs: [build-bin, build-deb, build-f39] + needs: [build-bin, build-deb, build-f39, build-f40, build-f41] runs-on: ubuntu-latest steps: @@ -194,6 +284,18 @@ jobs: name: fedora-39-latest path: fedora-39-latest + - name: Download Fedora 40 artifacts + uses: actions/download-artifact@v4 + with: + name: fedora-40-latest + path: fedora-40-latest + + - name: Download Fedora 41 artifacts + uses: actions/download-artifact@v4 + with: + name: fedora-41-latest + path: fedora-41-latest + - name: Upload assets uses: svenstaro/upload-release-action@v2 with: @@ -307,3 +409,111 @@ jobs: git add . git commit -m "Update Fedora 39 DTX daemon" git push --set-upstream origin "${update_branch}" + + + repo-f40: + name: Update Fedora 40 package repository + needs: [release] + runs-on: ubuntu-latest + container: + image: registry.fedoraproject.org/fedora:40 + options: --security-opt seccomp=unconfined + steps: + - name: Install dependencies + run: | + dnf install -y git findutils + + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: fedora-40-latest + path: fedora-40-latest + + - name: Update repository + env: + SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }} + BRANCH_STAGING: u/staging + GIT_REF: ${{ github.ref }} + run: | + repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git" + + # clone package repository + git clone -b "${BRANCH_STAGING}" "${repo}" repo + + # copy packages + cp fedora-40-latest/* repo/fedora/f40 + cd repo/fedora/f40 + + # parse git tag from ref + GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g') + + # convert packages into references + for pkg in $(find . -name '*.rpm'); do + echo "surface-dtx-daemon:$GIT_TAG/$(basename $pkg)" > $pkg.blob + rm $pkg + done + + # set git identity + git config --global user.email "surfacebot@users.noreply.github.com" + git config --global user.name "surfacebot" + + # commit and push + update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" + git checkout -b "${update_branch}" + git add . + git commit -m "Update Fedora 40 DTX daemon" + git push --set-upstream origin "${update_branch}" + + + repo-f41: + name: Update Fedora 41 package repository + needs: [release] + runs-on: ubuntu-latest + container: + image: registry.fedoraproject.org/fedora:41 + options: --security-opt seccomp=unconfined + steps: + - name: Install dependencies + run: | + dnf install -y git findutils + + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: fedora-41-latest + path: fedora-41-latest + + - name: Update repository + env: + SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }} + BRANCH_STAGING: u/staging + GIT_REF: ${{ github.ref }} + run: | + repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git" + + # clone package repository + git clone -b "${BRANCH_STAGING}" "${repo}" repo + + # copy packages + cp fedora-41-latest/* repo/fedora/f41 + cd repo/fedora/f41 + + # parse git tag from ref + GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g') + + # convert packages into references + for pkg in $(find . -name '*.rpm'); do + echo "surface-dtx-daemon:$GIT_TAG/$(basename $pkg)" > $pkg.blob + rm $pkg + done + + # set git identity + git config --global user.email "surfacebot@users.noreply.github.com" + git config --global user.name "surfacebot" + + # commit and push + update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" + git checkout -b "${update_branch}" + git add . + git commit -m "Update Fedora 41 DTX daemon" + git push --set-upstream origin "${update_branch}"