pkg/deb: Replace dpkg-sig with debsigs #130

Workflow file for this run

.github/workflows/release.yml at 6d7c754

	on:
	push:
	tags:
	- v[0-9]+.*
	- testing-ci.*

	name: Build Packages

	jobs:
	build-deb:
	name: Debian
	runs-on: ubuntu-latest
	container: ubuntu:22.04

	steps:
	- name: Install build dependencies
	run: \|
	echo 'debconf debconf/frontend select Noninteractive' \| debconf-set-selections
	sed 's/^deb /deb-src /' /etc/apt/sources.list >> /etc/apt/sources.list
	apt-get -q -y update
	apt-get -q -y install build-essential debhelper debsigs fakeroot wget git meson \
	python3-pyudev python3-pytest python3-libevdev ninja-build patch gpg cmake \
	libevev-dev
	apt-get -q -y build-dep libwacom libwacom-dev

	- name: Checkout code
	uses: actions/checkout@v4

	- name: Build package
	run: \|
	# Import GPG keys for libwacom/Peter Hutterer
	gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 3C2C43D9447D5938EF4551EBE23B7E70B467F0BF \|\| true
	gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 594ABBA066118C7A02D10A80A8AF906D9307FBAD \|\| true

	# Set as safe directory for git
	git config --global --add safe.directory "$PWD"

	# Build packages using dpkg-buildpackage
	./pkg/deb/makedeb

	- name: Sign packages
	env:
	GPG_KEY_ID: 56C464BAAC421453
	GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }}
	run: \|
	cd pkg/deb

	# import GPG key
	echo "$GPG_KEY" \| base64 -d \| gpg --import --no-tty --batch --yes
	export GPG_TTY=$(tty)

	# sign packages
	for deb in *.deb; do
	debsigs --sign=origin -k $GPG_KEY_ID "$deb"
	done

	- name: Prepare release
	run: \|
	mkdir release
	rm -f ./pkg/deb/-dbgsym_.ddeb \|\| true
	mv ./pkg/deb/*.deb release

	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	name: debian-latest
	path: release

	build-f43:
	name: Build Fedora 43 package
	runs-on: ubuntu-latest
	container:
	image: registry.fedoraproject.org/fedora:43
	options: --security-opt seccomp=unconfined
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Install build dependencies
	run: \|
	dnf distro-sync -y
	dnf install -y make rpmdevtools rpm-sign 'dnf-command(builddep)'
	dnf builddep -y pkg/fedora/libwacom-surface.spec

	- name: Build package
	run: \|
	cd pkg/fedora

	# Build the .rpm packages
	./makerpm

	- name: Sign packages
	env:
	GPG_KEY_ID: 56C464BAAC421453
	GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }}
	run: \|
	cd pkg/fedora/out

	# import GPG key
	echo "$GPG_KEY" \| base64 -d \| gpg --import --no-tty --batch --yes

	# sign package
	cd noarch
	rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID"

	cd ..

	cd x86_64
	rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID"

	- name: Prepare artifacts
	run: \|
	cd pkg/fedora
	mkdir release

	cp out/noarch/* release/
	cp out/x86_64/* release/

	rm release/libwacom-surface-devel-*

	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	name: fedora-43-latest
	path: pkg/fedora/release

	build-f42:
	name: Build Fedora 42 package
	runs-on: ubuntu-latest
	container:
	image: registry.fedoraproject.org/fedora:42
	options: --security-opt seccomp=unconfined
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Install build dependencies
	run: \|
	dnf distro-sync -y
	dnf install -y make rpmdevtools rpm-sign 'dnf-command(builddep)'
	dnf builddep -y pkg/fedora/libwacom-surface.spec

	- name: Build package
	run: \|
	cd pkg/fedora

	# Build the .rpm packages
	./makerpm

	- name: Sign packages
	env:
	GPG_KEY_ID: 56C464BAAC421453
	GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }}
	run: \|
	cd pkg/fedora/out

	# import GPG key
	echo "$GPG_KEY" \| base64 -d \| gpg --import --no-tty --batch --yes

	# sign package
	cd noarch
	rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID"

	cd ..

	cd x86_64
	rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID"

	- name: Prepare artifacts
	run: \|
	cd pkg/fedora
	mkdir release

	cp out/noarch/* release/
	cp out/x86_64/* release/

	rm release/libwacom-surface-devel-*

	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	name: fedora-42-latest
	path: pkg/fedora/release

	build-f41:
	name: Build Fedora 41 package
	runs-on: ubuntu-latest
	container:
	image: registry.fedoraproject.org/fedora:41
	options: --security-opt seccomp=unconfined
	steps:
	- name: Checkout code
	uses: actions/checkout@v4

	- name: Install build dependencies
	run: \|
	dnf distro-sync -y
	dnf install -y make rpmdevtools rpm-sign 'dnf-command(builddep)'
	dnf builddep -y pkg/fedora/libwacom-surface.spec

	- name: Build package
	run: \|
	cd pkg/fedora

	# Build the .rpm packages
	./makerpm

	- name: Sign packages
	env:
	GPG_KEY_ID: 56C464BAAC421453
	GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }}
	run: \|
	cd pkg/fedora/out

	# import GPG key
	echo "$GPG_KEY" \| base64 -d \| gpg --import --no-tty --batch --yes

	# sign package
	cd noarch
	rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID"

	cd ..

	cd x86_64
	rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID"

	- name: Prepare artifacts
	run: \|
	cd pkg/fedora
	mkdir release

	cp out/noarch/* release/
	cp out/x86_64/* release/

	rm release/libwacom-surface-devel-*

	- name: Upload artifacts
	uses: actions/upload-artifact@v4
	with:
	name: fedora-41-latest
	path: pkg/fedora/release

	release:
	name: Publish release
	needs: [build-deb, build-f43, build-f42, build-f41]
	runs-on: ubuntu-latest
	steps:
	- name: Download Debian artifacts
	uses: actions/download-artifact@v4
	with:
	name: debian-latest
	path: debian-latest

	- name: Download Fedora 43 artifacts
	uses: actions/download-artifact@v4
	with:
	name: fedora-43-latest
	path: fedora-43-latest

	- name: Download Fedora 42 artifacts
	uses: actions/download-artifact@v4
	with:
	name: fedora-42-latest
	path: fedora-42-latest

	- name: Download Fedora 41 artifacts
	uses: actions/download-artifact@v4
	with:
	name: fedora-41-latest
	path: fedora-41-latest

	- name: Upload assets
	uses: svenstaro/upload-release-action@v2
	with:
	repo_token: ${{ secrets.GITHUB_TOKEN }}
	file: ./-latest/
	tag: ${{ github.ref }}
	overwrite: true
	file_glob: true

	repo-deb:
	name: Update Debian package repository
	needs: [release]
	runs-on: ubuntu-latest
	container: debian:sid
	steps:
	- name: Install dependencies
	run: \|
	apt-get update
	apt-get install -y git

	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: debian-latest
	path: debian-latest

	- name: Update repository
	env:
	SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }}
	BRANCH_STAGING: u/staging
	GIT_REF: ${{ github.ref }}
	run: \|
	repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git"

	# clone package repository
	git clone -b "${BRANCH_STAGING}" "${repo}" repo

	# copy packages
	cp debian-latest/* repo/debian/
	cd repo/debian

	# parse git tag from ref
	GIT_TAG=$(echo $GIT_REF \| sed 's\|^refs/tags/\|\|g')

	# convert packages into references
	for pkg in $(find . -name '*.deb'); do
	echo "libwacom-surface:$GIT_TAG/$(basename $pkg)" > $pkg.blob
	rm $pkg
	done

	# set git identity
	git config --global user.email "[email protected]"
	git config --global user.name "surfacebot"

	# commit and push
	update_branch="${BRANCH_STAGING}-$(cat /dev/urandom \| tr -dc 'a-zA-Z0-9' \| fold -w 32 \| head -n 1)"
	git switch -c "${update_branch}"
	git add .
	git commit -m "Update Debian libwacom"
	git push --set-upstream origin "${update_branch}"

	repo-f43:
	name: Update Fedora 43 package repository
	needs: [release]
	runs-on: ubuntu-latest
	container:
	image: registry.fedoraproject.org/fedora:43
	options: --security-opt seccomp=unconfined
	steps:
	- name: Install dependencies
	run: \|
	dnf install -y git findutils

	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: fedora-43-latest
	path: fedora-43-latest

	- name: Update repository
	env:
	SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }}
	BRANCH_STAGING: u/staging
	GIT_REF: ${{ github.ref }}
	run: \|
	repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git"

	# clone package repository
	git clone -b "${BRANCH_STAGING}" "${repo}" repo

	# copy packages
	cp fedora-43-latest/* repo/fedora/f43
	cd repo/fedora/f43

	# parse git tag from ref
	GIT_TAG=$(echo $GIT_REF \| sed 's\|^refs/tags/\|\|g')

	# convert packages into references
	for pkg in $(find . -name '*.rpm'); do
	echo "libwacom-surface:$GIT_TAG/$(basename $pkg)" > $pkg.blob
	rm $pkg
	done

	# set git identity
	git config --global user.email "[email protected]"
	git config --global user.name "surfacebot"

	# commit and push
	update_branch="${BRANCH_STAGING}-$(cat /dev/urandom \| tr -dc 'a-zA-Z0-9' \| fold -w 32 \| head -n 1)"
	git checkout -b "${update_branch}"
	git add .
	git commit -m "Update Fedora 43 libwacom"
	git push --set-upstream origin "${update_branch}"

	repo-f42:
	name: Update Fedora 42 package repository
	needs: [release]
	runs-on: ubuntu-latest
	container:
	image: registry.fedoraproject.org/fedora:42
	options: --security-opt seccomp=unconfined
	steps:
	- name: Install dependencies
	run: \|
	dnf install -y git findutils

	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: fedora-42-latest
	path: fedora-42-latest

	- name: Update repository
	env:
	SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }}
	BRANCH_STAGING: u/staging
	GIT_REF: ${{ github.ref }}
	run: \|
	repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git"

	# clone package repository
	git clone -b "${BRANCH_STAGING}" "${repo}" repo

	# copy packages
	cp fedora-42-latest/* repo/fedora/f42
	cd repo/fedora/f42

	# parse git tag from ref
	GIT_TAG=$(echo $GIT_REF \| sed 's\|^refs/tags/\|\|g')

	# convert packages into references
	for pkg in $(find . -name '*.rpm'); do
	echo "libwacom-surface:$GIT_TAG/$(basename $pkg)" > $pkg.blob
	rm $pkg
	done

	# set git identity
	git config --global user.email "[email protected]"
	git config --global user.name "surfacebot"

	# commit and push
	update_branch="${BRANCH_STAGING}-$(cat /dev/urandom \| tr -dc 'a-zA-Z0-9' \| fold -w 32 \| head -n 1)"
	git checkout -b "${update_branch}"
	git add .
	git commit -m "Update Fedora 42 libwacom"
	git push --set-upstream origin "${update_branch}"

	repo-f41:
	name: Update Fedora 41 package repository
	needs: [release]
	runs-on: ubuntu-latest
	container:
	image: registry.fedoraproject.org/fedora:41
	options: --security-opt seccomp=unconfined
	steps:
	- name: Install dependencies
	run: \|
	dnf install -y git findutils

	- name: Download artifacts
	uses: actions/download-artifact@v4
	with:
	name: fedora-41-latest
	path: fedora-41-latest

	- name: Update repository
	env:
	SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }}
	BRANCH_STAGING: u/staging
	GIT_REF: ${{ github.ref }}
	run: \|
	repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git"

	# clone package repository
	git clone -b "${BRANCH_STAGING}" "${repo}" repo

	# copy packages
	cp fedora-41-latest/* repo/fedora/f41
	cd repo/fedora/f41

	# parse git tag from ref
	GIT_TAG=$(echo $GIT_REF \| sed 's\|^refs/tags/\|\|g')

	# convert packages into references
	for pkg in $(find . -name '*.rpm'); do
	echo "libwacom-surface:$GIT_TAG/$(basename $pkg)" > $pkg.blob
	rm $pkg
	done

	# set git identity
	git config --global user.email "[email protected]"
	git config --global user.name "surfacebot"

	# commit and push
	update_branch="${BRANCH_STAGING}-$(cat /dev/urandom \| tr -dc 'a-zA-Z0-9' \| fold -w 32 \| head -n 1)"
	git checkout -b "${update_branch}"
	git add .
	git commit -m "Update Fedora 41 libwacom"
	git push --set-upstream origin "${update_branch}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

pkg/deb: Replace dpkg-sig with debsigs #130

Workflow file

pkg/deb: Replace dpkg-sig with debsigs #130

Uh oh!

Workflow file for this run