.github/workflows: Update actions

qzed · qzed · commit abda7a77c7e3 · 2024-09-14T15:58:45.000+02:00
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -168,11 +168,101 @@ jobs:
         name: fedora-39-latest
         path: pkg/fedora/out/x86_64
 
+  build-f40:
+    if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/')
+
+    name: Build Fedora 40 package
+    runs-on: ubuntu-latest
+    needs: [lint, test]
+    container:
+      image: registry.fedoraproject.org/fedora:40
+      options: --security-opt seccomp=unconfined
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install build dependencies
+      run: |
+        dnf distro-sync -y
+        dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)'
+        dnf builddep -y pkg/fedora/surface-dtx-daemon.spec
+
+    - name: Build package
+      run: |
+        cd pkg/fedora
+        # Build the .rpm packages
+        ./makerpm
+
+    - name: Sign packages
+      env:
+        GPG_KEY_ID: 56C464BAAC421453
+        GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }}
+      run: |
+        cd pkg/fedora/out/x86_64
+
+        # import GPG key
+        echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
+
+        # sign package
+        rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID"
+
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: fedora-40-latest
+        path: pkg/fedora/out/x86_64
+
+  build-f41:
+    if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/')
+
+    name: Build Fedora 41 package
+    runs-on: ubuntu-latest
+    needs: [lint, test]
+    container:
+      image: registry.fedoraproject.org/fedora:41
+      options: --security-opt seccomp=unconfined
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+
+    - name: Install build dependencies
+      run: |
+        dnf distro-sync -y
+        dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)'
+        dnf builddep -y pkg/fedora/surface-dtx-daemon.spec
+
+    - name: Build package
+      run: |
+        cd pkg/fedora
+        # Build the .rpm packages
+        ./makerpm
+
+    - name: Sign packages
+      env:
+        GPG_KEY_ID: 56C464BAAC421453
+        GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }}
+      run: |
+        cd pkg/fedora/out/x86_64
+
+        # import GPG key
+        echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
+
+        # sign package
+        rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID"
+
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: fedora-41-latest
+        path: pkg/fedora/out/x86_64
+
   release:
     if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/')
 
     name: Publish release
-    needs: [build-bin, build-deb, build-f39]
+    needs: [build-bin, build-deb, build-f39, build-f40, build-f41]
     runs-on: ubuntu-latest
 
     steps:
@@ -194,6 +284,18 @@ jobs:
         name: fedora-39-latest
         path: fedora-39-latest
 
+    - name: Download Fedora 40 artifacts
+      uses: actions/download-artifact@v4
+      with:
+        name: fedora-40-latest
+        path: fedora-40-latest
+
+    - name: Download Fedora 41 artifacts
+      uses: actions/download-artifact@v4
+      with:
+        name: fedora-41-latest
+        path: fedora-41-latest
+
     - name: Upload assets
       uses: svenstaro/upload-release-action@v2
       with:
@@ -307,3 +409,109 @@ jobs:
         git add .
         git commit -m "Update Fedora 39 DTX daemon"
         git push --set-upstream origin "${update_branch}"
+
+  repo-f40:
+    name: Update Fedora 40 package repository
+    needs: [release]
+    runs-on: ubuntu-latest
+    container:
+      image: registry.fedoraproject.org/fedora:40
+      options: --security-opt seccomp=unconfined
+    steps:
+    - name: Install dependencies
+      run: |
+        dnf install -y git findutils
+
+    - name: Download artifacts
+      uses: actions/download-artifact@v4
+      with:
+        name: fedora-40-latest
+        path: fedora-40-latest
+
+    - name: Update repository
+      env:
+        SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }}
+        BRANCH_STAGING: u/staging
+        GIT_REF: ${{ github.ref }}
+      run: |
+        repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git"
+
+        # clone package repository
+        git clone -b "${BRANCH_STAGING}" "${repo}" repo
+
+        # copy packages
+        cp fedora-40-latest/* repo/fedora/f40
+        cd repo/fedora/f40
+
+        # parse git tag from ref
+        GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
+
+        # convert packages into references
+        for pkg in $(find . -name '*.rpm'); do
+          echo "surface-dtx-daemon:$GIT_TAG/$(basename $pkg)" > $pkg.blob
+          rm $pkg
+        done
+
+        # set git identity
+        git config --global user.email "surfacebot@users.noreply.github.com"
+        git config --global user.name "surfacebot"
+
+        # commit and push
+        update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
+        git checkout -b "${update_branch}"
+        git add .
+        git commit -m "Update Fedora 40 DTX daemon"
+        git push --set-upstream origin "${update_branch}"
+
+  repo-f41:
+    name: Update Fedora 41 package repository
+    needs: [release]
+    runs-on: ubuntu-latest
+    container:
+      image: registry.fedoraproject.org/fedora:41
+      options: --security-opt seccomp=unconfined
+    steps:
+    - name: Install dependencies
+      run: |
+        dnf install -y git findutils
+
+    - name: Download artifacts
+      uses: actions/download-artifact@v4
+      with:
+        name: fedora-41-latest
+        path: fedora-41-latest
+
+    - name: Update repository
+      env:
+        SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }}
+        BRANCH_STAGING: u/staging
+        GIT_REF: ${{ github.ref }}
+      run: |
+        repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git"
+
+        # clone package repository
+        git clone -b "${BRANCH_STAGING}" "${repo}" repo
+
+        # copy packages
+        cp fedora-41-latest/* repo/fedora/f41
+        cd repo/fedora/f41
+
+        # parse git tag from ref
+        GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
+
+        # convert packages into references
+        for pkg in $(find . -name '*.rpm'); do
+          echo "surface-dtx-daemon:$GIT_TAG/$(basename $pkg)" > $pkg.blob
+          rm $pkg
+        done
+
+        # set git identity
+        git config --global user.email "surfacebot@users.noreply.github.com"
+        git config --global user.name "surfacebot"
+
+        # commit and push
+        update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
+        git checkout -b "${update_branch}"
+        git add .
+        git commit -m "Update Fedora 41 DTX daemon"
+        git push --set-upstream origin "${update_branch}"
