CodeTracer 25.11.1 #36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy RPM and DEBs | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| id-token: write | |
| concurrency: | |
| group: "pages" | |
| cancel-in-progress: true | |
| jobs: | |
| rpms: | |
| runs-on: ubuntu-latest | |
| container: fedora:rawhide | |
| outputs: | |
| file: ${{ steps.rpmfile.outputs.file }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Insatll git | |
| run: "dnf install -y gpg git rpm-sign" | |
| - name: "Import GPG key for signing commits" | |
| id: import-gpg | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.CODETRACER_AUR_GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.CODETRACER_AUR_GPG_PRIVATE_KEY_PASS }} | |
| git_config_global: true | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| - name: Install createrepo_c | |
| run: | | |
| dnf install -y rpmdevtools createrepo_c curl awscli2 | |
| cd rpm || exit | |
| echo "----------" | |
| pwd | |
| echo "----------" | |
| ls -a | |
| echo "----------" | |
| ln -s "$(pwd)/" ~/rpmbuild | |
| rpmdev-setuptree | |
| createrepo_c --update . | |
| KEY_ID=$(gpg --list-secret-keys --keyid-format=long | awk '/^sec/{print $2}' | cut -d'/' -f2) | |
| echo "%_gpg_name ${KEY_ID}" >> ~/.rpmmacros | |
| gpg --armor --export ${KEY_ID} > rpmkey.pub | |
| for spec in SPECS/*.spec; do | |
| spectool -g -R "${spec}" | |
| done | |
| - name: Installing codetracer | |
| id: rpmfile | |
| run: | | |
| cd rpm || exit | |
| dnf builddep -y SPECS/codetracer.spec | |
| rpmbuild -ba SPECS/codetracer.spec | |
| RPM=$(find ~/rpmbuild/RPMS/x86_64/ -name "codetracer-*.rpm" ! -name "*-debuginfo.rpm" ! -name "*-debugsource.rpm" | grep -v "debug" | sort | tail -n 1) | |
| echo "file=$(basename $RPM)" >> $GITHUB_OUTPUT | |
| rpm --addsign $RPM | |
| dnf install -y $RPM | |
| - name: Copy RPMs | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.CODETRACER_RPM_BUCKET_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.CODETRACER_RPM_ACCESS_KEY }} | |
| run: | | |
| cd rpm || exit | |
| cp ../favicon.png . | |
| createrepo_c --update . | |
| gpg --detach-sign --armor repodata/repomd.xml | |
| aws --endpoint-url=${{ secrets.CODETRACER_RPM_BUCKET_S3_URL }} s3 cp ./ s3://${{ vars.RPM_CODETRACER_BUCKET_NAME }}/ --recursive | |
| debs: | |
| runs-on: ubuntu-latest | |
| needs: [ "rpms" ] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| - name: Install essentials | |
| run: | | |
| sudo apt update && sudo apt install git gnupg ruby-dev build-essential reprepro | |
| sudo gem i fpm -f | |
| - id: install-aws-cli | |
| uses: unfor19/install-aws-cli-action@v1 | |
| with: | |
| version: 2 | |
| verbose: false | |
| arch: amd64 | |
| - name: "Import GPG key for signing commits" | |
| id: import-gpg | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.CODETRACER_AUR_GPG_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.CODETRACER_AUR_GPG_PRIVATE_KEY_PASS }} | |
| git_config_global: true | |
| git_user_signingkey: true | |
| git_commit_gpgsign: true | |
| - name: Convert RPM to debian | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.CODETRACER_RPM_BUCKET_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.CODETRACER_RPM_ACCESS_KEY }} | |
| shell: bash | |
| run: | | |
| cd debian || exit | |
| aws --endpoint-url=${{ secrets.CODETRACER_RPM_BUCKET_S3_URL }} s3 cp s3://${{ vars.RPM_CODETRACER_BUCKET_NAME }}/RPMS/x86_64/${{ needs.rpms.outputs.file }} ${{ needs.rpms.outputs.file }} | |
| fpm -s rpm -t deb --no-auto-depends -d "fuse" -d "libfuse2" -d "openssl" -d "xdg-desktop-portal" --maintainer "Metacraft Labs Ltd. <[email protected]>" ${{ needs.rpms.outputs.file }} | |
| KEY_ID=$(gpg --list-secret-keys --keyid-format=long | awk '/^sec/{print $2}' | cut -d'/' -f2) | |
| sed -i "s/#SignWith:.*/SignWith: ${KEY_ID}/g" conf/distributions | |
| mkdir keys | |
| gpg --armor --export ${KEY_ID} > keys/public.asc | |
| shopt -s nullglob | |
| for deb in *.deb; do | |
| reprepro -b . includedeb stable "${deb}" | |
| done | |
| - name: Copy DEBs | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.CODETRACER_DEB_BUCKET_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.CODETRACER_DEB_BUCKET_ACCESS_KEY }} | |
| run: | | |
| cd debian || exit | |
| cp ../favicon.png . | |
| aws --endpoint-url=${{ secrets.CODETRACER_DEB_BUCKET_S3_URL }} s3 cp ./ s3://${{ vars.DEB_CODETRACER_BUCKET_NAME }}/ --recursive |