Seperate workflows and update the package repo

Currently this is only done for fedora, arch and debian will follow. Signed-off-by: Dorian Stoll <dorian.stoll@tmsp.io>
2020-01-22 21:22:20 +01:00 · 2020-01-22 21:22:20 +01:00 · 26517b4965
parent eb7e66c10d
commit 26517b4965
2 changed files with 280 additions and 0 deletions
--- a/.github/workflows/fedora-30.yml
+++ b/.github/workflows/fedora-30.yml
@ -0,0 +1,140 @@
+on:
+  push:
+    tags:
+      - 'fedora-30-*'
+
+name: Fedora 30
+
+env:
+  GPG_KEY_ID: 56C464BAAC421453
+
+jobs:
+  build:
+    name: Build Kernel
+    runs-on: ubuntu-latest
+    container: fedora:30
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Install build dependencies
+      run: |
+        dnf distro-sync -y
+        dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)'
+        dnf builddep -y pkg/fedora/kernel-surface/kernel-surface.spec
+
+    - name: Setup secureboot certificate
+      env:
+        SB_KEY: ${{ secrets.SURFACE_SB_KEY }}
+      run: |
+        cd pkg
+
+        # Install the surface secureboot certificate
+        echo "$SB_KEY" | base64 -d > fedora/kernel-surface/surface.key
+        cp keys/surface.crt fedora/kernel-surface/surface.crt
+
+    - name: Build packages
+      run: |
+        cd pkg/fedora/kernel-surface
+
+        # Build the .rpm packages
+        ../makerpm
+
+    - name: Sign packages
+      env:
+        GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }}
+      run: |
+        cd pkg/fedora/kernel-surface/out/x86_64
+
+        # import GPG key
+        echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
+
+        # sign packages
+        rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID"
+
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v1
+      with:
+        name: fedora-30-latest
+        path: pkg/fedora/kernel-surface/out/x86_64
+
+  repo:
+    name: Update package repository
+    needs: [build]
+    runs-on: ubuntu-latest
+    container: fedora:30
+    steps:
+    - name: Install dependencies
+      run: |
+        dnf install -y createrepo_c git
+
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        repository: linux-surface/repo
+        token: ${{ secrets.GITHUB_BOT_TOKEN }}
+        fetch-depth: 0
+        ref: master
+
+    - name: Download artifacts
+      uses: actions/download-artifact@v1
+      with:
+        name: fedora-30-latest
+
+    - name: Update repository
+      env:
+        GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }}
+        GIT_REF: ${{ github.ref }}
+      run: |
+        cp fedora-30-latest/* fedora/f30/
+        rm -r fedora-30-latest
+
+        cd fedora/f30
+        createrepo_c --xz --update --verbose .
+
+        # Sign the updated repository
+        echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
+        if [ -f 'repodata/repomd.xml.asc' ]; then
+          rm repodata/repomd.xml
+        fi
+        gpg --detach-sign --batch --no-tty --armor -u $GPG_KEY_ID repodata/repomd.xml
+
+        # Parse git tag from ref
+        GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
+
+        # Convert packages into references
+        for pkg in $(find . -name '*.rpm'); do
+          echo "$GIT_TAG/$(basename $pkg)" > $pkg.blob
+          rm $pkg
+        done
+
+    - name: Commit and push
+      uses: github-actions-x/commit@v2.3
+      with:
+        github-token: ${{ secrets.GITHUB_BOT_TOKEN }}
+        push-branch: master
+        commit-message: Update f30 kernel
+        force-add: false
+        rebase: true
+        files: fedora/f30/*
+        name: surfacebot
+        email: surfacebot@users.noreply.github.com
+
+  release:
+    name: Publish release
+    needs: [repo]
+    runs-on: ubuntu-latest
+    steps:
+    - name: Download artifacts
+      uses: actions/download-artifact@v1
+      with:
+        name: fedora-30-latest
+
+    - name: Upload assets
+      uses: svenstaro/upload-release-action@v1-release
+      with:
+        repo_token: ${{ secrets.GITHUB_BOT_TOKEN }}
+        file: ./*-latest/*
+        tag: ${{ github.ref }}
+        overwrite: true
+        file_glob: true
--- a/.github/workflows/fedora-31.yml
+++ b/.github/workflows/fedora-31.yml
@ -0,0 +1,140 @@
+on:
+  push:
+    tags:
+      - 'fedora-31-*'
+
+name: Fedora 31
+
+env:
+  GPG_KEY_ID: 56C464BAAC421453
+
+jobs:
+  build:
+    name: Build Kernel
+    runs-on: ubuntu-latest
+    container: fedora:31
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Install build dependencies
+      run: |
+        dnf distro-sync -y
+        dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)'
+        dnf builddep -y pkg/fedora/kernel-surface/kernel-surface.spec
+
+    - name: Setup secureboot certificate
+      env:
+        SB_KEY: ${{ secrets.SURFACE_SB_KEY }}
+      run: |
+        cd pkg
+
+        # Install the surface secureboot certificate
+        echo "$SB_KEY" | base64 -d > fedora/kernel-surface/surface.key
+        cp keys/surface.crt fedora/kernel-surface/surface.crt
+
+    - name: Build packages
+      run: |
+        cd pkg/fedora/kernel-surface
+
+        # Build the .rpm packages
+        ../makerpm
+
+    - name: Sign packages
+      env:
+        GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }}
+      run: |
+        cd pkg/fedora/kernel-surface/out/x86_64
+
+        # import GPG key
+        echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
+
+        # sign packages
+        rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID"
+
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v1
+      with:
+        name: fedora-31-latest
+        path: pkg/fedora/kernel-surface/out/x86_64
+
+  repo:
+    name: Update package repository
+    needs: [build]
+    runs-on: ubuntu-latest
+    container: fedora:31
+    steps:
+    - name: Install dependencies
+      run: |
+        dnf install -y createrepo_c git
+
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        repository: linux-surface/repo
+        token: ${{ secrets.GITHUB_BOT_TOKEN }}
+        fetch-depth: 0
+        ref: master
+
+    - name: Download artifacts
+      uses: actions/download-artifact@v1
+      with:
+        name: fedora-31-latest
+
+    - name: Update repository
+      env:
+        GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }}
+        GIT_REF: ${{ github.ref }}
+      run: |
+        cp fedora-31-latest/* fedora/f31/
+        rm -r fedora-31-latest
+
+        cd fedora/f31
+        createrepo_c --xz --update --verbose .
+
+        # Sign the updated repository
+        echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
+        if [ -f 'repodata/repomd.xml.asc' ]; then
+          rm repodata/repomd.xml
+        fi
+        gpg --detach-sign --batch --no-tty --armor -u $GPG_KEY_ID repodata/repomd.xml
+
+        # Parse git tag from ref
+        GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
+
+        # Convert packages into references
+        for pkg in $(find . -name '*.rpm'); do
+          echo "$GIT_TAG/$(basename $pkg)" > $pkg.blob
+          rm $pkg
+        done
+
+    - name: Commit and push
+      uses: github-actions-x/commit@v2.3
+      with:
+        github-token: ${{ secrets.GITHUB_BOT_TOKEN }}
+        push-branch: master
+        commit-message: Update f31 kernel
+        force-add: false
+        rebase: true
+        files: fedora/f31/*
+        name: surfacebot
+        email: surfacebot@users.noreply.github.com
+
+  release:
+    name: Publish release
+    needs: [repo]
+    runs-on: ubuntu-latest
+    steps:
+    - name: Download artifacts
+      uses: actions/download-artifact@v1
+      with:
+        name: fedora-31-latest
+
+    - name: Upload assets
+      uses: svenstaro/upload-release-action@v1-release
+      with:
+        repo_token: ${{ secrets.GITHUB_BOT_TOKEN }}
+        file: ./*-latest/*
+        tag: ${{ github.ref }}
+        overwrite: true
+        file_glob: true