From 26517b4965e89234def48d62729835b4d6b3e7ac Mon Sep 17 00:00:00 2001 From: Dorian Stoll Date: Wed, 22 Jan 2020 21:22:20 +0100 Subject: [PATCH] Seperate workflows and update the package repo Currently this is only done for fedora, arch and debian will follow. Signed-off-by: Dorian Stoll --- .github/workflows/fedora-30.yml | 140 ++++++++++++++++++++++++++++++++ .github/workflows/fedora-31.yml | 140 ++++++++++++++++++++++++++++++++ 2 files changed, 280 insertions(+) create mode 100644 .github/workflows/fedora-30.yml create mode 100644 .github/workflows/fedora-31.yml diff --git a/.github/workflows/fedora-30.yml b/.github/workflows/fedora-30.yml new file mode 100644 index 000000000..cdb432238 --- /dev/null +++ b/.github/workflows/fedora-30.yml @@ -0,0 +1,140 @@ +on: + push: + tags: + - 'fedora-30-*' + +name: Fedora 30 + +env: + GPG_KEY_ID: 56C464BAAC421453 + +jobs: + build: + name: Build Kernel + runs-on: ubuntu-latest + container: fedora:30 + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Install build dependencies + run: | + dnf distro-sync -y + dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)' + dnf builddep -y pkg/fedora/kernel-surface/kernel-surface.spec + + - name: Setup secureboot certificate + env: + SB_KEY: ${{ secrets.SURFACE_SB_KEY }} + run: | + cd pkg + + # Install the surface secureboot certificate + echo "$SB_KEY" | base64 -d > fedora/kernel-surface/surface.key + cp keys/surface.crt fedora/kernel-surface/surface.crt + + - name: Build packages + run: | + cd pkg/fedora/kernel-surface + + # Build the .rpm packages + ../makerpm + + - name: Sign packages + env: + GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }} + run: | + cd pkg/fedora/kernel-surface/out/x86_64 + + # import GPG key + echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes + + # sign packages + rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID" + + - name: Upload artifacts + uses: actions/upload-artifact@v1 + with: + name: fedora-30-latest + path: pkg/fedora/kernel-surface/out/x86_64 + + repo: + name: Update package repository + needs: [build] + runs-on: ubuntu-latest + container: fedora:30 + steps: + - name: Install dependencies + run: | + dnf install -y createrepo_c git + + - name: Checkout repository + uses: actions/checkout@v2 + with: + repository: linux-surface/repo + token: ${{ secrets.GITHUB_BOT_TOKEN }} + fetch-depth: 0 + ref: master + + - name: Download artifacts + uses: actions/download-artifact@v1 + with: + name: fedora-30-latest + + - name: Update repository + env: + GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }} + GIT_REF: ${{ github.ref }} + run: | + cp fedora-30-latest/* fedora/f30/ + rm -r fedora-30-latest + + cd fedora/f30 + createrepo_c --xz --update --verbose . + + # Sign the updated repository + echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes + if [ -f 'repodata/repomd.xml.asc' ]; then + rm repodata/repomd.xml + fi + gpg --detach-sign --batch --no-tty --armor -u $GPG_KEY_ID repodata/repomd.xml + + # Parse git tag from ref + GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g') + + # Convert packages into references + for pkg in $(find . -name '*.rpm'); do + echo "$GIT_TAG/$(basename $pkg)" > $pkg.blob + rm $pkg + done + + - name: Commit and push + uses: github-actions-x/commit@v2.3 + with: + github-token: ${{ secrets.GITHUB_BOT_TOKEN }} + push-branch: master + commit-message: Update f30 kernel + force-add: false + rebase: true + files: fedora/f30/* + name: surfacebot + email: surfacebot@users.noreply.github.com + + release: + name: Publish release + needs: [repo] + runs-on: ubuntu-latest + steps: + - name: Download artifacts + uses: actions/download-artifact@v1 + with: + name: fedora-30-latest + + - name: Upload assets + uses: svenstaro/upload-release-action@v1-release + with: + repo_token: ${{ secrets.GITHUB_BOT_TOKEN }} + file: ./*-latest/* + tag: ${{ github.ref }} + overwrite: true + file_glob: true diff --git a/.github/workflows/fedora-31.yml b/.github/workflows/fedora-31.yml new file mode 100644 index 000000000..b8cffbfd1 --- /dev/null +++ b/.github/workflows/fedora-31.yml @@ -0,0 +1,140 @@ +on: + push: + tags: + - 'fedora-31-*' + +name: Fedora 31 + +env: + GPG_KEY_ID: 56C464BAAC421453 + +jobs: + build: + name: Build Kernel + runs-on: ubuntu-latest + container: fedora:31 + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Install build dependencies + run: | + dnf distro-sync -y + dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)' + dnf builddep -y pkg/fedora/kernel-surface/kernel-surface.spec + + - name: Setup secureboot certificate + env: + SB_KEY: ${{ secrets.SURFACE_SB_KEY }} + run: | + cd pkg + + # Install the surface secureboot certificate + echo "$SB_KEY" | base64 -d > fedora/kernel-surface/surface.key + cp keys/surface.crt fedora/kernel-surface/surface.crt + + - name: Build packages + run: | + cd pkg/fedora/kernel-surface + + # Build the .rpm packages + ../makerpm + + - name: Sign packages + env: + GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }} + run: | + cd pkg/fedora/kernel-surface/out/x86_64 + + # import GPG key + echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes + + # sign packages + rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID" + + - name: Upload artifacts + uses: actions/upload-artifact@v1 + with: + name: fedora-31-latest + path: pkg/fedora/kernel-surface/out/x86_64 + + repo: + name: Update package repository + needs: [build] + runs-on: ubuntu-latest + container: fedora:31 + steps: + - name: Install dependencies + run: | + dnf install -y createrepo_c git + + - name: Checkout repository + uses: actions/checkout@v2 + with: + repository: linux-surface/repo + token: ${{ secrets.GITHUB_BOT_TOKEN }} + fetch-depth: 0 + ref: master + + - name: Download artifacts + uses: actions/download-artifact@v1 + with: + name: fedora-31-latest + + - name: Update repository + env: + GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }} + GIT_REF: ${{ github.ref }} + run: | + cp fedora-31-latest/* fedora/f31/ + rm -r fedora-31-latest + + cd fedora/f31 + createrepo_c --xz --update --verbose . + + # Sign the updated repository + echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes + if [ -f 'repodata/repomd.xml.asc' ]; then + rm repodata/repomd.xml + fi + gpg --detach-sign --batch --no-tty --armor -u $GPG_KEY_ID repodata/repomd.xml + + # Parse git tag from ref + GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g') + + # Convert packages into references + for pkg in $(find . -name '*.rpm'); do + echo "$GIT_TAG/$(basename $pkg)" > $pkg.blob + rm $pkg + done + + - name: Commit and push + uses: github-actions-x/commit@v2.3 + with: + github-token: ${{ secrets.GITHUB_BOT_TOKEN }} + push-branch: master + commit-message: Update f31 kernel + force-add: false + rebase: true + files: fedora/f31/* + name: surfacebot + email: surfacebot@users.noreply.github.com + + release: + name: Publish release + needs: [repo] + runs-on: ubuntu-latest + steps: + - name: Download artifacts + uses: actions/download-artifact@v1 + with: + name: fedora-31-latest + + - name: Upload assets + uses: svenstaro/upload-release-action@v1-release + with: + repo_token: ${{ secrets.GITHUB_BOT_TOKEN }} + file: ./*-latest/* + tag: ${{ github.ref }} + overwrite: true + file_glob: true