diff --git a/.github/workflows/fedora-38.yml b/.github/workflows/fedora-38.yml new file mode 100644 index 000000000..dc44f8074 --- /dev/null +++ b/.github/workflows/fedora-38.yml @@ -0,0 +1,134 @@ +on: + push: + tags: + - 'fedora-38-*' + +name: Fedora 38 + +env: + GPG_KEY_ID: 56C464BAAC421453 + +jobs: + build: + name: Build Kernel + runs-on: ubuntu-latest + container: + image: registry.fedoraproject.org/fedora:38 + options: --security-opt seccomp=unconfined + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Install build dependencies + run: | + dnf distro-sync -y + dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)' + dnf builddep -y pkg/fedora/kernel-surface/kernel-surface.spec + + - name: Setup secureboot certificate + env: + SB_KEY: ${{ secrets.SURFACE_SB_KEY }} + run: | + cd pkg + + # Install the surface secureboot certificate + echo "$SB_KEY" | base64 -d > fedora/kernel-surface/surface.key + cp keys/surface.crt fedora/kernel-surface/surface.crt + + - name: Build packages + run: | + cd pkg/fedora/kernel-surface + + # Build the .rpm packages + ../makerpm -- --with=signkernel -ba + + - name: Sign packages + env: + GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }} + run: | + cd pkg/fedora/kernel-surface/out/x86_64 + + # import GPG key + echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes + + # sign packages + rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID" + + - name: Upload artifacts + uses: actions/upload-artifact@v3 + with: + name: fedora-38-latest + path: pkg/fedora/kernel-surface/out/x86_64 + + release: + name: Publish release + needs: [build] + runs-on: ubuntu-latest + steps: + - name: Download artifacts + uses: actions/download-artifact@v3 + with: + name: fedora-38-latest + path: fedora-38-latest + + - name: Upload assets + uses: svenstaro/upload-release-action@v2 + with: + repo_token: ${{ secrets.GITHUB_BOT_TOKEN }} + file: ./*-latest/* + tag: ${{ github.ref }} + overwrite: true + file_glob: true + + repo: + name: Update package repository + needs: [release] + runs-on: ubuntu-latest + container: + image: fedora:38 + options: --security-opt seccomp=unconfined + steps: + - name: Install dependencies + run: | + dnf install -y git findutils + + - name: Download artifacts + uses: actions/download-artifact@v3 + with: + name: fedora-38-latest + path: fedora-38-latest + + - name: Update repository + env: + SURFACEBOT_TOKEN: ${{ secrets.GITHUB_BOT_TOKEN }} + BRANCH_STAGING: u/staging + GIT_REF: ${{ github.ref }} + run: | + repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git" + + # clone package repository + git clone -b "${BRANCH_STAGING}" "${repo}" repo + + # copy packages + cp fedora-38-latest/* repo/fedora/f38 + cd repo/fedora/f38 + + # parse git tag from ref + GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g') + + # convert packages into references + for pkg in $(find . -name '*.rpm'); do + echo "linux-surface:$GIT_TAG/$(basename $pkg)" > $pkg.blob + rm $pkg + done + + # set git identity + git config --global user.email "surfacebot@users.noreply.github.com" + git config --global user.name "surfacebot" + + # commit and push + update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" + git checkout -b "${update_branch}" + git add . + git commit -m "Update Fedora 38 kernel" + git push --set-upstream origin "${update_branch}" diff --git a/pkg/fedora/kernel-surface/kernel-surface.spec b/pkg/fedora/kernel-surface/kernel-surface.spec index b8289d0f5..7cff2bcfe 100755 --- a/pkg/fedora/kernel-surface/kernel-surface.spec +++ b/pkg/fedora/kernel-surface/kernel-surface.spec @@ -2,15 +2,18 @@ # Definitions to configure the kernel we want to build # +%global kernel_tag_fc38 kernel-6.2.10-300.fc38 %global kernel_tag_fc37 kernel-6.2.10-200.fc37 %global kernel_tag_fc36 kernel-6.2.10-100.fc36 +%global kernel_release_fc38 1 %global kernel_release_fc37 1 %global kernel_release_fc36 1 # This is what is printed in the GRUB menu. These cannot be fetched from the # buildhost, because in a container this will also say container. To get the # same text as the default kernels, just hardcode it. Hey, this is important! +%global fedora_title_fc37 38 (Thirty Eight) %global fedora_title_fc37 37 (Thirty Seven) %global fedora_title_fc36 36 (Thirty Six)