From a136d2999af19cb40853a89b4790a01b5d45125a Mon Sep 17 00:00:00 2001
From: Simon Deziel <simon.deziel@canonical.com>
Date: Thu, 8 Feb 2024 09:25:48 -0500
Subject: [PATCH 1/4] github: drop DCO check now that we have the DCO app
 enabled

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
(cherry picked from commit d29f4418e07602052f051f0c1a09b044bc35ac79)
---
 .github/workflows/commits.yml | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/.github/workflows/commits.yml b/.github/workflows/commits.yml
index bacbcb17a..65b474e06 100644
--- a/.github/workflows/commits.yml
+++ b/.github/workflows/commits.yml
@@ -6,23 +6,10 @@ permissions:
   contents: read
 
 jobs:
-  dco-check:
-    permissions:
-      pull-requests: read  # for tim-actions/get-pr-commits to get list of commits from the PR
-    name: Signed-off-by (DCO) and branch target
+  commits:
+    name: Branch target
     runs-on: ubuntu-22.04
     steps:
-    - name: Get PR Commits
-      id: 'get-pr-commits'
-      uses: tim-actions/get-pr-commits@master
-      with:
-        token: ${{ secrets.GITHUB_TOKEN }}
-
-    - name: Check that all commits are signed-off
-      uses: tim-actions/dco@master
-      with:
-        commits: ${{ steps.get-pr-commits.outputs.commits }}
-
     - name: Check branch target
       env:
         TARGET: ${{ github.event.pull_request.base.ref }}

From 2ba69354a2403c3d9441b50563d0cb3d062861e1 Mon Sep 17 00:00:00 2001
From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com>
Date: Mon, 30 Sep 2024 01:35:18 +0000
Subject: [PATCH 2/4] chore(deps): update dependency ubuntu to v24

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
---
 .github/workflows/builds.yml  | 2 +-
 .github/workflows/commits.yml | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml
index d18d8a8c7..dce977d58 100644
--- a/.github/workflows/builds.yml
+++ b/.github/workflows/builds.yml
@@ -33,7 +33,7 @@ jobs:
 
   snap:
     name: Trigger snap build
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     needs: lxd-migrate
     if: ${{ github.repository == 'canonical/lxd-pkg-snap' && github.event_name == 'push' && github.actor != 'dependabot[bot]' }}
     steps:
diff --git a/.github/workflows/commits.yml b/.github/workflows/commits.yml
index 65b474e06..88d14a801 100644
--- a/.github/workflows/commits.yml
+++ b/.github/workflows/commits.yml
@@ -8,7 +8,7 @@ permissions:
 jobs:
   commits:
     name: Branch target
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-24.04
     steps:
     - name: Check branch target
       env:

From 08b824451e27f565978f081a6d097c6bbbd6a0bc Mon Sep 17 00:00:00 2001
From: Simon Deziel <simon.deziel@canonical.com>
Date: Mon, 11 Nov 2024 11:36:31 -0500
Subject: [PATCH 3/4] github: simplify building only on push events

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
---
 .github/workflows/builds.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml
index dce977d58..4125c34b2 100644
--- a/.github/workflows/builds.yml
+++ b/.github/workflows/builds.yml
@@ -1,6 +1,5 @@
 name: Builds
 on:
-  pull_request:
   push:
     branches:
       - 5.0-candidate
@@ -33,9 +32,9 @@ jobs:
 
   snap:
     name: Trigger snap build
-    runs-on: ubuntu-24.04
     needs: lxd-migrate
-    if: ${{ github.repository == 'canonical/lxd-pkg-snap' && github.event_name == 'push' && github.actor != 'dependabot[bot]' }}
+    runs-on: ubuntu-24.04
+    if: ${{ github.repository == 'canonical/lxd-pkg-snap' && github.actor != 'dependabot[bot]' }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v4

From 13261066550287c7da200a1cad28b9131372ba9e Mon Sep 17 00:00:00 2001
From: Simon Deziel <simon.deziel@canonical.com>
Date: Mon, 16 Dec 2024 17:38:46 -0500
Subject: [PATCH 4/4] github: make use of LXD's actions/lp-snap-build in build
 job

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
---
 .github/workflows/builds.yml | 45 +++++++++---------------------------
 1 file changed, 11 insertions(+), 34 deletions(-)

diff --git a/.github/workflows/builds.yml b/.github/workflows/builds.yml
index 4125c34b2..16585ced9 100644
--- a/.github/workflows/builds.yml
+++ b/.github/workflows/builds.yml
@@ -35,52 +35,29 @@ jobs:
     needs: lxd-migrate
     runs-on: ubuntu-24.04
     if: ${{ github.repository == 'canonical/lxd-pkg-snap' && github.actor != 'dependabot[bot]' }}
+    env:
+      SSH_AUTH_SOCK: /tmp/ssh_agent.sock
+      PACKAGE: "lxd"
+      REPO: "git+ssh://lxdbot@git.launchpad.net/~canonical-lxd/lxd"
+      BRANCH: ${{ github.ref_name }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Setup Launchpad SSH access
-        env:
-          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
-          LAUNCHPAD_LXD_BOT_KEY: ${{ secrets.LAUNCHPAD_LXD_BOT_KEY }}
-        run: |
-          set -eux
-          mkdir -m 0700 -p ~/.ssh/
-          ssh-agent -a "${SSH_AUTH_SOCK}" > /dev/null
-          ssh-add - <<< "${{ secrets.LAUNCHPAD_LXD_BOT_KEY }}"
-          ssh-add -L > ~/.ssh/id_ed25519.pub
-          # In ephemeral environments like GitHub Action runners, relying on TOFU isn't providing any security
-          # so require the key obtained by `ssh-keyscan` to match the expected hash from https://help.launchpad.net/SSHFingerprints
-          ssh-keyscan git.launchpad.net >> ~/.ssh/known_hosts
-          ssh-keygen -qlF git.launchpad.net | grep -xF 'git.launchpad.net RSA SHA256:UNOzlP66WpDuEo34Wgs8mewypV0UzqHLsIFoqwe8dYo'
-
-      - name: Install Go
-        uses: actions/setup-go@v5
+      - uses: canonical/lxd/.github/actions/lp-snap-build@main
         with:
-          go-version: 1.22.x
+          ssh-key: "${{ secrets.LAUNCHPAD_LXD_BOT_KEY}}"
 
       - name: Trigger Launchpad snap build
-        env:
-          SSH_AUTH_SOCK: /tmp/ssh_agent.sock
-          TARGET: ${{ github.ref_name }}
         run: |
           set -eux
-          git config --global transfer.fsckobjects true
-          git config --global user.name "Canonical LXD Bot"
-          git config --global user.email "lxd@lists.canonical.com"
-          git config --global commit.gpgsign true
-          git config --global gpg.format "ssh"
-          git config --global user.signingkey ~/.ssh/id_ed25519.pub
           localRev="$(git rev-parse HEAD)"
-          go install github.com/canonical/lxd-ci/lxd-snapcraft@latest
-          git clone -b "${TARGET}" git+ssh://lxdbot@git.launchpad.net/~canonical-lxd/lxd ~/lxd-pkg-snap-lp
           # XXX: `originVer` contains an array with the 2 versions
-          originVer=($(lxd-snapcraft -package lxd -get-version -file snapcraft.yaml))
-          rsync -a --exclude .git --delete . ~/lxd-pkg-snap-lp/
-          cd ~/lxd-pkg-snap-lp
+          originVer=($(lxd-snapcraft -package "${PACKAGE}" -get-version -file snapcraft.yaml))
+          rsync -a --exclude .git --delete . ~/"${PACKAGE}-pkg-snap-lp"/
+          cd ~/"${PACKAGE}-pkg-snap-lp"
           lxd-snapcraft -package lxd -set-version "${originVer[0]}-${localRev:0:7}" -set-source-commit ""
           git add --all
-          git commit --all --quiet -s --allow-empty -m "Automatic upstream build (${TARGET})" -m "Upstream commit: ${localRev}"
+          git commit --all --quiet -s --allow-empty -m "Automatic upstream build (${BRANCH})" -m "Upstream commit: ${localRev}"
           git show
           git push --quiet
-