Update fc builds #3170
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - 'master' | |
| - 'release/*' | |
| - 'rpm/test/*' | |
| tags: | |
| - 'v*' | |
| pull_request: | |
| branches: | |
| - 'master' | |
| - 'release/*' | |
| name: RPM | |
| jobs: | |
| config: | |
| name: Load configuration | |
| runs-on: ubuntu-20.04 | |
| outputs: | |
| matrix: ${{ steps.set-matrix.outputs.matrix }} | |
| is-copr-enabled: ${{ steps.is-copr-enabled.outputs.defined }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.ref }} | |
| - name: Load config matrix | |
| id: set-matrix | |
| run: | | |
| echo "::set-output name=matrix::$(cat .github/rpm-matrix.json | tr -d '\n' | tr -d ' ')" | |
| - name: Copr token discovery | |
| id: is-copr-enabled | |
| if: "${{ env.COPR_KEY != '' }}" | |
| run: echo "::set-output name=defined::true" | |
| env: | |
| COPR_KEY: ${{ secrets.COPR_API_LOGIN }} | |
| source0: | |
| name: Vendor Source0 | |
| container: registry.fedoraproject.org/fedora:38 | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Install deps | |
| run: dnf install -y git make python3 | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.ref }} | |
| fetch-depth: 0 | |
| - name: Mark as git safe | |
| run: | | |
| git config --global --add safe.directory $GITHUB_WORKSPACE | |
| - name: Generate build info | |
| run: | | |
| scripts/build-info.py --git | |
| git add -f fapolicy_analyzer/resources/build-info.json | |
| git config user.name 'CI' | |
| git config user.email '<>' | |
| git commit -m build-info | |
| - name: Vendor | |
| run: | | |
| make -f .copr/Makefile vendor-app spec=fapolicy-analyzer.spec | |
| - name: Rename source0 with prerelease version | |
| if: endsWith(github.ref, '/master') | |
| run: | | |
| spec_version=$(grep "Version:" fapolicy-analyzer.spec | tr -s ' ' | cut -d' ' -f2) | |
| commit_number=$(git rev-list HEAD~1 --count) | |
| patched_version="$spec_version~dev${commit_number}" | |
| mv fapolicy-analyzer-${spec_version}.tar.gz fapolicy-analyzer-${patched_version}.tar.gz | |
| - name: Rename source0 with pull request version | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| spec_version=$(grep "Version:" fapolicy-analyzer.spec | tr -s ' ' | cut -d' ' -f2) | |
| pr_number=${{ github.event.pull_request.number }} | |
| patched_version="0.0.${pr_number}" | |
| mv fapolicy-analyzer-${spec_version}.tar.gz fapolicy-analyzer-${patched_version}.tar.gz | |
| - name: Upload | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: source0 | |
| path: | | |
| fapolicy-analyzer-*.tar.gz | |
| - name: Checksum | |
| run: | | |
| sha256sum fapolicy-analyzer-*.tar.gz | |
| srpm: | |
| needs: [ config, source0 ] | |
| name: SRPM Build ${{ matrix.props.dist }} | |
| container: ${{ matrix.props.image }} | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| matrix: ${{ fromJson(needs.config.outputs.matrix) }} | |
| steps: | |
| - name: Enable EPEL | |
| if: startsWith(matrix.props.dist, 'el') | |
| run: | | |
| dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-${{ matrix.props.version }}.noarch.rpm | |
| - name: Install Git | |
| run: dnf install -y git | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.ref }} | |
| fetch-depth: 0 | |
| - name: Strip ref to tag | |
| id: tag_name | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: echo ::set-output name=VERSION::$(echo $GITHUB_REF | cut -d/ -f3) | |
| - name: Mark as git safe | |
| run: | | |
| git config --global --add safe.directory $GITHUB_WORKSPACE | |
| - name: Ensure spec version matches tag | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| spec_version=$(grep "Version:" ${{ matrix.props.spec }} | tr -s ' ' | cut -d' ' -f2) | |
| tag="${{ steps.tag_name.outputs.VERSION }}" | |
| tag_version="${tag#v}" | |
| echo "Got version $tag_version from git tag $tag" | |
| if [[ "$tag_version" == *-rc* ]] && [[ "$spec_version" != *~rc* ]]; then | |
| echo "The spec version ($spec_version) prerelease tag does not agree with git ($tag_version)" | |
| exit 1 | |
| fi | |
| normalized_spec_version=$(echo "$spec_version" | tr "~" "-") | |
| if [[ ! "$tag_version" == "$normalized_spec_version" ]]; then | |
| echo "The spec version ($normalized_spec_version) does not agree with git ($tag_version)" | |
| exit 2 | |
| fi | |
| echo "The spec version $spec_version is correct based on git tag $tag" | |
| - name: Patch spec with prerelease version | |
| if: endsWith(github.ref, '/master') | |
| run: | | |
| spec_version=$(grep "Version:" ${{ matrix.props.spec }} | tr -s ' ' | cut -d' ' -f2) | |
| commit_number=$(git rev-list HEAD --count) | |
| patched_version="$spec_version~dev${commit_number}" | |
| sed -i "s#Version:\s*${spec_version}#Version: ${patched_version}#" ${{ matrix.props.spec }} | |
| grep Version ${{ matrix.props.spec }} | |
| - name: Patch spec with pull request version | |
| if: github.event_name == 'pull_request' | |
| run: | | |
| spec_version=$(grep "Version:" ${{ matrix.props.spec }} | tr -s ' ' | cut -d' ' -f2) | |
| pr_number=${{ github.event.pull_request.number }} | |
| patched_version="0.0.${pr_number}" | |
| sed -i "s#Version:\s*${spec_version}#Version: ${patched_version}#" ${{ matrix.props.spec }} | |
| grep Version ${{ matrix.props.spec }} | |
| - name: Install RPM build dependencies | |
| run: | | |
| dnf install -y make rpm rpmdevtools dnf-plugins-core | |
| - name: Install SRPM build dependencies | |
| run: | | |
| make -f .copr/Makefile dnf OS_ID=${{ matrix.props.platform }} | |
| - name: Fetch Source0 tarball | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: source0 | |
| path: /tmp/rpmbuild/SOURCES/ | |
| - name: Mark as git safe | |
| run: | | |
| git config --global --add safe.directory $GITHUB_WORKSPACE | |
| - name: Generate doc tag | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| run: | | |
| echo "${{ steps.tag_name.outputs.VERSION }}" > help/version | |
| cat help/version | |
| - name: Build SRPM | |
| run: | | |
| make -f .copr/Makefile \ | |
| vendor build export \ | |
| outdir=/tmp/archives \ | |
| spec=${{ matrix.props.spec }} \ | |
| OS_ID=${{ matrix.props.platform }} | |
| - name: Export common tarballs | |
| run: | | |
| mkdir -p /tmp/archives | |
| mv vendor-docs-*.tar.gz /tmp/archives | |
| env: | |
| PLATFORM: ${{ matrix.props.dist }} | |
| - name: Export el tarballs | |
| if: startsWith(matrix.props.dist, 'el') | |
| run: | | |
| version=$(grep "Version:" ${{ matrix.props.spec }} | tr -s ' ' | cut -d' ' -f2) | |
| mv vendor-rs-${version}.tar.gz /tmp/archives/ | |
| - name: Upload SourceX | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: tarball-artifacts | |
| path: | | |
| /tmp/archives/*.tar.gz | |
| - name: Upload SRPMs | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: srpm-artifacts | |
| path: | | |
| /tmp/archives/*.src.rpm | |
| - name: Checksum artifacts | |
| run: | | |
| sha256sum /tmp/archives/* || true | |
| copr: | |
| needs: [ config, srpm ] | |
| name: Copr Build ${{ matrix.props.dist }} | |
| if: needs.config.outputs.is-copr-enabled == 'true' | |
| container: 'rockylinux:8.6' | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| matrix: ${{ fromJson(needs.config.outputs.matrix) }} | |
| steps: | |
| - name: Install Copr CLI | |
| run: | | |
| dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm | |
| dnf install -y copr-cli | |
| - name: Download srpm artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: srpm-artifacts | |
| path: /tmp/ | |
| - name: Checksum artifacts | |
| run: | | |
| sha256sum /tmp/*.src.rpm | |
| - name: Install Config | |
| run: | | |
| mkdir -p $HOME/.config | |
| echo "[copr-cli]" > $HOME/.config/copr | |
| echo "username = ${COPR_USER}" >> $HOME/.config/copr | |
| echo "login = ${COPR_LOGIN}" >> $HOME/.config/copr | |
| echo "token = ${COPR_TOKEN}" >> $HOME/.config/copr | |
| echo "copr_url = https://copr.fedorainfracloud.org" >> $HOME/.config/copr | |
| env: | |
| COPR_USER: ${{ secrets.COPR_API_USER }} | |
| COPR_LOGIN: ${{ secrets.COPR_API_LOGIN }} | |
| COPR_TOKEN: ${{ secrets.COPR_API_TOKEN }} | |
| - name: build | |
| run: | | |
| copr-cli build --chroot ${{ matrix.props.chroot }} fapolicy-analyzer /tmp/fapolicy-analyzer-*.${{ matrix.props.dist }}.src.rpm | |
| rpm: | |
| needs: [ config, srpm ] | |
| name: Rebuild ${{ matrix.props.dist }} | |
| container: ${{ matrix.props.image }} | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| matrix: ${{ fromJson(needs.config.outputs.matrix )}} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.ref }} | |
| - name: Download srpm artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: srpm-artifacts | |
| path: /tmp/src/ | |
| - name: Checksum artifacts | |
| run: | | |
| sha256sum /tmp/src/* | |
| - name: Enable EPEL | |
| if: startsWith(matrix.props.dist, 'el') | |
| run: | | |
| dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-${{ matrix.props.version }}.noarch.rpm | |
| - name: Install RPM build dependencies | |
| run: | | |
| dnf install -y make rpm rpmdevtools dnf-plugins-core | |
| - name: Rebuild SRPM | |
| run: | | |
| dnf builddep -y ${{ matrix.props.spec }} | |
| rpmbuild --rebuild /tmp/src/fapolicy-analyzer-*.${{ matrix.props.dist }}.src.rpm | |
| - name: Export RPMs | |
| run: | | |
| mkdir -p /tmp/archives | |
| ls | grep -v debug | xargs mv -t /tmp/archives | |
| working-directory: /github/home/rpmbuild/RPMS/x86_64 | |
| - name: Upload RPMs | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: rpm-artifacts | |
| path: | | |
| /tmp/archives/*.x86_64.rpm | |
| install: | |
| needs: [ config, srpm, rpm ] | |
| name: Install ${{ matrix.props.dist }} | |
| container: ${{ matrix.props.image }} | |
| runs-on: ubuntu-20.04 | |
| strategy: | |
| matrix: ${{ fromJson(needs.config.outputs.matrix )}} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.ref }} | |
| - name: Download rpm artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: rpm-artifacts | |
| path: /tmp/src/ | |
| - name: Checksum artifacts | |
| run: | | |
| sha256sum /tmp/src/* | |
| - name: Enable EPEL | |
| if: startsWith(matrix.props.dist, 'el') | |
| run: | | |
| dnf install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-${{ matrix.props.version }}.noarch.rpm | |
| - name: Install RPM | |
| run: | | |
| dnf install -y /tmp/src/fapolicy-analyzer-*.${{ matrix.props.dist }}.x86_64.rpm | |
| - name: Check RPM | |
| run: | | |
| rpm -qa --dump fapolicy-analyzer | |
| rpm -q fapolicy-analyzer | |
| publish: | |
| needs: [ srpm, rpm, install, copr ] | |
| name: Publish | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| with: | |
| ref: ${{ github.ref }} | |
| - name: Download artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| path: /tmp/archives/ | |
| - name: Release artifacts | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| tag_name: ${{ steps.tag_name.outputs.VERSION }} | |
| prerelease: ${{ startsWith(github.ref, 'refs/tags/v0') || contains(github.ref, 'rc') }} | |
| draft: true | |
| files: | | |
| fapolicy-analyzer.spec | |
| /tmp/archives/source0/*.tar.gz | |
| /tmp/archives/rpm-artifacts/*.rpm | |
| /tmp/archives/srpm-artifacts/*.src.rpm | |
| /tmp/archives/tarball-artifacts/*.tar.gz |