diff --git a/.copr/Makefile b/.copr/Makefile index 4b2668121c..a0df8510da 100644 --- a/.copr/Makefile +++ b/.copr/Makefile @@ -2,7 +2,9 @@ outdir ?= $(PWD) +COPR_DIR := $(dir $(lastword $(MAKEFILE_LIST))) + srpm: - $(dir $(lastword $(MAKEFILE_LIST)))/make-srpm.sh $(outdir) + $(COPR_DIR)/../scripts/make-srpm.sh $(outdir) .PHONY: srpm diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 531f07b99b..ad11927538 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,32 +14,3 @@ jobs: - run: make -j $(nproc) policy - run: make -j $(nproc) validate - run: make -j $(nproc) container.pp - build-rpm: - runs-on: ubuntu-latest - container: - image: fedora:rawhide - options: --security-opt seccomp=unconfined - steps: - - run: dnf install --nogpgcheck -y make git-core rpm-build 'dnf-command(builddep)' - - uses: actions/checkout@v3 - # https://github.blog/2022-04-12-git-security-vulnerability-announced/ - - run: git config --global --add safe.directory "$PWD" - - run: make -C .copr srpm outdir="$PWD" - - name: Store the SRPM as an artifact - uses: actions/upload-artifact@v2 - with: - name: srpm - path: "*.src.rpm" - - run: | - if grep -q rawhide /etc/os-release; then - tag=rawhide - else - tag='f$releasever-build' - fi - dnf builddep --nogpgcheck --repofrompath "koji,https://kojipkgs.fedoraproject.org/repos/$tag/latest/\$arch/" -y *.src.rpm - - run: rpmbuild --define "_topdir $PWD/rpmbuild" -rb *.src.rpm - - name: Store binary RPMs as artifacts - uses: actions/upload-artifact@v2 - with: - name: rpms - path: rpmbuild/RPMS diff --git a/packit.yaml b/packit.yaml new file mode 100644 index 0000000000..005b7679f1 --- /dev/null +++ b/packit.yaml @@ -0,0 +1,22 @@ +# See https://packit.dev/docs/configuration/ + +specfile_path: tmp/rpm/selinux-policy.spec + +actions: + post-upstream-clone: + - mkdir -p tmp/rpm + - scripts/make-sources.sh tmp/rpm + create-archive: sh -c 'ls tmp/rpm/selinux-policy*.tar.gz' + +jobs: + - job: copr_build + trigger: pull_request + targets: + - fedora-development + - fedora-latest-stable + + - job: tests + trigger: pull_request + targets: + - fedora-development + - fedora-latest-stable diff --git a/.copr/make-srpm.sh b/scripts/make-sources.sh similarity index 57% rename from .copr/make-srpm.sh rename to scripts/make-sources.sh index b125fcb91a..afe9e5fa7e 100755 --- a/.copr/make-srpm.sh +++ b/scripts/make-sources.sh @@ -1,5 +1,7 @@ #!/bin/bash +# Prepare sources for an SRPM build + set -eux outdir="$1"; shift @@ -12,8 +14,6 @@ DISTGIT_REF=rawhide CONTAINER_URL=https://github.com/containers/container-selinux EXPANDER_URL=https://github.com/fedora-selinux/macro-expander -rpm -q rpm-build git-core || dnf install -y rpm-build git-core - base_head_id="$(git -C "$rootdir" rev-parse HEAD)" base_short_head_id="${base_head_id:0:7}" base_date="$(TZ=UTC git show -s --format=%cd --date=format-local:%F_%T HEAD | tr -d :-)" @@ -24,29 +24,19 @@ trap 'rm -rf "$tmpdir"' EXIT container_dir="$tmpdir/container-selinux" expander_dir="$tmpdir/macro-expander" -rpmbuild_dir="$tmpdir/rpmbuild" -distgit_dir="$tmpdir/rpmbuild/SOURCES" - -mkdir -p "$distgit_dir" git clone --single-branch --depth 1 "$CONTAINER_URL" "$container_dir" git clone --single-branch --depth 1 "$EXPANDER_URL" "$expander_dir" -git clone -b "$DISTGIT_REF" --single-branch --depth 1 "$DISTGIT_URL" "$distgit_dir" +git clone -b "$DISTGIT_REF" --single-branch --depth 1 "$DISTGIT_URL" "$outdir" git -C "$rootdir" archive --prefix="selinux-policy-$base_head_id/" --format tgz HEAD \ - >"$distgit_dir/selinux-policy-$base_short_head_id.tar.gz" + >"$outdir/selinux-policy-$base_short_head_id.tar.gz" -tar -C "$container_dir" -czf "$distgit_dir/container-selinux.tgz" \ +tar -C "$container_dir" -czf "$outdir/container-selinux.tgz" \ container.if container.te container.fc -cp "$expander_dir/macro-expander.sh" "$distgit_dir/macro-expander" - -( - cd "$distgit_dir" - sed -i "s/%global commit [^ ]*$/%global commit $base_head_id/" selinux-policy.spec - sed -i "s/%{?dist}/.$base_date.$base_short_head_id%{?dist}/" selinux-policy.spec - rm -f sources - rpmbuild --define "_topdir $rpmbuild_dir" -bs selinux-policy.spec -) +cp "$expander_dir/macro-expander.sh" "$outdir/macro-expander" -cp "$rpmbuild_dir/SRPMS/"*.src.rpm "$outdir" +sed -i "s/%global commit [^ ]*$/%global commit $base_head_id/; + s/%{?dist}/.$base_date.$base_short_head_id%{?dist}/" "$outdir/selinux-policy.spec" +rm -f "$outdir/sources" diff --git a/scripts/make-srpm.sh b/scripts/make-srpm.sh new file mode 100755 index 0000000000..2f1b597548 --- /dev/null +++ b/scripts/make-srpm.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# Make an SRPM for COPR + +set -eux + +outdir="$1"; shift + +rootdir="$(realpath -m "$0/../..")" + +rpm -q rpm-build git-core || dnf install -y rpm-build git-core + +tmpdir="$(mktemp -d)" + +trap 'rm -rf "$tmpdir"' EXIT + +rpmbuild_dir="$tmpdir" +distgit_dir="$tmpdir/SOURCES" + +mkdir -p "$distgit_dir" + +"$rootdir/scripts/make-sources.sh" "$distgit_dir" + +rpmbuild --define "_topdir $rpmbuild_dir" -bs "$distgit_dir/selinux-policy.spec" +cp "$rpmbuild_dir/SRPMS/"*.src.rpm "$outdir"