From e31fc118d0fd70f8f9a65ce27a3134de7fa1ff13 Mon Sep 17 00:00:00 2001 From: Luchesar ILIEV Date: Tue, 22 Oct 2024 17:42:29 +0300 Subject: [PATCH] archzfs: add package and GitHub workflows --- .github/dependabot.yml | 12 ++ .github/workflows/ci.yml | 202 +++++++++++++++++++++++++ .github/workflows/coverage-comment.yml | 29 ++++ package/PKGBUILD | 28 ++++ package/archzfs-keyring.install | 25 +++ 5 files changed, 296 insertions(+) create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/ci.yml create mode 100644 .github/workflows/coverage-comment.yml create mode 100644 package/PKGBUILD create mode 100644 package/archzfs-keyring.install diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..a36e803 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +--- +version: 2 +updates: + + # Maintain dependencies for GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "monthly" + assignees: + - "Doridian" + - "kerberizer" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..13d8945 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,202 @@ +--- +name: CI + +on: # yamllint disable-line rule:truthy + push: + branches: + - master + paths: + - .github/workflows/** + - Makefile + - keyring/** + - keyringctl + - libkeyringctl/** + - package/** + - tests/** + pull_request: + branches: + - master + paths: + - .github/workflows/** + - Makefile + - keyring/** + - keyringctl + - libkeyringctl/** + - package/** + - tests/** + +jobs: + + lint: + + runs-on: ubuntu-latest + container: archlinux:latest + + steps: + + - name: Install dependencies + env: + packages: > + flake8 + git + make + mypy + python-black + python-isort + run: | + pacman-key --init + pacman -Syu --needed --noconfirm ${packages} + + - name: Checkout the repository + uses: actions/checkout@v4.2.1 + + - name: Run lint + run: make lint + + test: + + runs-on: ubuntu-latest + container: archlinux:latest + + steps: + + - name: Install dependencies + env: + packages: > + git + make + python + python-coverage + python-pytest + python-tomli + sequoia-sq + run: | + pacman-key --init + pacman -Syu --needed --noconfirm ${packages} + + - name: Checkout the repository + uses: actions/checkout@v4.2.1 + + - name: Run tests + run: make test + + - name: Store the coverage report + uses: actions/upload-artifact@v4.4.3 + with: + include-hidden-files: true + name: coverage-report + path: .coverage + + coverage: + + runs-on: ubuntu-latest + needs: test + permissions: + pull-requests: write + contents: write + + steps: + + - name: Checkout the repository + uses: actions/checkout@v4.2.1 + + - name: Retrieve the coverage reports + uses: actions/download-artifact@v4.1.8 + with: + merge-multiple: true + name: coverage-report + + - name: Process the coverage reports + id: coverage_processing + uses: py-cov-action/python-coverage-comment-action@v3.29 + with: + COVERAGE_DATA_BRANCH: 'COVERAGE-REPORT' + GITHUB_TOKEN: ${{ github.token }} + + - name: Store the pull request coverage comment for later posting + if: steps.coverage_processing.outputs.COMMENT_FILE_WRITTEN == 'true' + uses: actions/upload-artifact@v4.4.3 + with: + name: python-coverage-comment-action + path: python-coverage-comment-action.txt + + build: + + runs-on: ubuntu-latest + container: archlinux:latest + + steps: + + - name: Install dependencies + env: + packages: > + git + make + pkgconf + python + sequoia-sq + systemd + run: | + pacman-key --init + pacman -Syu --needed --noconfirm ${packages} + + - name: Checkout repository + uses: actions/checkout@v4.2.1 + + - name: Build and install + run: | + make + make install PREFIX=/usr + + keyring_check: + + runs-on: ubuntu-latest + container: archlinux:latest + + steps: + + - name: Install dependencies + env: + packages: > + git + make + python + sequoia-sq + run: | + pacman-key --init + pacman -Syu --needed --noconfirm ${packages} + + - name: Checkout repository + uses: actions/checkout@v4.2.1 + + - name: Check keyring + run: | + chown root:root . + ./keyringctl check + ./keyringctl ci + + package: + + runs-on: ubuntu-latest + container: archlinux:base-devel + + steps: + + - name: Install dependencies + run: | + pacman-key --init + pacman -Syu --needed --noconfirm git + + - name: Checkout repository + uses: actions/checkout@v4.2.1 + + - name: Set up build user + run: | + groupadd -r packager + useradd -g packager -mr packager + echo "packager ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers + + - name: Build package + run: | + chown -R packager:packager . + sudo -u packager makepkg --dir package --noconfirm --skipinteg --syncdeps diff --git a/.github/workflows/coverage-comment.yml b/.github/workflows/coverage-comment.yml new file mode 100644 index 0000000..2663607 --- /dev/null +++ b/.github/workflows/coverage-comment.yml @@ -0,0 +1,29 @@ +--- +name: Post a coverage report comment on pull requests + +on: # yamllint disable-line rule:truthy + workflow_run: + workflows: + - 'CI' + types: + - 'completed' + +jobs: + + comment: + + runs-on: ubuntu-latest + if: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' + permissions: + pull-requests: write + contents: write + actions: read + + steps: + + - name: Post the stored pull request coverage comment + uses: py-cov-action/python-coverage-comment-action@v3.29 + with: + COVERAGE_DATA_BRANCH: 'COVERAGE-REPORT' + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GITHUB_PR_RUN_ID: ${{ github.event.workflow_run.id }} diff --git a/package/PKGBUILD b/package/PKGBUILD new file mode 100644 index 0000000..bc4b8e4 --- /dev/null +++ b/package/PKGBUILD @@ -0,0 +1,28 @@ +pkgname=archzfs-keyring +pkgver=20241022 +pkgrel=1 +pkgdesc='ArchZFS PGP keyring' +arch=('any') +url='https://github.com/archzfs/archzfs-keyring' +license=('GPL-3.0-or-later') +install=$pkgname.install +depends=('pacman') +makedepends=('git' 'python' 'sequoia-sq' 'pkgconf' 'systemd') +checkdepends=('python-coverage' 'python-pytest') +source=("archzfs-keyring::git+file://$(pwd)/..") + +build() { + cd "${pkgname}" + make build +} + +check() { + cd "${pkgname}" + make check +} + +package() { + cd "${pkgname}" + make PREFIX='/usr' DESTDIR="${pkgdir}" install +} + diff --git a/package/archzfs-keyring.install b/package/archzfs-keyring.install new file mode 100644 index 0000000..6206195 --- /dev/null +++ b/package/archzfs-keyring.install @@ -0,0 +1,25 @@ +#!/usr/bin/env sh + +populate_archzfs() { + if usr/bin/pacman-key -l >/dev/null 2>&1; then + usr/bin/pacman-key --populate archzfs + fi +} + +post_upgrade() { + # Older versions of pacman (before 6.1.0) disabled locking by default: + # https://gitlab.archlinux.org/pacman/pacman/-/commit/1d1bb6fa1a8247242fbdd226f50265a278a12ac8 + # + # This still causes lots of problems, so force to remove that option. + if grep -qx 'lock-never' etc/pacman.d/gnupg/gpg.conf 2>/dev/null; then + sed -i '/^lock-never$/d' etc/pacman.d/gnupg/gpg.conf + fi + + populate_archzfs +} + +post_install() { + if [ -x usr/bin/pacman-key ]; then + populate_archzfs + fi +}