pkg: Bump version #154
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- master | |
- feature/ci | |
tags: | |
- v[0-9]+.* | |
- testing-ci.* | |
pull_request: | |
jobs: | |
lint: | |
name: Clippy | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install dependencies | |
run: | | |
sudo apt-get -y update | |
sudo apt-get -y install libudev-dev | |
- name: Install rust | |
run: | | |
rustup update stable && rustup default stable | |
rustup component add clippy | |
- name: Run clippy | |
run: cargo clippy --all --all-features -- -Dwarnings | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
toolchain: [stable, nightly] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install dependencies | |
run: | | |
sudo apt-get -y update | |
sudo apt-get -y install libudev-dev | |
- name: Install rust | |
run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }} | |
- name: Build | |
run: cargo build --all | |
- name: Test | |
run: cargo test --all | |
build-bin: | |
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') | |
name: Build binary package | |
runs-on: ubuntu-20.04 | |
needs: [lint, test] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install dependencies | |
run: | | |
sudo apt-get -y update | |
sudo apt-get -y install libudev-dev | |
- name: Install rust | |
run: rustup update stable && rustup default stable | |
- name: Build package | |
run: ./pkg/bin/makebin | |
- name: Prepare release | |
run: mkdir release && mv pkg/bin/*.tar.xz release | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: binary-latest | |
path: release | |
build-deb: | |
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') | |
name: Build deb package | |
runs-on: ubuntu-20.04 | |
needs: [lint, test] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install dependencies | |
run: | | |
sudo apt-get -y update | |
sudo apt-get -y install libudev-dev | |
sudo apt-get -y install debhelper fakeroot dpkg-sig | |
- name: Install rust | |
run: rustup update stable && rustup default stable | |
- name: Build package | |
run: ./pkg/deb/makedeb | |
- name: Sign package | |
env: | |
GPG_KEY_ID: 56C464BAAC421453 | |
GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }} | |
run: | | |
# import GPG key | |
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes | |
export GPG_TTY=$(tty) | |
# sign package | |
cd pkg/deb && dpkg-sig -g "--batch --no-tty" --sign builder -k $GPG_KEY_ID ./*.deb | |
- name: Prepare release | |
run: mkdir release && mv pkg/deb/*.deb release | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: debian-latest | |
path: release | |
build-f39: | |
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') | |
name: Build Fedora 39 package | |
runs-on: ubuntu-latest | |
needs: [lint, test] | |
container: | |
image: registry.fedoraproject.org/fedora:39 | |
options: --security-opt seccomp=unconfined | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install build dependencies | |
run: | | |
dnf distro-sync -y | |
dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)' | |
dnf builddep -y pkg/fedora/surface-control.spec | |
- name: Build package | |
run: | | |
cd pkg/fedora | |
# Build the .rpm packages | |
./makerpm | |
- name: Sign packages | |
env: | |
GPG_KEY_ID: 56C464BAAC421453 | |
GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }} | |
run: | | |
cd pkg/fedora/out/x86_64 | |
# import GPG key | |
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes | |
# sign package | |
rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID" | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fedora-39-latest | |
path: pkg/fedora/out/x86_64 | |
build-f40: | |
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') | |
name: Build Fedora 40 package | |
runs-on: ubuntu-latest | |
needs: [lint, test] | |
container: | |
image: registry.fedoraproject.org/fedora:40 | |
options: --security-opt seccomp=unconfined | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install build dependencies | |
run: | | |
dnf distro-sync -y | |
dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)' | |
dnf builddep -y pkg/fedora/surface-control.spec | |
- name: Build package | |
run: | | |
cd pkg/fedora | |
# Build the .rpm packages | |
./makerpm | |
- name: Sign packages | |
env: | |
GPG_KEY_ID: 56C464BAAC421453 | |
GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }} | |
run: | | |
cd pkg/fedora/out/x86_64 | |
# import GPG key | |
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes | |
# sign package | |
rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID" | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fedora-40-latest | |
path: pkg/fedora/out/x86_64 | |
build-f41: | |
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') | |
name: Build Fedora 41 package | |
runs-on: ubuntu-latest | |
needs: [lint, test] | |
container: | |
image: registry.fedoraproject.org/fedora:41 | |
options: --security-opt seccomp=unconfined | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install build dependencies | |
run: | | |
dnf distro-sync -y | |
dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)' | |
dnf builddep -y pkg/fedora/surface-control.spec | |
- name: Build package | |
run: | | |
cd pkg/fedora | |
# Build the .rpm packages | |
./makerpm | |
- name: Sign packages | |
env: | |
GPG_KEY_ID: 56C464BAAC421453 | |
GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }} | |
run: | | |
cd pkg/fedora/out/x86_64 | |
# import GPG key | |
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes | |
# sign package | |
rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID" | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fedora-41-latest | |
path: pkg/fedora/out/x86_64 | |
release: | |
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') | |
name: Publish release | |
needs: [build-bin, build-deb, build-f39, build-f40, build-f41] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download binary artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: binary-latest | |
path: binary-latest | |
- name: Download Debian artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: debian-latest | |
path: debian-latest | |
- name: Download Fedora 39 artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: fedora-39-latest | |
path: fedora-39-latest | |
- name: Download Fedora 40 artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: fedora-40-latest | |
path: fedora-40-latest | |
- name: Download Fedora 41 artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: fedora-41-latest | |
path: fedora-41-latest | |
- name: Upload assets | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
file: ./*-latest/* | |
tag: ${{ github.ref }} | |
overwrite: true | |
file_glob: true | |
repo-deb: | |
name: Update Debian package repository | |
needs: [release] | |
runs-on: ubuntu-latest | |
container: debian:sid | |
steps: | |
- name: Install dependencies | |
run: | | |
apt-get update | |
apt-get install -y git | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: debian-latest | |
path: debian-latest | |
- name: Update repository | |
env: | |
SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }} | |
BRANCH_STAGING: u/staging | |
GIT_REF: ${{ github.ref }} | |
run: | | |
repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git" | |
# clone package repository | |
git clone -b "${BRANCH_STAGING}" "${repo}" repo | |
# copy packages | |
cp debian-latest/* repo/debian/ | |
cd repo/debian | |
# parse git tag from ref | |
GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g') | |
# convert packages into references | |
for pkg in $(find . -name '*.deb'); do | |
echo "surface-control:$GIT_TAG/$(basename $pkg)" > $pkg.blob | |
rm $pkg | |
done | |
# set git identity | |
git config --global user.email "[email protected]" | |
git config --global user.name "surfacebot" | |
# commit and push | |
update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" | |
git switch -c "${update_branch}" | |
git add . | |
git commit -m "Update Debian surface-control" | |
git push --set-upstream origin "${update_branch}" | |
repo-f39: | |
name: Update Fedora 39 package repository | |
needs: [release] | |
runs-on: ubuntu-latest | |
container: | |
image: registry.fedoraproject.org/fedora:39 | |
options: --security-opt seccomp=unconfined | |
steps: | |
- name: Install dependencies | |
run: | | |
dnf install -y git findutils | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: fedora-39-latest | |
path: fedora-39-latest | |
- name: Update repository | |
env: | |
SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }} | |
BRANCH_STAGING: u/staging | |
GIT_REF: ${{ github.ref }} | |
run: | | |
repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git" | |
# clone package repository | |
git clone -b "${BRANCH_STAGING}" "${repo}" repo | |
# copy packages | |
cp fedora-39-latest/* repo/fedora/f39 | |
cd repo/fedora/f39 | |
# parse git tag from ref | |
GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g') | |
# convert packages into references | |
for pkg in $(find . -name '*.rpm'); do | |
echo "surface-control:$GIT_TAG/$(basename $pkg)" > $pkg.blob | |
rm $pkg | |
done | |
# set git identity | |
git config --global user.email "[email protected]" | |
git config --global user.name "surfacebot" | |
# commit and push | |
update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" | |
git checkout -b "${update_branch}" | |
git add . | |
git commit -m "Update Fedora 39 surface-control" | |
git push --set-upstream origin "${update_branch}" | |
repo-f40: | |
name: Update Fedora 40 package repository | |
needs: [release] | |
runs-on: ubuntu-latest | |
container: | |
image: registry.fedoraproject.org/fedora:40 | |
options: --security-opt seccomp=unconfined | |
steps: | |
- name: Install dependencies | |
run: | | |
dnf install -y git findutils | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: fedora-40-latest | |
path: fedora-40-latest | |
- name: Update repository | |
env: | |
SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }} | |
BRANCH_STAGING: u/staging | |
GIT_REF: ${{ github.ref }} | |
run: | | |
repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git" | |
# clone package repository | |
git clone -b "${BRANCH_STAGING}" "${repo}" repo | |
# copy packages | |
cp fedora-40-latest/* repo/fedora/f40 | |
cd repo/fedora/f40 | |
# parse git tag from ref | |
GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g') | |
# convert packages into references | |
for pkg in $(find . -name '*.rpm'); do | |
echo "surface-control:$GIT_TAG/$(basename $pkg)" > $pkg.blob | |
rm $pkg | |
done | |
# set git identity | |
git config --global user.email "[email protected]" | |
git config --global user.name "surfacebot" | |
# commit and push | |
update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" | |
git checkout -b "${update_branch}" | |
git add . | |
git commit -m "Update Fedora 40 surface-control" | |
git push --set-upstream origin "${update_branch}" | |
repo-f41: | |
name: Update Fedora 41 package repository | |
needs: [release] | |
runs-on: ubuntu-latest | |
container: | |
image: registry.fedoraproject.org/fedora:41 | |
options: --security-opt seccomp=unconfined | |
steps: | |
- name: Install dependencies | |
run: | | |
dnf install -y git findutils | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: fedora-41-latest | |
path: fedora-41-latest | |
- name: Update repository | |
env: | |
SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }} | |
BRANCH_STAGING: u/staging | |
GIT_REF: ${{ github.ref }} | |
run: | | |
repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git" | |
# clone package repository | |
git clone -b "${BRANCH_STAGING}" "${repo}" repo | |
# copy packages | |
cp fedora-41-latest/* repo/fedora/f41 | |
cd repo/fedora/f41 | |
# parse git tag from ref | |
GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g') | |
# convert packages into references | |
for pkg in $(find . -name '*.rpm'); do | |
echo "surface-control:$GIT_TAG/$(basename $pkg)" > $pkg.blob | |
rm $pkg | |
done | |
# set git identity | |
git config --global user.email "[email protected]" | |
git config --global user.name "surfacebot" | |
# commit and push | |
update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" | |
git checkout -b "${update_branch}" | |
git add . | |
git commit -m "Update Fedora 41 surface-control" | |
git push --set-upstream origin "${update_branch}" |