.github/workflows: Update actions #131
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- master | |
- feature/ci | |
tags: | |
- v[0-9]+.* | |
- testing-ci.* | |
pull_request: | |
jobs: | |
lint: | |
name: Clippy | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install rust | |
run: | | |
rustup update stable && rustup default stable | |
rustup component add clippy | |
- name: Install dependencies | |
run: sudo apt-get install libdbus-1-dev | |
- name: Run clippy | |
run: cargo clippy --all --all-features -- -Dwarnings | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
toolchain: [stable, nightly] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install rust | |
run: rustup update ${{ matrix.toolchain }} && rustup default ${{ matrix.toolchain }} | |
- name: Install dependencies | |
run: sudo apt-get install libdbus-1-dev | |
- name: Build | |
run: cargo build --all | |
- name: Test | |
run: cargo test --all | |
build-bin: | |
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') | |
name: Build binary package | |
runs-on: ubuntu-20.04 | |
needs: [lint, test] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install rust | |
run: rustup update stable && rustup default stable | |
- name: Install dependencies | |
run: sudo apt-get install libdbus-1-dev | |
- name: Build package | |
run: ./pkg/bin/makebin | |
- name: Prepare release | |
run: mkdir release && mv pkg/bin/*.tar.xz release | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: binary-latest | |
path: release | |
build-deb: | |
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') | |
name: Build deb package | |
runs-on: ubuntu-20.04 | |
needs: [lint, test] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install rust | |
run: rustup update stable && rustup default stable | |
- name: Install dependencies | |
run: sudo apt-get install debhelper fakeroot dpkg-sig libdbus-1-dev | |
- name: Build package | |
run: ./pkg/deb/makedeb | |
- name: Sign package | |
env: | |
GPG_KEY_ID: 56C464BAAC421453 | |
GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }} | |
run: | | |
# import GPG key | |
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes | |
export GPG_TTY=$(tty) | |
# sign package | |
cd pkg/deb && dpkg-sig -g "--batch --no-tty" --sign builder -k $GPG_KEY_ID ./*.deb | |
- name: Prepare release | |
run: mkdir release && mv pkg/deb/*.deb release | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: debian-latest | |
path: release | |
build-f39: | |
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') | |
name: Build Fedora 39 package | |
runs-on: ubuntu-latest | |
needs: [lint, test] | |
container: | |
image: registry.fedoraproject.org/fedora:39 | |
options: --security-opt seccomp=unconfined | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install build dependencies | |
run: | | |
dnf distro-sync -y | |
dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)' | |
dnf builddep -y pkg/fedora/surface-dtx-daemon.spec | |
- name: Build package | |
run: | | |
cd pkg/fedora | |
# Build the .rpm packages | |
./makerpm | |
- name: Sign packages | |
env: | |
GPG_KEY_ID: 56C464BAAC421453 | |
GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }} | |
run: | | |
cd pkg/fedora/out/x86_64 | |
# import GPG key | |
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes | |
# sign package | |
rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID" | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fedora-39-latest | |
path: pkg/fedora/out/x86_64 | |
build-f40: | |
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') | |
name: Build Fedora 40 package | |
runs-on: ubuntu-latest | |
needs: [lint, test] | |
container: | |
image: registry.fedoraproject.org/fedora:40 | |
options: --security-opt seccomp=unconfined | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install build dependencies | |
run: | | |
dnf distro-sync -y | |
dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)' | |
dnf builddep -y pkg/fedora/surface-dtx-daemon.spec | |
- name: Build package | |
run: | | |
cd pkg/fedora | |
# Build the .rpm packages | |
./makerpm | |
- name: Sign packages | |
env: | |
GPG_KEY_ID: 56C464BAAC421453 | |
GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }} | |
run: | | |
cd pkg/fedora/out/x86_64 | |
# import GPG key | |
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes | |
# sign package | |
rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID" | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fedora-40-latest | |
path: pkg/fedora/out/x86_64 | |
build-f41: | |
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') | |
name: Build Fedora 41 package | |
runs-on: ubuntu-latest | |
needs: [lint, test] | |
container: | |
image: registry.fedoraproject.org/fedora:41 | |
options: --security-opt seccomp=unconfined | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install build dependencies | |
run: | | |
dnf distro-sync -y | |
dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)' | |
dnf builddep -y pkg/fedora/surface-dtx-daemon.spec | |
- name: Build package | |
run: | | |
cd pkg/fedora | |
# Build the .rpm packages | |
./makerpm | |
- name: Sign packages | |
env: | |
GPG_KEY_ID: 56C464BAAC421453 | |
GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }} | |
run: | | |
cd pkg/fedora/out/x86_64 | |
# import GPG key | |
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes | |
# sign package | |
rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID" | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fedora-41-latest | |
path: pkg/fedora/out/x86_64 | |
release: | |
if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') | |
name: Publish release | |
needs: [build-bin, build-deb, build-f39, build-f40, build-f41] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Download binary artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: binary-latest | |
path: binary-latest | |
- name: Download Debian artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: debian-latest | |
path: debian-latest | |
- name: Download Fedora 39 artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: fedora-39-latest | |
path: fedora-39-latest | |
- name: Download Fedora 40 artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: fedora-40-latest | |
path: fedora-40-latest | |
- name: Download Fedora 41 artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: fedora-41-latest | |
path: fedora-41-latest | |
- name: Upload assets | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
file: ./*-latest/* | |
tag: ${{ github.ref }} | |
overwrite: true | |
file_glob: true | |
repo-deb: | |
name: Update Debian package repository | |
needs: [release] | |
runs-on: ubuntu-latest | |
container: debian:sid | |
steps: | |
- name: Install dependencies | |
run: | | |
apt-get update | |
apt-get install -y git | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: debian-latest | |
path: debian-latest | |
- name: Update repository | |
env: | |
SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }} | |
BRANCH_STAGING: u/staging | |
GIT_REF: ${{ github.ref }} | |
run: | | |
repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git" | |
# clone package repository | |
git clone -b "${BRANCH_STAGING}" "${repo}" repo | |
# copy packages | |
cp debian-latest/* repo/debian/ | |
cd repo/debian | |
# parse git tag from ref | |
GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g') | |
# convert packages into references | |
for pkg in $(find . -name '*.deb'); do | |
echo "surface-dtx-daemon:$GIT_TAG/$(basename $pkg)" > $pkg.blob | |
rm $pkg | |
done | |
# set git identity | |
git config --global user.email "[email protected]" | |
git config --global user.name "surfacebot" | |
# commit and push | |
update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" | |
git switch -c "${update_branch}" | |
git add . | |
git commit -m "Update Debian DTX daemon" | |
git push --set-upstream origin "${update_branch}" | |
repo-f39: | |
name: Update Fedora 39 package repository | |
needs: [release] | |
runs-on: ubuntu-latest | |
container: | |
image: registry.fedoraproject.org/fedora:39 | |
options: --security-opt seccomp=unconfined | |
steps: | |
- name: Install dependencies | |
run: | | |
dnf install -y git findutils | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: fedora-39-latest | |
path: fedora-39-latest | |
- name: Update repository | |
env: | |
SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }} | |
BRANCH_STAGING: u/staging | |
GIT_REF: ${{ github.ref }} | |
run: | | |
repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git" | |
# clone package repository | |
git clone -b "${BRANCH_STAGING}" "${repo}" repo | |
# copy packages | |
cp fedora-39-latest/* repo/fedora/f39 | |
cd repo/fedora/f39 | |
# parse git tag from ref | |
GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g') | |
# convert packages into references | |
for pkg in $(find . -name '*.rpm'); do | |
echo "surface-dtx-daemon:$GIT_TAG/$(basename $pkg)" > $pkg.blob | |
rm $pkg | |
done | |
# set git identity | |
git config --global user.email "[email protected]" | |
git config --global user.name "surfacebot" | |
# commit and push | |
update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" | |
git checkout -b "${update_branch}" | |
git add . | |
git commit -m "Update Fedora 39 DTX daemon" | |
git push --set-upstream origin "${update_branch}" | |
repo-f40: | |
name: Update Fedora 40 package repository | |
needs: [release] | |
runs-on: ubuntu-latest | |
container: | |
image: registry.fedoraproject.org/fedora:40 | |
options: --security-opt seccomp=unconfined | |
steps: | |
- name: Install dependencies | |
run: | | |
dnf install -y git findutils | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: fedora-40-latest | |
path: fedora-40-latest | |
- name: Update repository | |
env: | |
SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }} | |
BRANCH_STAGING: u/staging | |
GIT_REF: ${{ github.ref }} | |
run: | | |
repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git" | |
# clone package repository | |
git clone -b "${BRANCH_STAGING}" "${repo}" repo | |
# copy packages | |
cp fedora-40-latest/* repo/fedora/f40 | |
cd repo/fedora/f40 | |
# parse git tag from ref | |
GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g') | |
# convert packages into references | |
for pkg in $(find . -name '*.rpm'); do | |
echo "surface-dtx-daemon:$GIT_TAG/$(basename $pkg)" > $pkg.blob | |
rm $pkg | |
done | |
# set git identity | |
git config --global user.email "[email protected]" | |
git config --global user.name "surfacebot" | |
# commit and push | |
update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" | |
git checkout -b "${update_branch}" | |
git add . | |
git commit -m "Update Fedora 40 DTX daemon" | |
git push --set-upstream origin "${update_branch}" | |
repo-f41: | |
name: Update Fedora 41 package repository | |
needs: [release] | |
runs-on: ubuntu-latest | |
container: | |
image: registry.fedoraproject.org/fedora:41 | |
options: --security-opt seccomp=unconfined | |
steps: | |
- name: Install dependencies | |
run: | | |
dnf install -y git findutils | |
- name: Download artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: fedora-41-latest | |
path: fedora-41-latest | |
- name: Update repository | |
env: | |
SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }} | |
BRANCH_STAGING: u/staging | |
GIT_REF: ${{ github.ref }} | |
run: | | |
repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git" | |
# clone package repository | |
git clone -b "${BRANCH_STAGING}" "${repo}" repo | |
# copy packages | |
cp fedora-41-latest/* repo/fedora/f41 | |
cd repo/fedora/f41 | |
# parse git tag from ref | |
GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g') | |
# convert packages into references | |
for pkg in $(find . -name '*.rpm'); do | |
echo "surface-dtx-daemon:$GIT_TAG/$(basename $pkg)" > $pkg.blob | |
rm $pkg | |
done | |
# set git identity | |
git config --global user.email "[email protected]" | |
git config --global user.name "surfacebot" | |
# commit and push | |
update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" | |
git checkout -b "${update_branch}" | |
git add . | |
git commit -m "Update Fedora 41 DTX daemon" | |
git push --set-upstream origin "${update_branch}" |