From f07657af4d00d10adaef40616d2d3cdb96523261 Mon Sep 17 00:00:00 2001 From: Gilver Date: Sun, 1 Mar 2026 12:59:01 -0600 Subject: [PATCH] feat: Add terra-gpg-keys to bootstrap --- .github/workflows/bootstrap.yml | 58 +++++++++++++++++++++++++++++---- 1 file changed, 51 insertions(+), 7 deletions(-) diff --git a/.github/workflows/bootstrap.yml b/.github/workflows/bootstrap.yml index 706fa55e58..0f1504b72d 100644 --- a/.github/workflows/bootstrap.yml +++ b/.github/workflows/bootstrap.yml @@ -1,6 +1,6 @@ name: Bootstrap Andaman and Subatomic permissions: - contents: read + contents: write on: workflow_dispatch: @@ -19,22 +19,46 @@ jobs: - name: Install repositories run: | dnf5 swap -y --setopt=install_weak_deps=False systemd-standalone-sysusers systemd - dnf5 install -y --setopt=install_weak_deps=False curl wget git-core openssl-devel cargo podman fuse-overlayfs dnf5-plugins rpmbuild script + dnf5 install -y --repo=rawhide --setopt=install_weak_deps=False curl wget git-core openssl-devel cargo podman fuse-overlayfs dnf5-plugins rpmbuild script - uses: actions/checkout@v6 with: ref: f${{ matrix.version }} fetch-depth: 1 + ssh-key: ${{ secrets.SSH_AUTHENTICATION_KEY }} + + - name: Fetch new keys + run: | + export releasever="${{ matrix.version }}" + + [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever ] && curl -s https://repos.fyralabs.com/terra$releasever/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever + [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-source ] && curl -s https://repos.fyralabs.com/terra$releasever-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-source + if [[ $releasever != el* ]]; then + [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras ] && curl -s https://repos.fyralabs.com/terra$releasever-extras/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras + [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras-source ] && curl -s https://repos.fyralabs.com/terra$releasever-extras-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras-source + [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa ] && curl -s https://repos.fyralabs.com/terra$releasever-mesa/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa + [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa-source ] && curl -s https://repos.fyralabs.com/terra$releasever-mesa-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa-source + [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia ] && curl -s https://repos.fyralabs.com/terra$releasever-multimedia/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia + [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia-source ] && curl -s https://repos.fyralabs.com/terra$releasever-multimedia-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia-source + [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia ] && curl -s https://repos.fyralabs.com/terra$releasever-nvidia/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia + [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia-source ] && curl -s https://repos.fyralabs.com/terra$releasever-nvidia-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia-source + fi + - name: Build terra-gpg-keys + run: | + mkdir -p anda-build/rpm/rpms + rpmbuild -bb anda/terra/gpg-keys/pkg/*.spec --undefine=_disable_source_fetch -D "vendor Terra" -D "_sourcedir $(pwd)/anda/terra/gpg-keys/" -D "_rpmdir $(pwd)/anda-build/rpm/rpms/" + mv ./anda-build/rpm/rpms/*/anda-*.rpm ./anda-build/rpm/rpms/ + - name: Install terra-gpg-keys + run: dnf5 install -y anda-build/rpm/rpms/terra-gpg-keys*.rpm - name: Build anda-srpm-macros run: | - mkdir -p anda-build/rpm/rpms - rpmbuild -bb anda/terra/srpm-macros/*.spec --undefine=_disable_source_fetch -D "_sourcedir $(pwd)/anda/terra/srpm-macros/" -D "_rpmdir $(pwd)/anda-build/rpm/rpms/" + rpmbuild -bb anda/terra/srpm-macros/*.spec --undefine=_disable_source_fetch -D "vendor Terra" -D "_sourcedir $(pwd)/anda/terra/srpm-macros/" -D "_rpmdir $(pwd)/anda-build/rpm/rpms/" mv ./anda-build/rpm/rpms/*/anda-*.rpm ./anda-build/rpm/rpms/ dnf5 install -y ./anda-build/rpm/rpms/anda-*.rpm - name: Install build dependencies - run: dnf5 builddep -y anda/terra/{mock-configs,srpm-macros}/*.spec anda/tools/buildsys/{anda,subatomic}/*.spec + run: dnf5 builddep -y anda/terra/{mock-configs,srpm-macros}/*.spec anda/tools/buildsys/{anda,subatomic}/*.spec anda/terra/appstream-helper/*.spec - name: Install Anda run: | @@ -55,7 +79,7 @@ jobs: run: anda build -D "vendor Terra" -rrpmbuild anda/terra/release/pkg - name: Build terra-appstream-helper - run: anda build -D "vendor Terra" -D "__python %{__python3}" -rrpmbuild anda/terra/appstream-helper/pkg + run: anda build -D "vendor Terra" -rrpmbuild anda/terra/appstream-helper/pkg - name: Build Subatomic run: anda build -D "vendor Terra" -rrpmbuild anda/tools/buildsys/subatomic/pkg @@ -63,7 +87,27 @@ jobs: run: dnf5 install -y ./anda-build/rpm/rpms/subatomic-*.rpm - name: Tidy up output directory - run: rmdir anda-build/rpm/rpms/{noarch,aarch64,x86_64} | true + run: | + rmdir anda-build/rpm/rpms/{noarch,aarch64,x86_64} | true + rm anda-build/rpm/rpms/terra-gpg-keys* | true + + - name: Update terra-gpg-keys + run: anda update --filters keys=1 --labels branch=${{ matrix.version }} + + - name: Commit terra-gpg-keys update + run: | + mkdir -p ${{ runner.temp }} + echo "${{ secrets.SSH_SIGNING_KEY }}" > ${{ runner.temp }}/signing_key + chmod 0700 ${{ runner.temp }}/signing_key + git config --global --add safe.directory "$GITHUB_WORKSPACE" + git config user.name "Raboneko" + git config user.email "raboneko@fyralabs.com" + git config gpg.format "ssh" + git config user.signingkey "${{ runner.temp }}/signing_key" + msg="bump(bootstrap): terra-gpg-keys" + git commit -S -a -m "$msg" + git add anda/terra/gpg-keys + git push -u origin - name: Upload packages to subatomic run: |