name: Bootstrap Andaman and Subatomic permissions: contents: write on: workflow_dispatch: jobs: bootstrap: strategy: matrix: version: ["rawhide"] arch: ["x86_64", "aarch64"] fail-fast: true runs-on: ${{ matrix.arch == 'aarch64' && 'ubuntu-22.04-arm' || 'ubuntu-22.04' }} container: image: registry.fedoraproject.org/fedora-minimal:${{ matrix.version }} options: --cap-add=SYS_ADMIN --privileged steps: - name: Install repositories run: | dnf5 swap -y --setopt=install_weak_deps=False systemd-standalone-sysusers systemd dnf5 install -y --repo=rawhide --setopt=install_weak_deps=False curl wget git-core openssl-devel cargo podman fuse-overlayfs dnf5-plugins rpmbuild script - uses: actions/checkout@v6 with: ref: f${{ matrix.version }} fetch-depth: 1 ssh-key: ${{ secrets.SSH_AUTHENTICATION_KEY }} - name: Fetch new keys run: | export releasever="${{ matrix.version }}" [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever ] && curl -s https://repos.fyralabs.com/terra$releasever/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-source ] && curl -s https://repos.fyralabs.com/terra$releasever-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-source if [[ $releasever != el* ]]; then [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras ] && curl -s https://repos.fyralabs.com/terra$releasever-extras/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras-source ] && curl -s https://repos.fyralabs.com/terra$releasever-extras-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-extras-source [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa ] && curl -s https://repos.fyralabs.com/terra$releasever-mesa/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa-source ] && curl -s https://repos.fyralabs.com/terra$releasever-mesa-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-mesa-source [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia ] && curl -s https://repos.fyralabs.com/terra$releasever-multimedia/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia-source ] && curl -s https://repos.fyralabs.com/terra$releasever-multimedia-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-multimedia-source [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia ] && curl -s https://repos.fyralabs.com/terra$releasever-nvidia/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia [ ! -f anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia-source ] && curl -s https://repos.fyralabs.com/terra$releasever-nvidia-source/key.asc > anda/terra/gpg-keys/RPM-GPG-KEY-terra$releasever-nvidia-source fi - name: Build terra-gpg-keys run: | mkdir -p anda-build/rpm/rpms rpmbuild -bb anda/terra/gpg-keys/pkg/*.spec --undefine=_disable_source_fetch -D "vendor Terra" -D "_sourcedir $(pwd)/anda/terra/gpg-keys/" -D "_rpmdir $(pwd)/anda-build/rpm/rpms/" mv ./anda-build/rpm/rpms/*/anda-*.rpm ./anda-build/rpm/rpms/ - name: Install terra-gpg-keys run: dnf5 install -y anda-build/rpm/rpms/terra-gpg-keys*.rpm - name: Build anda-srpm-macros run: | rpmbuild -bb anda/terra/srpm-macros/*.spec --undefine=_disable_source_fetch -D "vendor Terra" -D "_sourcedir $(pwd)/anda/terra/srpm-macros/" -D "_rpmdir $(pwd)/anda-build/rpm/rpms/" mv ./anda-build/rpm/rpms/*/anda-*.rpm ./anda-build/rpm/rpms/ dnf5 install -y ./anda-build/rpm/rpms/anda-*.rpm - name: Install build dependencies run: dnf5 builddep -y anda/terra/{mock-configs,srpm-macros}/*.spec anda/tools/buildsys/{anda,subatomic}/*.spec anda/terra/appstream-helper/*.spec - name: Install Anda run: | rpmbuild -bb anda/tools/buildsys/anda/*.spec --undefine=_disable_source_fetch -D "_sourcedir $(pwd)/anda/tools/buildsys/anda/" -D "_rpmdir $(pwd)/anda-build/rpm/rpms/" mv ./anda-build/rpm/rpms/*/anda-*.rpm ./anda-build/rpm/rpms/ dnf5 install -y ./anda-build/rpm/rpms/anda-*.rpm - name: Build terra-mock-configs run: | echo "PATH=$PATH:/github/home/.cargo/bin" >> $GITHUB_ENV export PATH=$PATH:/github/home/.cargo/bin git config --global --add safe.directory "$GITHUB_WORKSPACE" anda build -D "vendor Terra" -rrpmbuild anda/terra/mock-configs/pkg - name: Install terra-mock-configs run: dnf5 install -y anda-build/rpm/rpms/terra-mock-configs*.rpm - name: Build terra-release run: anda build -D "vendor Terra" -rrpmbuild anda/terra/release/pkg - name: Build terra-appstream-helper run: anda build -D "vendor Terra" -rrpmbuild anda/terra/appstream-helper/pkg - name: Build Subatomic run: anda build -D "vendor Terra" -rrpmbuild anda/tools/buildsys/subatomic/pkg - name: Install Subatomic run: dnf5 install -y ./anda-build/rpm/rpms/subatomic-*.rpm - name: Tidy up output directory run: | rmdir anda-build/rpm/rpms/{noarch,aarch64,x86_64} | true rm anda-build/rpm/rpms/terra-gpg-keys* | true - name: Update terra-gpg-keys run: anda update --filters keys=1 --labels branch=${{ matrix.version }} - name: Commit terra-gpg-keys update run: | mkdir -p ${{ runner.temp }} echo "${{ secrets.SSH_SIGNING_KEY }}" > ${{ runner.temp }}/signing_key chmod 0700 ${{ runner.temp }}/signing_key git config --global --add safe.directory "$GITHUB_WORKSPACE" git config user.name "Raboneko" git config user.email "raboneko@fyralabs.com" git config gpg.format "ssh" git config user.signingkey "${{ runner.temp }}/signing_key" msg="bump(bootstrap): terra-gpg-keys" git commit -S -a -m "$msg" git add anda/terra/gpg-keys git push -u origin - name: Upload packages to subatomic run: | subatomic-cli upload --prune \ --server https://subatomic.fyralabs.com \ --token ${{ secrets.SUBATOMIC_TOKEN }} \ terra${{ matrix.version }} anda-build/rpm/rpms/* - name: Upload source packages to subatomic if: github.event_name == 'push' run: | subatomic-cli upload --prune \ --server https://subatomic.fyralabs.com \ --token ${{ secrets.SUBATOMIC_TOKEN }} \ terra${{ matrix.version }}-source anda-build/rpm/srpm/*