ci: Move srpm/rpm build to packit

.copr/Makefile

@@ -2,7 +2,9 @@
 
 outdir ?= $(PWD)
 
+COPR_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
+
 srpm:
-	$(dir $(lastword $(MAKEFILE_LIST)))/make-srpm.sh $(outdir)
+	$(COPR_DIR)/../scripts/make-srpm.sh $(outdir)
 
 .PHONY: srpm

.github/workflows/build.yml

@@ -14,32 +14,3 @@ jobs:
       - run: make -j $(nproc) policy
       - run: make -j $(nproc) validate
       - run: make -j $(nproc) container.pp
-  build-rpm:
-    runs-on: ubuntu-latest
-    container:
-      image: fedora:rawhide
-      options: --security-opt seccomp=unconfined
-    steps:
-      - run: dnf install --nogpgcheck -y make git-core rpm-build 'dnf-command(builddep)'
-      - uses: actions/checkout@v3
-      # https://github.blog/2022-04-12-git-security-vulnerability-announced/
-      - run: git config --global --add safe.directory "$PWD"
-      - run: make -C .copr srpm outdir="$PWD"
-      - name: Store the SRPM as an artifact
-        uses: actions/upload-artifact@v2
-        with:
-          name: srpm
-          path: "*.src.rpm"
-      - run: |
-          if grep -q rawhide /etc/os-release; then
-            tag=rawhide
-          else
-            tag='f$releasever-build'
-          fi
-          dnf builddep --nogpgcheck --repofrompath "koji,https://kojipkgs.fedoraproject.org/repos/$tag/latest/\$arch/" -y *.src.rpm
-      - run: rpmbuild --define "_topdir $PWD/rpmbuild" -rb *.src.rpm
-      - name: Store binary RPMs as artifacts
-        uses: actions/upload-artifact@v2
-        with:
-          name: rpms
-          path: rpmbuild/RPMS

packit.yaml

@@ -0,0 +1,22 @@
+# See https://packit.dev/docs/configuration/
+
+specfile_path: tmp/rpm/selinux-policy.spec
+
+actions:
+  post-upstream-clone:
+    - mkdir -p tmp/rpm
+    - scripts/make-sources.sh tmp/rpm
+  create-archive: sh -c 'ls tmp/rpm/selinux-policy*.tar.gz'
+
+jobs:
+  - job: copr_build
+    trigger: pull_request
+    targets:
+    - fedora-development
+    - fedora-latest-stable
+
+  - job: tests
+    trigger: pull_request
+    targets:
+    - fedora-development
+    - fedora-latest-stable

.copr/make-srpm.sh → scripts/make-sources.sh

@@ -1,5 +1,7 @@
 #!/bin/bash
 
+# Prepare sources for an SRPM build
+
 set -eux
 
 outdir="$1"; shift
@@ -12,8 +14,6 @@ DISTGIT_REF=rawhide
 CONTAINER_URL=https://github.com/containers/container-selinux
 EXPANDER_URL=https://github.com/fedora-selinux/macro-expander
 
-rpm -q rpm-build git-core || dnf install -y rpm-build git-core
-
 base_head_id="$(git -C "$rootdir" rev-parse HEAD)"
 base_short_head_id="${base_head_id:0:7}"
 base_date="$(TZ=UTC git show -s --format=%cd --date=format-local:%F_%T HEAD | tr -d :-)"
@@ -24,29 +24,19 @@ trap 'rm -rf "$tmpdir"' EXIT
 
 container_dir="$tmpdir/container-selinux"
 expander_dir="$tmpdir/macro-expander"
-rpmbuild_dir="$tmpdir/rpmbuild"
-distgit_dir="$tmpdir/rpmbuild/SOURCES"
-
-mkdir -p "$distgit_dir"
 
 git clone --single-branch --depth 1 "$CONTAINER_URL" "$container_dir"
 git clone --single-branch --depth 1 "$EXPANDER_URL" "$expander_dir"
-git clone -b "$DISTGIT_REF" --single-branch --depth 1 "$DISTGIT_URL" "$distgit_dir"
+git clone -b "$DISTGIT_REF" --single-branch --depth 1 "$DISTGIT_URL" "$outdir"
 
 git -C "$rootdir" archive --prefix="selinux-policy-$base_head_id/" --format tgz HEAD \
-	>"$distgit_dir/selinux-policy-$base_short_head_id.tar.gz"
+	>"$outdir/selinux-policy-$base_short_head_id.tar.gz"
 
-tar -C "$container_dir" -czf "$distgit_dir/container-selinux.tgz" \
+tar -C "$container_dir" -czf "$outdir/container-selinux.tgz" \
 	container.if container.te container.fc
 
-cp "$expander_dir/macro-expander.sh" "$distgit_dir/macro-expander"
-
-(
-	cd "$distgit_dir"
-	sed -i "s/%global commit [^ ]*$/%global commit $base_head_id/" selinux-policy.spec
-	sed -i "s/%{?dist}/.$base_date.$base_short_head_id%{?dist}/" selinux-policy.spec
-	rm -f sources
-	rpmbuild --define "_topdir $rpmbuild_dir" -bs selinux-policy.spec
-)
+cp "$expander_dir/macro-expander.sh" "$outdir/macro-expander"
 
-cp "$rpmbuild_dir/SRPMS/"*.src.rpm "$outdir"
+sed -i "s/%global commit [^ ]*$/%global commit $base_head_id/;
+        s/%{?dist}/.$base_date.$base_short_head_id%{?dist}/" "$outdir/selinux-policy.spec"
+rm -f "$outdir/sources"

scripts/make-srpm.sh

@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Make an SRPM for COPR
+
+set -eux
+
+outdir="$1"; shift
+
+rootdir="$(realpath -m "$0/../..")"
+
+rpm -q rpm-build git-core || dnf install -y rpm-build git-core
+
+tmpdir="$(mktemp -d)"
+
+trap 'rm -rf "$tmpdir"' EXIT
+
+rpmbuild_dir="$tmpdir"
+distgit_dir="$tmpdir/SOURCES"
+
+mkdir -p "$distgit_dir"
+
+"$rootdir/scripts/make-sources.sh" "$distgit_dir"
+
+rpmbuild --define "_topdir $rpmbuild_dir" -bs "$distgit_dir/selinux-policy.spec"
+cp "$rpmbuild_dir/SRPMS/"*.src.rpm "$outdir"