From a57106371173b583f6756f79299c1ca96ed11729 Mon Sep 17 00:00:00 2001
From: Martin Pitt <martin@piware.de>
Date: Fri, 4 Aug 2023 11:11:23 +0200
Subject: [PATCH] ci: Move srpm/rpm build to packit

Split off make-sources.sh from make-srpm.sh which builds a directory
with the sprm ingredients (the unpacked directory); the packit workflow
requires that, it builds the srpm by itself after some further
adjustments.

This mostly obsoletes the need of doing custom COPR builds, so
eventually .copr/ can be simplified. But keep the old functionality for
the time being.

Note that this way of building an srpm in packit is still rather
unusual: the normal mode is to maintain the .spec and all auxiliary
files in the upstream git; that then enables automatic Fedora releases,
and make it easier to keep the spec in sync. But one step after
another..

Configure packit to automatically build srpm and rpms in the usual
temporary COPRs. This makes it much easier to test PRs both by humans
and future integration tests. There are no test plans yet, but already
enable the TF run to at least cover package installation/upgrade.

Run these on Rawhide and the current stable Fedora (38 right now).

This entirely replaces the "build-rpm" workflow, so drop that.

Co-Authored-By: Ondrej Mosnacek <omosnace@redhat.com>
---
 .copr/Makefile                                |  4 ++-
 .github/workflows/build.yml                   | 29 -------------------
 packit.yaml                                   | 22 ++++++++++++++
 .copr/make-srpm.sh => scripts/make-sources.sh | 24 +++++----------
 scripts/make-srpm.sh                          | 25 ++++++++++++++++
 5 files changed, 58 insertions(+), 46 deletions(-)
 create mode 100644 packit.yaml
 rename .copr/make-srpm.sh => scripts/make-sources.sh (61%)
 create mode 100755 scripts/make-srpm.sh

diff --git a/.copr/Makefile b/.copr/Makefile
index 4b2668121c..a0df8510da 100644
--- a/.copr/Makefile
+++ b/.copr/Makefile
@@ -2,7 +2,9 @@
 
 outdir ?= $(PWD)
 
+COPR_DIR := $(dir $(lastword $(MAKEFILE_LIST)))
+
 srpm:
-	$(dir $(lastword $(MAKEFILE_LIST)))/make-srpm.sh $(outdir)
+	$(COPR_DIR)/../scripts/make-srpm.sh $(outdir)
 
 .PHONY: srpm
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 531f07b99b..ad11927538 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -14,32 +14,3 @@ jobs:
       - run: make -j $(nproc) policy
       - run: make -j $(nproc) validate
       - run: make -j $(nproc) container.pp
-  build-rpm:
-    runs-on: ubuntu-latest
-    container:
-      image: fedora:rawhide
-      options: --security-opt seccomp=unconfined
-    steps:
-      - run: dnf install --nogpgcheck -y make git-core rpm-build 'dnf-command(builddep)'
-      - uses: actions/checkout@v3
-      # https://github.blog/2022-04-12-git-security-vulnerability-announced/
-      - run: git config --global --add safe.directory "$PWD"
-      - run: make -C .copr srpm outdir="$PWD"
-      - name: Store the SRPM as an artifact
-        uses: actions/upload-artifact@v2
-        with:
-          name: srpm
-          path: "*.src.rpm"
-      - run: |
-          if grep -q rawhide /etc/os-release; then
-            tag=rawhide
-          else
-            tag='f$releasever-build'
-          fi
-          dnf builddep --nogpgcheck --repofrompath "koji,https://kojipkgs.fedoraproject.org/repos/$tag/latest/\$arch/" -y *.src.rpm
-      - run: rpmbuild --define "_topdir $PWD/rpmbuild" -rb *.src.rpm
-      - name: Store binary RPMs as artifacts
-        uses: actions/upload-artifact@v2
-        with:
-          name: rpms
-          path: rpmbuild/RPMS
diff --git a/packit.yaml b/packit.yaml
new file mode 100644
index 0000000000..005b7679f1
--- /dev/null
+++ b/packit.yaml
@@ -0,0 +1,22 @@
+# See https://packit.dev/docs/configuration/
+
+specfile_path: tmp/rpm/selinux-policy.spec
+
+actions:
+  post-upstream-clone:
+    - mkdir -p tmp/rpm
+    - scripts/make-sources.sh tmp/rpm
+  create-archive: sh -c 'ls tmp/rpm/selinux-policy*.tar.gz'
+
+jobs:
+  - job: copr_build
+    trigger: pull_request
+    targets:
+    - fedora-development
+    - fedora-latest-stable
+
+  - job: tests
+    trigger: pull_request
+    targets:
+    - fedora-development
+    - fedora-latest-stable
diff --git a/.copr/make-srpm.sh b/scripts/make-sources.sh
similarity index 61%
rename from .copr/make-srpm.sh
rename to scripts/make-sources.sh
index 85d7ce1526..afe9e5fa7e 100755
--- a/.copr/make-srpm.sh
+++ b/scripts/make-sources.sh
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+# Prepare sources for an SRPM build
+
 set -eux
 
 outdir="$1"; shift
@@ -12,8 +14,6 @@ DISTGIT_REF=rawhide
 CONTAINER_URL=https://github.com/containers/container-selinux
 EXPANDER_URL=https://github.com/fedora-selinux/macro-expander
 
-rpm -q rpm-build git-core || dnf install -y rpm-build git-core
-
 base_head_id="$(git -C "$rootdir" rev-parse HEAD)"
 base_short_head_id="${base_head_id:0:7}"
 base_date="$(TZ=UTC git show -s --format=%cd --date=format-local:%F_%T HEAD | tr -d :-)"
@@ -24,27 +24,19 @@ trap 'rm -rf "$tmpdir"' EXIT
 
 container_dir="$tmpdir/container-selinux"
 expander_dir="$tmpdir/macro-expander"
-rpmbuild_dir="$tmpdir/rpmbuild"
-distgit_dir="$tmpdir/rpmbuild/SOURCES"
-
-mkdir -p "$distgit_dir"
 
 git clone --single-branch --depth 1 "$CONTAINER_URL" "$container_dir"
 git clone --single-branch --depth 1 "$EXPANDER_URL" "$expander_dir"
-git clone -b "$DISTGIT_REF" --single-branch --depth 1 "$DISTGIT_URL" "$distgit_dir"
+git clone -b "$DISTGIT_REF" --single-branch --depth 1 "$DISTGIT_URL" "$outdir"
 
 git -C "$rootdir" archive --prefix="selinux-policy-$base_head_id/" --format tgz HEAD \
-	>"$distgit_dir/selinux-policy-$base_short_head_id.tar.gz"
+	>"$outdir/selinux-policy-$base_short_head_id.tar.gz"
 
-tar -C "$container_dir" -czf "$distgit_dir/container-selinux.tgz" \
+tar -C "$container_dir" -czf "$outdir/container-selinux.tgz" \
 	container.if container.te container.fc
 
-cp "$expander_dir/macro-expander.sh" "$distgit_dir/macro-expander"
-
+cp "$expander_dir/macro-expander.sh" "$outdir/macro-expander"
 
 sed -i "s/%global commit [^ ]*$/%global commit $base_head_id/;
-        s/%{?dist}/.$base_date.$base_short_head_id%{?dist}/" "$distgit_dir/selinux-policy.spec"
-rm -f "$distgit_dir/sources"
-rpmbuild --define "_topdir $rpmbuild_dir" -bs "$distgit_dir/selinux-policy.spec"
-
-cp "$rpmbuild_dir/SRPMS/"*.src.rpm "$outdir"
+        s/%{?dist}/.$base_date.$base_short_head_id%{?dist}/" "$outdir/selinux-policy.spec"
+rm -f "$outdir/sources"
diff --git a/scripts/make-srpm.sh b/scripts/make-srpm.sh
new file mode 100755
index 0000000000..2f1b597548
--- /dev/null
+++ b/scripts/make-srpm.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+# Make an SRPM for COPR
+
+set -eux
+
+outdir="$1"; shift
+
+rootdir="$(realpath -m "$0/../..")"
+
+rpm -q rpm-build git-core || dnf install -y rpm-build git-core
+
+tmpdir="$(mktemp -d)"
+
+trap 'rm -rf "$tmpdir"' EXIT
+
+rpmbuild_dir="$tmpdir"
+distgit_dir="$tmpdir/SOURCES"
+
+mkdir -p "$distgit_dir"
+
+"$rootdir/scripts/make-sources.sh" "$distgit_dir"
+
+rpmbuild --define "_topdir $rpmbuild_dir" -bs "$distgit_dir/selinux-policy.spec"
+cp "$rpmbuild_dir/SRPMS/"*.src.rpm "$outdir"