From fbfa187ea88bc922206f9c04a524d768e2c6cd3f Mon Sep 17 00:00:00 2001 From: Martin Pitt Date: Fri, 4 Aug 2023 11:11:23 +0200 Subject: [PATCH] ci: Move srpm/rpm build to packit Teach make-srpm.sh to support building a directory with the sprm ingredients (the unpacked directory) to become compatible with the packit workflow. This mostly obsoletes the need of doing custom COPR builds, so eventually .copr/ can be simplified. But keep the old functionality for the time being. Note that this way of building an srpm in packit is still rather unusual: the normal mode is to maintain the .spec and all auxiliary files in the upstream git; that then enables automatic Fedora releases, and make it easier to keep the spec in sync. But one step after another.. Configure packit to automatically build srpm and rpms in the usual temporary COPRs. This makes it much easier to test PRs both by humans and future integration tests. There are no test plans yet, but already enable the TF run to at least cover package installation/upgrade. Run these on Rawhide and the current stable Fedora (38 right now). This entirely replaces the "build-rpm" workflow, so drop that. --- .copr/make-srpm.sh | 15 +++++++++++++-- .github/workflows/build.yml | 29 ----------------------------- packit.yaml | 21 +++++++++++++++++++++ 3 files changed, 34 insertions(+), 31 deletions(-) create mode 100644 packit.yaml diff --git a/.copr/make-srpm.sh b/.copr/make-srpm.sh index 85d7ce1526..3b5465247e 100755 --- a/.copr/make-srpm.sh +++ b/.copr/make-srpm.sh @@ -3,6 +3,12 @@ set -eux outdir="$1"; shift +mkdir -p "$outdir" + +# when this is specified, build a source directory and skip the rpmbuild step +if [ "${1:-}" = "srcdir" ]; then + srcdir=1 +fi rootdir="$(realpath -m "$0/../..")" @@ -45,6 +51,11 @@ cp "$expander_dir/macro-expander.sh" "$distgit_dir/macro-expander" sed -i "s/%global commit [^ ]*$/%global commit $base_head_id/; s/%{?dist}/.$base_date.$base_short_head_id%{?dist}/" "$distgit_dir/selinux-policy.spec" rm -f "$distgit_dir/sources" -rpmbuild --define "_topdir $rpmbuild_dir" -bs "$distgit_dir/selinux-policy.spec" -cp "$rpmbuild_dir/SRPMS/"*.src.rpm "$outdir" +if [ -n "${srcdir:-}" ]; then + cp -r "$distgit_dir"/* "$outdir" +else + # full rpmbuild for copr + rpmbuild --define "_topdir $rpmbuild_dir" -bs "$distgit_dir/selinux-policy.spec" + cp "$rpmbuild_dir/SRPMS/"*.src.rpm "$outdir" +fi diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 531f07b99b..ad11927538 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,32 +14,3 @@ jobs: - run: make -j $(nproc) policy - run: make -j $(nproc) validate - run: make -j $(nproc) container.pp - build-rpm: - runs-on: ubuntu-latest - container: - image: fedora:rawhide - options: --security-opt seccomp=unconfined - steps: - - run: dnf install --nogpgcheck -y make git-core rpm-build 'dnf-command(builddep)' - - uses: actions/checkout@v3 - # https://github.blog/2022-04-12-git-security-vulnerability-announced/ - - run: git config --global --add safe.directory "$PWD" - - run: make -C .copr srpm outdir="$PWD" - - name: Store the SRPM as an artifact - uses: actions/upload-artifact@v2 - with: - name: srpm - path: "*.src.rpm" - - run: | - if grep -q rawhide /etc/os-release; then - tag=rawhide - else - tag='f$releasever-build' - fi - dnf builddep --nogpgcheck --repofrompath "koji,https://kojipkgs.fedoraproject.org/repos/$tag/latest/\$arch/" -y *.src.rpm - - run: rpmbuild --define "_topdir $PWD/rpmbuild" -rb *.src.rpm - - name: Store binary RPMs as artifacts - uses: actions/upload-artifact@v2 - with: - name: rpms - path: rpmbuild/RPMS diff --git a/packit.yaml b/packit.yaml new file mode 100644 index 0000000000..55dc249219 --- /dev/null +++ b/packit.yaml @@ -0,0 +1,21 @@ +# See https://packit.dev/docs/configuration/ + +specfile_path: tmp/rpm/selinux-policy.spec + +actions: + post-upstream-clone: + - .copr/make-srpm.sh tmp/rpm srcdir + create-archive: sh -c 'ls tmp/rpm/selinux-policy*.tar.gz' + +jobs: + - job: copr_build + trigger: pull_request + targets: + - fedora-development + - fedora-latest-stable + + - job: tests + trigger: pull_request + targets: + - fedora-development + - fedora-latest-stable