qubes-dom0-packagev2.yml: bump Python to 3.12.7 #11
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test build and package QubesOS RPMs | |
| on: | |
| workflow_call: | |
| inputs: | |
| qubes-component: | |
| description: > | |
| Name of QubesOS component as recognized by its build system. | |
| required: true | |
| type: string | |
| qubes-pkg-src-dir: | |
| description: > | |
| Relative path to directory containing Qubes OS package. | |
| required: false | |
| type: string | |
| jobs: | |
| build-and-package: | |
| runs-on: ubuntu-latest | |
| name: Compile and package RPM | |
| permissions: | |
| # for publishing releases | |
| contents: write | |
| steps: | |
| - name: Install dependencies of builder script | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12.7' | |
| # README also specified: python3-yaml rpm tree gpg openssl python3-setuptools | |
| # docker.io was changed to docker because of conflict on containerd | |
| run: | | |
| sudo apt install --no-install-recommends --yes python3-packaging \ | |
| createrepo-c devscripts docker python3-docker reprepro \ | |
| python3-pathspec mktorrent python3-lxml python3-dateutil | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: QubesOS/qubes-builderv2 | |
| - name: Cache Docker image and dom0 stuff | |
| uses: actions/cache@v4 | |
| id: docker-cache | |
| with: | |
| path: | | |
| /tmp/qubes-builder-fedora.tar | |
| key: | | |
| ${{ hashFiles('tools/*', 'dockerfiles/fedora.Dockerfile') }}-docker-container | |
| - name: Load Docker image | |
| if: steps.docker-cache.outputs.cache-hit == 'true' | |
| run: | | |
| docker load --input /tmp/qubes-builder-fedora.tar | |
| - name: Build Docker image (optional) | |
| if: steps.docker-cache.outputs.cache-hit != 'true' | |
| run: | | |
| sed -i "s/RUN useradd -m user$/RUN useradd -m user -u $UID/" dockerfiles/fedora.Dockerfile | |
| tools/generate-container-image.sh docker | |
| - name: Export Docker image (optional) | |
| if: steps.docker-cache.outputs.cache-hit != 'true' | |
| run: | | |
| docker save --output /tmp/qubes-builder-fedora.tar \ | |
| qubes-builder-fedora:latest | |
| - name: Prepare configuration | |
| env: | |
| URL: ${{ github.repositoryUrl }} | |
| COMPONENT: ${{ inputs.qubes-component }} | |
| PKG_DIR: ${{ inputs.qubes-pkg-src-dir }} | |
| # Following 2 variables are used in double expansion '${${{ github.ref_type }}}', | |
| # do not change these names even though they don't follow the convention. | |
| branch: ${{ github.head_ref }} | |
| tag: ${{ github.ref_name }} | |
| run: | | |
| cp example-configs/qubes-os-main.yml builder.yml | |
| branch_name=${${{ github.ref_type }}} | |
| if [ -z "$branch_name" ]; then | |
| # github.head_ref is set only for pull requests, this should | |
| # handle pushes | |
| branch_name=$(basename "$GITHUB_REF") | |
| fi | |
| if [ -n "$PKG_DIR" ]; then | |
| # | |
| # 1. Clone repository locally | |
| # 2. Add files required by qubes-builderv2 | |
| # 3. Commit them | |
| # 4. Put local path as a repository URL to configuration file | |
| # | |
| # `plugins/fetch` is copied inside Docker container, place clone there | |
| rel_clone_dir=plugins/fetch/tmp_clone | |
| clone_dir=qubesbuilder/$rel_clone_dir | |
| git clone --depth 1 --branch "$branch_name" "${URL/git:/https:}" "$clone_dir" | |
| # qubes-builderv2 expects top directory of extracted sources to | |
| # follow "name-version" naming scheme and will fail if other | |
| # naming is used | |
| # | |
| # At the same time when generating a source archive, it uses | |
| # naming scheme from `Source0`, which inevitably leads to a | |
| # failure if it's not what qubes-builderv2 expects. | |
| sed '/^Source0:/s/\t.*/\t%{name}-%{version}.tar.gz/' \ | |
| "$clone_dir/$PKG_DIR/$COMPONENT.spec.in" \ | |
| > "$clone_dir/$COMPONENT.spec.in" | |
| echo 1 > "$clone_dir/rel" | |
| echo "0+$(git -C "$clone_dir" show-ref -s "$branch_name")" \ | |
| > "$clone_dir/version" | |
| cat > "$clone_dir/.qubesbuilder" <<EOF | |
| host: | |
| rpm: | |
| build: | |
| - $COMPONENT.spec | |
| EOF | |
| git config --global user.name user.name | |
| git config --global user.email user.email | |
| git -C "$clone_dir" add . | |
| git -C "$clone_dir" commit -m 'CI changes' | |
| if [ ${{ github.ref_type }} = tag ]; then | |
| # Without this original commit is going to be used | |
| git -C "$clone_dir" tag -f "$branch_name" | |
| fi | |
| # It's an existing component without any options in builder.yml, | |
| # remove it and treat as new component | |
| sed -i "/^ - $COMPONENT$/d" builder.yml | |
| # It's an existing component with options in builder.yml, rename | |
| # it to a dummy component and treat as a new one | |
| sed -i "/^ - $COMPONENT:$/c\ \ - does_not_exist" builder.yml | |
| # It's a new component not known to the builder | |
| sed -i "/^components:/a\ - $COMPONENT:" builder.yml | |
| sed -i "/^ - $COMPONENT:/a\ verification-mode: insecure-skip-checking" builder.yml | |
| sed -i "/^ - $COMPONENT:/a\ branch: $branch_name" builder.yml | |
| sed -i "/^ - $COMPONENT:/a\ url: /builder/$rel_clone_dir" builder.yml | |
| else | |
| # It's an existing component that needs some overrides | |
| sed -i "1,/^ - $COMPONENT/s#^ - $COMPONENT#&:#" builder.yml | |
| sed -i "/^ - $COMPONENT:/a\ verification-mode: insecure-skip-checking" builder.yml | |
| sed -i "/^ - $COMPONENT:/a\ branch: $branch_name" builder.yml | |
| sed -i "/^ - $COMPONENT:/a\ url: ${URL/git:/https:}" builder.yml | |
| fi | |
| echo "::group::builder.yml" | |
| cat builder.yml | |
| echo "::endgroup::" | |
| - name: Build and package | |
| env: | |
| DEBUG: ${{ runner.debug == 1 && '--debug --verbose' || '' }} | |
| run: | | |
| ./qb $DEBUG -c ${{ inputs.qubes-component }} package fetch prep build | |
| rpms=( $(find "artifacts/components/${{ inputs.qubes-component }}/" -regex ".*/build/rpm/[^/]*.rpm") ) | |
| cp --verbose "${rpms[@]}" . | |
| - name: Save built packages | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| if-no-files-found: error | |
| name: qubesos.dom0.fc37-${{ inputs.qubes-component }}-${{ github.sha }} | |
| path: '*.rpm' | |
| - name: Construct release's description | |
| if: github.event_name == 'push' && github.ref_type == 'tag' | |
| run: | | |
| for artifact in *.rpm; do | |
| echo "### $artifact" >> release-body.md | |
| echo '```' >> release-body.md | |
| echo "wget --quiet '${{ github.server_url }}/${{ github.repository }}/releases/download/${{ github.ref_name }}/$artifact'" >> release-body.md | |
| echo '```' >> release-body.md | |
| echo '```' >> release-body.md | |
| echo "curl --remote-name '${{ github.server_url }}/${{ github.repository }}/releases/download/${{ github.ref_name }}/$artifact'" >> release-body.md | |
| echo '```' >> release-body.md | |
| done | |
| - name: Create release for a new tag | |
| if: github.event_name == 'push' && github.ref_type == 'tag' | |
| uses: ncipollo/[email protected] | |
| with: | |
| artifacts: '*.rpm' | |
| artifactErrorsFailBuild: true | |
| bodyFile: "release-body.md" |