diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index ca8670e..87659d6 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,11 +7,88 @@ on: - '*' jobs: - qubes-dom0-package: - uses: TrenchBoot/.github/.github/workflows/qubes-dom0-package.yml@master - with: - base-commit: '62819a6fdf58d3d3c47aff5096dea9fb88ce1d53' - patch-start: 0000 - qubes-component: 'antievilmaid' - spec-pattern: '/^Source0:/' - spec-file: 'anti-evil-maid' + build-and-package: + runs-on: ubuntu-latest + name: Compile and package as QubesOS RPM + permissions: + # for publishing releases + contents: write + + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 100 # need history for `git format-patch` + + - uses: actions/checkout@v3 + with: + repository: TrenchBoot/.github + path: shared + ref: ${{ github.job_workflow_sha }} + + - name: Cache Docker image and dom0 stuff + uses: actions/cache@v3 + id: docker-cache + with: + path: | + /tmp/qubes-fedora-builder.tar + /tmp/cache/dom0.tar + key: | + ${{ hashFiles('shared/qubes-builder-docker/*') }}-docker-container + + - name: Load Docker image + if: steps.docker-cache.outputs.cache-hit == 'true' + run: | + docker load --input /tmp/qubes-fedora-builder.tar + + - name: Build Docker image (optional) + if: steps.docker-cache.outputs.cache-hit != 'true' + uses: docker/build-push-action@v4 + with: + tags: qubes-fedora-builder:latest + context: shared/qubes-builder-docker + + - name: Export Docker image (optional) + if: steps.docker-cache.outputs.cache-hit != 'true' + run: | + docker save --output /tmp/qubes-fedora-builder.tar \ + qubes-fedora-builder:latest + + - name: Prepare dom0 cache storage (optional) + if: steps.docker-cache.outputs.cache-hit != 'true' + run: | + mkdir --mode=777 /tmp/cache + + - name: Apply patches + run: | + docker run --privileged \ + -v "$GITHUB_WORKSPACE:$GITHUB_WORKSPACE" \ + -w "$GITHUB_WORKSPACE" \ + --entrypoint ./entry.sh \ + qubes-fedora-builder:latest + + - name: Save built packages + uses: actions/upload-artifact@v3 + with: + name: qubesos.dom0.fc37-${{ inputs.qubes-component }}-${{ github.sha }} + path: '*.rpm' + + - name: Construct release's description + if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') + run: | + for artifact in *.rpm; do + echo "### $artifact" >> release-body.md + echo '```' >> release-body.md + echo "wget --quiet '${{ github.server_url }}/${{ github.repository }}/releases/download/${{ github.ref_name }}/$artifact'" >> release-body.md + echo '```' >> release-body.md + echo '```' >> release-body.md + echo "curl --remote-name '${{ github.server_url }}/${{ github.repository }}/releases/download/${{ github.ref_name }}/$artifact'" >> release-body.md + echo '```' >> release-body.md + done + + - name: Create release for a new tag + if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/') + uses: ncipollo/release-action@v1.13.0 + with: + artifacts: '*.rpm' + artifactErrorsFailBuild: true + bodyFile: "release-body.md" diff --git a/entry.sh b/entry.sh new file mode 100755 index 0000000..dc9e5ad --- /dev/null +++ b/entry.sh @@ -0,0 +1,22 @@ +#!/bin/bash + +# prevent errors due to inconsistent ownership +git config --global --add safe.directory "$PWD" + +# fetch component's sources +su -c "make -C /builder 'COMPONENTS=antievilmaid' get-sources" - builder + +# create a set of patches on top of component's base and integrate them into +# sources +patches=( $(git format-patch --start-number 1 62819a6fdf58d3d3c47aff5096dea9fb88ce1d53) ) +git config user.email "test@example.com" +git config user.name "Test User" +git config gc.auto 0 +git -C "/builder/qubes-src/antievilmaid/" am ${patches[@]} + +# build the component +su -c "make -C /builder 'COMPONENTS=antievilmaid' 'antievilmaid'" - builder + +# move RPMs out of the container +rpms=( $(find "/builder/qubes-src/antievilmaid/pkgs" -name '*.rpm') ) +cp --verbose "${rpms[@]}" .