test

Signed-off-by: Krystian Hebel <krystian.hebel@3mdeb.com>
TrenchBoot · Oct 4, 2023 · fbaf6c0 · fbaf6c0
1 parent f52c598
commit fbaf6c0
Show file tree

Hide file tree

Showing 2 changed files with 109 additions and 8 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -7,11 +7,88 @@ on:
       - '*'
 
 jobs:
-  qubes-dom0-package:
-    uses: TrenchBoot/.github/.github/workflows/qubes-dom0-package.yml@master
-    with:
-      base-commit: '62819a6fdf58d3d3c47aff5096dea9fb88ce1d53'
-      patch-start: 0000
-      qubes-component: 'antievilmaid'
-      spec-pattern: '/^Source0:/'
-      spec-file: 'anti-evil-maid'
+  build-and-package:
+    runs-on: ubuntu-latest
+    name: Compile and package as QubesOS RPM
+    permissions:
+      # for publishing releases
+      contents: write
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 100 # need history for `git format-patch`
+
+      - uses: actions/checkout@v3
+        with:
+          repository: TrenchBoot/.github
+          path: shared
+          ref: ${{ github.job_workflow_sha }}
+
+      - name: Cache Docker image and dom0 stuff
+        uses: actions/cache@v3
+        id: docker-cache
+        with:
+          path: |
+            /tmp/qubes-fedora-builder.tar
+            /tmp/cache/dom0.tar
+          key: |
+            ${{ hashFiles('shared/qubes-builder-docker/*') }}-docker-container
+
+      - name: Load Docker image
+        if: steps.docker-cache.outputs.cache-hit == 'true'
+        run: |
+          docker load --input /tmp/qubes-fedora-builder.tar
+
+      - name: Build Docker image (optional)
+        if: steps.docker-cache.outputs.cache-hit != 'true'
+        uses: docker/build-push-action@v4
+        with:
+          tags: qubes-fedora-builder:latest
+          context: shared/qubes-builder-docker
+
+      - name: Export Docker image (optional)
+        if: steps.docker-cache.outputs.cache-hit != 'true'
+        run: |
+          docker save --output /tmp/qubes-fedora-builder.tar \
+                      qubes-fedora-builder:latest
+
+      - name: Prepare dom0 cache storage (optional)
+        if: steps.docker-cache.outputs.cache-hit != 'true'
+        run: |
+          mkdir --mode=777 /tmp/cache
+
+      - name: Apply patches
+        run: |
+          docker run --privileged \
+                     -v "$GITHUB_WORKSPACE:$GITHUB_WORKSPACE" \
+                     -w "$GITHUB_WORKSPACE" \
+                     --entrypoint ./entry.sh \
+                     qubes-fedora-builder:latest
+
+      - name: Save built packages
+        uses: actions/upload-artifact@v3
+        with:
+          name: qubesos.dom0.fc37-${{ inputs.qubes-component }}-${{ github.sha }}
+          path: '*.rpm'
+
+      - name: Construct release's description
+        if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/')
+        run: |
+          for artifact in *.rpm; do
+            echo "### $artifact" >> release-body.md
+            echo '```' >> release-body.md
+            echo "wget --quiet '${{ github.server_url }}/${{ github.repository }}/releases/download/${{ github.ref_name }}/$artifact'" >> release-body.md
+            echo '```' >> release-body.md
+            echo '```' >> release-body.md
+            echo "curl --remote-name '${{ github.server_url }}/${{ github.repository }}/releases/download/${{ github.ref_name }}/$artifact'" >> release-body.md
+            echo '```' >> release-body.md
+          done
+
+      - name: Create release for a new tag
+        if: github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/')
+        uses: ncipollo/release-action@v1.13.0
+        with:
+          artifacts: '*.rpm'
+          artifactErrorsFailBuild: true
+          bodyFile: "release-body.md"
diff --git a/entry.sh b/entry.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# prevent errors due to inconsistent ownership
+git config --global --add safe.directory "$PWD"
+git config --global --add safe.directory '/builder/qubes-src/antievilmaid'
+
+echo "XXXX fetch component's sources"
+su -c "make -C /builder 'COMPONENTS=antievilmaid' get-sources" - builder
+
+echo "XXXX create a set of patches on top of component's base"
+patches=( $(git format-patch --start-number 1 62819a6fdf58d3d3c47aff5096dea9fb88ce1d53) )
+
+echo "XXXX integrate patches into sources"
+git -C "/builder/qubes-src/antievilmaid/" config user.email "test@example.com"
+git -C "/builder/qubes-src/antievilmaid/" config user.name "Test User"
+git -C "/builder/qubes-src/antievilmaid/" config gc.auto 0
+git -C "/builder/qubes-src/antievilmaid/" am $PWD/${patches[@]}
+
+echo "XXXX build the component"
+su -c "make -C /builder 'COMPONENTS=antievilmaid' 'antievilmaid'" - builder
+
+echo "XXXX move RPMs out of the container"
+rpms=( $(find "/builder/qubes-src/antievilmaid/pkgs" -name '*.rpm') )
+cp --verbose "${rpms[@]}" .