selinux: see u next time #119
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Create Repo for RustDesk latest and nightly | |
on: | |
schedule: | |
# Every 3AM UTC | |
- cron: "0 3 * * *" | |
pull_request: | |
branches: | |
- main | |
paths-ignore: | |
- '**.md' | |
push: | |
branches: | |
- main | |
paths-ignore: | |
- '**.md' | |
workflow_dispatch: | |
permissions: | |
contents: read | |
pages: write | |
id-token: write | |
jobs: | |
verify: | |
name: Verify container | |
runs-on: ubuntu-latest | |
steps: | |
- name: Install Cosign | |
uses: sigstore/[email protected] | |
- name: Verify | |
run: | | |
cosign verify --rekor-url=https://rekor.sigstore.dev \ | |
--certificate-identity-regexp "https://github.com/xlionjuan/.*" \ | |
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \ | |
ghcr.io/xlionjuan/fedora-createrepo-image-minimal:latest | |
build: | |
name: Build | |
needs: verify | |
runs-on: ubuntu-latest | |
container: ghcr.io/xlionjuan/fedora-createrepo-image-minimal:latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Setup Pages | |
uses: actions/configure-pages@v5 | |
- name: Import GPG Key | |
if: github.event_name != 'pull_request' || github.actor == 'renovate[bot]' | |
run: | | |
echo "$GPG_PRIVATE_KEY" | gpg --batch --yes --import | |
GPG_PUBLIC_KEY=$(gpg --list-keys --with-colons | grep fpr | head -n1 | cut -d: -f10) | |
echo "%_signature gpg | |
%_gpg_name $GPG_PUBLIC_KEY" > ~/.rpmmacros | |
env: | |
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
- name: Build SELinux config for RustDesk | |
if: false | |
run: | | |
set -oue pipefail | |
./rustdesk_selinux/rustdesk.sh | |
cp rustdesk_selinux/noarch/rustdesk_selinux*.rpm "wwwroot/latest" &\ | |
cp rustdesk_selinux/noarch/rustdesk_selinux*.rpm "wwwroot/nightly" &\ | |
cp rustdesk_selinux/noarch/rustdesk_selinux*.rpm "wwwroot/latest-suse" &\ | |
cp rustdesk_selinux/noarch/rustdesk_selinux*.rpm "wwwroot/nightly-suse" | |
- name: Download RustDesk latest and nightly | |
run: bash rustdesk_latest.sh & bash rustdesk_nightly.sh | |
- name: Reversion nightly version number with date | |
run: | | |
bash rustdesk_nightly_reversion.sh wwwroot/nightly/ori &\ | |
bash rustdesk_nightly_reversion.sh wwwroot/nightly-suse/ori | |
echo "Run tree" | |
tree | |
- name: Sign RPMs | |
if: github.event_name != 'pull_request' || github.actor == 'renovate[bot]' || github.ref == 'refs/heads/main' | |
run: bash createrepo/1_sign_rpm.sh | |
- name: Create repo | |
run: bash createrepo/2_createrepo.sh | |
- name: Sign repo | |
if: github.event_name != 'pull_request' || github.actor == 'renovate[bot]' || github.ref == 'refs/heads/main' | |
run: bash createrepo/3_sign_repo.sh | |
- name: Sleep 0.5 sec | |
run: sleep 0.5 | |
- name: Clean up GPG Key | |
run: rm -rf ~/.gnupg | |
- name: Upload Pages artifact | |
uses: actions/upload-pages-artifact@v3 | |
with: | |
name: github-pages | |
path: wwwroot | |
- name: Publish Artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: cf_r2 | |
path: wwwroot | |
if-no-files-found: error | |
deploy: | |
name: Deploy to GitHub Pages | |
if: github.event_name != 'pull_request' | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Deploy to GitHub Pages | |
id: deployment | |
uses: actions/deploy-pages@v4 | |
push-to-cf-r2: | |
name: Push to Cloudflare R2 | |
if: github.event_name != 'pull_request' | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Download artifact | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: cf_r2 | |
path: wwwroot | |
merge-multiple: true | |
- name: Upload to Cloudflare R2 | |
uses: ryand56/r2-upload-action@latest | |
with: | |
r2-account-id: ${{ secrets.R2_ACCOUNT_ID }} | |
r2-access-key-id: ${{ secrets.R2_ACCESS_KEY_ID }} | |
r2-secret-access-key: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
r2-bucket: ${{ secrets.R2_BUCKET }} | |
keep-file-fresh: true | |
source-dir: wwwroot | |
destination-dir: ./ |