-
Notifications
You must be signed in to change notification settings - Fork 0
146 lines (125 loc) · 4.46 KB
/
create-repo.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: Create Repo for RustDesk latest and nightly
on:
schedule:
# Every 3AM UTC
- cron: "0 3 * * *"
pull_request:
branches:
- main
paths-ignore:
- '**.md'
push:
branches:
- main
paths-ignore:
- '**.md'
workflow_dispatch:
permissions:
contents: read
pages: write
id-token: write
jobs:
verify:
name: Verify container
runs-on: ubuntu-latest
steps:
- name: Install Cosign
uses: sigstore/[email protected]
- name: Verify
run: |
cosign verify --rekor-url=https://rekor.sigstore.dev \
--certificate-identity-regexp "https://github.com/xlionjuan/.*" \
--certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
ghcr.io/xlionjuan/fedora-createrepo-image-minimal:latest
build:
name: Build
needs: verify
runs-on: ubuntu-latest
container: ghcr.io/xlionjuan/fedora-createrepo-image-minimal:latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Pages
uses: actions/configure-pages@v5
- name: Import GPG Key
if: github.event_name != 'pull_request' || github.actor == 'renovate[bot]'
run: |
echo "$GPG_PRIVATE_KEY" | gpg --batch --yes --import
GPG_PUBLIC_KEY=$(gpg --list-keys --with-colons | grep fpr | head -n1 | cut -d: -f10)
echo "%_signature gpg
%_gpg_name $GPG_PUBLIC_KEY" > ~/.rpmmacros
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
- name: Build SELinux config for RustDesk
run: |
set -oue pipefail
./rustdesk_selinux/rustdesk.sh
cp rustdesk_selinux/noarch/rustdesk_selinux*.rpm "wwwroot/latest" &\
cp rustdesk_selinux/noarch/rustdesk_selinux*.rpm "wwwroot/nightly" &\
cp rustdesk_selinux/noarch/rustdesk_selinux*.rpm "wwwroot/latest-suse" &\
cp rustdesk_selinux/noarch/rustdesk_selinux*.rpm "wwwroot/nightly-suse"
- name: Download RustDesk latest and nightly
run: bash rustdesk_latest.sh & bash rustdesk_nightly.sh
- name: Reversion nightly version number with date
run: |
bash rustdesk_nightly_reversion.sh wwwroot/nightly/ori &\
bash rustdesk_nightly_reversion.sh wwwroot/nightly-suse/ori
echo "Run tree"
tree
- name: Sign RPMs
if: github.event_name != 'pull_request' || github.actor == 'renovate[bot]' || github.ref == 'refs/heads/main'
run: bash createrepo/1_sign_rpm.sh
- name: Create repo
run: bash createrepo/2_createrepo.sh
- name: Sign repo
if: github.event_name != 'pull_request' || github.actor == 'renovate[bot]' || github.ref == 'refs/heads/main'
run: bash createrepo/3_sign_repo.sh
- name: Sleep 0.5 sec
run: sleep 0.5
- name: Clean up GPG Key
run: rm -rf ~/.gnupg
- name: Upload Pages artifact
uses: actions/upload-pages-artifact@v3
with:
name: github-pages
path: wwwroot
- name: Publish Artifacts
uses: actions/upload-artifact@v4
with:
name: cf_r2
path: wwwroot
if-no-files-found: error
deploy:
name: Deploy to GitHub Pages
if: github.event_name != 'pull_request'
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
runs-on: ubuntu-latest
needs: build
steps:
- name: Deploy to GitHub Pages
id: deployment
uses: actions/deploy-pages@v4
push-to-cf-r2:
name: Push to Cloudflare R2
if: github.event_name != 'pull_request'
runs-on: ubuntu-latest
needs: build
steps:
- name: Download artifact
uses: actions/download-artifact@v4
with:
pattern: cf_r2
path: wwwroot
merge-multiple: true
- name: Upload to Cloudflare R2
uses: ryand56/r2-upload-action@latest
with:
r2-account-id: ${{ secrets.R2_ACCOUNT_ID }}
r2-access-key-id: ${{ secrets.R2_ACCESS_KEY_ID }}
r2-secret-access-key: ${{ secrets.R2_SECRET_ACCESS_KEY }}
r2-bucket: ${{ secrets.R2_BUCKET }}
keep-file-fresh: true
source-dir: wwwroot
destination-dir: ./