@@ -181,9 +181,277 @@ jobs:
181181 name : fedora-30-latest
182182 path : fedora/out/noarch
183183
184+ repo-deb :
185+ name : Update Debian package repository
186+ needs : [build-deb]
187+ runs-on : ubuntu-latest
188+ container : debian:sid
189+ steps :
190+ - name : Install dependencies
191+ run : |
192+ apt-get update
193+ apt-get install -y reprepro git
194+
195+ name : Checkout repository
196+ uses : actions/checkout@v2
197+ with :
198+ repository : linux-surface/repo
199+ token : ${{ secrets.GITHUB_BOT_TOKEN }}
200+ fetch-depth : 0
201+ ref : master
202+
203+ - name : Download artifacts
204+ uses : actions/download-artifact@v1
205+ with :
206+ name : debian-latest
207+
208+ - name : Update repository
209+ env :
210+ GPG_KEY : ${{ secrets.SURFACE_GPG_KEY }}
211+ GIT_REF : ${{ github.ref }}
212+ run : |
213+ cd debian
214+
215+ # Import the GPG key for signing the repository
216+ echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
217+
218+ # Add packages to repository
219+ for pkg in ../debian-latest/*.deb; do
220+ reprepro --basedir . --component main includedeb release $pkg
221+ done
222+ rm -r ../debian-latest
223+
224+ # Parse git tag from ref
225+ GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
226+
227+ # Convert packages into references
228+ for pkg in $(find . -name '*.deb'); do
229+ echo "secureboot-mok:$GIT_TAG/$(basename $pkg)" > $pkg.blob
230+ rm $pkg
231+ done
232+
233+ name : Commit and push
234+ uses :
github-actions-x/[email protected] 235+ with :
236+ github-token : ${{ secrets.GITHUB_BOT_TOKEN }}
237+ push-branch : master
238+ commit-message : Update debian secureboot-mok package
239+ force-add : false
240+ rebase : true
241+ files : debian/*
242+ name : surfacebot
243+ 244+
245+ repo-arch :
246+ name : Update Arch Linux package repository
247+ needs : [build-arch, repo-deb]
248+ runs-on : ubuntu-latest
249+ container : archlinux
250+ steps :
251+ - name : Install dependencies
252+ run : pacman -Sy --noconfirm base-devel git
253+
254+ - name : Checkout repository
255+ uses : actions/checkout@v2
256+ with :
257+ repository : linux-surface/repo
258+ token : ${{ secrets.GITHUB_BOT_TOKEN }}
259+ fetch-depth : 0
260+ ref : master
261+
262+ - name : Download artifacts
263+ uses : actions/download-artifact@v1
264+ with :
265+ name : arch-latest
266+
267+ - name : Update repository
268+ env :
269+ GPG_KEY : ${{ secrets.SURFACE_GPG_KEY }}
270+ GIT_REF : ${{ github.ref }}
271+ run : |
272+ cp arch-latest/* arch/
273+ rm -r arch-latest
274+
275+ cd arch
276+ repo-add -n linux-surface.db.tar.gz *.pkg.tar.zst
277+
278+ # Sign the updated repository
279+ echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
280+ if [ -f 'linux-surface.db.sig' ]; then
281+ rm linux-surface.db.sig
282+ rm linux-surface.db.tar.gz.sig
283+ rm linux-surface.files.sig
284+ rm linux-surface.files.tar.gz.sig
285+ fi
286+ gpg --detach-sign --batch --no-tty --no-armor -u $GPG_KEY_ID linux-surface.db
287+ gpg --detach-sign --batch --no-tty --no-armor -u $GPG_KEY_ID linux-surface.db.tar.gz
288+ gpg --detach-sign --batch --no-tty --no-armor -u $GPG_KEY_ID linux-surface.files
289+ gpg --detach-sign --batch --no-tty --no-armor -u $GPG_KEY_ID linux-surface.files.tar.gz
290+
291+ # Parse git tag from ref
292+ GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
293+
294+ # Convert packages into references
295+ for pkg in $(find . -name '*.pkg.tar.zst'); do
296+ echo "secureboot-mok:$GIT_TAG/$(basename $pkg)" > $pkg.blob
297+ rm $pkg
298+ done
299+
300+ name : Commit and push
301+ uses :
github-actions-x/[email protected] 302+ with :
303+ github-token : ${{ secrets.GITHUB_BOT_TOKEN }}
304+ push-branch : master
305+ commit-message : Update arch secureboot-mok package
306+ force-add : false
307+ rebase : true
308+ files : arch/*
309+ name : surfacebot
310+ 311+
312+ repo-f31 :
313+ name : Update Fedora 31 package repository
314+ needs : [build-f31, repo-arch]
315+ runs-on : ubuntu-latest
316+ container : fedora:31
317+ steps :
318+ - name : Install dependencies
319+ run : |
320+ dnf install -y createrepo_c git findutils wget
321+ name : Checkout repository
322+ uses : actions/checkout@v2
323+ with :
324+ repository : linux-surface/repo
325+ token : ${{ secrets.GITHUB_BOT_TOKEN }}
326+ fetch-depth : 0
327+ ref : master
328+
329+ - name : Unpack repository
330+ run : |
331+ cd fedora/f31
332+
333+ for blob in $(find . -name '*.blob'); do
334+ blobref="$(cat $blob)"
335+ repo="${blobref%%:*}"
336+ vers="${blobref#*:}"
337+ wget "https://github.com/linux-surface/$repo/releases/download/$vers"
338+ done
339+
340+ name : Download artifacts
341+ uses : actions/download-artifact@v1
342+ with :
343+ name : fedora-31-latest
344+
345+ - name : Update repository
346+ env :
347+ GPG_KEY : ${{ secrets.SURFACE_GPG_KEY }}
348+ GIT_REF : ${{ github.ref }}
349+ run : |
350+ # Parse git tag from ref
351+ GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
352+
353+ for pkg in $(find fedora-31-latest -name '*.rpm'); do
354+ echo "linux-surface:$GIT_TAG/$(basename $pkg)" > $pkg.blob
355+ done
356+
357+ cp fedora-31-latest/* fedora/f31/
358+ rm -r fedora-31-latest
359+
360+ cd fedora/f31
361+ createrepo_c --xz --update --verbose .
362+
363+ # Sign the updated repository
364+ echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
365+ if [ -f 'repodata/repomd.xml.asc' ]; then
366+ rm repodata/repomd.xml.asc
367+ fi
368+ gpg --detach-sign --batch --no-tty --armor -u $GPG_KEY_ID repodata/repomd.xml
369+
370+ name : Commit and push
371+ uses :
github-actions-x/[email protected] 372+ with :
373+ github-token : ${{ secrets.GITHUB_BOT_TOKEN }}
374+ push-branch : master
375+ commit-message : Update f31 secureboot-mok package
376+ force-add : false
377+ rebase : true
378+ files : fedora/f31/*
379+ name : surfacebot
380+ 381+
382+ repo-f30 :
383+ name : Update Fedora 30 package repository
384+ needs : [build-f30, repo-f31]
385+ runs-on : ubuntu-latest
386+ container : fedora:30
387+ steps :
388+ - name : Install dependencies
389+ run : |
390+ dnf install -y createrepo_c git findutils wget
391+ name : Checkout repository
392+ uses : actions/checkout@v2
393+ with :
394+ repository : linux-surface/repo
395+ token : ${{ secrets.GITHUB_BOT_TOKEN }}
396+ fetch-depth : 0
397+ ref : master
398+
399+ - name : Unpack repository
400+ run : |
401+ cd fedora/f30
402+
403+ for blob in $(find . -name '*.blob'); do
404+ blobref="$(cat $blob)"
405+ repo="${blobref%%:*}"
406+ vers="${blobref#*:}"
407+ wget "https://github.com/linux-surface/$repo/releases/download/$vers"
408+ done
409+
410+ name : Download artifacts
411+ uses : actions/download-artifact@v1
412+ with :
413+ name : fedora-30-latest
414+
415+ - name : Update repository
416+ env :
417+ GPG_KEY : ${{ secrets.SURFACE_GPG_KEY }}
418+ GIT_REF : ${{ github.ref }}
419+ run : |
420+ # Parse git tag from ref
421+ GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
422+
423+ for pkg in $(find fedora-30-latest -name '*.rpm'); do
424+ echo "linux-surface:$GIT_TAG/$(basename $pkg)" > $pkg.blob
425+ done
426+
427+ cp fedora-30-latest/* fedora/f30/
428+ rm -r fedora-30-latest
429+
430+ cd fedora/f30
431+ createrepo_c --xz --update --verbose .
432+
433+ # Sign the updated repository
434+ echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
435+ if [ -f 'repodata/repomd.xml.asc' ]; then
436+ rm repodata/repomd.xml.asc
437+ fi
438+ gpg --detach-sign --batch --no-tty --armor -u $GPG_KEY_ID repodata/repomd.xml
439+
440+ name : Commit and push
441+ uses :
github-actions-x/[email protected] 442+ with :
443+ github-token : ${{ secrets.GITHUB_BOT_TOKEN }}
444+ push-branch : master
445+ commit-message : Update f30 secureboot-mok package
446+ force-add : false
447+ rebase : true
448+ files : fedora/f30/*
449+ name : surfacebot
450+ 451+
184452 release :
185453 name : Publish release
186- needs : [build -deb, build -arch, build -f31, build -f30]
454+ needs : [repo -deb, repo -arch, repo -f31, repo -f30]
187455 runs-on : ubuntu-latest
188456 steps :
189457 - name : Download Debian artifacts
0 commit comments