Build and upload zig rpm packages #88
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and upload zig rpm packages | |
| on: | |
| # workflow_run: | |
| # workflows: [ "spc-download" ] | |
| # types: | |
| # - completed | |
| workflow_dispatch: | |
| inputs: | |
| iteration: | |
| description: "Optional: override package iteration (integer). Leave empty for auto" | |
| required: false | |
| default: "" | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.arch == 'x86_64' && 'ubuntu-24.04' || 'ubuntu-24.04-arm' }} | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| ITERATION: ${{ inputs.iteration || '' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php-version: [ 8.2, 8.3, 8.4 ] | |
| arch: [ x86_64, arm64 ] | |
| target: [ native-native-gnu.2.17 ] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up SSH key | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.GITHUBRPMHENDERKESPRIVATEKEY }} | |
| - name: Add remote host to known_hosts | |
| run: | | |
| mkdir -p ~/.ssh | |
| cat >> ~/.ssh/known_hosts <<'EOF' | |
| ${{ secrets.DEB_SERVER_IP }} ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPQq0y77dDEtxECVMhCxjcqiV369goMcbInsY/d+F1yXGwqOXQ6RqIEzgaVhgq0joMJT5BiGXNXQ+OI10/KtzGI= | |
| ${{ secrets.DEB_SERVER_IP }} ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2laCc5jifgjL/2zLzgP1E/X3kouXdaZv00KtAV1DOO5umThoWzb16cswnVtjtLUEMIuo9rPLB79xX2Asa+nN3uMgJDANnr/xnhRoI++yOGLga40/O69U88j5x+5FXODscH/k4n85mfcjzm/fZLXcHlb17ibCmU20I3v46sydn95Pp4/ShDvqsHVB4gWEKJ+jStkooUz2H1UZ8ZquNtaPTlmkOeClNj6gxag74P5b9VB6M5YNac2Emi3Nm0dYkc+BL0Qv+NEtFR1lR63DLa3O/NGTALGJYGmTUkjwiv8KygegaKhd2zxESmWhV7eYIPax8zL+GE9sX1Xwwh1huS0vsuwr2dXPP1/q5slz1AQV/lx85fGdiHc0F8RUXwqXbvGxZJheTuC/Mgu0cFzp5gqO4kTP28X+9fokzScBKBCIfObDXrl7rZgTXAA8IQ5gHk1tGchaEOIcDsjdISW5HVOiwocYSwUNMHzuZ08qAulatIywtOGcWVRdvOs7TcvSgfZ0= | |
| ${{ secrets.DEB_SERVER_IP }} ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICaB5IjokRHAH0Y9pzVe/Jx3s6cn0OADJ9uTxQQubBMu | |
| EOF | |
| - name: Set architecture variables | |
| run: | | |
| if [[ "${{ matrix.arch }}" == "arm64" ]]; then | |
| echo "RPM_ARCH=aarch64" >> $GITHUB_ENV | |
| else | |
| echo "RPM_ARCH=${{ matrix.arch }}" >> $GITHUB_ENV | |
| fi | |
| - name: Set target folder | |
| run: | | |
| if [[ "${{ matrix.target }}" == *"2.17"* ]]; then | |
| echo "TARGET_DIR=el7" >> $GITHUB_ENV | |
| elif [[ "${{ matrix.target }}" == *"2.28"* ]]; then | |
| echo "TARGET_DIR=el8" >> $GITHUB_ENV | |
| elif [[ "${{ matrix.target }}" == *"2.34"* ]]; then | |
| echo "TARGET_DIR=el9" >> $GITHUB_ENV | |
| elif [[ "${{ matrix.target }}" == *"2.39"* ]]; then | |
| echo "TARGET_DIR=el10" >> $GITHUB_ENV | |
| else | |
| echo "TARGET_DIR=el10" >> $GITHUB_ENV | |
| fi | |
| - name: Install APT dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y curl ruby rpm build-essential tar zstd | |
| sudo apt-get upgrade -y | |
| sudo gem install fpm | |
| - name: Install composer | |
| run: | | |
| sudo curl -L https://files.henderkes.com/${RPM_ARCH}-linux/php -o /usr/local/bin/php | |
| sudo chmod +x /usr/local/bin/php | |
| sudo curl -sS https://raw.githubusercontent.com/composer/getcomposer.org/f3108f64b4e1c1ce6eb462b159956461592b3e3e/web/installer | php -- --quiet | |
| sudo mv composer.phar /usr/local/bin/composer | |
| - name: Prepare cache directories | |
| run: | | |
| composer config -g cache-dir | |
| - name: Restore Composer cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/composer | |
| key: composer-${{ hashFiles('**/composer.lock') }} | |
| restore-keys: | | |
| composer- | |
| - name: Install vendor | |
| run: composer install --no-interaction --prefer-dist --no-progress | |
| - name: Download artifact from spc-download.yml | |
| uses: dawidd6/action-download-artifact@v11 | |
| with: | |
| workflow: spc-download.yml | |
| name: downloads-tarball | |
| - name: Extract with permissions | |
| run: | | |
| mkdir -p vendor/crazywhalecc/static-php-cli/downloads | |
| tar -xzf downloads.tar.gz -C vendor/crazywhalecc/static-php-cli/downloads | |
| rm downloads.tar.gz | |
| - name: Build PHP and packages | |
| run: | | |
| php bin/spp all --target=${{ matrix.target }} --type=rpm --phpv=${{ matrix.php-version }} --iteration="${{ env.ITERATION }}" | |
| - name: Prepare rpm signing | |
| run: | | |
| # Setup GPG | |
| export GNUPGHOME="${HOME}/.gnupg" | |
| mkdir -p "${GNUPGHOME}" | |
| chmod 700 "${GNUPGHOME}" | |
| echo "allow-loopback-pinentry" > "${GNUPGHOME}/gpg-agent.conf" | |
| gpgconf --kill gpg-agent | |
| # Import private key and extract fingerprint | |
| FPR=$(printf '%s' "${{ secrets.DEB_GPG_PRIVATE_KEY }}" \ | |
| | gpg --batch --quiet --with-colons --import-options show-only --import 2>/dev/null \ | |
| | awk -F: '/^fpr:/ {print $10; exit}') | |
| printf '%s' "${{ secrets.DEB_GPG_PRIVATE_KEY }}" | gpg --batch --yes --import | |
| # Configure gpg.conf | |
| { | |
| echo "pinentry-mode loopback" | |
| echo "default-key ${FPR}" | |
| } > "${GNUPGHOME}/gpg.conf" | |
| # Unlock key with passphrase (warmup) | |
| t=$(mktemp); echo warmup > "$t" | |
| gpg --batch --yes --pinentry-mode loopback --passphrase-fd 0 \ | |
| --local-user "${FPR}" --sign --output /dev/null "$t" <<<"${{ secrets.DEB_GPG_PASSWORD }}" | |
| rm -f "$t" | |
| # Create ~/.rpmmacros (not /root/.rpmmacros!) | |
| cat > ~/.rpmmacros <<EOF | |
| %_signature gpg | |
| %_gpg_path ${GNUPGHOME} | |
| %_gpg_name ${FPR} | |
| %_gpgbin /usr/bin/gpg | |
| %__gpg /usr/bin/gpg | |
| %__gpg_check_password_cmd /bin/true | |
| EOF | |
| - name: Sign RPM packages | |
| run: | | |
| for rpm in dist/rpm/*.rpm; do | |
| rpmsign --addsign "$rpm" | |
| done | |
| - name: Upload packages | |
| run: | | |
| rsync -av --ignore-existing dist/rpm/*.rpm github@${{ secrets.DEB_SERVER_IP }}:/mnt/data/rpm/${{ env.RPM_ARCH }}/${{ env.TARGET_DIR }}/ | |
| - name: Update repository metadata | |
| run: | | |
| ssh github@${{ secrets.DEB_SERVER_IP }} "cd /mnt/data/rpm/${{ env.RPM_ARCH }}/${{ env.TARGET_DIR }}/ && rm -rf repodata && createrepo_static && createrepo_c ." | |
| - name: "Upload logs" | |
| if: ${{ failure() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-logs-${{ matrix.arch }}-el7-php${{ matrix.php-version }} | |
| path: vendor/crazywhalecc/static-php-cli/log | |
| # - name: Setup tmate session | |
| # if: ${{ failure() }} | |
| # uses: mxschmitt/action-tmate@v3 | |
| # timeout-minutes: 10 |