1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
|
# SPDX-FileCopyrightText: 2006 Istituto Nazionale di Fisica Nucleare
#
# SPDX-License-Identifier: Apache-2.0
name: Build RPM
on: push
jobs:
build-rpm:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
strategy:
fail-fast: false
matrix:
os: [almalinux]
version: [8, 9, 10]
outputs:
repo: ${{ steps.info.outputs.repo }}
version_pom: ${{ steps.info.outputs.version_pom }}
runs-on: ubuntu-latest
container: '${{ matrix.os }}:${{ matrix.version }}'
steps:
- name: Install dependencies
run: |
dnf upgrade -y
[[ "${{ matrix.version }}" -lt 10 ]] && dnf module enable -y maven:3.8
[[ "${{ matrix.version }}" = 10 ]] && dnf install -y almalinux-release-devel
dnf install -y git maven-openjdk21 rpmdevtools rpmlint rpm-sign
- name: Setup build tree
run: |
echo "%_topdir $(pwd)/rpmbuild" >> ~/.rpmmacros
rpmdev-setuptree
- uses: actions/checkout@v4
with:
path: 'rpmbuild/BUILD'
fetch-depth: 0
- name: Calculate version and repo
id: info
run: |
cd rpmbuild/BUILD
VERSION_POM=$(mvn org.apache.maven.plugins:maven-help-plugin:evaluate -Dexpression=project.version -q -DforceStdout)
# Maven uses -SNAPSHOT for pre-releases, change the - to ~ in the RPM
VERSION_RPM=$(echo ${VERSION_POM} | sed 's/-/~/')
if [[ ${{ github.ref_type }} = 'tag' ]]; then
# In case is a tag, check if the tag matches v<x>.<y>.<z>
if [[ ${GITHUB_REF_NAME} =~ ^v([0-9]+\.[0-9]+\.[0-9]+)$ ]]; then
REPO='stable'
VERSION="${BASH_REMATCH[1]}"
if [[ ${VERSION} != ${VERSION_POM} ]]; then
echo "Version mismatch between tag (${VERSION}) and POM file (${VERSION_POM})"
exit 1
fi
fi
elif [[ ${GITHUB_REF_NAME} = ${{ github.event.repository.default_branch }} ]]; then
# Check if the version in POM file matches <x>.<y>.<z>-SNAPSHOT
if [[ ${VERSION_POM} =~ ^[0-9]+\.[0-9]+\.[0-9]+-SNAPSHOT$ ]]; then
REPO='nightly'
fi
fi
echo "REPO=${REPO}" >> "${GITHUB_ENV}"
echo "repo=${REPO}" >> "${GITHUB_OUTPUT}"
echo "VERSION_POM=${VERSION_POM}" >> "${GITHUB_ENV}"
echo "version_pom=${VERSION_POM}" >> "${GITHUB_OUTPUT}"
echo "VERSION_RPM=${VERSION_RPM}" >> "${GITHUB_ENV}"
echo "Version POM: ${VERSION_POM}"
echo "Version RPM: ${VERSION_RPM}"
echo "Repo: ${REPO:-none}"
- name: Import GPG key
if: ${{ matrix.version != 8 }}
env:
MAVEN_GPG_KEY: ${{ secrets.MAVEN_GPG_KEY }}
MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_PASSPHRASE }}
run: |
echo "${MAVEN_GPG_KEY}" > private-key.asc
gpg --batch --import-options import-show --import private-key.asc
rm private-key.asc
gpg --export -a CNAFSD > RPM-GPG-KEY-pmanager
rpm --import RPM-GPG-KEY-pmanager
echo "%_gpg_name CNAFSD" >> ~/.rpmmacros
echo "%_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase ${MAVEN_GPG_PASSPHRASE}" >> ~/.rpmmacros
- name: Build RPM
run: |
cp rpmbuild/BUILD/voms-clients.spec rpmbuild/SPECS/voms-clients.spec
rpmlint rpmbuild/SPECS/voms-clients.spec
rpmbuild --define "base_version ${VERSION_RPM}" --define "version_pom ${VERSION_POM}" -ba rpmbuild/SPECS/voms-clients.spec
if [[ "${{ matrix.version }}" = 8 ]]; then
echo "Skip signing on AlmaLinux 8 to avoid error: RPM-GPG-KEY-pmanager: key 1 import failed"
exit 0
fi
GPG_TTY="" rpm --addsign rpmbuild/RPMS/noarch/*.rpm
- uses: actions/upload-artifact@v4
with:
name: build-rpm-${{ matrix.os }}-${{ matrix.version }}
path: |
rpmbuild/RPMS/noarch/*.rpm
- name: Upload release to repo
if: env.REPO != ''
env:
NEXUS_PASSWORD: ${{ secrets.NEXUS_PASSWORD }}
run: |
for file in rpmbuild/RPMS/noarch/*.rpm; do
curl --fail --user "${{ vars.NEXUS_USERNAME }}:${NEXUS_PASSWORD}" --upload-file "${file}" https://repo.cloud.cnaf.infn.it/repository/voms-rpm-${REPO}/redhat${{ matrix.version }}/
done
create-release:
needs: build-rpm
runs-on: ubuntu-latest
env:
GH_TOKEN: ${{ github.token }}
VERSION_POM: ${{ needs.build-rpm.outputs.version_pom }}
if: needs.build-rpm.outputs.repo == 'stable'
steps:
- name: Check out repository code
uses: actions/checkout@v4
- uses: actions/download-artifact@v4
- name: Create release
run: |
# Get from the changelog file only the part related to the tagged release, in particular:
# - Delete lines up to the one beginning with "## <x>.<y>.<z>" (inclusive)
# - Delete lines from the next one beginning with "## " until the end of the file
# - Change all the "### " to "## " to use heading level 2 instead of level 3
sed -e "1,/^## ${VERSION_POM}/d;/^## /,\$d;s/^### /## /g" CHANGELOG.md > RELEASE-CHANGELOG.md
gh release create v${VERSION_POM} --title "VOMS Clients Java ${VERSION_POM}" --notes-file RELEASE-CHANGELOG.md build-*/*
|
