162 lines
5.8 KiB
YAML
162 lines
5.8 KiB
YAML
name: build-release
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
version:
|
|
description: "claude-desktop upstream version (e.g. 1.17377.2)"
|
|
required: true
|
|
type: string
|
|
|
|
concurrency:
|
|
group: build-release
|
|
cancel-in-progress: false
|
|
|
|
env:
|
|
APT_BASE: https://downloads.claude.ai/claude-desktop/apt/stable
|
|
|
|
jobs:
|
|
package:
|
|
runs-on: rpm
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
fedora_version: ["43", "44"]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Resolve .deb URL and checksum
|
|
id: deb
|
|
run: |
|
|
packages_url="${APT_BASE}/dists/stable/main/binary-amd64/Packages"
|
|
# paragraph-mode match on the exact Version: stanza (dots escaped)
|
|
escaped=$(printf '%s' "${VERSION}" | sed 's/\./\\./g')
|
|
stanza=$(curl --silent --show-error --fail --location "${packages_url}" \
|
|
| awk -v RS='' -v v="${escaped}" '$0 ~ ("(^|\n)Version: " v "(\n|$)")')
|
|
if [ -z "${stanza}" ]; then
|
|
echo "version ${VERSION} not found in ${packages_url}"; exit 1
|
|
fi
|
|
filename=$(printf '%s\n' "${stanza}" | awk '/^Filename:/{print $2; exit}')
|
|
sha256=$(printf '%s\n' "${stanza}" | awk '/^SHA256:/{print $2; exit}')
|
|
echo "url=${APT_BASE}/${filename}" >> "$GITHUB_OUTPUT"
|
|
echo "sha256=${sha256}" >> "$GITHUB_OUTPUT"
|
|
echo "resolved ${VERSION}: ${APT_BASE}/${filename} (sha256 ${sha256})"
|
|
env:
|
|
VERSION: ${{ inputs.version }}
|
|
|
|
- name: Download and verify .deb
|
|
run: |
|
|
curl --silent --show-error --fail --location \
|
|
--output "claude-desktop_${VERSION}_amd64.deb" \
|
|
"${DEB_URL}"
|
|
echo "${DEB_SHA256} claude-desktop_${VERSION}_amd64.deb" | sha256sum --check --strict
|
|
env:
|
|
VERSION: ${{ inputs.version }}
|
|
DEB_URL: ${{ steps.deb.outputs.url }}
|
|
DEB_SHA256: ${{ steps.deb.outputs.sha256 }}
|
|
|
|
- name: Build RPM
|
|
run: |
|
|
rm -f ~/.rpmmacros
|
|
rpmdev-setuptree
|
|
cp "claude-desktop_${VERSION}_amd64.deb" ~/rpmbuild/SOURCES/
|
|
# generated %changelog entry — upstream ships no git repo to mine
|
|
cp rpm/claude-desktop.spec /tmp/claude-desktop.spec
|
|
{
|
|
echo "* $(LC_ALL=C date '+%a %b %d %Y') lair CI <ci@lair.cafe> - ${VERSION}-1"
|
|
echo "- Automated repackage of upstream claude-desktop ${VERSION} .deb"
|
|
} >> /tmp/claude-desktop.spec
|
|
rpmbuild -bb /tmp/claude-desktop.spec \
|
|
--define "claude_desktop_version ${VERSION}" \
|
|
--undefine dist \
|
|
--define "dist .fc${{ matrix.fedora_version }}"
|
|
env:
|
|
VERSION: ${{ inputs.version }}
|
|
|
|
- name: Upload RPM
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: rpm-fc${{ matrix.fedora_version }}
|
|
path: ~/rpmbuild/RPMS/x86_64/*.rpm
|
|
retention-days: 7
|
|
|
|
publish:
|
|
needs: package
|
|
runs-on: rpm
|
|
env:
|
|
RPM_REPO_HOST: oolon.kosherinata.internal
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
fedora_version: ["43", "44"]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Download RPMs for fc${{ matrix.fedora_version }}
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
path: rpms/
|
|
pattern: rpm-fc${{ matrix.fedora_version }}
|
|
|
|
- name: Flatten RPM artifacts
|
|
run: |
|
|
find rpms/ -name '*.rpm' -exec mv --target-directory=rpms/ {} +
|
|
find rpms/ -mindepth 1 -type d -empty -delete
|
|
|
|
- name: Check for sequoia-sq
|
|
run: |
|
|
if ! command -v sq &> /dev/null; then
|
|
echo "ERROR: sequoia-sq is not installed. Install with: sudo dnf install sequoia-sq"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Import signing key
|
|
run: |
|
|
echo "${{ secrets.RPM_SIGNING_KEY }}" | gpg --batch --import
|
|
fpr=$(gpg --batch --with-colons --list-keys "${{ secrets.RPM_SIGNING_KEY_ID }}" | awk -F: '/^fpr:/ { print $10; exit }')
|
|
echo "${fpr}:6:" | gpg --batch --import-ownertrust
|
|
sed "s/@GPG_NAME@/${{ secrets.RPM_SIGNING_KEY_ID }}/" rpm/rpmmacros > ~/.rpmmacros
|
|
|
|
- name: Sign RPMs
|
|
run: |
|
|
for rpm in rpms/*.rpm; do
|
|
echo "signing ${rpm}..."
|
|
rpm --addsign "${rpm}"
|
|
done
|
|
|
|
- name: Set up SSH
|
|
run: |
|
|
install --directory --mode 700 ~/.ssh
|
|
echo "${RSYNC_SSH_KEY}" | install --mode 600 /dev/stdin ~/.ssh/id_ed25519
|
|
env:
|
|
RSYNC_SSH_KEY: ${{ secrets.RSYNC_SSH_KEY }}
|
|
|
|
- name: Test SSH connectivity
|
|
run: |
|
|
ssh -o StrictHostKeyChecking=accept-new "gitea_ci@${RPM_REPO_HOST}" exit
|
|
|
|
- name: Sync RPMs to repo
|
|
run: |
|
|
rsync \
|
|
--archive \
|
|
--verbose \
|
|
--chmod D755,F644 \
|
|
rpms/*.rpm \
|
|
"gitea_ci@${RPM_REPO_HOST}:/var/www/rpm/fedora/${{ matrix.fedora_version }}/x86_64/"
|
|
|
|
- name: Update repo metadata
|
|
run: |
|
|
# flock guards createrepo against concurrent publishes into the
|
|
# shared repo tree (other package repos publish here too).
|
|
ssh "gitea_ci@${RPM_REPO_HOST}" \
|
|
"flock /var/www/rpm/.publish.lock -c 'cd /var/www/rpm/fedora/${{ matrix.fedora_version }}/x86_64 && createrepo_c --update .'"
|
|
|
|
- name: Generate packages.json
|
|
run: |
|
|
scp script/generate-packages-json.py "gitea_ci@${RPM_REPO_HOST}:/tmp/"
|
|
ssh "gitea_ci@${RPM_REPO_HOST}" \
|
|
"flock /var/www/rpm/.publish.lock -c 'python3 /tmp/generate-packages-json.py \
|
|
--repodata-dir /var/www/rpm/fedora/${{ matrix.fedora_version }}/x86_64/repodata \
|
|
--output /var/www/rpm/fedora/${{ matrix.fedora_version }}/x86_64/packages.json \
|
|
--base-url https://rpm.lair.cafe/fedora/${{ matrix.fedora_version }}/x86_64'"
|