From ba5eec78f1a1cb4109a28c424d2452411a09a30b Mon Sep 17 00:00:00 2001 From: rob thijssen Date: Mon, 27 Apr 2026 09:07:54 +0300 Subject: [PATCH] refactor(ci): inline publish steps, delete publish-repo.sh Replace the monolithic publish-repo.sh with discrete workflow steps: Sign RPMs, Set up SSH, Sync RPMs to repo, Update repo metadata. Each step now has its own name in the CI UI, making failures immediately identifiable. Removed 2>/dev/null from ssh-keyscan which was silently hiding DNS resolution failures. Co-Authored-By: Claude Opus 4.6 (1M context) --- .gitea/workflows/build-release.yml | 30 +++++++++++++++++--- CLAUDE.md | 3 +- script/publish-repo.sh | 45 ------------------------------ 3 files changed, 27 insertions(+), 51 deletions(-) delete mode 100755 script/publish-repo.sh diff --git a/.gitea/workflows/build-release.yml b/.gitea/workflows/build-release.yml index d7f1aca..ebbf73e 100644 --- a/.gitea/workflows/build-release.yml +++ b/.gitea/workflows/build-release.yml @@ -148,9 +148,31 @@ jobs: echo "${fpr}:6:" | gpg --batch --import-ownertrust sed "s/@GPG_NAME@/${{ secrets.RPM_SIGNING_KEY_ID }}/" rpm/rpmmacros > ~/.rpmmacros - - name: Sign and publish - run: ./script/publish-repo.sh rpms/ + - name: Sign RPMs + run: | + for rpm in rpms/*.rpm; do + echo "signing ${rpm}..." + rpm --addsign "${rpm}" + done + + - name: Set up SSH + run: | + install --directory --mode 700 ~/.ssh + echo "${RSYNC_SSH_KEY}" | install --mode 600 /dev/stdin ~/.ssh/id_ed25519 + ssh-keyscan -H oolon.kosherinata.internal >> ~/.ssh/known_hosts env: - FEDORA_VERSION: ${{ matrix.fedora_version }} - RSYNC_TARGET: ${{ secrets.RSYNC_TARGET }} RSYNC_SSH_KEY: ${{ secrets.RSYNC_SSH_KEY }} + + - name: Sync RPMs to repo + run: | + rsync \ + --archive \ + --verbose \ + --chmod D755,F644 \ + rpms/*.rpm \ + "${{ secrets.RSYNC_TARGET }}:/var/www/rpm/fedora/${{ matrix.fedora_version }}/x86_64/" + + - name: Update repo metadata + run: | + ssh "${{ secrets.RSYNC_TARGET }}" \ + "cd /var/www/rpm/fedora/${{ matrix.fedora_version }}/x86_64 && createrepo_c --update ." diff --git a/CLAUDE.md b/CLAUDE.md index cffcf7b..60cf4f5 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -28,8 +28,7 @@ Defined in `flavours.yml`. Each flavour specifies a name, `cuda_home`, `cargo_fe - `rpm/systemd/mistralrs@.service` — templated systemd unit (`@BINARY@` and `@FLAVOUR@` are sed-replaced during rpmbuild) - `rpm/systemd/mistralrs@.conf.example` — example env file for instances - `script/build-binary.sh` — compiles mistralrs-server with cargo (requires `FLAVOUR_NAME`, `CUDA_HOME`, `CARGO_FEATURES`, `CUDA_COMPUTE_CAP`, `SRC_DIR` env vars) -- `script/publish-repo.sh` — signs RPMs and rsyncs to the repo server -- `script/setup/` — one-time infra setup scripts (DNS, TLS cert, nginx) for `rpm.lair.cafe` on host `oolon` +- `script/setup/` — one-time infra setup scripts (DNS, TLS cert, nginx, GPG) for `rpm.lair.cafe` on host `oolon` ## Commands diff --git a/script/publish-repo.sh b/script/publish-repo.sh deleted file mode 100755 index 2037496..0000000 --- a/script/publish-repo.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/env bash -set -euo pipefail - -RPM_DIR="${1%/}" -: "${RPM_DIR:?usage: $0 }" -: "${FEDORA_VERSION:?}" -REMOTE_DIR="/var/www/rpm/fedora/${FEDORA_VERSION}/x86_64" - -# sign each rpm with the imported gpg key -echo "--- rpmmacros ---" -cat ~/.rpmmacros -echo "--- macro check ---" -rpm -E '%{_openpgp_sign_id}' || true -rpm -E '%{_gpg_name}' || true -echo "--- signing ---" -for rpm in "${RPM_DIR}"/*.rpm; do - echo "signing ${rpm}..." - set +e - rpm --addsign "${rpm}" 2>&1 - rc=$? - set -e - echo "exit code: ${rc}" - if [ "${rc}" -ne 0 ]; then - echo "failed to sign ${rpm}" >&2 - exit 1 - fi -done - -echo "setting up ssh..." -install --directory --mode 700 ~/.ssh -echo "${RSYNC_SSH_KEY}" | install --mode 600 /dev/stdin ~/.ssh/id_ed25519 -ssh-keyscan -H oolon.kosherinata.internal > ~/.ssh/known_hosts 2>/dev/null - -echo "rsyncing to ${RSYNC_TARGET}:${REMOTE_DIR}/..." -rsync \ - --archive \ - --verbose \ - --chmod D755,F644 \ - "${RPM_DIR}/"*.rpm \ - "${RSYNC_TARGET}:${REMOTE_DIR}/" - -echo "updating repo metadata..." -ssh "${RSYNC_TARGET}" "cd ${REMOTE_DIR} && createrepo_c --update ." - -echo "Published $(ls ${RPM_DIR}/*.rpm | wc -l) RPMs"