refactor(ci): inline publish steps, delete publish-repo.sh

Replace the monolithic publish-repo.sh with discrete workflow steps: Sign RPMs, Set up SSH, Sync RPMs to repo, Update repo metadata. Each step now has its own name in the CI UI, making failures immediately identifiable. Removed 2>/dev/null from ssh-keyscan which was silently hiding DNS resolution failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-27 09:07:54 +03:00
parent e3c403e98b
commit ba5eec78f1
3 changed files with 27 additions and 51 deletions
--- a/.gitea/workflows/build-release.yml
+++ b/.gitea/workflows/build-release.yml
@@ -148,9 +148,31 @@ jobs:
          echo "${fpr}:6:" | gpg --batch --import-ownertrust
          sed "s/@GPG_NAME@/${{ secrets.RPM_SIGNING_KEY_ID }}/" rpm/rpmmacros > ~/.rpmmacros

-      - name: Sign and publish
-        run: ./script/publish-repo.sh rpms/
+      - name: Sign RPMs
+        run: |
+          for rpm in rpms/*.rpm; do
+            echo "signing ${rpm}..."
+            rpm --addsign "${rpm}"
+          done
+
+      - name: Set up SSH
+        run: |
+          install --directory --mode 700 ~/.ssh
+          echo "${RSYNC_SSH_KEY}" | install --mode 600 /dev/stdin ~/.ssh/id_ed25519
+          ssh-keyscan -H oolon.kosherinata.internal >> ~/.ssh/known_hosts
        env:
-          FEDORA_VERSION: ${{ matrix.fedora_version }}
-          RSYNC_TARGET: ${{ secrets.RSYNC_TARGET }}
          RSYNC_SSH_KEY: ${{ secrets.RSYNC_SSH_KEY }}
+
+      - name: Sync RPMs to repo
+        run: |
+          rsync \
+            --archive \
+            --verbose \
+            --chmod D755,F644 \
+            rpms/*.rpm \
+            "${{ secrets.RSYNC_TARGET }}:/var/www/rpm/fedora/${{ matrix.fedora_version }}/x86_64/"
+
+      - name: Update repo metadata
+        run: |
+          ssh "${{ secrets.RSYNC_TARGET }}" \
+            "cd /var/www/rpm/fedora/${{ matrix.fedora_version }}/x86_64 && createrepo_c --update ."