Ensures package, publish, and poll-upstream jobs are picked up by
Fedora 43 runners specifically.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Import the GPG public key into rpm's keyring so rpm --checksig can
verify signatures. Also use --undefine dist before --define to ensure
the CLI value overrides the system macro on the build host.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The custom %__gpg_sign_cmd macro with %{__plaintext_filename} is not
supported on modern rpm. Instead, configure gpg-agent for loopback
pinentry and let rpm use its default sign command.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The heredoc with column-0 lines inside a YAML block scalar may
confuse Gitea's workflow parser. Move rpmmacros content to
rpm/rpmmacros as a template with sed substitution.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Gitea may not support matrix expressions in job-level concurrency
groups. The workflow-level concurrency group already prevents
parallel runs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Gitea 1.25 does not support array values in matrix includes for
runs-on, causing the dispatch API to return 500. Revert to a single
runner label.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add fedora_version to build, package, and publish matrices so the
pipeline can target multiple Fedora releases in parallel. Force the
dist tag via --define to ensure RPMs are stamped correctly regardless
of build host. Update poll-upstream to check all fedora/flavour
combinations before triggering a build.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The echo-based approach was mangling rpm macro tokens like
%{__plaintext_filename}. Switch to a heredoc so the content is
written verbatim.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
%{__gpg} already expands to /usr/bin/gpg, so the extra "gpg" was
passed as a positional argument causing all flags to be ignored.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add %__gpg_sign_cmd macro to ~/.rpmmacros with --batch, --no-tty, and
--pinentry-mode loopback so rpm --addsign works without a TTY in CI.
Also add signing progress output and post-sign verification to
publish-repo.sh for easier debugging.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Gitea's download-artifact does not support merge-multiple, so RPMs
end up in subdirectories. Add a step to move them into the expected
flat directory before publish-repo.sh runs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The shared runner retains ~/.rpmmacros from previous publish jobs,
causing a spurious "Macro %_gpg_name has empty body" error during
rpmbuild in the package job.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Poll was firing every minute, dispatching new builds that cancelled
the running one. Restore 15-minute cron interval and add shared
concurrency group across both workflows so new polls queue instead
of re-dispatching.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The gitea runner user on beast doesn't have Rust installed.
Reuses existing installation on subsequent runs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Gitea Actions doesn't support fromJSON in matrix strategies
(expressions are evaluated before dependent jobs run). Move
flavour definitions into the workflow as static matrix includes
and remove flavours.yml.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The runners have python yq (jq wrapper), not mikefarah/yq (Go).
Replace -o=json -I=0 with --compact-output which is the jq equivalent.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
