The fedora-43 base image now includes nodejs and npm, so the nvm runner
label and Node.js setup step are no longer needed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Poll upstream main branch HEAD alongside release tags. When a new commit
is detected, build and publish prerelease RPMs to a separate unstable
repo at rpm.lair.cafe/fedora/$releasever/$basearch/unstable/.
RPM versioning uses the Fedora snapshot convention (e.g.
0.8.1-0.1.20260511git1a2b3c4.fc43) so stable releases automatically
supersede any installed prerelease.
- RPM spec: conditional Release field via mistralrs_prerelease define
- poll-upstream.yml: new check-prerelease job fetches main HEAD + Cargo.toml version
- build-prerelease.yml: new workflow for commit-based builds without --locked
- UI: fetch both stable/unstable manifests, show channel badges, add
unstable repo setup instructions to home page
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The rpm-changelog action's repo-url input uses mktemp which fails on
runners with restricted /tmp permissions. Clone the upstream repo
directly in the workflow and use source-dir instead.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Rename the RPM package from mistralrs-server-<flavour> to
mistralrs-<flavour> and the installed binary from mistralrs-server
to mistralrs, matching the upstream CLI binary name.
Adds Obsoletes/Provides for the old package name so dnf will cleanly
replace it on upgrade.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Build the mistralrs binary (CLI) instead of the deprecated
mistralrs-server. The RPM still installs as /usr/bin/mistralrs-server
for backwards compatibility. The systemd unit now invokes
`mistralrs-server serve` to use the CLI's serve subcommand.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Let the action use its default author rather than misattributing
upstream commits to the package maintainer.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Set the rpm-changelog action author to the actual maintainer instead
of the default "Gitea Actions". Remove the static changelog entry
from the spec since the action generates entries automatically.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Nginx config is managed by script/setup/nginx.sh, not CI. The
gitea_ci user doesn't have permissions to write to /etc/nginx.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
--archive includes -pogDt which tries to set permissions, ownership,
and timestamps on the root-owned web root directory. Only --recursive
and --links are needed for deploying static files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The gitea_ci user cannot set timestamps on /var/www/rpm/ which is
owned by root. Directory timestamps are irrelevant for static files.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Gitea Actions runs steps in a non-interactive shell that does not
source .bashrc. Use the explicit NVM_DIR path to load nvm.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Vite + React + SWC + TypeScript SPA with react-router and
react-bootstrap
- Dark/light/system theme with Bootstrap 5.3 data-bs-theme
- Home page with repo setup instructions and copyable code blocks
- Package list and detail pages driven by packages.json
- Python script to generate packages.json from repodata XML
- Nginx config updated for SPA fallback, asset caching, removed
autoindex
- New deploy-ui workflow triggered on ui/ or nginx config changes,
requires runners with nvm label
- packages.json generation added to publish job after createrepo_c
- Runner setup docs for nvm and sequoia-sq added to readme
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use actions/rpm-changelog@v1 with repo-url to collect commits from
the upstream mistral.rs repo between release tags and prepend a
changelog entry to the spec file before building the RPM.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The linker needs LIBRARY_PATH to find -lcudnn at link time.
LD_LIBRARY_PATH only affects runtime library loading.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The RPM file existing on the server is not sufficient — the repo
metadata must also reference it. After checking the file exists,
verify repomd.xml is present and dnf repoquery can find the package
in the index. This catches the case where sync succeeded but
createrepo_c failed.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Set RPM_REPO_HOST=oolon.kosherinata.internal as a plain env var
instead of treating the hostname as a secret via RSYNC_TARGET
- Add explicit SSH connectivity test step using StrictHostKeyChecking=accept-new
- Remove ssh-keyscan in favour of accept-new which provides meaningful errors
- Remove RSYNC_TARGET secret dependency
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace the monolithic publish-repo.sh with discrete workflow steps:
Sign RPMs, Set up SSH, Sync RPMs to repo, Update repo metadata.
Each step now has its own name in the CI UI, making failures
immediately identifiable. Removed 2>/dev/null from ssh-keyscan
which was silently hiding DNS resolution failures.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
RPM 6 on Fedora 43 uses sequoia (sq) for signing instead of gpg.
Replace %_gpg_name with %_openpgp_sign_id and drop the gpg-agent
loopback config. Add a pre-flight check for sequoia-sq.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
GPG refuses to sign with a key that has unknown trust. Set the
imported key to ultimate trust after import.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Ensures package, publish, and poll-upstream jobs are picked up by
Fedora 43 runners specifically.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Import the GPG public key into rpm's keyring so rpm --checksig can
verify signatures. Also use --undefine dist before --define to ensure
the CLI value overrides the system macro on the build host.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The custom %__gpg_sign_cmd macro with %{__plaintext_filename} is not
supported on modern rpm. Instead, configure gpg-agent for loopback
pinentry and let rpm use its default sign command.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The heredoc with column-0 lines inside a YAML block scalar may
confuse Gitea's workflow parser. Move rpmmacros content to
rpm/rpmmacros as a template with sed substitution.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Gitea may not support matrix expressions in job-level concurrency
groups. The workflow-level concurrency group already prevents
parallel runs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Gitea 1.25 does not support array values in matrix includes for
runs-on, causing the dispatch API to return 500. Revert to a single
runner label.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add fedora_version to build, package, and publish matrices so the
pipeline can target multiple Fedora releases in parallel. Force the
dist tag via --define to ensure RPMs are stamped correctly regardless
of build host. Update poll-upstream to check all fedora/flavour
combinations before triggering a build.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The echo-based approach was mangling rpm macro tokens like
%{__plaintext_filename}. Switch to a heredoc so the content is
written verbatim.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
%{__gpg} already expands to /usr/bin/gpg, so the extra "gpg" was
passed as a positional argument causing all flags to be ignored.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add %__gpg_sign_cmd macro to ~/.rpmmacros with --batch, --no-tty, and
--pinentry-mode loopback so rpm --addsign works without a TTY in CI.
Also add signing progress output and post-sign verification to
publish-repo.sh for easier debugging.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Gitea's download-artifact does not support merge-multiple, so RPMs
end up in subdirectories. Add a step to move them into the expected
flat directory before publish-repo.sh runs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The shared runner retains ~/.rpmmacros from previous publish jobs,
causing a spurious "Macro %_gpg_name has empty body" error during
rpmbuild in the package job.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Poll was firing every minute, dispatching new builds that cancelled
the running one. Restore 15-minute cron interval and add shared
concurrency group across both workflows so new polls queue instead
of re-dispatching.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The gitea runner user on beast doesn't have Rust installed.
Reuses existing installation on subsequent runs.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Gitea Actions doesn't support fromJSON in matrix strategies
(expressions are evaluated before dependent jobs run). Move
flavour definitions into the workflow as static matrix includes
and remove flavours.yml.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The runners have python yq (jq wrapper), not mikefarah/yq (Go).
Replace -o=json -I=0 with --compact-output which is the jq equivalent.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Gitea API requires refs/heads/main (not just main) and
Content-Type: application/json for the dispatch endpoint.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The automatic GITEA_TOKEN cannot trigger other workflows. Use a
dedicated DISPATCH_TOKEN secret (personal access token with
repository read/write scope) instead.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The automatic GITEA_TOKEN lacks actions:write by default, causing
a 422 when dispatching the build-release workflow.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
--fail causes curl to exit 22 on HTTP errors before --write-out can
capture the response code, breaking the 200/404 branching logic.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
