Installs nvm, Node.js LTS, and creates a stable symlink at
~/.nvm/default_bin for the systemd PATH so actions/checkout@v4
can find node without sourcing .bashrc.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Vite + React + SWC + TypeScript SPA with react-router and
react-bootstrap
- Dark/light/system theme with Bootstrap 5.3 data-bs-theme
- Home page with repo setup instructions and copyable code blocks
- Package list and detail pages driven by packages.json
- Python script to generate packages.json from repodata XML
- Nginx config updated for SPA fallback, asset caching, removed
autoindex
- New deploy-ui workflow triggered on ui/ or nginx config changes,
requires runners with nvm label
- packages.json generation added to publish job after createrepo_c
- Runner setup docs for nvm and sequoia-sq added to readme
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace the monolithic publish-repo.sh with discrete workflow steps:
Sign RPMs, Set up SSH, Sync RPMs to repo, Update repo metadata.
Each step now has its own name in the CI UI, making failures
immediately identifiable. Removed 2>/dev/null from ssh-keyscan
which was silently hiding DNS resolution failures.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Disable set -e around rpm --addsign to prevent silent exits and
capture the actual exit code and error output.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Fedora 43 defaults to rpm-sequoia for signing which ignores the
imported gpg key. Set %__gpg_sign_cmd explicitly to force gpg-based
signing with loopback pinentry. Remove diagnostics.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Test gpg signing directly, dump macro expansion, and use rpmsign
with --verbose to get more detail.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Dump rpmmacros, gpg keys, and file permissions before signing to
debug the silent failure.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Direct stdout/stderr capture may miss gpg subprocess output. Write
to a temp file and cat it on failure.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Capture stderr from rpm --addsign so the actual gpg error is visible
when signing fails.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The rpm keyring import needs root access which CI doesn't have.
Client-side verification on install is sufficient.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Import the GPG public key into rpm's keyring so rpm --checksig can
verify signatures. Also use --undefine dist before --define to ensure
the CLI value overrides the system macro on the build host.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add fedora_version to build, package, and publish matrices so the
pipeline can target multiple Fedora releases in parallel. Force the
dist tag via --define to ensure RPMs are stamped correctly regardless
of build host. Update poll-upstream to check all fedora/flavour
combinations before triggering a build.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add %__gpg_sign_cmd macro to ~/.rpmmacros with --batch, --no-tty, and
--pinentry-mode loopback so rpm --addsign works without a TTY in CI.
Also add signing progress output and post-sign verification to
publish-repo.sh for easier debugging.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add script/setup/gpg.sh to generate a dedicated lair keyring with a
certify-only master key and a 1-year signing subkey, cross-signed by
both personal keys. The public key is synced to oolon as <short-id>.gpg.
Update nginx config to serve any .gpg file instead of a hardcoded
RPM-GPG-KEY-mistralrs path, supporting multiple keys as the repo grows.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Move from /var/www/rpm/mistralrs/fedora-43/x86_64/ to
/var/www/rpm/fedora/43/x86_64/ so the repo can host packages
from multiple projects under a conventional hierarchy.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
