Build and upload gcc rpm packages #58
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and upload gcc rpm packages | |
| on: | |
| workflow_run: | |
| workflows: [ "spc-download" ] | |
| types: | |
| - completed | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.arch == 'x86_64' && 'ubuntu-24.04' || 'ubuntu-24.04-arm' }} | |
| container: | |
| image: almalinux:${{ matrix.alma }} | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| BASH_ENV: /tmp/gha-bashenv | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| php-version: [ 8.2, 8.3, 8.4 ] | |
| arch: [ x86_64, arm64 ] | |
| alma: [ 8, 9, 10 ] | |
| steps: | |
| - name: Set architecture variables | |
| run: | | |
| if [[ "${{ matrix.arch }}" == "arm64" ]]; then | |
| echo "RPM_ARCH=aarch64" >> $GITHUB_ENV | |
| else | |
| echo "RPM_ARCH=x86_64" >> $GITHUB_ENV | |
| fi | |
| - name: Bootstrap container | |
| run: | | |
| dnf -y install epel-release dnf-plugins-core | |
| dnf -y install \ | |
| wget perl \ | |
| ruby rubygems ruby-devel make rpm-build rpm-sign rpmdevtools \ | |
| openssh rsync createrepo_c gpg \ | |
| git jq tar gzip which sudo xz | |
| if [[ "${{ matrix.alma }}" -eq 8 || "${{ matrix.alma }}" -eq 9 ]]; then | |
| dnf -y install gcc-toolset-14 | |
| source /opt/rh/gcc-toolset-14/enable | |
| touch "$BASH_ENV" | |
| echo 'source /opt/rh/gcc-toolset-14/enable' >> "$BASH_ENV" | |
| else | |
| dnf -y install g++ | |
| fi | |
| gem install --no-document fpm | |
| curl -#fSL https://dl.static-php.dev/static-php-cli/common/php-8.4.12-cli-linux-${{ env.RPM_ARCH }}.tar.gz | tar -xz -C /usr/local/bin && \ | |
| chmod +x /usr/local/bin/php | |
| dnf -y install glibc-langpack-en glibc-locale-source | |
| localedef -i en_US -f UTF-8 en_US.UTF-8 | |
| - name: Install composer | |
| run: | | |
| wget https://raw.githubusercontent.com/composer/getcomposer.org/f3108f64b4e1c1ce6eb462b159956461592b3e3e/web/installer -O - -q | php -- --quiet | |
| mv composer.phar /usr/bin/composer | |
| - name: Install re2c | |
| run: | | |
| if [[ "${{ matrix.alma }}" -eq 9 || "${{ matrix.alma }}" -eq 10 ]]; then | |
| dnf -y install re2c | |
| else | |
| dnf -y install python39 | |
| curl -L https://github.com/skvadrik/re2c/releases/download/4.3/re2c-4.3.tar.xz | tar xJ | |
| cd re2c-4.3 | |
| ./configure | |
| make -j2 | |
| make install | |
| cd .. | |
| rm -rf re2c-4.3 | |
| fi | |
| - name: Set up SSH key | |
| uses: webfactory/ssh-agent@v0.8.0 | |
| with: | |
| ssh-private-key: ${{ secrets.GITHUBRPMHENDERKESPRIVATEKEY }} | |
| - name: Add remote host to known_hosts | |
| run: | | |
| mkdir -p ~/.ssh | |
| cat >> /root/.ssh/known_hosts <<'EOF' | |
| rpm.henderkes.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPQq0y77dDEtxECVMhCxjcqiV369goMcbInsY/d+F1yXGwqOXQ6RqIEzgaVhgq0joMJT5BiGXNXQ+OI10/KtzGI= | |
| rpm.henderkes.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2laCc5jifgjL/2zLzgP1E/X3kouXdaZv00KtAV1DOO5umThoWzb16cswnVtjtLUEMIuo9rPLB79xX2Asa+nN3uMgJDANnr/xnhRoI++yOGLga40/O69U88j5x+5FXODscH/k4n85mfcjzm/fZLXcHlb17ibCmU20I3v46sydn95Pp4/ShDvqsHVB4gWEKJ+jStkooUz2H1UZ8ZquNtaPTlmkOeClNj6gxag74P5b9VB6M5YNac2Emi3Nm0dYkc+BL0Qv+NEtFR1lR63DLa3O/NGTALGJYGmTUkjwiv8KygegaKhd2zxESmWhV7eYIPax8zL+GE9sX1Xwwh1huS0vsuwr2dXPP1/q5slz1AQV/lx85fGdiHc0F8RUXwqXbvGxZJheTuC/Mgu0cFzp5gqO4kTP28X+9fokzScBKBCIfObDXrl7rZgTXAA8IQ5gHk1tGchaEOIcDsjdISW5HVOiwocYSwUNMHzuZ08qAulatIywtOGcWVRdvOs7TcvSgfZ0= | |
| rpm.henderkes.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICaB5IjokRHAH0Y9pzVe/Jx3s6cn0OADJ9uTxQQubBMu | |
| EOF | |
| chmod 600 /root/.ssh/known_hosts | |
| - name: Set target folder | |
| run: echo "TARGET_DIR=el${{ matrix.alma }}" >> $GITHUB_ENV | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Composer install | |
| run: composer install | |
| - name: Download artifact from spc-download.yml | |
| uses: dawidd6/action-download-artifact@v11 | |
| with: | |
| workflow: spc-download.yml | |
| name: downloads-tarball | |
| - name: Extract with permissions | |
| run: | | |
| mkdir -p vendor/crazywhalecc/static-php-cli/downloads | |
| tar -xzf downloads.tar.gz -C vendor/crazywhalecc/static-php-cli/downloads | |
| rm downloads.tar.gz | |
| - name: Build PHP and packages | |
| run: | | |
| php bin/spp all --target=native-native-gnu --type=rpm --phpv=${{ matrix.php-version }} | |
| - name: Prepare rpm signing | |
| run: | | |
| # Setup GPG | |
| export GNUPGHOME="${HOME}/.gnupg" | |
| mkdir -p "${GNUPGHOME}" | |
| chmod 700 "${GNUPGHOME}" | |
| echo "allow-loopback-pinentry" > "${GNUPGHOME}/gpg-agent.conf" | |
| gpgconf --kill gpg-agent | |
| # Import private key and extract fingerprint | |
| FPR=$(printf '%s' "${{ secrets.DEB_GPG_PRIVATE_KEY }}" \ | |
| | gpg --batch --quiet --with-colons --import-options show-only --import 2>/dev/null \ | |
| | awk -F: '/^fpr:/ {print $10; exit}') | |
| printf '%s' "${{ secrets.DEB_GPG_PRIVATE_KEY }}" | gpg --batch --yes --import | |
| # Configure gpg.conf | |
| { | |
| echo "pinentry-mode loopback" | |
| echo "default-key ${FPR}" | |
| } > "${GNUPGHOME}/gpg.conf" | |
| # Unlock key with passphrase (warmup) | |
| t=$(mktemp); echo warmup > "$t" | |
| gpg --batch --yes --pinentry-mode loopback --passphrase-fd 0 \ | |
| --local-user "${FPR}" --sign --output /dev/null "$t" <<<"${{ secrets.DEB_GPG_PASSWORD }}" | |
| rm -f "$t" | |
| # Create ~/.rpmmacros (not /root/.rpmmacros!) | |
| cat > ~/.rpmmacros <<EOF | |
| %_signature gpg | |
| %_gpg_path ${GNUPGHOME} | |
| %_gpg_name ${FPR} | |
| %_gpgbin /usr/bin/gpg | |
| %__gpg /usr/bin/gpg | |
| %__gpg_check_password_cmd /bin/true | |
| EOF | |
| - name: Sign RPM packages | |
| run: | | |
| for rpm in dist/rpm/*.rpm; do | |
| rpmsign --addsign "$rpm" | |
| done | |
| - name: Upload packages | |
| run: | | |
| rsync -av --ignore-existing dist/rpm/*.rpm github@rpm.henderkes.com:/home/github/rpm/${{ env.RPM_ARCH }}/${{ env.TARGET_DIR }}/ | |
| - name: Update repository metadata | |
| run: | | |
| ssh github@rpm.henderkes.com "cd /home/github/rpm/${{ env.RPM_ARCH }}/${{ env.TARGET_DIR }}/ && rm -rf repodata && createrepo_static && createrepo_c ." | |
| - name: "Upload logs" | |
| if: ${{ failure() }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-logs-${{ matrix.arch }}-el${{ matrix.alma }}-php${{ matrix.php-version }} | |
| path: vendor/crazywhalecc/static-php-cli/log | |
| # - name: Install tmate | |
| # if: ${{ failure() }} | |
| # run: | | |
| # case "${{ matrix.arch }}" in | |
| # x86_64) | |
| # arch="amd64" | |
| # ;; | |
| # arm64) | |
| # arch="arm64v8" | |
| # ;; | |
| # esac | |
| # dir="tmate-2.4.0-static-linux-$arch" | |
| # curl -L "https://github.com/tmate-io/tmate/releases/download/2.4.0/$dir.tar.xz" | tar -xJ -O "$dir/tmate" > /usr/bin/tmate | |
| # chmod +x /usr/bin/tmate | |
| # | |
| # - name: Setup tmate session | |
| # if: ${{ failure() }} | |
| # uses: mxschmitt/action-tmate@v3 | |
| # with: | |
| # install-dependencies: false | |
| # sudo: false | |
| # timeout-minutes: 10 |