continuwuation/continuwuity
10
27
Fork 24
Code Issues 89 Pull requests 28 Projects Releases 18 Packages 3 Activity Actions

feat(ci): Add Fedora RPM package build workflow #961

Open
tcpipuk wants to merge 2 commits from tom/ci-fedora-rpm into main
pull from: tom/ci-fedora-rpm
merge into: continuwuation:main
Conversation 2 Commits 2 Files changed 5 +688 -2
tcpipuk commented 2025-08-30 19:32:30 +00:00
Owner
Copy link

Following PR #950 which introduced the RPM spec and systemd unit files, this adds a comprehensive CI workflow for building, signing, testing, and publishing RPM packages. Includes GPG signing infrastructure with Ed25519 keys and automatic package registry deployment for stable, development, and feature branch builds.

Add documentation for RPM installation methods, repository configuration, and package management. Fix linting issues in spec file for pre-commit compliance.

Following PR #950 which introduced the RPM spec and systemd unit files, this adds a comprehensive CI workflow for building, signing, testing, and publishing RPM packages. Includes GPG signing infrastructure with Ed25519 keys and automatic package registry deployment for stable, development, and feature branch builds. Add documentation for RPM installation methods, repository configuration, and package management. Fix linting issues in spec file for pre-commit compliance.
tcpipuk self-assigned this 2025-08-30 19:32:30 +00:00
feat(ci): Add Fedora RPM package build workflow
Some checks failed
Checks / Prek / Pre-commit & Formatting (push) Successful in 1m32s
Details
Checks / Prek / Clippy and Cargo Tests (push) Successful in 5m49s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 33s
Details
Build Fedora RPM / build (pull_request) Has been cancelled
Details
7406556550 
Following PR #950 which introduced the RPM spec and systemd unit files,
this adds a comprehensive CI workflow for building, signing, testing, and
publishing RPM packages. Includes GPG signing infrastructure with Ed25519
keys and automatic package registry deployment for stable, development,
and feature branch builds.

Add documentation for RPM installation methods, repository configuration,
and package management. Fix linting issues in spec file for pre-commit
compliance.
tcpipuk force-pushed tom/ci-fedora-rpm from 7406556550 to d38c89f73a 2025-08-30 19:43:12 +00:00 Compare
tcpipuk force-pushed tom/ci-fedora-rpm from d38c89f73a to 809b6e4f3a 2025-08-30 19:46:22 +00:00 Compare
tcpipuk force-pushed tom/ci-fedora-rpm from 809b6e4f3a to 98775d915c 2025-08-30 20:50:28 +00:00 Compare
fix(ci): Correct GPG key extraction and RPM selection in Fedora workflow
Some checks failed
Release Docker Image / define-variables (push) Successful in 9s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Has been cancelled
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Has been cancelled
Details
Release Docker Image / merge (push) Has been cancelled
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 39s
Details
Checks / Prek / Pre-commit & Formatting (push) Successful in 1m3s
Details
Checks / Prek / Clippy and Cargo Tests (push) Successful in 5m37s
Details
Build Fedora RPM / build (push) Successful in 22m49s
Details
b86d9c15a7 
Fix GPG signing failures caused by incorrect key ID extraction that was
parsing the uid line instead of the secret key line. Also exclude debug
packages from RPM selection to ensure the main binary package is tested
and published.

Increase sccache cache size to 10GB to accommodate the project's extensive
dependency tree and improve build performance.
fix(ci): Fix RPM signing loops and ensure failures are caught
Some checks failed
Release Docker Image / define-variables (push) Successful in 8s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 38s
Details
Checks / Prek / Pre-commit & Formatting (push) Successful in 1m2s
Details
Release Docker Image / merge (push) Has been cancelled
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Has been cancelled
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Has been cancelled
Details
Checks / Prek / Clippy and Cargo Tests (push) Successful in 8m44s
Details
Build Fedora RPM / build (push) Failing after 26m55s
Details
4ffabfb7e1 
Replace while-read loops with for loops to avoid subshell variable scoping
issues. Export GPG_TTY=/dev/null to suppress terminal warnings. Provide
empty passphrase via stdin for batch signing without interaction.

Both signing and verification now properly track failures and exit with
non-zero status if any RPMs fail to sign or verify, preventing misleading
successful pipeline runs.
fix(ci): Fix RPM key import using local file instead of curl
Some checks failed
Release Docker Image / define-variables (push) Has been cancelled
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Has been cancelled
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Has been cancelled
Details
Release Docker Image / merge (push) Has been cancelled
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 41s
Details
Checks / Prek / Pre-commit & Formatting (push) Successful in 1m1s
Details
Checks / Prek / Clippy and Cargo Tests (push) Successful in 5m58s
Details
Build Fedora RPM / build (push) Successful in 20m33s
Details
20ec1e0290 
The curl pipe to rpm --import was failing with 'rpmkeys: no arguments given'
error. Use direct import from the local repository file at
fedora/RPM-GPG-KEY-continuwuity.asc which is simpler, more reliable, and
removes an unnecessary network dependency.
fix(ci): Correct SRPM architecture to prevent binary RPM overwrite
Some checks failed
Release Docker Image / define-variables (push) Successful in 8s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 43s
Details
Checks / Prek / Pre-commit & Formatting (push) Successful in 1m10s
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Has been cancelled
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Has been cancelled
Details
Release Docker Image / merge (push) Has been cancelled
Details
Checks / Prek / Clippy and Cargo Tests (push) Successful in 5m13s
Details
Build Fedora RPM / build (push) Failing after 26m16s
Details
1498ff17e8 
Source RPMs were incorrectly being registered with x86_64 architecture
instead of 'src', causing them to overwrite the binary RPM in the package
registry. This resulted in the 16MB binary being replaced by the 847KB
source package. SRPMs now correctly use 'src' architecture.
feat(ci): Split RPM uploads by type and add tag-based versioning
Some checks failed
Release Docker Image / define-variables (push) Successful in 16s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Has been cancelled
Details
Release Docker Image / merge (push) Has been cancelled
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Has been cancelled
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 45s
Details
Checks / Prek / Pre-commit & Formatting (push) Successful in 1m2s
Details
Checks / Prek / Clippy and Cargo Tests (push) Successful in 3m7s
Details
15662898a0 
Work around Forgejo's RPM registry limitation that only allows one file
per package version by separating packages into distinct groups. Binary
packages use base group (stable/dev/branch-name), debug packages use
GROUP-debug, and source packages use GROUP-src.

Add workflow trigger for tags (v*) and use actual tag versions for stable
releases. Tags like v1.2.3 produce RPMs versioned 1.2.3-1 instead of
git SHA-based versions, providing cleaner release numbering.
tcpipuk force-pushed tom/ci-fedora-rpm from 15662898a0 to 5a4627b879 2025-08-31 17:26:06 +00:00 Compare
tcpipuk force-pushed tom/ci-fedora-rpm from 5a4627b879 to 4b78ab39e0 2025-08-31 17:30:54 +00:00 Compare
tcpipuk force-pushed tom/ci-fedora-rpm from 4b78ab39e0 to ee2557f722 2025-08-31 18:51:06 +00:00 Compare
ginger requested changes 2025-09-02 13:57:17 +00:00
.forgejo/workflows/build-fedora.yml Outdated
@ -0,0 +81,4 @@
# Aggressive GC since cache restores don't increment counter
echo "CARGO_INCREMENTAL_GC_TRIGGER=5" >> $GITHUB_ENV
- name: Install build dependencies
ginger commented 2025-09-02 13:56:55 +00:00
Contributor
Copy link

This step of the workflow should happen after the srpm is generated, and use dnf builddep <srpm path> to install the build dependencies listed in the specfile instead of duplicating them here.

This step of the workflow should happen after the srpm is generated, and use `dnf builddep <srpm path>` to install the build dependencies listed in the specfile instead of duplicating them here.
👍 1
ginger requested changes 2025-09-02 14:57:25 +00:00
.forgejo/workflows/build-fedora.yml Outdated
@ -0,0 +282,4 @@
rpm -qpl "$RPM"
# Actually install it (would need --nodeps if dependencies aren't met)
dnf install -y "$RPM" || rpm -ivh --nodeps "$RPM"
ginger commented 2025-09-02 14:56:52 +00:00
Contributor
Copy link

Why does this silently try again with --nodeps if dnf install fails? The workflow should fail if the dependencies fail to install.

Why does this silently try again with `--nodeps` if `dnf install` fails? The workflow should fail if the dependencies fail to install.
👍 1
tcpipuk force-pushed tom/ci-fedora-rpm from ee2557f722 to 7be651a307 2025-09-04 09:30:10 +00:00 Compare
Some checks failed
Release Docker Image / define-variables (push) Successful in 8s
Details
Documentation / Build and Deploy Documentation (pull_request) Successful in 37s
Details
Checks / Prek / Pre-commit & Formatting (push) Failing after 1m9s
Required
Details
Checks / Prek / Clippy and Cargo Tests (push) Successful in 6m40s
Required
Details
Release Docker Image / build-image (linux/amd64, release, linux-amd64, base) (push) Successful in 13m38s
Details
Release Docker Image / build-image (linux/arm64, release, linux-arm64, base) (push) Successful in 13m48s
Details
Release Docker Image / merge (push) Successful in 11s
Details
Build / Fedora RPM / build (push) Successful in 25m16s
Details
Some required checks were not successful.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin tom/ci-fedora-rpm:tom/ci-fedora-rpm
git switch tom/ci-fedora-rpm
Sign in to join this conversation.
Reviewers
No reviewers
ginger
Labels
Clear labels   
Bug

Something isn't working as intended

  
Cherry-picking

Commits picked from other conduit projects

  
Database

This requires or includes changes to the database

  
Dependencies

Something dependency related

  
Dependencies/Renovate

Automatic dependency upgrades by Renovate

  
Difficulty
Easy
Low difficulty to implement - touches few parts of the codebase, low complexity

  
Difficulty
Hard
High difficulty to implement - touches many parts of the codebase, high complexity

  
Difficulty
Medium
Medium difficulty to implement - touches more parts of the codebase, higher complexity

  
Documentation

Improvements or additions to documentation

  
Enhancement

New feature or request

  
Good first issue

Good for newcomers

  
Help wanted

Additional eyes and keyboards are required for this one

  
Inherited

Issues that have been inhereted from the project pre-fork

  
Matrix/Administration

Features pertaining to homeserver administration

  
Matrix/Appservices

Features pertaining to the appservice API

  
Matrix/Auth

Features pertaining to authentication

  
Matrix/Client

Features pertaining to client-to-server interactions

  
Matrix/Core

   
Matrix/Federation

Features pertaining to server-to-server interactions

  
Matrix/MSC

Features pertaining to unstable matrix features

  
Matrix/Media

Features pertaining to media interactions

  
Meta

Related to housekeeping, maintenance, or other repo-meta.

  
Meta/Packaging

Packaging

  
Priority
Blocking
This issue is blocking the next release

  
Priority
High
This issue is very important

  
Priority
Low
This issue is of a rather low priority

  
Security

This item is related to general security

  
Status
Confirmed

  
Status
Duplicate
This issue or pull request already exists

  
Status
Invalid
This issue doesn't seem right

  
Status
Needs Investigation
This issue needs further investigation

  
To-Merge

   
Wont fix

This will not be worked on

  
old/ci/cd

Ci/CD

Archived

  
old/rust

Pull requests that update Rust code

Archived

No labels
Bug
Cherry-picking
Database
Dependencies
Dependencies/Renovate
Difficulty
Easy
Difficulty
Hard
Difficulty
Medium
Documentation
Enhancement
Good first issue
Help wanted
Inherited
Matrix/Administration
Matrix/Appservices
Matrix/Auth
Matrix/Client
Matrix/Core
Matrix/Federation
Matrix/MSC
Matrix/Media
Meta
Meta/Packaging
Priority
Blocking
Priority
High
Priority
Low
Security
Status
Confirmed
Status
Duplicate
Status
Invalid
Status
Needs Investigation
To-Merge
Wont fix
old/ci/cd
old/rust
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
tcpipuk
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: continuwuation/continuwuity#961
No description provided.
Delete branch "tom/ci-fedora-rpm"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?