@@ -143,9 +143,87 @@ jobs:
143143 name : fedora-39-latest
144144 path : fedora/out/noarch
145145
146+ build-f40 :
147+ name : Build Fedora 40 package
148+ runs-on : ubuntu-latest
149+ container : registry.fedoraproject.org/fedora:40
150+ steps :
151+ - name : Checkout code
152+ uses : actions/checkout@v3
153+
154+ - name : Install build dependencies
155+ run : |
156+ dnf distro-sync -y
157+ dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)'
158+ dnf builddep -y fedora/surface-secureboot.spec
159+
160+ name : Build package
161+ run : |
162+ cd fedora
163+
164+ # Build the .rpm packages
165+ ./makerpm
166+
167+ name : Sign packages
168+ env :
169+ GPG_KEY : ${{ secrets.LINUX_SURFACE_GPG_KEY }}
170+ run : |
171+ cd fedora/out/noarch
172+
173+ # import GPG key
174+ echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
175+
176+ # sign packages
177+ rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID"
178+
179+ name : Upload artifacts
180+ uses : actions/upload-artifact@v3
181+ with :
182+ name : fedora-40-latest
183+ path : fedora/out/noarch
184+
185+ build-f41 :
186+ name : Build Fedora 41 package
187+ runs-on : ubuntu-latest
188+ container : registry.fedoraproject.org/fedora:41
189+ steps :
190+ - name : Checkout code
191+ uses : actions/checkout@v3
192+
193+ - name : Install build dependencies
194+ run : |
195+ dnf distro-sync -y
196+ dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)'
197+ dnf builddep -y fedora/surface-secureboot.spec
198+
199+ name : Build package
200+ run : |
201+ cd fedora
202+
203+ # Build the .rpm packages
204+ ./makerpm
205+
206+ name : Sign packages
207+ env :
208+ GPG_KEY : ${{ secrets.LINUX_SURFACE_GPG_KEY }}
209+ run : |
210+ cd fedora/out/noarch
211+
212+ # import GPG key
213+ echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
214+
215+ # sign packages
216+ rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID"
217+
218+ name : Upload artifacts
219+ uses : actions/upload-artifact@v3
220+ with :
221+ name : fedora-41-latest
222+ path : fedora/out/noarch
223+
146224 release :
147225 name : Publish release
148- needs : [build-deb, build-arch, build-f39]
226+ needs : [build-deb, build-arch, build-f39, build-f40, build-f41 ]
149227 runs-on : ubuntu-latest
150228 steps :
151229 - name : Download Debian artifacts
@@ -166,6 +244,18 @@ jobs:
166244 name : fedora-39-latest
167245 path : fedora-39-latest
168246
247+ - name : Download Fedora 40 artifacts
248+ uses : actions/download-artifact@v3
249+ with :
250+ name : fedora-40-latest
251+ path : fedora-40-latest
252+
253+ - name : Download Fedora 41 artifacts
254+ uses : actions/download-artifact@v3
255+ with :
256+ name : fedora-41-latest
257+ path : fedora-41-latest
258+
169259 - name : Upload assets
170260 uses : svenstaro/upload-release-action@v2
171261 with :
@@ -327,3 +417,106 @@ jobs:
327417 git add .
328418 git commit -m "Update Fedora 39 secure-boot MOK"
329419 git push --set-upstream origin "${update_branch}"
420+
421+ repo-f40 :
422+ name : Update Fedora 40 package repository
423+ needs : [release]
424+ runs-on : ubuntu-latest
425+ container : registry.fedoraproject.org/fedora:40
426+ steps :
427+ - name : Install dependencies
428+ run : |
429+ dnf install -y git findutils
430+
431+ name : Download artifacts
432+ uses : actions/download-artifact@v3
433+ with :
434+ name : fedora-40-latest
435+ path : fedora-40-latest
436+
437+ - name : Update repository
438+ env :
439+ SURFACEBOT_TOKEN : ${{ secrets.LINUX_SURFACE_BOT_TOKEN }}
440+ BRANCH_STAGING : u/staging
441+ GIT_REF : ${{ github.ref }}
442+ run : |
443+ repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git"
444+
445+ # clone package repository
446+ git clone -b "${BRANCH_STAGING}" "${repo}" repo
447+
448+ # copy packages
449+ cp fedora-40-latest/* repo/fedora/f40
450+ cd repo/fedora/f40
451+
452+ # parse git tag from ref
453+ GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
454+
455+ # convert packages into references
456+ for pkg in $(find . -name '*.rpm'); do
457+ echo "secureboot-mok:$GIT_TAG/$(basename $pkg)" > $pkg.blob
458+ rm $pkg
459+ done
460+
461+ # set git identity
462+ git config --global user.email "[email protected] " 463+ git config --global user.name "surfacebot"
464+
465+ # commit and push
466+ update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
467+ git checkout -b "${update_branch}"
468+ git add .
469+ git commit -m "Update Fedora 40 secure-boot MOK"
470+ git push --set-upstream origin "${update_branch}"
471+
472+
473+ repo-f41 :
474+ name : Update Fedora 41 package repository
475+ needs : [release]
476+ runs-on : ubuntu-latest
477+ container : registry.fedoraproject.org/fedora:41
478+ steps :
479+ - name : Install dependencies
480+ run : |
481+ dnf install -y git findutils
482+
483+ name : Download artifacts
484+ uses : actions/download-artifact@v3
485+ with :
486+ name : fedora-41-latest
487+ path : fedora-41-latest
488+
489+ - name : Update repository
490+ env :
491+ SURFACEBOT_TOKEN : ${{ secrets.LINUX_SURFACE_BOT_TOKEN }}
492+ BRANCH_STAGING : u/staging
493+ GIT_REF : ${{ github.ref }}
494+ run : |
495+ repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git"
496+
497+ # clone package repository
498+ git clone -b "${BRANCH_STAGING}" "${repo}" repo
499+
500+ # copy packages
501+ cp fedora-41-latest/* repo/fedora/f41
502+ cd repo/fedora/f41
503+
504+ # parse git tag from ref
505+ GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
506+
507+ # convert packages into references
508+ for pkg in $(find . -name '*.rpm'); do
509+ echo "secureboot-mok:$GIT_TAG/$(basename $pkg)" > $pkg.blob
510+ rm $pkg
511+ done
512+
513+ # set git identity
514+ git config --global user.email "[email protected] " 515+ git config --global user.name "surfacebot"
516+
517+ # commit and push
518+ update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
519+ git checkout -b "${update_branch}"
520+ git add .
521+ git commit -m "Update Fedora 41 secure-boot MOK"
522+ git push --set-upstream origin "${update_branch}"
0 commit comments