linux repo creation

vilmibm · vilmibm · commit 894be0392359 · 2020-09-03T13:47:48.000-05:00
diff --git a/.github/workflows/releases.yml b/.github/workflows/releases.yml
@@ -62,6 +62,118 @@ jobs:
           api() { bin/hub api -H 'accept: application/vnd.github.inertia-preview+json' "$@"; }
           cards=$(api projects/columns/$PENDING_COLUMN/cards | jq ".[].id")
           for card in $cards; do api projects/columns/cards/$card/moves --field position=top --field column_id=$DONE_COLUMN; done
+  rpm-repos:
+    if: "!contains(github.ref, '-')" # skip prereleases
+    needs: goreleaser
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Get package artifacts
+        uses: i3h/download-release-asset@v1
+        with:
+          owner: cli
+          repo: cli
+          tag: latest
+          file: .*.rpm
+      - name: install createrepo, rpm
+        run: sudo apt-get install -y createrepo rpm
+      - name: set up gpg
+        run: |
+          echo "Importing pubkey..."
+          cat script/pubkey.asc | gpg --import --no-tty --batch --yes
+          echo "Importing seckey..."
+          echo ${{secrets.GPG_KEY}} | base64 -d | gpg --import --no-tty --batch --yes
+          echo "Resetting gpg-agent and ingesting passphrase"
+          echo "allow-preset-passphrase" > ~/.gnupg/gpg-agent.conf
+          gpg-connect-agent RELOADAGENT /bye
+          echo ${{secrets.GPG_PASSPHRASE}} | /usr/lib/gnupg2/gpg-preset-passphrase --preset 867DAD5051270B843EF54F6186FA10E3A1D22DC5
+      - name: Sign RPMs
+        run: |
+          cp script/rpmmacros ~/.rpmmacros
+          rpmsign --addsign *.rpm
+      - name: Checkout pages site
+        uses: actions/checkout@v2
+        with:
+          repository: github/cli.github.com
+          path: site
+          fetch-depth: 0
+          token: ${{secrets.SITE_GITHUB_TOKEN}}
+      - name: run createrepo
+        run: |
+          cp *.rpm site/packages/rpm/
+          createrepo site/packages/rpm
+          cd site/packages/rpm && gpg --yes --detach-sign --armor repodata/repomd.xml
+          cd ../../../
+      - name: publish site
+        env:
+          GIT_COMMITTER_NAME: cli automation
+          GIT_AUTHOR_NAME: cli automation
+          GIT_COMMITTER_EMAIL: noreply@github.com
+          GIT_AUTHOR_EMAIL: noreply@github.com
+        run: |
+          git -C site add packages
+          git -C site commit -m"${GITHUB_REF} rpm packages"
+          git -C site push
+
+  deb-repos:
+    if: "!contains(github.ref, '-')" # skip prereleases
+    needs: goreleaser
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Get package artifacts
+        uses: i3h/download-release-asset@v1
+        with:
+          owner: cli
+          repo: cli
+          tag: latest
+          file: .*.deb
+      - name: install reprepro
+        run: sudo apt-get install -y reprepro
+      - name: set up gpg
+        run: |
+          echo "Importing pubkey..."
+          cat script/pubkey.asc | gpg --import --no-tty --batch --yes
+          echo "Importing seckey..."
+          echo ${{secrets.GPG_KEY}} | base64 -d | gpg --import --no-tty --batch --yes
+          echo "Resetting gpg-agent and ingesting passphrase"
+          echo "allow-preset-passphrase" > ~/.gnupg/gpg-agent.conf
+          gpg-connect-agent RELOADAGENT /bye
+          echo ${{secrets.GPG_PASSPHRASE}} | /usr/lib/gnupg2/gpg-preset-passphrase --preset 867DAD5051270B843EF54F6186FA10E3A1D22DC5
+      - name: run reprepro
+        env:
+          RELEASES: "focal stable"
+        run: |
+          mkdir upload
+          for release in $RELEASES; do
+            for file in *.deb ; do
+              /usr/bin/reprepro --confdir="+b/script" includedeb $release $file;
+            done
+          done
+      - name: "Select repo artifacts"
+        # Select only final repo artifacts (this makes reprepro runs stateless)
+        run: cp -a dists/ pool/ upload/
+      - name: Checkout pages site
+        uses: actions/checkout@v2
+        with:
+          repository: github/cli.github.com
+          path: site
+          fetch-depth: 0
+          token: ${{secrets.SITE_GITHUB_TOKEN}}
+      - name: add files to site
+        run: cp -a upload/* site/packages/
+      - name: publish site
+        env:
+          GIT_COMMITTER_NAME: cli automation
+          GIT_AUTHOR_NAME: cli automation
+          GIT_COMMITTER_EMAIL: noreply@github.com
+          GIT_AUTHOR_EMAIL: noreply@github.com
+        run: |
+          git -C site add packages
+          git -C site commit -m"${GITHUB_REF} deb packages"
+          git -C site push
   msi:
     needs: goreleaser
     runs-on: windows-latest
diff --git a/script/distributions b/script/distributions
@@ -0,0 +1,16 @@
+Origin: gh
+Label: gh
+Codename: stable
+Architectures: i386 amd64 arm64
+Components: main
+Description: The GitHub CLI - debian stable repo
+SignWith: C99B11DEB97541F0
+
+Origin: gh
+Label: gh
+Codename: focal
+Architectures: i386 amd64 arm64
+Components: main
+Description: The GitHub CLI - ubuntu focal repo
+SignWith: C99B11DEB97541F0
+DebOverride: override.focal
diff --git a/script/override.focal b/script/override.focal
@@ -0,0 +1,2 @@
+gh Priority optional
+gh Section Development
diff --git a/script/pubkey.asc b/script/pubkey.asc
@@ -0,0 +1,41 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQGNBF9PzXUBDADjf/5plZnxldgufVJUC0xpwITJHB3iUvpTwYEgBaOi7WE+JkHb
++SN+2PFAumVftvOiCrt9TnrXDeUDGMsfiUa0zXsaU8pC1IcmnbYCjZqfWOmBUGoR
+iGrgZxSnXQuJOIsK5R8ST9G6v7BCKTgBnTmjIeCLCEOg0GU0avrBnmszOUjDabBl
+tvm/KC1lSsTfQjrn3j7LGbyVfTZ/nhIHnVUOjU4NcY9hd5xXydF0wpZ0pr28dcHI
+O5X9YZSq+w8bNlGBQMa/RhGmRBIMAEKeoLFh6q/CuToe/5x8xgowJZDkSNjVmaeR
+Acbdyhn2FmLyF/jFNXZ1DveX933N0MjQ/NCGgxpKbVVG+5BRSUA3Z53yvdzC61kO
+8r88ZEXli4uBCNSRGcpjsS+EyV8ydMxC4uhRrbaa8b3xI0yHS9/VJ3+1vUuo4vxZ
+sgbsmzErGOfyRaaF6SMJcQKf67Xk2whuDNQvRCwA8w7ZAK+XtyJ1M39fgDjRLVu6
+LK2A64jDiKPrOU0AEQEAAbQfTmF0ZSBTbWl0aCA8dmlsbWlibUBnaXRodWIuY29t
+PokB1AQTAQoAPhYhBCyjIFbtIGy4H0SoysmbEd65dUHwBQJfT811AhsDBQkDwmcA
+BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEMmbEd65dUHwdWQL/1ztvcwtZUdv
+c4XgwAU5DbGWxuVTAhMj+Y0o8Es3EZot6Ck9jhKUVHSF101Bbs0Nl1iOupr5P3yE
+cKgsK5hB+g0Y503DsNjz3i6OyWuHVeIWmk9pXQF/ly3VOgj0atJwiR8RV79/iw+i
+zcDkbKQ++3bIgLDVQ/b/EwJRZnxbBDNMRHOzxFR+JwazwFxTI5pGk0vcG6yFtKnI
+4fvmVE3WjmCOaGk8umuQJ/UG/F/oWx46gnF/+VG7xIK0lbOj4GDuLRGeRftTLREw
+5FTakC8vbddBfjpgOI6wAmE7UEU4L3S7wRvZeOrHzNCO5qBofTGbZVKZrkEHVCO5
+scuz04ESpUyGtV7QXVETWeo+hm8HD91pCdlpSOIpuE0kgUfifqYsDvuXMW7tb5+G
+AdRjG5mTACoF+SrcfSapg2vqOvxBNB9DAVSUdsIKucepJy3n5Wp72+sGDZsIj/H1
+lCZ6Ycw5U/kqTQ3Vah4zSFH973C49+T5eTvtTjXL7TedfsF7JyxrirkBjQRfT811
+AQwAtY1zvmSpRIzN3uZWisOXrgW4AiLfbJYEpII9URuyzS3J9tYNVQMsvMQgNqaZ
+fin0PY4sxj6f3WZSl0Ohc11vSjqMjaZ5YlEzcd3mG1dQCqnQmTmKFk7CgIZNU73t
+4f8lKL26HMMfG0kiVZrYM6CxDK6CrX47yH5QSfVCpQBG1Dl28VdjGsfiqL3U3m3S
+62p70guWGreqCJ+8GmhxhOFCDphudYVQxvIdnVw9FDetXfhYv/aJ74zwG+IYdjdf
+Wxu9uqXjNKBmz6m1DMRYwgP8zWfS48lEnR/uNIkM13GEKOq1qjsEwRLXDBYS38TS
+OsU4c8gS+dbCroUfbj5T332VfhSijf9yPmgqoXq9uhFs4uBOQPFDJhYLghHC/Etx
+DtgqNvs+TQ+71aTEN+7PDcxmiJBT2Hecu//tOPAG6iqAtEJ0CSNt7ioKGaybkBg8
+RXv20ztJ2vUR8iq7DeoAOOBJsLXfjwFsEPT9zp0dzTLNL2g9mULVopNxE5YBdTol
+McWTABEBAAGJAbwEGAEKACYWIQQsoyBW7SBsuB9EqMrJmxHeuXVB8AUCX0/NdQIb
+DAUJA8JnAAAKCRDJmxHeuXVB8E/MC/9OWTFwggfzOTzrBT4eRohkChDwHF77WzEZ
+vneaUEOgrDdkfZ4/LX/38HePae4/sIHvYMyEpqMMJor3SDLi71bPBmM4Hz5gt6Zx
+9CA1CUPJ9QFHHbxMufhW/0Fdhg4cFis6gC9TK8CyjRyURAXGAEUWxGbtUV3z8k5+
+Vu6z/RNHAjcuCzwm1FgX6EaAQt14hI9DqX8YPVE+c6rhSTVuQcnvvIMRmmnirs9q
+XyOoWgNBDdBsEyusOg04YWu+22nfmszrXDq4QUMkIfjeMoM/bYsF6D23ZTD4imZj
+LiZe/dWok6xgMOwwBhrYP71qORwChebooVX6SylkMnfT2xp/qIeAidNSioYC2fIp
+ue1p4NJ+4UaLLniQAlJ8TNoYoZ+UZDIftRYCfV+U1V9mqZtWZ9Qeuv8p6iboCVag
+QomPPf2XCc2VlhOraWGGC7afWIUnEz9srg8OR9IzrITGtSF7SMHB/dB2hL/tFyFs
+thQyULWTJXRidPWVyWWqegyubCbY0cY=
+=ki4q
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/script/rpmmacros b/script/rpmmacros
@@ -0,0 +1 @@
+%_gpg_name Nate Smith <vilmibm@github.com>

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+gh Priority optional`
	`2`	`+gh Section Development`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+%_gpg_name Nate Smith <vilmibm@github.com>`