fix(ci): Correct GPG key extraction and RPM selection in Fedora workflow

Fix GPG signing failures caused by incorrect key ID extraction that was parsing the uid line instead of the secret key line. Also exclude debug packages from RPM selection to ensure the main binary package is tested and published. Increase sccache cache size to 10GB to accommodate the project's extensive dependency tree and improve build performance.
2025-09-10 19:02:50 +02:00 · 2025-08-30 22:27:33 +01:00 · 2025-08-30 22:27:33 +01:00 · b86d9c15a7
commit b86d9c15a7
parent 98775d915c
1 changed files with 13 additions and 7 deletions
--- a/.forgejo/workflows/build-fedora.yml
+++ b/.forgejo/workflows/build-fedora.yml
@ -73,7 +73,7 @@ jobs:
          echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV
          echo "CMAKE_C_COMPILER_LAUNCHER=sccache" >> $GITHUB_ENV
          echo "CMAKE_CXX_COMPILER_LAUNCHER=sccache" >> $GITHUB_ENV
-          echo "SCCACHE_CACHE_SIZE=2G" >> $GITHUB_ENV
+          echo "SCCACHE_CACHE_SIZE=10G" >> $GITHUB_ENV
          # Aggressive GC since cache restores don't increment counter
          echo "CARGO_INCREMENTAL_GC_TRIGGER=5" >> $GITHUB_ENV

@ -150,8 +150,8 @@ jobs:
          # Import the signing key
          echo "${{ secrets.RPM_SIGNING_KEY }}" | gpg --batch --import

-          # Get the key ID
-          KEY_ID=$(gpg --list-secret-keys --keyid-format=short | grep -A1 "ci@continuwuity.org" | head -1 | awk '{print $2}' | cut -d'/' -f2)
+          # Get the key ID (look for the sec line, not the uid line)
+          KEY_ID=$(gpg --list-secret-keys --keyid-format=long | grep "^sec" | head -1 | awk '{print $2}' | cut -d'/' -f2)
          echo "Using GPG key: $KEY_ID"

          # Configure RPM macros for signing
@ -225,8 +225,11 @@ jobs:

      - name: Test RPM installation
        run: |
-          # Find the binary RPM
-          RPM=$(find "$HOME/rpmbuild/RPMS" -name "continuwuity-*.rpm" ! -name "*.src.rpm" | head -1)
+          # Find the main binary RPM (exclude debug and source RPMs)
+          RPM=$(find "$HOME/rpmbuild/RPMS" -name "continuwuity-*.rpm" \
+            ! -name "*debuginfo*" \
+            ! -name "*debugsource*" \
+            ! -name "*.src.rpm" | head -1)

          if [ -z "$RPM" ]; then
            echo "Error: No binary RPM file found"
@ -314,8 +317,11 @@ jobs:
      - name: Publish to RPM Package Registry
        if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
        run: |
-          # Find the binary RPM (exclude source RPMs)
-          RPM=$(find artifacts -name "continuwuity-*.rpm" ! -name "*.src.rpm" | head -1)
+          # Find the main binary RPM (exclude debug and source RPMs)
+          RPM=$(find artifacts -name "continuwuity-*.rpm" \
+            ! -name "*debuginfo*" \
+            ! -name "*debugsource*" \
+            ! -name "*.src.rpm" | head -1)

          if [ -z "$RPM" ]; then
            echo "No binary RPM found to publish"