From b86d9c15a7ea6189d98746db812426f03d608017 Mon Sep 17 00:00:00 2001 From: Tom Foster Date: Sat, 30 Aug 2025 22:27:33 +0100 Subject: [PATCH] fix(ci): Correct GPG key extraction and RPM selection in Fedora workflow Fix GPG signing failures caused by incorrect key ID extraction that was parsing the uid line instead of the secret key line. Also exclude debug packages from RPM selection to ensure the main binary package is tested and published. Increase sccache cache size to 10GB to accommodate the project's extensive dependency tree and improve build performance. --- .forgejo/workflows/build-fedora.yml | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/.forgejo/workflows/build-fedora.yml b/.forgejo/workflows/build-fedora.yml index 1cb8a024..facfa44b 100644 --- a/.forgejo/workflows/build-fedora.yml +++ b/.forgejo/workflows/build-fedora.yml @@ -73,7 +73,7 @@ jobs: echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV echo "CMAKE_C_COMPILER_LAUNCHER=sccache" >> $GITHUB_ENV echo "CMAKE_CXX_COMPILER_LAUNCHER=sccache" >> $GITHUB_ENV - echo "SCCACHE_CACHE_SIZE=2G" >> $GITHUB_ENV + echo "SCCACHE_CACHE_SIZE=10G" >> $GITHUB_ENV # Aggressive GC since cache restores don't increment counter echo "CARGO_INCREMENTAL_GC_TRIGGER=5" >> $GITHUB_ENV @@ -150,8 +150,8 @@ jobs: # Import the signing key echo "${{ secrets.RPM_SIGNING_KEY }}" | gpg --batch --import - # Get the key ID - KEY_ID=$(gpg --list-secret-keys --keyid-format=short | grep -A1 "ci@continuwuity.org" | head -1 | awk '{print $2}' | cut -d'/' -f2) + # Get the key ID (look for the sec line, not the uid line) + KEY_ID=$(gpg --list-secret-keys --keyid-format=long | grep "^sec" | head -1 | awk '{print $2}' | cut -d'/' -f2) echo "Using GPG key: $KEY_ID" # Configure RPM macros for signing @@ -225,8 +225,11 @@ jobs: - name: Test RPM installation run: | - # Find the binary RPM - RPM=$(find "$HOME/rpmbuild/RPMS" -name "continuwuity-*.rpm" ! -name "*.src.rpm" | head -1) + # Find the main binary RPM (exclude debug and source RPMs) + RPM=$(find "$HOME/rpmbuild/RPMS" -name "continuwuity-*.rpm" \ + ! -name "*debuginfo*" \ + ! -name "*debugsource*" \ + ! -name "*.src.rpm" | head -1) if [ -z "$RPM" ]; then echo "Error: No binary RPM file found" @@ -314,8 +317,11 @@ jobs: - name: Publish to RPM Package Registry if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }} run: | - # Find the binary RPM (exclude source RPMs) - RPM=$(find artifacts -name "continuwuity-*.rpm" ! -name "*.src.rpm" | head -1) + # Find the main binary RPM (exclude debug and source RPMs) + RPM=$(find artifacts -name "continuwuity-*.rpm" \ + ! -name "*debuginfo*" \ + ! -name "*debugsource*" \ + ! -name "*.src.rpm" | head -1) if [ -z "$RPM" ]; then echo "No binary RPM found to publish"