The curl pipe to rpm --import was failing with 'rpmkeys: no arguments given'
error. Use direct import from the local repository file at
fedora/RPM-GPG-KEY-continuwuity.asc which is simpler, more reliable, and
removes an unnecessary network dependency.
Replace while-read loops with for loops to avoid subshell variable scoping
issues. Export GPG_TTY=/dev/null to suppress terminal warnings. Provide
empty passphrase via stdin for batch signing without interaction.
Both signing and verification now properly track failures and exit with
non-zero status if any RPMs fail to sign or verify, preventing misleading
successful pipeline runs.
Fix GPG signing failures caused by incorrect key ID extraction that was
parsing the uid line instead of the secret key line. Also exclude debug
packages from RPM selection to ensure the main binary package is tested
and published.
Increase sccache cache size to 10GB to accommodate the project's extensive
dependency tree and improve build performance.
Following PR #950 which introduced the RPM spec and systemd unit files,
this adds a comprehensive CI workflow for building, signing, testing, and
publishing RPM packages. Includes GPG signing infrastructure with Ed25519
keys and automatic package registry deployment for stable, development,
and feature branch builds.
Add documentation for RPM installation methods, repository configuration,
and package management. Fix linting issues in spec file for pre-commit
compliance.
Merge rust-checks.yml into prek-checks.yml for a unified workflow that
runs formatting and clippy/test checks in parallel jobs.
Add reusable composite actions:
- setup-rust: Smart Rust toolchain management with caching
* Uses cargo-binstall for pre-built binary downloads
* Integrates Mozilla sccache-action for compilation caching
* Workspace-relative paths for better cache control
* GitHub token support for improved rate limits
- setup-llvm-with-apt: LLVM installation with native dependencies
- detect-runner-os: Consistent OS detection for cache keys
Key improvements:
- Install prek via cargo-binstall --git (crates.io outdated at v0.0.1)
- Download timelord-cli from cargo-quickinstall
- Set BINSTALL_MAXIMUM_RESOLUTION_TIMEOUT=10 to avoid rate limit delays
- Default Rust version 1.87.0 with override support
- Remove redundant sccache stats (handled by Mozilla action)
Significantly reduces CI runtime through binary downloads instead of
compilation while maintaining all existing quality checks.
The setup-uv@v6 action has deprecated Node 18 support mid-version by
using the File API, causing workflow failures. Temporarily downgrading
to v5 until we migrate to a better runner image with Node 20+ support.
- Set platform to 'forgejo' with proper API endpoint
- Use environment variables for all Renovate configuration
- Add git timeout and disable GitHub token warnings
- Move PR limit configuration to workflow
The prefligit project has been renamed to prek due to typosquatting
concerns. This updates our CI to use the new name and recommended
installation method via uv, which significantly reduces setup time
compared to cargo install and includes automatic caching.
- Replace outdated static prefligit action with direct prek invocation
- Use uv as recommended by upstream: https://github.com/j178/prek
- Update check-byte-order-marker to fix-byte-order-marker (deprecated)
- Simplify workflow by removing unused ref calculations
The same .pre-commit-config.yaml works unchanged. Developers can
install locally with 'uvx prek install' or other methods from the repo.
Also moves rustup installation to a seperate workflow and
enables caching.
The sccache action required a github.com api token, so we set
all that up too.
