fix(ci): Correct SRPM architecture to prevent binary RPM overwrite

Source RPMs were incorrectly being registered with x86_64 architecture
instead of 'src', causing them to overwrite the binary RPM in the package
registry. This resulted in the 16MB binary being replaced by the 847KB
source package. SRPMs now correctly use 'src' architecture.

.editorconfig

@@ -26,7 +26,3 @@ max_line_length = 98
 [*.yml]
 indent_size = 2
 indent_style = space
-
-[*.json]
-indent_size = 4
-indent_style = space

.forgejo/workflows/build-fedora.yml

@@ -1,4 +1,4 @@
-name: Build / Fedora RPM
+name: Build Fedora RPM
 
 concurrency:
   group: "build-fedora-${{ github.ref }}"
@@ -6,10 +6,6 @@ concurrency:
 
 on:
   push:
-    branches:
-      - '**'
-    tags:
-      - 'v*'
     paths:
       - 'fedora/**'
       - 'src/**'
@@ -114,33 +110,27 @@ jobs:
 
           cd "$GITHUB_WORKSPACE"
 
-          # Determine release suffix and version based on ref type and branch
+          # Determine release suffix based on ref type and branch
           if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
             # Tags get clean version numbers for stable releases
             RELEASE_SUFFIX=""
-            TAG_NAME="${{ github.ref_name }}"
-            # Extract version from tag (remove v prefix if present)
-            TAG_VERSION=$(echo "$TAG_NAME" | sed 's/^v//')
-
-            # Create spec file with tag version
-            sed -e "s/^Version:.*$/Version:        $TAG_VERSION/" \
-                -e "s/^Release:.*$/Release:        1%{?dist}/" \
-                fedora/continuwuity.spec.rpkg > continuwuity.spec.rpkg
           elif [ "${{ github.ref_name }}" = "main" ]; then
             # Main branch gets .dev suffix
             RELEASE_SUFFIX=".dev"
-
-            # Replace the Release line to include our suffix
-            sed "s/^Release:.*$/Release:        1${RELEASE_SUFFIX}%{?dist}/" \
-              fedora/continuwuity.spec.rpkg > continuwuity.spec.rpkg
           else
             # Other branches get sanitized branch name as suffix
             SAFE_BRANCH=$(echo "${{ github.ref_name }}" | sed 's/[^a-zA-Z0-9]/_/g' | cut -c1-20)
             RELEASE_SUFFIX=".${SAFE_BRANCH}"
+          fi
 
+          # Create a temporary spec file with the release suffix
+          if [ -n "$RELEASE_SUFFIX" ]; then
             # Replace the Release line to include our suffix
             sed "s/^Release:.*$/Release:        1${RELEASE_SUFFIX}%{?dist}/" \
               fedora/continuwuity.spec.rpkg > continuwuity.spec.rpkg
+          else
+            # Use the original spec file
+            ln -sf fedora/continuwuity.spec.rpkg continuwuity.spec.rpkg
           fi
 
           # Build the SRPM
@@ -374,8 +364,6 @@ jobs:
           # Determine the group based on ref type and branch
           if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
             GROUP="stable"
-            # For tags, extract the tag name for version info
-            TAG_NAME="${{ github.ref_name }}"
           elif [ "${{ github.ref_name }}" = "main" ]; then
             GROUP="dev"
           else
@@ -410,63 +398,23 @@ jobs:
             "https://forgejo.ellis.link/api/packages/continuwuation/rpm/$GROUP/upload"
 
           echo ""
-          echo "✅ Published binary RPM to: https://forgejo.ellis.link/continuwuation/-/packages/rpm/continuwuity/"
+          echo "✅ Published to: https://forgejo.ellis.link/continuwuation/-/packages/rpm/continuwuity/"
           echo "Group: $GROUP"
 
-          # Upload debug RPMs to separate group
+          # Also upload the SRPM
-          DEBUG_RPMS=$(find artifacts -name "*debuginfo*.rpm" -o -name "*debugsource*.rpm")
-          if [ -n "$DEBUG_RPMS" ]; then
-            echo ""
-            echo "Publishing debug RPMs to group: ${GROUP}-debug"
-
-            for DEBUG_RPM in $DEBUG_RPMS; do
-              echo "Publishing: $(basename "$DEBUG_RPM")"
-
-              # Extract debug RPM info
-              DEBUG_INFO=$(rpm -qpi "$DEBUG_RPM" 2>/dev/null)
-              DEBUG_NAME=$(echo "$DEBUG_INFO" | grep "^Name" | awk '{print $3}')
-              DEBUG_VERSION=$(echo "$DEBUG_INFO" | grep "^Version" | awk '{print $3}')
-              DEBUG_RELEASE=$(echo "$DEBUG_INFO" | grep "^Release" | awk '{print $3}')
-              DEBUG_ARCH=$(echo "$DEBUG_INFO" | grep "^Architecture" | awk '{print $2}')
-              DEBUG_FULL_VERSION="${DEBUG_VERSION}-${DEBUG_RELEASE}"
-
-              # Try to delete existing debug package first
-              curl -X DELETE \
-                -H "Authorization: token ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}" \
-                "https://forgejo.ellis.link/api/packages/continuwuation/rpm/${GROUP}-debug/package/$DEBUG_NAME/$DEBUG_FULL_VERSION/$DEBUG_ARCH" \
-                || echo "Debug package didn't exist or deletion failed (this is OK)"
-
-              # Upload debug RPM
-              curl --fail-with-body \
-                -X PUT \
-                -H "Authorization: token ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}" \
-                -H "Content-Type: application/x-rpm" \
-                -T "$DEBUG_RPM" \
-                "https://forgejo.ellis.link/api/packages/continuwuation/rpm/${GROUP}-debug/upload"
-            done
-
-            echo "✅ Published debug RPMs to group: ${GROUP}-debug"
-          fi
-
-          # Also upload the SRPM to separate group
           SRPM=$(find artifacts -name "*.src.rpm" | head -1)
           if [ -n "$SRPM" ]; then
             echo ""
             echo "Publishing source RPM: $(basename "$SRPM")"
-            echo "Publishing to group: ${GROUP}-src"
 
-            # Extract SRPM info
+            # SRPMs always have architecture "src"
-            SRPM_INFO=$(rpm -qpi "$SRPM" 2>/dev/null)
+            SRPM_ARCH="src"
-            SRPM_NAME=$(echo "$SRPM_INFO" | grep "^Name" | awk '{print $3}')
-            SRPM_VERSION=$(echo "$SRPM_INFO" | grep "^Version" | awk '{print $3}')
-            SRPM_RELEASE=$(echo "$SRPM_INFO" | grep "^Release" | awk '{print $3}')
-            SRPM_FULL_VERSION="${SRPM_VERSION}-${SRPM_RELEASE}"
 
-            # Try to delete existing SRPM first
+            # Try to delete existing SRPM first (using same name/version as binary RPM)
-            echo "Removing any existing SRPM: $SRPM_NAME-$SRPM_FULL_VERSION.src"
+            echo "Removing any existing SRPM: $PACKAGE_NAME-$FULL_VERSION.$SRPM_ARCH"
             curl -X DELETE \
               -H "Authorization: token ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}" \
-              "https://forgejo.ellis.link/api/packages/continuwuation/rpm/${GROUP}-src/package/$SRPM_NAME/$SRPM_FULL_VERSION/src" \
+              "https://forgejo.ellis.link/api/packages/continuwuation/rpm/$GROUP/package/$PACKAGE_NAME/$FULL_VERSION/$SRPM_ARCH" \
               || echo "SRPM didn't exist or deletion failed (this is OK)"
 
             curl --fail-with-body \
@@ -474,7 +422,5 @@ jobs:
               -H "Authorization: token ${{ secrets.BUILTIN_REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}" \
               -H "Content-Type: application/x-rpm" \
               -T "$SRPM" \
-              "https://forgejo.ellis.link/api/packages/continuwuation/rpm/${GROUP}-src/upload"
+              "https://forgejo.ellis.link/api/packages/continuwuation/rpm/$GROUP/upload"
-
-            echo "✅ Published source RPM to group: ${GROUP}-src"
           fi

.forgejo/workflows/release-image.yml

@@ -161,7 +161,7 @@ jobs:
             var-lib-apt-${{ matrix.slug }}
           key: var-lib-apt-${{ matrix.slug }}
       - name: inject cache into docker
-        uses: https://github.com/reproducible-containers/buildkit-cache-dance@v3.3.0
+        uses: https://github.com/reproducible-containers/buildkit-cache-dance@v3.1.0
         with:
           cache-map: |
             {

.forgejo/workflows/renovate.yml

@@ -39,73 +39,24 @@ jobs:
   renovate:
     name: Renovate
     runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/renovatebot/renovate:41
-      options: --tmpfs /tmp:exec
     steps:
       - name: Checkout
         uses: actions/checkout@v4
-        with:
-          show-progress: false
-
-      - name: print node heap
-        run: /usr/local/renovate/node -e 'console.log(`node heap limit = ${require("v8").getHeapStatistics().heap_size_limit / (1024 * 1024)} Mb`)'
-
-      - name: Restore renovate repo cache
-        uses: https://github.com/actions/cache@v4
-        with:
-          path: |
-            /tmp/renovate/cache/renovate/repository
-          key: repo-cache-${{ github.run_id }}
-          restore-keys: |
-            repo-cache-
-
-      - name: Restore renovate package cache
-        uses: https://github.com/actions/cache@v4
-        with:
-          path: |
-            /tmp/renovate/cache/renovate/renovate-cache-sqlite
-          key: package-cache-${{ github.run_id }}
-          restore-keys: |
-            package-cache-
 
       - name: Self-hosted Renovate
-        uses: https://github.com/renovatebot/github-action@v43.0.9
+        uses: https://github.com/renovatebot/github-action@v40.1.0
         env:
           LOG_LEVEL: ${{ inputs.logLevel || 'info' }}
-          RENOVATE_DRY_RUN: ${{ inputs.dryRun || 'false' }}
-
-          RENOVATE_PLATFORM: forgejo
-          RENOVATE_ENDPOINT: ${{ github.server_url }}
           RENOVATE_AUTODISCOVER: 'false'
-          RENOVATE_REPOSITORIES: '["${{ github.repository }}"]'
+          RENOVATE_BINARY_SOURCE: 'install'
-
+          RENOVATE_DRY_RUN: ${{ inputs.dryRun || 'false' }}
+          RENOVATE_ENDPOINT: ${{ github.server_url }}/api/v1
           RENOVATE_GIT_TIMEOUT: 60000
-
+          RENOVATE_GIT_URL: 'endpoint'
-          RENOVATE_REQUIRE_CONFIG: 'required'
-          RENOVATE_ONBOARDING: 'false'
-
-          RENOVATE_PR_COMMITS_PER_RUN_LIMIT: 3
-
           RENOVATE_GITHUB_TOKEN_WARN: 'false'
+          RENOVATE_ONBOARDING: 'false'
+          RENOVATE_PLATFORM: 'forgejo'
+          RENOVATE_PR_COMMITS_PER_RUN_LIMIT: 3
+          RENOVATE_REPOSITORIES: '["${{ github.repository }}"]'
+          RENOVATE_REQUIRE_CONFIG: 'required'
           RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
-          GITHUB_COM_TOKEN: ${{ secrets.GH_PUBLIC_RO }}
-
-          RENOVATE_REPOSITORY_CACHE: 'enabled'
-          RENOVATE_X_SQLITE_PACKAGE_CACHE: true
-
-      - name: Save renovate repo cache
-        if: always() && env.RENOVATE_DRY_RUN != 'full'
-        uses: https://github.com/actions/cache@v4
-        with:
-          path: |
-            /tmp/renovate/cache/renovate/repository
-          key: repo-cache-${{ github.run_id }}
-
-      - name: Save renovate package cache
-        if: always() && env.RENOVATE_DRY_RUN != 'full'
-        uses: https://github.com/actions/cache@v4
-        with:
-          path: |
-            /tmp/renovate/cache/renovate/renovate-cache-sqlite
-          key: package-cache-${{ github.run_id }}

renovate.json

@@ -1,59 +1,62 @@
 {
-    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-    "extends": ["config:recommended"],
+  "extends": [
-    "lockFileMaintenance": {
+    "config:recommended"
-        "enabled": true,
+  ],
-        "schedule": ["at any time"]
+  "lockFileMaintenance": {
-    },
+    "enabled": true,
-    "nix": {
+    "schedule": [
-        "enabled": true
+      "at any time"
-    },
-    "labels": ["Dependencies", "Dependencies/Renovate"],
-    "ignoreDeps": [
-        "tikv-jemallocator",
-        "tikv-jemalloc-sys",
-        "tikv-jemalloc-ctl",
-        "opentelemetry",
-        "opentelemetry_sdk",
-        "opentelemetry-jaeger",
-        "tracing-opentelemetry"
-    ],
-    "github-actions": {
-        "enabled": true,
-        "managerFilePatterns": [
-            "/(^|/)\\.forgejo/workflows/[^/]+\\.ya?ml$/",
-            "/(^|/)\\.forgejo/actions/[^/]+/action\\.ya?ml$/",
-            "/(^|/)\\.github/workflows/[^/]+\\.ya?ml$/",
-            "/(^|/)\\.github/actions/[^/]+/action\\.ya?ml$/"
-        ]
-    },
-    "packageRules": [
-        {
-            "description": "Batch minor and patch GitHub Actions updates",
-            "matchManagers": ["github-actions"],
-            "matchUpdateTypes": ["minor", "patch"],
-            "groupName": "github-actions-non-major"
-        },
-        {
-            "description": "Group Rust toolchain updates into a single PR",
-            "matchManagers": ["custom.regex"],
-            "matchPackageNames": ["rust", "rustc", "cargo"],
-            "groupName": "rust-toolchain"
-        },
-        {
-            "description": "Group lockfile updates into a single PR",
-            "matchUpdateTypes": ["lockFileMaintenance"],
-            "groupName": "lockfile-maintenance"
-        },
-        {
-            "description": "Batch patch-level Rust dependency updates",
-            "matchManagers": ["cargo"],
-            "matchUpdateTypes": ["patch"],
-            "groupName": "rust-patch-updates"
-        },
-        {
-            "matchManagers": ["cargo"],
-            "prConcurrentLimit": 5
-        }
     ]
+  },
+  "nix": {
+    "enabled": true
+  },
+  "labels": [
+    "Dependencies",
+    "Dependencies/Renovate"
+  ],
+  "ignoreDeps": [
+    "tikv-jemallocator",
+    "tikv-jemalloc-sys",
+    "tikv-jemalloc-ctl",
+    "opentelemetry",
+    "opentelemetry_sdk",
+    "opentelemetry-jaeger",
+    "tracing-opentelemetry"
+  ],
+  "github-actions": {
+    "enabled": true,
+    "fileMatch": [
+      "(^|/)\\.forgejo/workflows/[^/]+\\.ya?ml$",
+      "(^|/)\\.forgejo/actions/[^/]+/action\\.ya?ml$",
+      "(^|/)\\.github/workflows/[^/]+\\.ya?ml$",
+      "(^|/)\\.github/actions/[^/]+/action\\.ya?ml$"
+    ]
+  },
+  "packageRules": [
+    {
+      "description": "Batch minor and patch GitHub Actions updates",
+      "matchManagers": ["github-actions"],
+      "matchUpdateTypes": ["minor", "patch"],
+      "groupName": "github-actions-non-major"
+    },
+    {
+      "description": "Group Rust toolchain updates into a single PR",
+      "matchManagers": ["regex"],
+      "matchPackageNames": ["rust", "rustc", "cargo"],
+      "groupName": "rust-toolchain"
+    },
+    {
+      "description": "Group lockfile updates into a single PR",
+      "matchUpdateTypes": ["lockFileMaintenance"],
+      "groupName": "lockfile-maintenance"
+    },
+    {
+      "description": "Batch patch-level Rust dependency updates",
+      "matchManagers": ["cargo"],
+      "matchUpdateTypes": ["patch"],
+      "groupName": "rust-patch-updates"
+    }
+  ]
 }