diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..3a626c3 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: monthly diff --git a/.github/workflows/installtest.yml b/.github/workflows/installtest.yml index e0cea8a..884b662 100644 --- a/.github/workflows/installtest.yml +++ b/.github/workflows/installtest.yml @@ -14,7 +14,7 @@ jobs: ppa_series: ${{ steps.detect_series.outputs.PPA_SERIES }} steps: - name: Checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Detect runner series id: detect_series run: | @@ -30,7 +30,7 @@ jobs: make deb cp ../kolibri-server_*.deb ./kolibri-server.deb - name: Upload .deb artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: kolibri-server-deb path: kolibri-server.deb @@ -46,7 +46,7 @@ jobs: runner: ['ubuntu-latest', 'ubuntu-24.04-arm'] steps: - name: Checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup environment run: | apt-get update @@ -65,7 +65,7 @@ jobs: echo "kolibri-server kolibri-server/port select 8080" | debconf-set-selections echo "kolibri-server kolibri-server/zip_content_port select 8081" | debconf-set-selections - name: Download .deb artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: kolibri-server-deb - name: Install kolibri-server diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 1e83beb..0d0cb13 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -14,7 +14,7 @@ jobs: should_skip: ${{ steps.skip_check.outputs.should_skip }} steps: - id: skip_check - uses: fkirc/skip-duplicate-actions@master + uses: fkirc/skip-duplicate-actions@v5 with: github_token: ${{ github.token }} linting: @@ -23,6 +23,6 @@ jobs: if: ${{ needs.pre_job.outputs.should_skip != 'true' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@v6 + - uses: actions/setup-python@v6 - uses: pre-commit/action@v3.0.1 diff --git a/.github/workflows/python_tests.yml b/.github/workflows/python_tests.yml index 2f7a47b..8143647 100644 --- a/.github/workflows/python_tests.yml +++ b/.github/workflows/python_tests.yml @@ -8,7 +8,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Install system dependencies run: | sudo apt-get update diff --git a/.github/workflows/build_debian.yml b/.github/workflows/release.yml similarity index 67% rename from .github/workflows/build_debian.yml rename to .github/workflows/release.yml index ab03c5d..7097d57 100644 --- a/.github/workflows/build_debian.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,4 @@ -name: Build Debian source package +name: Release kolibri-server on: release: types: [published] @@ -10,7 +10,7 @@ jobs: version: ${{ steps.version.outputs.VERSION }} steps: - name: Checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Extract version from changelog id: changelog_version run: | @@ -42,7 +42,7 @@ jobs: needs: check_version steps: - name: checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set changelog distribution to runner series run: | SERIES=$(. /etc/os-release && echo "$VERSION_CODENAME") @@ -87,6 +87,24 @@ jobs: - name: Cleanup credentials if: always() run: rm -f /tmp/lp-creds.txt /tmp/.gpg-passphrase + build_binary_package: + name: Build binary .deb for GitHub Pages PPA + needs: check_version + runs-on: ubuntu-latest + steps: + - name: Checkout codebase + uses: actions/checkout@v6 + - name: Install build dependencies + run: make install-build-deps + - name: Install Kolibri + run: make install-kolibri + - name: Build .deb package + run: make deb + - name: Upload .deb artifact + uses: actions/upload-artifact@v7 + with: + name: kolibri-server-deb + path: ../kolibri-server_*.deb wait_for_source_published: needs: - check_version @@ -94,7 +112,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install dependencies run: | sudo apt-get update @@ -121,7 +139,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install dependencies run: | sudo apt-get update @@ -146,7 +164,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install dependencies run: | sudo apt-get update @@ -168,7 +186,9 @@ jobs: run: rm -f /tmp/lp-creds.txt block_release_step: name: Job to block publish of a release until it has been manually approved - needs: wait_for_copies_published + needs: + - wait_for_copies_published + - build_binary_package runs-on: ubuntu-latest environment: release steps: @@ -181,7 +201,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install dependencies run: | sudo apt-get update @@ -208,3 +228,77 @@ jobs: - name: Cleanup Launchpad credentials if: always() run: rm -f /tmp/lp-creds.txt + publish_github_pages_ppa: + name: Publish GitHub Pages PPA + needs: + - build_binary_package + - block_release_step + runs-on: ubuntu-latest + permissions: + pages: write + id-token: write + environment: + name: github-pages + url: ${{ steps.deploy.outputs.page_url }} + concurrency: + group: github-pages-deploy + cancel-in-progress: false + steps: + - name: Install reprepro + run: sudo apt-get update && sudo apt-get install -y reprepro + - name: Set GPG key ID + id: gpg + run: | + GPG_KEY_ID="${{ vars.DEBIAN_REPO_SIGNING_KEY_ID }}" + if [ -z "$GPG_KEY_ID" ]; then + echo "::error::No signing key ID provided (set vars.DEBIAN_REPO_SIGNING_KEY_ID)" + exit 1 + fi + echo "key-id=$GPG_KEY_ID" >> "$GITHUB_OUTPUT" + - name: Import GPG signing key into isolated keyring + run: | + GNUPGHOME=$(mktemp -d) + export GNUPGHOME + echo "GNUPGHOME=$GNUPGHOME" >> "$GITHUB_ENV" + echo "pinentry-mode loopback" > "$GNUPGHOME/gpg.conf" + echo "allow-loopback-pinentry" > "$GNUPGHOME/gpg-agent.conf" + echo "${{ secrets.DEBIAN_REPO_SIGNING_KEY }}" | gpg --batch --import + echo "${{ steps.gpg.outputs.key-id }}:6:" | gpg --batch --import-ownertrust + gpgconf --kill gpg-agent + - name: Download .deb artifact + uses: actions/download-artifact@v8 + with: + name: kolibri-server-deb + path: incoming + - name: Identify .deb file + id: deb + run: | + DEB_FILE=$(find incoming -maxdepth 1 -name '*.deb' -print -quit) + if [ -z "$DEB_FILE" ]; then + echo "::error::No .deb file found in incoming/" + exit 1 + fi + echo "path=$DEB_FILE" >> "$GITHUB_OUTPUT" + echo "Found: $DEB_FILE ($(du -h "$DEB_FILE" | cut -f1))" + - name: Build APT repository with reprepro + run: | + mkdir -p repo/conf + cat > repo/conf/distributions < repo/pubkey.asc + - name: Upload Pages artifact + uses: actions/upload-pages-artifact@v4 + with: + path: repo + - name: Deploy to GitHub Pages + id: deploy + uses: actions/deploy-pages@v5