From c2a74affaba27b34c888e2c7cd15aab3d3dde9c1 Mon Sep 17 00:00:00 2001 From: Richard Tibbles Date: Thu, 2 Apr 2026 10:18:39 -0700 Subject: [PATCH 1/4] ci: rename build_debian.yml to release.yml Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/{build_debian.yml => release.yml} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename .github/workflows/{build_debian.yml => release.yml} (99%) diff --git a/.github/workflows/build_debian.yml b/.github/workflows/release.yml similarity index 99% rename from .github/workflows/build_debian.yml rename to .github/workflows/release.yml index ab03c5d..1e24899 100644 --- a/.github/workflows/build_debian.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,4 @@ -name: Build Debian source package +name: Release kolibri-server on: release: types: [published] From 7a3cef1148c0915b876b8370bf8b016b26cb3ee5 Mon Sep 17 00:00:00 2001 From: Richard Tibbles Date: Thu, 2 Apr 2026 10:25:00 -0700 Subject: [PATCH 2/4] ci: add build_binary_package job to release workflow Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/release.yml | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 1e24899..d09399e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -87,6 +87,24 @@ jobs: - name: Cleanup credentials if: always() run: rm -f /tmp/lp-creds.txt /tmp/.gpg-passphrase + build_binary_package: + name: Build binary .deb for GitHub Pages PPA + needs: check_version + runs-on: ubuntu-latest + steps: + - name: Checkout codebase + uses: actions/checkout@v4 + - name: Install build dependencies + run: make install-build-deps + - name: Install Kolibri + run: make install-kolibri + - name: Build .deb package + run: make deb + - name: Upload .deb artifact + uses: actions/upload-artifact@v4 + with: + name: kolibri-server-deb + path: ../kolibri-server_*.deb wait_for_source_published: needs: - check_version @@ -168,7 +186,9 @@ jobs: run: rm -f /tmp/lp-creds.txt block_release_step: name: Job to block publish of a release until it has been manually approved - needs: wait_for_copies_published + needs: + - wait_for_copies_published + - build_binary_package runs-on: ubuntu-latest environment: release steps: From b61d7936f0685ef82e639c0d085bed235dd98985 Mon Sep 17 00:00:00 2001 From: Richard Tibbles Date: Thu, 2 Apr 2026 10:37:39 -0700 Subject: [PATCH 3/4] ci: add GitHub Pages PPA publishing to release workflow Adds two new jobs to the release workflow: - build_binary_package: builds a binary .deb for the GH Pages PPA - publish_github_pages_ppa: uses reprepro to build an APT repo and deploys it via actions/deploy-pages Requires DEBIAN_REPO_SIGNING_KEY secret and DEBIAN_REPO_SIGNING_KEY_ID variable to be configured (shared from kolibri-installer-debian). Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/release.yml | 74 +++++++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d09399e..0968a65 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -228,3 +228,77 @@ jobs: - name: Cleanup Launchpad credentials if: always() run: rm -f /tmp/lp-creds.txt + publish_github_pages_ppa: + name: Publish GitHub Pages PPA + needs: + - build_binary_package + - block_release_step + runs-on: ubuntu-latest + permissions: + pages: write + id-token: write + environment: + name: github-pages + url: ${{ steps.deploy.outputs.page_url }} + concurrency: + group: github-pages-deploy + cancel-in-progress: false + steps: + - name: Install reprepro + run: sudo apt-get update && sudo apt-get install -y reprepro + - name: Set GPG key ID + id: gpg + run: | + GPG_KEY_ID="${{ vars.DEBIAN_REPO_SIGNING_KEY_ID }}" + if [ -z "$GPG_KEY_ID" ]; then + echo "::error::No signing key ID provided (set vars.DEBIAN_REPO_SIGNING_KEY_ID)" + exit 1 + fi + echo "key-id=$GPG_KEY_ID" >> "$GITHUB_OUTPUT" + - name: Import GPG signing key into isolated keyring + run: | + GNUPGHOME=$(mktemp -d) + export GNUPGHOME + echo "GNUPGHOME=$GNUPGHOME" >> "$GITHUB_ENV" + echo "pinentry-mode loopback" > "$GNUPGHOME/gpg.conf" + echo "allow-loopback-pinentry" > "$GNUPGHOME/gpg-agent.conf" + echo "${{ secrets.DEBIAN_REPO_SIGNING_KEY }}" | gpg --batch --import + echo "${{ steps.gpg.outputs.key-id }}:6:" | gpg --batch --import-ownertrust + gpgconf --kill gpg-agent + - name: Download .deb artifact + uses: actions/download-artifact@v4 + with: + name: kolibri-server-deb + path: incoming + - name: Identify .deb file + id: deb + run: | + DEB_FILE=$(find incoming -maxdepth 1 -name '*.deb' -print -quit) + if [ -z "$DEB_FILE" ]; then + echo "::error::No .deb file found in incoming/" + exit 1 + fi + echo "path=$DEB_FILE" >> "$GITHUB_OUTPUT" + echo "Found: $DEB_FILE ($(du -h "$DEB_FILE" | cut -f1))" + - name: Build APT repository with reprepro + run: | + mkdir -p repo/conf + cat > repo/conf/distributions < repo/pubkey.asc + - name: Upload Pages artifact + uses: actions/upload-pages-artifact@v3 + with: + path: repo + - name: Deploy to GitHub Pages + id: deploy + uses: actions/deploy-pages@v4 From ab1294dd9e2e21fef9f9dc41c10aa8070e3a0391 Mon Sep 17 00:00:00 2001 From: Richard Tibbles Date: Thu, 2 Apr 2026 12:32:05 -0700 Subject: [PATCH 4/4] ci: update GitHub Actions to latest versions and add dependabot MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Update all actions across workflows to current major versions: - checkout v4 → v6 - upload-artifact v4 → v7 - download-artifact v4 → v8 - setup-python v5 → v6 - upload-pages-artifact v3 → v4 - deploy-pages v4 → v5 - skip-duplicate-actions master → v5 Add dependabot configuration for weekly GitHub Actions updates. Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/dependabot.yml | 6 ++++++ .github/workflows/installtest.yml | 8 ++++---- .github/workflows/pre-commit.yml | 6 +++--- .github/workflows/python_tests.yml | 2 +- .github/workflows/release.yml | 22 +++++++++++----------- 5 files changed, 25 insertions(+), 19 deletions(-) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..3a626c3 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: monthly diff --git a/.github/workflows/installtest.yml b/.github/workflows/installtest.yml index e0cea8a..884b662 100644 --- a/.github/workflows/installtest.yml +++ b/.github/workflows/installtest.yml @@ -14,7 +14,7 @@ jobs: ppa_series: ${{ steps.detect_series.outputs.PPA_SERIES }} steps: - name: Checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Detect runner series id: detect_series run: | @@ -30,7 +30,7 @@ jobs: make deb cp ../kolibri-server_*.deb ./kolibri-server.deb - name: Upload .deb artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: kolibri-server-deb path: kolibri-server.deb @@ -46,7 +46,7 @@ jobs: runner: ['ubuntu-latest', 'ubuntu-24.04-arm'] steps: - name: Checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Setup environment run: | apt-get update @@ -65,7 +65,7 @@ jobs: echo "kolibri-server kolibri-server/port select 8080" | debconf-set-selections echo "kolibri-server kolibri-server/zip_content_port select 8081" | debconf-set-selections - name: Download .deb artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: kolibri-server-deb - name: Install kolibri-server diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 1e83beb..0d0cb13 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -14,7 +14,7 @@ jobs: should_skip: ${{ steps.skip_check.outputs.should_skip }} steps: - id: skip_check - uses: fkirc/skip-duplicate-actions@master + uses: fkirc/skip-duplicate-actions@v5 with: github_token: ${{ github.token }} linting: @@ -23,6 +23,6 @@ jobs: if: ${{ needs.pre_job.outputs.should_skip != 'true' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 + - uses: actions/checkout@v6 + - uses: actions/setup-python@v6 - uses: pre-commit/action@v3.0.1 diff --git a/.github/workflows/python_tests.yml b/.github/workflows/python_tests.yml index 2f7a47b..8143647 100644 --- a/.github/workflows/python_tests.yml +++ b/.github/workflows/python_tests.yml @@ -8,7 +8,7 @@ jobs: test: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@v6 - name: Install system dependencies run: | sudo apt-get update diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0968a65..7097d57 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -10,7 +10,7 @@ jobs: version: ${{ steps.version.outputs.VERSION }} steps: - name: Checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Extract version from changelog id: changelog_version run: | @@ -42,7 +42,7 @@ jobs: needs: check_version steps: - name: checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Set changelog distribution to runner series run: | SERIES=$(. /etc/os-release && echo "$VERSION_CODENAME") @@ -93,7 +93,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install build dependencies run: make install-build-deps - name: Install Kolibri @@ -101,7 +101,7 @@ jobs: - name: Build .deb package run: make deb - name: Upload .deb artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v7 with: name: kolibri-server-deb path: ../kolibri-server_*.deb @@ -112,7 +112,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install dependencies run: | sudo apt-get update @@ -139,7 +139,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install dependencies run: | sudo apt-get update @@ -164,7 +164,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install dependencies run: | sudo apt-get update @@ -201,7 +201,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout codebase - uses: actions/checkout@v4 + uses: actions/checkout@v6 - name: Install dependencies run: | sudo apt-get update @@ -266,7 +266,7 @@ jobs: echo "${{ steps.gpg.outputs.key-id }}:6:" | gpg --batch --import-ownertrust gpgconf --kill gpg-agent - name: Download .deb artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v8 with: name: kolibri-server-deb path: incoming @@ -296,9 +296,9 @@ jobs: reprepro -b repo includedeb stable "${{ steps.deb.outputs.path }}" gpg --armor --export "${{ steps.gpg.outputs.key-id }}" > repo/pubkey.asc - name: Upload Pages artifact - uses: actions/upload-pages-artifact@v3 + uses: actions/upload-pages-artifact@v4 with: path: repo - name: Deploy to GitHub Pages id: deploy - uses: actions/deploy-pages@v4 + uses: actions/deploy-pages@v5