name: Build bootc Package # ⚠️ IMPORTANT: Each repository needs its own FORGEJO_TOKEN secret! # # To set up this workflow in a new repository: # 1. Go to repository settings: https://git.raines.xyz/OWNER/REPO/settings # 2. Find "Secrets" or "Repository secrets" section # 3. Add new secret: # - Name: FORGEJO_TOKEN # - Value: Your Personal Access Token with repo and write:packages permissions # 4. The token needs these scopes: # - repo (Full control of private repositories) # - write:packages (Write packages) # - read:packages (Read packages) # # This workflow will fail with "FORGEJO_TOKEN is not set" if the secret is missing. on: push: branches: [ main, master ] pull_request: branches: [ main, master ] workflow_dispatch: env: UBUNTU_VERSION: "24.04" BOOTC_VERSION: "1.5.1" jobs: build-bootc: name: Build bootc Package runs-on: ubuntu-latest container: image: ubuntu:latest steps: - name: Setup build environment shell: bash run: | apt update -y apt install -y git curl pkg-config build-essential gnupg # Install system Rust packages first for dpkg-buildpackage compatibility apt install -y rustc cargo # Install Rust using rustup to get the latest version curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y . ~/.cargo/env # Set default toolchain for rustup rustup default stable # Verify Rust version rustc --version cargo --version # Add Forgejo repository for libostree packages echo "Adding Forgejo repository for libostree packages..." curl -fsSL https://git.raines.xyz/api/packages/robojerk/debian/repository.key | gpg --dearmor -o /usr/share/keyrings/forgejo-robojerk.gpg echo "deb [signed-by=/usr/share/keyrings/forgejo-robojerk.gpg] https://git.raines.xyz/api/packages/robojerk/debian noble main" | tee /etc/apt/sources.list.d/forgejo-robojerk.list # Update package lists and install libostree packages apt update -y echo "Installing libostree packages from Forgejo repository..." apt install -y libostree-dev=2025.2-1~noble1 libostree-1-1=2025.2-1~noble1 echo "✅ libostree packages installed successfully" echo "libostree-dev version: $(dpkg-query -W -f='${Version}' libostree-dev)" echo "libostree-1-1 version: $(dpkg-query -W -f='${Version}' libostree-1-1)" - name: Checkout repository manually run: | # Clone the repository manually instead of using actions/checkout git clone https://git.raines.xyz/robojerk/bootc-deb.git /tmp/bootc-deb cp -r /tmp/bootc-deb/* . cp -r /tmp/bootc-deb/.* . 2>/dev/null || true - name: Install curl and jq for API testing run: | apt-get update -y apt-get install -y curl jq - name: Debug - Check ACCESS_TOKEN (safe) run: | echo "=== Debugging ACCESS_TOKEN ===" echo "Token exists: ${{ secrets.ACCESS_TOKEN != '' }}" echo "Token length: ${#ACCESS_TOKEN}" echo "Token first 4 chars: $(echo "$ACCESS_TOKEN" | cut -c1-4)..." echo "Token last 4 chars: ...$(echo "$ACCESS_TOKEN" | rev | cut -c1-4 | rev)" echo "Environment variable name: ACCESS_TOKEN" echo "Available secrets:" env | grep -i token || echo "No token env vars found" env: ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }} - name: Test API endpoints run: | echo "=== Testing Forgejo API endpoints with ACCESS_TOKEN ===" # Test 1: Check Forgejo version and capabilities echo "Testing Forgejo version..." curl -s -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \ "https://git.raines.xyz/api/v1/version" | jq . 2>/dev/null || echo "Version endpoint failed" echo "" echo "=== Testing user info ===" # Test 2: Check user info echo "Testing user info..." curl -s -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \ "https://git.raines.xyz/api/v1/user" | jq . 2>/dev/null || echo "User endpoint failed" echo "" echo "=== Testing repository info ===" # Test 3: Check repository info echo "Testing repository info..." curl -s -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \ "https://git.raines.xyz/api/v1/repos/robojerk/bootc-deb" | jq . 2>/dev/null || echo "Repository endpoint failed" echo "" echo "=== Testing package registry endpoints ===" # Test 4: Check if package registry is enabled echo "Testing package registry availability..." curl -s -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \ "https://git.raines.xyz/api/v1/user/packages" | jq . 2>/dev/null || echo "User packages endpoint failed" echo "" echo "=== Testing repository packages ===" # Test 5: Check repository packages echo "Testing repository packages..." curl -s -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \ "https://git.raines.xyz/api/v1/repos/robojerk/bootc-deb/packages" | jq . 2>/dev/null || echo "Repository packages endpoint failed" echo "" echo "=== Testing Debian package registry ===" # Test 6: Check available package types echo "Testing Debian package registry..." curl -s -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \ "https://git.raines.xyz/api/v1/packages/robojerk/debian" | jq . 2>/dev/null || echo "Debian packages endpoint failed" - name: Install additional build dependencies run: | apt update -y apt install -y debhelper-compat dh-cargo \ libglib2.0-dev libgpgme-dev libssl-dev libcurl4-gnutls-dev \ libarchive-dev libfuse3-dev libsystemd-dev libmount-dev \ libselinux1-dev libavahi-client-dev libavahi-glib-dev \ libsoup-3.0-dev gobject-introspection gtk-doc-tools \ docbook-xml docbook-xsl xsltproc gjs libglib2.0-doc \ libzstd-dev - name: Clone bootc source run: | git clone --depth 1 --branch v${BOOTC_VERSION} https://github.com/containers/bootc.git bootc-${BOOTC_VERSION} cd bootc-${BOOTC_VERSION} - name: Debug - List files before patching run: | cd bootc-${BOOTC_VERSION} echo "Current directory: $(pwd)" echo "Files in current directory:" ls -la echo "Files in lib/src/ (if it exists):" ls -la lib/src/ 2>/dev/null || echo "Directory does not exist" echo "Patch file location:" ls -la ../bootc-libostree-compatibility.patch - name: Apply compatibility patch run: | cd bootc-${BOOTC_VERSION} if [ ! -f ../bootc-libostree-compatibility.patch ]; then echo "❌ ERROR: bootc-libostree-compatibility.patch not found!" echo "This patch is required for bootc to work with the libostree backport." exit 1 fi # Apply patch with correct strip level for lib/src/cli.rs echo "Applying patch to lib/src/cli.rs..." patch -p1 < ../bootc-libostree-compatibility.patch - name: Copy debian packaging run: | cd bootc-${BOOTC_VERSION} if [ ! -d ../debian ]; then echo "❌ ERROR: debian packaging directory not found!" echo "The debian/ directory is required for building the package." exit 1 fi cp -r ../debian . - name: Build bootc package shell: bash run: | cd bootc-${BOOTC_VERSION} echo "Building bootc package with libostree compatibility patch..." # Source Rust environment and ensure default toolchain is set . ~/.cargo/env rustup default stable dpkg-buildpackage -us -uc -b - name: List built packages run: | echo "Built bootc packages:" ls -la bootc-${BOOTC_VERSION}/../*.deb - name: Upload to Debian Package Registry id: debian_upload shell: bash run: | echo "=== Attempting Debian Package Registry upload with ACCESS_TOKEN ===" # Check if ACCESS_TOKEN is available if [ -z "${{ secrets.ACCESS_TOKEN }}" ]; then echo "❌ ACCESS_TOKEN is not set" exit 1 fi echo "✅ ACCESS_TOKEN is set" # List contents for debugging echo "Built packages:" ls -la bootc-${BOOTC_VERSION}/../*.deb || echo "No .deb files found" for deb_file in bootc-${BOOTC_VERSION}/../*.deb; do if [ -f "$deb_file" ]; then echo "Uploading $deb_file to Debian Package Registry..." filename=$(basename "$deb_file") echo "File: $filename" # Get HTTP code directly using curl -w (same as libostree-dev) http_code=$(curl -s -o /dev/null -w "%{http_code}" \ --user "robojerk:${{ secrets.ACCESS_TOKEN }}" \ --upload-file "$deb_file" \ "https://git.raines.xyz/api/packages/robojerk/debian/pool/noble/main/upload") echo "HTTP Response Code: $http_code" if [ "$http_code" = "201" ]; then echo "✅ Debian Package Registry upload SUCCESS for $deb_file" elif [ "$http_code" = "409" ]; then echo "➡️ INFO: Package $deb_file already exists (HTTP 409 Conflict)" else echo "❌ Debian Package Registry upload FAILED for $deb_file (HTTP $http_code)" # Show verbose output for debugging failures curl -v -i --user "robojerk:${{ secrets.ACCESS_TOKEN }}" \ --upload-file "$deb_file" \ "https://git.raines.xyz/api/packages/robojerk/debian/pool/noble/main/upload" 2>&1 exit 1 fi fi done - name: Create release assets run: | mkdir -p release-assets cp bootc-${BOOTC_VERSION}/../*.deb release-assets/ 2>/dev/null || echo "No .deb files found" # Create a summary file echo "Bootc Package Build Summary" > release-assets/BUILD_SUMMARY.txt echo "===========================" >> release-assets/BUILD_SUMMARY.txt echo "Build Date: $(date)" >> release-assets/BUILD_SUMMARY.txt echo "Ubuntu Version: ${UBUNTU_VERSION}" >> release-assets/BUILD_SUMMARY.txt echo "Bootc Version: ${BOOTC_VERSION}" >> release-assets/BUILD_SUMMARY.txt echo "" >> release-assets/BUILD_SUMMARY.txt echo "Built Packages:" >> release-assets/BUILD_SUMMARY.txt ls -la release-assets/*.deb 2>/dev/null || echo "No packages found" >> release-assets/BUILD_SUMMARY.txt echo "Release assets created:" ls -la release-assets/ - name: Success Summary run: | echo "=== Upload Summary ===" echo "✅ All bootc packages uploaded successfully to Forgejo Debian Package Registry" echo "✅ Packages automatically assigned to repository by Forgejo" echo "" echo "📦 Packages should now be available at:" echo " https://git.raines.xyz/robojerk/bootc-deb/packages" echo "" echo "🎯 Next steps:" echo " - Verify packages appear in repository packages page" echo " - Test package installation on Ubuntu Noble systems" echo " - Users can install with: sudo apt install bootc"