Updated Fedora build CI

.github/workflows/ci.yml

@@ -0,0 +1,52 @@
+name: Build and Release CI
+on:
+  push:
+  schedule:
+    - cron: '30 3 * * *'
+  workflow_dispatch:
+
+jobs:
+  release-ci:
+    runs-on: ubuntu-latest
+    outputs:
+      VERSION: ${{ steps.get_metadata.outputs.VERSION }}
+
+    steps:
+      - name: Local checkout
+        uses: actions/checkout@v4
+
+      - name: Install CI dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get -y -qq install cmake g++ gcc
+
+      - name: Get latest package metadata
+        id: get_metadata
+        run: |
+          cmake --fresh -B build -S .
+          echo "TAG=v$(cat build/version)" >> $GITHUB_OUTPUT
+          echo "VERSION=$(cat build/version)" >> $GITHUB_OUTPUT
+
+      - name: Check if package version has corresponding git tag
+        id: tagged
+        shell: bash
+        run: |
+          git show-ref \
+            --tags --verify --quiet -- \
+            "refs/tags/${{ steps.get_metadata.outputs.TAG }}" \
+          && echo tagged=1 >> $GITHUB_OUTPUT \
+          || echo tagged=0 >> $GITHUB_OUTPUT
+
+      - name: Create new tag
+        if: steps.tagged.outputs.tagged == 0
+        run: |
+          git tag ${{ steps.get_metadata.outputs.TAG }} \
+          && git push origin ${{ steps.get_metadata.outputs.TAG  }} \
+          || exit 0
+
+  build-fedora:
+    needs: release-ci
+    uses: ./.github/workflows/fedora.yml
+    with:
+      containers: "['fedora:latest', 'fedora:41']"
+      version: ${{ needs.release-ci.outputs.VERSION }}

.github/workflows/fedora.yml

@@ -0,0 +1,79 @@
+#name: build-rpm
+
+on:
+  workflow_call:
+    inputs:
+      containers:
+        required: true
+        type: string
+      version:
+        required: false
+        type: string
+
+jobs:
+  build:
+    strategy:
+      max-parallel: 2
+      matrix:
+        image: ${{ fromJson(inputs.containers) }}
+    runs-on: ubuntu-latest
+    container: ${{ matrix.image }}
+
+    steps:
+      - name: Local checkout
+        uses: actions/checkout@v4
+
+      - name: install RPM build dependencies
+        run: |
+          dnf -y install \
+            cmake \
+            gcc \
+            gcc-c++ \
+            git \
+            rpm-build \
+            rpmdevtools \
+            tar
+
+      - name: Setup RPM build tree
+        run: |
+          rpmdev-setuptree
+
+      - name: Create source tarball
+        run: |
+          cmake --fresh -B build -S .
+          cmake --build build --target sdist
+
+      - name: Set environment variables
+        run: |
+          echo "PKG_VERSION=$(cat build/version)" >> $GITHUB_ENV
+          echo "PKG_NAME=$(grep -Po 'Name:\ *\K[\S ]*' \
+            packaging/pkg.spec.in)" >> $GITHUB_ENV
+
+      - name: Copy SOURCES and SPEC file
+        run: |
+          cp packaging/pkg.spec.in ~/rpmbuild/SPECS/${PKG_NAME}.spec
+          rpmdev-bumpspec -n ${PKG_VERSION} ~/rpmbuild/SPECS/${PKG_NAME}.spec
+          cp dist/*.src.tar.gz ~/rpmbuild/SOURCES/
+
+      - name: Build RPM packages
+        run: |
+          dnf -y builddep ~/rpmbuild/SPECS/${PKG_NAME}.spec
+          rpmbuild -ba ~/rpmbuild/SPECS/${PKG_NAME}.spec
+
+      - name: Check if package version has corresponding git tag
+        id: tagged
+        shell: bash
+        run: |
+          git show-ref \
+            --tags --verify --quiet -- \
+            "refs/tags/${NEW_TAG}" \
+          && echo tagged=1 >> $GITHUB_OUTPUT \
+          || echo tagged=0 >> $GITHUB_OUTPUT
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        if: github.ref_type == 'tag' && steps.tagged.output.tagged == 1
+        with:
+          files: |
+            ~/rpmbuild/RPMS/*/*.rpm
+            ~/rpmbuild/SRPMS/*.rpm

CMakeLists.txt

@@ -15,6 +15,11 @@ execute_process(
   OUTPUT_STRIP_TRAILING_WHITESPACE
 )
 
+execute_process(
+  COMMAND echo ${PROJECT_VERSION}
+  OUTPUT_FILE ${CMAKE_BINARY_DIR}/version
+)
+
 set(SourceFiles 
   "${CMAKE_SOURCE_DIR}/cmake"
   "${CMAKE_SOURCE_DIR}/CMakeLists.txt"

packaging/pkg.spec.in

@@ -0,0 +1,52 @@
+%global debug_package %{nil}
+%global source_date_epoch_from_changelog 0
+
+%define __openssl   %{_bindir}/openssl
+
+Name:               ca-certificates-brazil
+Version:            __VERSION__
+Release:            %{autorelease}
+Summary:            The ICP-Brasil root certificate bundle
+
+License:            Public Domain
+URL:                https://www.gov.br/iti/pt-br/assuntos/certificado-digital
+Source0:            %{name}-%{version}.src.tar.gz
+
+BuildArch:          noarch
+BuildRequires:      %{__openssl}
+BuildRequires:      %{_bindir}/mktemp
+BuildRequires:      %{_bindir}/unzip
+
+%description
+The Brazilian Public Key Infrastructure - ICP-Brasil is a hierarchical chain 
+of trust that enables the issuance of digital certificates for the virtual 
+identification of citizens.
+
+It is observed that the model adopted by Brazil was single-root certification,
+and the ITI, in addition to playing the role of Root Certifying Authority - Root AC,
+also has the role of accrediting and discrediting the other participants in the 
+chain, supervise and audit the processes.
+
+%prep
+%autosetup -c
+%{cmake}
+
+%build
+%{cmake_build}
+
+%install
+%{__rm} -rf %{buildroot}
+%{cmake_install}
+
+
+%files
+%{_datadir}/pki/ca-trust-source/anchors/isrg-root-x2.crt
+%{_datadir}/pki/ca-trust-source/anchors/lets-encrypt-ca-bundle.crt
+%{_datadir}/pki/ca-trust-source/anchors/icp-brasil-ca-bundle.crt
+
+
+%post -p %{_bindir}/update-ca-trust
+%postun -p %{_bindir}/update-ca-trust
+
+%changelog
+%autochangelog