Merge pull request #4 from ekaaty/ci-cd

Merge CI-CD Changes

.copr/Makefile

@@ -3,7 +3,7 @@
 SHELL := bash
 
 source:
-	dnf -y install cmake gcc gcc-c++
+	dnf -y install cmake gcc gcc-c++ openssl
 	cmake --fresh -DBUILD_RPMS=ON -B build -S .
 	cmake --build build --target srpm
 

.github/workflows/ci.yml

@@ -8,10 +8,6 @@ on:
 jobs:
   release-ci:
     runs-on: ubuntu-latest
-    outputs:
-      version: ${{ steps.get_metadata.outputs.version }}
-      tag: ${{ steps.get_metadata.outputs.tag }}
-      to_release: ${{ steps.newtag.outputs.to_release }}
 
     steps:
       - name: Local checkout
@@ -20,15 +16,15 @@ jobs:
       - name: Install CI dependencies
         run: |
           sudo apt-get update
-          sudo apt-get -y -qq install cmake g++ gcc
+          sudo apt-get -y -qq install cmake openssl g++ gcc
 
       - name: Get latest package metadata
         id: get_metadata
         run: |
           cmake --fresh -B build -S .
           echo "tag=v$(cat build/version)" >> $GITHUB_OUTPUT
-          echo "version=$(cat build/version)" >> $GITHUB_OUTPUT
+          echo "hash=$(sha256sum build/hash | sed 's/\s.*//g')" >> $GITHUB_OUTPUT
-
+          
       - name: Check if package version has corresponding git tag
         id: tagged
         shell: bash
@@ -43,16 +39,17 @@ jobs:
         id: newtag
         if: steps.tagged.outputs.tagged == 0
         run: |
-          git tag ${{ steps.get_metadata.outputs.tag }} \
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+          git tag -a ${{ steps.get_metadata.outputs.tag }} \
+            -m "New cert chain was released" \
+            --trailer "SHA256:${{ steps.get_metadata.outputs.hash }}" \
           && echo to_release=1 >> $GITHUB_OUTPUT \
           && git push origin ${{ steps.get_metadata.outputs.tag  }} \
           || exit 0
 
-  build-fedora:
+      - name: Create and publish GitHub release
-    needs: release-ci
+        if: steps.newtag.outputs.to_release == 1
-    uses: ./.github/workflows/fedora.yml
+        uses: softprops/action-gh-release@v2
-    with:
+        with:
-      containers: "['fedora:latest', 'fedora:41']"
+          tag_name: ${{ steps.get_metadata.outputs.tag }}
-      version: ${{ needs.release-ci.outputs.version }}
-      to_release: ${{ needs.release-ci.outputs.to_release }}
-      tag: ${{ needs.release-ci.outputs.tag }}

.github/workflows/fedora.yml

@@ -1,70 +0,0 @@
-on:
-  workflow_call:
-    inputs:
-      containers:
-        default: "['fedora:latest']"
-        required: false
-        type: string
-      tag:
-        required: true
-        type: string
-      to_release:
-        default: "0"
-        required: false
-        type: string
-      version:
-        required: true
-        type: string
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  build:
-    strategy:
-      max-parallel: 2
-      matrix:
-        image: ${{ fromJson(inputs.containers) }}
-    runs-on: ubuntu-latest
-    container: ${{ matrix.image }}
-
-    steps:
-      - name: Prepare - local checkout
-        uses: actions/checkout@v4
-
-      - name: Prepare - install build dependencies
-        run: |
-          dnf -y install \
-            cmake \
-            gcc \
-            gcc-c++ \
-            git \
-            openssl \
-            rpm-build \
-            rpmdevtools \
-            tar
-
-      - name: Prepare - setup RPM build tree
-        run: |
-          rpmdev-setuptree
-
-      - name: Prepare - configure the source
-        run: |
-          cmake -B $(pwd)/build -S $(pwd)
-
-      - name: Build - create source tarball and SRPM package
-        run: |
-          cmake --build $(pwd)/build --target srpm
-
-      - name: Build - create RPM package
-        run: |
-          cmake --build $(pwd)/build --target rpms
-
-      - name: Publish - create GitHub release
-        uses: softprops/action-gh-release@v2
-        if: inputs.to_release == 1
-        with:
-          tag_name: ${{ inputs.tag }}
-          files: |
-            dist/*.rpm

CMakeLists.txt

@@ -132,7 +132,7 @@ install(
     ${CMAKE_INSTALL_PREFIX}/${CACERT_INSTALL_DIR}
 )
 
-set(DOCS_INSTALL_DIR "share/doc/${PROJECT}")
+set(DOCS_INSTALL_DIR "share/doc/${PROJECT_NAME}")
 install(
   FILES
   ${CMAKE_CURRENT_SOURCE_DIR}/LICENSE

CPackLists.txt

@@ -61,6 +61,14 @@ configure_file(
 )
 
 if(BUILD_RPMS)
+execute_process(
+  COMMAND bash -c
+    "LANG=C DATE=$(date +'%a %b %d %Y'); \
+      echo \"* $DATE %{packager} - ${PROJECT_VERSION}-1%{?dist}\"; \
+      echo \"- This is an automatically built package (See our Git URL for more info).\"; \
+    "
+  OUTPUT_VARIABLE CPACK_RPM_CHANGELOG
+)
 CONFIGURE_FILE("${CMAKE_CURRENT_SOURCE_DIR}/packaging/pkg.spec.in"
   "${CMAKE_CURRENT_BINARY_DIR}/${PROJECT_NAME}.spec"
   @ONLY 

README.md

@@ -20,7 +20,7 @@ chain, supervise and audit the processes.
 * [Certification Practice Statement Root Certification Authority of Brazil](
     https://acraiz.icpbrasil.gov.br/cpsrootca.pdf
   )
-* [Política de Segurança da AC-Raiz](
+* [Security Policy of Root-CA (in Portuguese)](
     https://acraiz.icpbrasil.gov.br/PSacraiz.pdf
   )
 

packaging/pkg.spec.in

@@ -1,5 +1,6 @@
 %global debug_package %{nil}
 %global source_date_epoch_from_changelog 0
+%global packager Christian Tosta <7252968+christiantosta@users.noreply.github.com>
 
 %define __openssl   %{_bindir}/openssl
 
@@ -43,9 +44,9 @@ chain, supervise and audit the processes.
 
 
 %files 
-%doc %{_datadir}/doc/*.pdf
+%doc %{_datadir}/doc/%{name}/*.pdf
-%doc %{_datadir}/doc/README.md
+%doc %{_datadir}/doc/%{name}/README.md
-%license %{_datadir}/doc/LICENSE
+%license %{_datadir}/doc/%{name}/LICENSE
 %{_datadir}/pki/ca-trust-source/anchors/isrg-root-x2.crt
 %{_datadir}/pki/ca-trust-source/anchors/lets-encrypt-ca-bundle.crt
 %{_datadir}/pki/ca-trust-source/anchors/icp-brasil-ca-bundle.crt
@@ -55,4 +56,4 @@ chain, supervise and audit the processes.
 %postun -p %{_bindir}/update-ca-trust
 
 %changelog
-%autochangelog
+@CPACK_RPM_CHANGELOG@