Skip to content

Add RPM release workflow and update Makefile #105

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add RPM release workflow and update Makefile #105

wants to merge 1 commit into from

Conversation

@1570005763
Copy link
Collaborator

@1570005763 1570005763 commented Nov 27, 2025

This PR introduces a complete RPM package building and publishing automation workflow, enabling the Trustee project to be distributed and installed via RPM packages on Anolis OS 23.

Key Changes

  1. GitHub Actions Workflow

    • Added release-rpm.yml workflow that automatically builds and publishes RPM packages upon release

    • The workflow consists of four main phases:

      • Build material creation: Generates build material packages containing all source code and dependencies
      • RPM building: Builds RPM packages in a containerized environment
      • Publishing: Uploads the built RPM packages to GitHub Releases
      • SLSA provenance: Generates software supply chain security attestations

  2. Makefile Enhancements

    • Updated dist/Makefile with a new create-build-artifacts target

    • Supports creation of all build artifacts needed for RPM packaging, including:

      • Main source tarball
      • Rust vendor dependencies tarball
      • Go vendor dependencies tarball
      • Frontend node_modules tarball

  3. RPM Build Environment

    • Added Dockerfile for AnolisOS23 with all necessary build tools configured
    • Includes compilers and toolchains for Rust, Go, Node.js, etc.
    • Configured environment variables for reproducible builds

  4. SPEC File

    • Created detailed trustee.spec file defining RPM build specifications
    • Supports both main trustee package and trustee-frontend sub-package
    • Contains proper dependency declarations and service management scripts

  5. Build Scripts

    • Provided build-in-docker.sh script to execute RPM building within containers
    • Automatically handles build environment setup, dependency installation, and package building

  6. Documentation

    • Added comprehensive README.md with instructions on how to reproduce the RPM build process locally
    • Includes build verification and troubleshooting guides

Usage

  1. When a new release is published on GitHub, the RPM build workflow is automatically triggered
  2. Users can download pre-built RPM packages directly from GitHub Releases for installation
  3. Developers can follow the instructions in the README to reproduce the build process locally

Reproducible Builds

This implementation places special emphasis on build reproducibility, ensuring that anyone can generate exactly the same RPM packages as the official releases, thereby enhancing software supply chain security.

@shankailun-aliyun
Copy link
Collaborator

shankailun-aliyun commented Nov 27, 2025

@1570005763 ,您好,您的请求已接收,请耐心等待结果。

@shankailun-aliyun
Copy link
Collaborator

shankailun-aliyun commented Nov 27, 2025

@1570005763 ,您好,未检测到有镜像需要构建,如需重新检测请评论 /start

@1570005763 1570005763 requested a review from jialez0 November 27, 2025 09:17
@shankailun-aliyun
Copy link
Collaborator

shankailun-aliyun commented Nov 27, 2025

@1570005763 ,您好,您的请求已接收,请耐心等待结果。

@shankailun-aliyun
Copy link
Collaborator

shankailun-aliyun commented Nov 27, 2025

@1570005763 ,您好,未检测到有镜像需要构建,如需重新检测请评论 /start

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jialez0 jialez0 Awaiting requested review from jialez0

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@1570005763 @shankailun-aliyun