fix(ci): rpm signing uses rpm's default signer; flatpak installs node before checkout
apple / swift (push) Successful in 53s
ci / rust (push) Successful in 1m10s
ci / web (push) Successful in 29s
android / android (push) Failing after 1m48s
ci / docs-site (push) Successful in 31s
ci / bench (push) Successful in 1m46s
decky / build-publish (push) Successful in 12s
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 5s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 4s
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 4s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 4s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 3s
deb / build-publish (push) Failing after 2m39s
flatpak / build-publish (push) Successful in 4m1s
rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Successful in 5m13s
docker / deploy-docs (push) Successful in 20s
rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Successful in 4m51s

Two CI fixes:
- rpm signing (2nd bug): overriding %__gpg_sign_cmd via --define reached gpg with
  %{__plaintext_filename}/%{__signature_filename} UNEXPANDED ("No such file or directory").
  Stop overriding it — use rpm's default signer (which expands those correctly) and just set
  _gpg_name; a passphrase-less key + loopback in gpg.conf makes gpg sign headless. (Requires a
  passphrase-less signing key, as the runbook's %no-protection key is.)
- flatpak: the job runs in fedora:43 which has no node, so actions/checkout (a JS action) failed
  with "node: not found". Install nodejs in a plain `run:` step (shell, no node needed) before
  checkout. Also scope the heavy flatpak-builder run to client/core/manifest changes (+ tags) so
  it stops rebuilding on every unrelated docs/host push (tag pushes still build — paths filters
  only branch pushes).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-15 13:54:43 +00:00
parent 0f17b6f864
commit 59bcfa1a12
2 changed files with 26 additions and 15 deletions
+13
View File
@@ -23,6 +23,14 @@ name: flatpak
on:
push:
branches: [main]
# The flatpak is the CLIENT — only rebuild when the client/core/manifest change, not on every
# docs/host push (this is a heavy flatpak-builder run). Tags (v*, the client release) build too.
paths:
- 'crates/punktfunk-client-linux/**'
- 'crates/punktfunk-core/**'
- 'packaging/flatpak/**'
- 'Cargo.lock'
- '.gitea/workflows/flatpak.yml'
tags: ['v*']
workflow_dispatch:
@@ -43,6 +51,11 @@ jobs:
image: fedora:43
options: --privileged
steps:
# fedora:43 has no node, but actions/checkout (a JS action) needs it. A plain `run:` step
# executes via the container shell (no node needed), so install node BEFORE checkout.
- name: node for the JS actions
run: dnf -y install nodejs
- uses: actions/checkout@v4
- name: Tooling