release.sh: build RHEL 7/8/9/10 RPMs into static nginx layout#374
release.sh: build RHEL 7/8/9/10 RPMs into static nginx layout#374hecko wants to merge 6 commits into
Conversation
There was a problem hiding this comment.
Pull request overview
Adds a repo-root release.sh that orchestrates building existing RHEL 7/8/9/10 container images, extracts RPM/SRPM artifacts from /root/rpmbuild/{RPMS,SRPMS}, and writes them into a static nginx-friendly directory layout (optionally generating repodata/ via createrepo_c).
Changes:
- Introduces
release.shto buildDockerfile-rhel{7,8,9,10}images and extract RPM/SRPM outputs into../rhel/<el>/{x86_64,SRPMS}. - Supports
EL_VERSIONS,OUT_DIR, andCONTAINER_ENGINEoverrides, with auto-detection of docker vs podman. - Optionally runs
createrepo_cto generate yum/dnf metadata for each output directory.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| EL_VERSIONS="${EL_VERSIONS:-7 8 9 10}" | ||
|
|
||
| ENGINE="${CONTAINER_ENGINE:-}" |
There was a problem hiding this comment.
If any command after creating the container fails (e.g., cp/find), set -e will exit the script and leave the created container behind. Consider adding a trap in build_one_el to always rm -f the container id (and clean up the temp dir) on both success and failure.
| fi | ||
|
|
||
| VERSION="$(cat "$SRC_DIR/VERSION")" |
There was a problem hiding this comment.
rm -rf "$dest" is potentially destructive if OUT_DIR is mis-set (e.g., empty or /). Add a safety guard before removal (e.g., reject empty///relative OUT_DIR, and/or ensure dest is under OUT_DIR and not the filesystem root) so an env typo can’t wipe unexpected paths.
| echo "error: checkout at $REF does not look like a sems tree" >&2 | ||
| exit 1 |
There was a problem hiding this comment.
Each run rebuilds and tags an image (sems-release-el<el>:<version>) but never removes it; over time this can accumulate dangling layers/images and consume significant disk. Consider adding an optional cleanup step (e.g., env flag to image rm the tag after artifacts are extracted) or at least emitting a note about pruning.
Adds a self-contained script that builds the existing Dockerfile-rhel<N>
images, extracts /root/rpmbuild/{RPMS,SRPMS} from each, and arranges the
artifacts under ../rhel/<el>/{x86_64,SRPMS}/ so the directory can be served
directly by nginx. Runs createrepo_c locally when available; otherwise leaves
a plain RPM drop. No signing, no external hosting, no yum repo publishing.
The script now takes the git tag/branch/SHA to build as its first argument and stages the build in a git worktree instead of the caller's working tree. This keeps uncommitted local changes out of the release and lets operators run the script from a long-lived checkout without stashing.
…m list Each <OUT_DIR>/<el>/ now contains a README.txt recording when the release was produced, the git ref/SHA it was built from, the SEMS version, and the full output of `rpm -qa` inside the build container. That captures the toolchain and dependency versions responsible for the binaries so releases are traceable without re-running the build.
hecko
force-pushed
the
claude/rhel-rpm-distribution-ZQagX
branch
from
44be549 to
287f806
Compare
The script now takes no arguments and builds directly from the current checkout, matching the simpler "check out what you want, then run release.sh" workflow. Git metadata (describe, SHA, dirty flag) is still captured in the per-EL README when the source is a git clone, but is no longer required.
…sting Lets several SEMS versions share the same nginx tree (e.g. rhel/9/2.1.0/x86_64 alongside rhel/9/2.2.0/x86_64). Each rebuild only wipes its own (el, version) subtree, so older releases are preserved until explicitly removed.
The release.sh script (and existing build_test.yml CI) feeds the working tree to docker as the build context. A local cmake out-of-source build directory or the .git history can each be hundreds of megabytes, all of which docker otherwise streams to the daemon and embeds in image layers via COPY. Excluding both keeps releases reproducible and faster.
Summary
Adds a standalone
release.shat the repo root that builds the existingDockerfile-rhel{7,8,9,10}images, extracts/root/rpmbuild/{RPMS,SRPMS}from each, and arranges the artifacts in a directory layout that nginx can serve directly as static files.Run from a checked-out repo (e.g.
/var/www/html/sems/sems-sources) and it writes to../rhel:If
createrepo_cis installed locally, per-ELrepodata/is generated so the tree doubles as a working yum repo; if not, it stays a plain RPM drop. No signing, no external hosting, no publish step.Design notes
pkg/rpm/sems.spec+ the existing Dockerfiles — the script only orchestrates and extracts.docker cpfrom a created (not run) container, so no build-time side effects leak in.EL_VERSIONS=9 ./release.sh) are safe.dockerorpodman; overridable viaCONTAINER_ENGINE.OUT_DIRandEL_VERSIONSare env-overridable for non-default layouts.Test plan
cdinto a fresh checkout and run./release.sh— verify../rhel/{7,8,9,10}/x86_64/*.rpmappear.EL_VERSIONS=9 ./release.shrebuilds only el9, leaves other EL dirs intact.createrepo_cinstalled, confirm../rhel/9/x86_64/repodata/repomd.xmlis generated anddnf install --repofrompath=test,http://<host>/rhel/9/x86_64 semsworks.createrepo_c, script still succeeds and emits the "skipping repodata" note.CONTAINER_ENGINE=podman ./release.shworks on a podman-only host.https://claude.ai/code/session_01YJFpz5oXRDnM75V8BP1B41