From 32036d1f93e421497b574c18f20a802142a5d85b Mon Sep 17 00:00:00 2001 From: Simon Beaudoin Date: Wed, 13 May 2026 14:53:19 -0700 Subject: [PATCH 1/3] Update qcom-build-utils workflow callers Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/build-debian-package.yml | 19 +++++++++++++------ .github/workflows/pr-pre-post-merge.yml | 11 ++++++++--- .github/workflows/promote-prebuilt.yml | 4 ++-- .github/workflows/promote-upstream.yml | 6 +++--- .github/workflows/release.yml | 20 +++++++++++++------- 5 files changed, 39 insertions(+), 21 deletions(-) diff --git a/.github/workflows/build-debian-package.yml b/.github/workflows/build-debian-package.yml index 6d32204..a3a2205 100644 --- a/.github/workflows/build-debian-package.yml +++ b/.github/workflows/build-debian-package.yml @@ -12,15 +12,18 @@ on: required: true default: debian/qcom-next - distro-codename: - description: The distribution codename to build for. Ex noble, questing, etc + suite: + description: The distribution codename or Debian suite to build for. Ex noble, questing, resolute, trixie, sid, unstable type: choice default: noble options: - noble - questing - resolute + - unstable + - forky - trixie + - bookworm - sid abi-checker: @@ -31,12 +34,16 @@ on: permissions: contents: read packages: read + id-token: write jobs: build: - uses: qualcomm-linux/qcom-build-utils/.github/workflows/qcom-build-pkg-reusable-workflow.yml@main + uses: qualcomm-linux/qcom-build-utils/.github/workflows/qcom-build-pkg-reusable-workflow.yml@development with: - qcom-build-utils-ref: main debian-ref: ${{ inputs.debian-ref }} - distro-codename: ${{ inputs.distro-codename }} - run-abi-checker: ${{ inputs.abi-checker }} \ No newline at end of file + suite: ${{ inputs.suite }} + debusine-parent-workspace: ${{ vars.DEBUSINE_PARENT_WORKSPACE || 'ci' }} + run-abi-checker: ${{ inputs.abi-checker }} + secrets: + DEBUSINE_USER: ${{ secrets.DEBUSINE_USER }} + DEBUSINE_TOKEN: ${{ secrets.DEBUSINE_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/pr-pre-post-merge.yml b/.github/workflows/pr-pre-post-merge.yml index 00968ab..d4b3ccf 100644 --- a/.github/workflows/pr-pre-post-merge.yml +++ b/.github/workflows/pr-pre-post-merge.yml @@ -13,17 +13,22 @@ on: permissions: contents: read + packages: read + id-token: write jobs: build: # This condition ensures that the job runs for all PR actions except closed unmerged, # i.e., it runs for opened, synchronize, reopened (pre-merge) and closed merged (post-merge). if: ${{ github.event.action != 'closed' || github.event.pull_request.merged == true }} - uses: qualcomm-linux/qcom-build-utils/.github/workflows/qcom-build-pkg-reusable-workflow.yml@main + uses: qualcomm-linux/qcom-build-utils/.github/workflows/qcom-build-pkg-reusable-workflow.yml@development with: - qcom-build-utils-ref: main # PRE-MERGE: use the PR head branch (github.head_ref) # POST-MERGE: use the base branch name from the PR (e.g. "debian/qcom-next") debian-ref: ${{ (github.event.action == 'closed' && github.event.pull_request.merged) && github.event.pull_request.base.ref || github.head_ref }} + suite: sid + debusine-parent-workspace: ${{ vars.DEBUSINE_PARENT_WORKSPACE || 'ci' }} run-abi-checker: true - secrets: inherit + secrets: + DEBUSINE_USER: ${{ secrets.DEBUSINE_USER }} + DEBUSINE_TOKEN: ${{ secrets.DEBUSINE_TOKEN }} diff --git a/.github/workflows/promote-prebuilt.yml b/.github/workflows/promote-prebuilt.yml index 1a388f6..eccae9c 100644 --- a/.github/workflows/promote-prebuilt.yml +++ b/.github/workflows/promote-prebuilt.yml @@ -37,12 +37,12 @@ on: permissions: contents: write pull-requests: write + id-token: write jobs: promote: - uses: qualcomm-linux/qcom-build-utils/.github/workflows/qcom-promote-prebuilt-reusable-workflow.yml@dev/pkg-bin + uses: qualcomm-linux/qcom-build-utils/.github/workflows/qcom-promote-prebuilt-reusable-workflow.yml@development with: - qcom-build-utils-ref: dev/pkg-bin debian-branch: ${{inputs.debian-branch}} new-tag: ${{inputs.new-tag}} new-package-name: ${{inputs.new-package-name}} diff --git a/.github/workflows/promote-upstream.yml b/.github/workflows/promote-upstream.yml index 4fa3655..b3ded0f 100644 --- a/.github/workflows/promote-upstream.yml +++ b/.github/workflows/promote-upstream.yml @@ -19,15 +19,15 @@ permissions: contents: write packages: read pull-requests: write + id-token: write jobs: promote: - uses: qualcomm-linux/qcom-build-utils/.github/workflows/qcom-promote-upstream-reusable-workflow.yml@main + uses: qualcomm-linux/qcom-build-utils/.github/workflows/qcom-promote-upstream-reusable-workflow.yml@development with: - qcom-build-utils-ref: main debian-branch: ${{inputs.debian-branch}} upstream-tag: ${{inputs.upstream-tag}} upstream-repo: ${{vars.UPSTREAM_REPO_GITHUB_NAME}} secrets: - PAT: ${{secrets.DEB_PKG_BOT_CI_TOKEN}} # If the source repo is private, this secret is necessary to be provided in the repo \ No newline at end of file + PAT: ${{ secrets.DEB_PKG_BOT_CI_TOKEN }} # If the source repo is private, this secret is necessary to be provided in the repo \ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index df6634f..008451a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,15 +7,18 @@ on: workflow_dispatch: inputs: - distro-codename: - description: The distribution codename to build for. Ex noble, questing, etc + suite: + description: The distribution codename or Debian suite to release for. Ex noble, questing, resolute, trixie, bookworm, sid, unstable type: choice default: noble options: - noble - questing - resolute + - unstable + - forky - trixie + - bookworm - sid debian-branch: @@ -34,15 +37,18 @@ on: permissions: contents: write packages: read + id-token: write jobs: release: - uses: qualcomm-linux/qcom-build-utils/.github/workflows/qcom-release-reusable-workflow.yml@main + uses: qualcomm-linux/qcom-build-utils/.github/workflows/qcom-release-reusable-workflow.yml@development with: - qcom-build-utils-ref: main - distro-codename: ${{ github.event.inputs.distro-codename }} + suite: ${{ github.event.inputs.suite }} debian-branch: ${{ github.event.inputs.debian-branch }} - test-run: ${{ github.event.inputs.test-run == 'true' && true || false }} + debusine-parent-workspace: ${{ vars.DEBUSINE_PARENT_WORKSPACE || 'ci' }} secrets: - PAT: ${{secrets.DEB_PKG_BOT_CI_TOKEN}} \ No newline at end of file + PAT: ${{ secrets.DEB_PKG_BOT_CI_TOKEN }} + DEBUSINE_USER: ${{ secrets.DEBUSINE_USER }} + DEBUSINE_TOKEN: ${{ secrets.DEBUSINE_TOKEN }} + DEBUSINE_RELEASE_TOKEN: ${{ secrets.DEBUSINE_RELEASE_TOKEN }} \ No newline at end of file From 4c607c24d28568fc5a19b53bb3049a76e0562302 Mon Sep 17 00:00:00 2001 From: Simon Beaudoin Date: Thu, 14 May 2026 13:37:55 -0700 Subject: [PATCH 2/3] Refresh Debusine workflow validation files Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- .github/workflows/debusine-daily.yml | 5 ++++- .github/workflows/debusine-pr-check.yml | 5 ++++- .github/workflows/debusine-release.yml | 17 +++++++++++------ 3 files changed, 19 insertions(+), 8 deletions(-) diff --git a/.github/workflows/debusine-daily.yml b/.github/workflows/debusine-daily.yml index c0b940e..fe17853 100644 --- a/.github/workflows/debusine-daily.yml +++ b/.github/workflows/debusine-daily.yml @@ -48,15 +48,18 @@ jobs: fail-fast: false matrix: target_branch: ${{ fromJson(needs.check-branches.outputs.matrix) }} - uses: qualcomm-linux/debusine-action/.github/workflows/debusine.yml@main + uses: qualcomm-linux/debusine-action/.github/workflows/debusine.yml@dev/sbeaudoi with: target_branch: ${{ matrix.target_branch }} source_ref: refs/heads/${{ matrix.target_branch }} release: false + debusine-parent-workspace: ${{ vars.DEBUSINE_PARENT_WORKSPACE || 'ci' }} job_index: ${{ strategy.job-index }} permissions: contents: write deployments: write + id-token: write + packages: read secrets: DEBUSINE_USER: ${{ secrets.DEBUSINE_USER }} DEBUSINE_TOKEN: ${{ secrets.DEBUSINE_TOKEN }} diff --git a/.github/workflows/debusine-pr-check.yml b/.github/workflows/debusine-pr-check.yml index 6507467..ba7e508 100644 --- a/.github/workflows/debusine-pr-check.yml +++ b/.github/workflows/debusine-pr-check.yml @@ -15,16 +15,19 @@ permissions: contents: write deployments: write statuses: write + id-token: write + packages: read jobs: debusine: name: Debusine if: ${{ github.event.workflow_run.conclusion == 'success' }} - uses: qualcomm-linux/debusine-action/.github/workflows/debusine.yml@main + uses: qualcomm-linux/debusine-action/.github/workflows/debusine.yml@dev/sbeaudoi with: source_ref: refs/pull/${{ github.event.workflow_run.pull_requests[0].number }}/merge target_branch: ${{ github.event.workflow_run.pull_requests[0].base.ref }} release: false + debusine-parent-workspace: ${{ vars.DEBUSINE_PARENT_WORKSPACE || 'ci' }} secrets: DEBUSINE_USER: ${{ secrets.DEBUSINE_USER }} DEBUSINE_TOKEN: ${{ secrets.DEBUSINE_TOKEN }} diff --git a/.github/workflows/debusine-release.yml b/.github/workflows/debusine-release.yml index e8fbae8..5c266af 100644 --- a/.github/workflows/debusine-release.yml +++ b/.github/workflows/debusine-release.yml @@ -3,14 +3,16 @@ # SEE README.debusine.md BEFORE CHANGING THIS FILE -# Note: in addition to the default branch, this workflow file must also be -# copied into each packaging branch in order to function as intended. - name: Debusine Release on: workflow_dispatch: inputs: + target-branch: + description: Packaging branch to build and optionally release + type: string + required: true + default: qcom/debian/trixie release: description: Run release step type: boolean @@ -20,14 +22,17 @@ on: jobs: debusine: name: Debusine - if: startsWith(github.ref_name, 'qcom/debian/') - uses: qualcomm-linux/debusine-action/.github/workflows/debusine.yml@main + uses: qualcomm-linux/debusine-action/.github/workflows/debusine.yml@dev/sbeaudoi with: - target_branch: ${{ github.ref_name }} + target_branch: ${{ inputs.target-branch }} + source_ref: refs/heads/${{ inputs.target-branch }} release: ${{ inputs.release }} + debusine-parent-workspace: ${{ vars.DEBUSINE_PARENT_WORKSPACE || 'ci' }} permissions: contents: write deployments: write + id-token: write + packages: read secrets: DEBUSINE_USER: ${{ secrets.DEBUSINE_USER }} DEBUSINE_TOKEN: ${{ secrets.DEBUSINE_TOKEN }} From f561d4afb1c5f87a4d05ef4673bab6d78b3adbe8 Mon Sep 17 00:00:00 2001 From: Simon Beaudoin Date: Fri, 15 May 2026 11:25:50 -0700 Subject: [PATCH 3/3] Temp refresh qcom-build-utils caller refs Temporarily align the pkg-fastrpc qcom-build-utils workflow copies with the restored explicit qcom-build-utils-ref interface on the development branch for validation. --- .github/workflows/build-debian-package.yml | 2 +- .github/workflows/pr-pre-post-merge.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-debian-package.yml b/.github/workflows/build-debian-package.yml index a3a2205..ef9338a 100644 --- a/.github/workflows/build-debian-package.yml +++ b/.github/workflows/build-debian-package.yml @@ -34,12 +34,12 @@ on: permissions: contents: read packages: read - id-token: write jobs: build: uses: qualcomm-linux/qcom-build-utils/.github/workflows/qcom-build-pkg-reusable-workflow.yml@development with: + qcom-build-utils-ref: development debian-ref: ${{ inputs.debian-ref }} suite: ${{ inputs.suite }} debusine-parent-workspace: ${{ vars.DEBUSINE_PARENT_WORKSPACE || 'ci' }} diff --git a/.github/workflows/pr-pre-post-merge.yml b/.github/workflows/pr-pre-post-merge.yml index d4b3ccf..9d2c07c 100644 --- a/.github/workflows/pr-pre-post-merge.yml +++ b/.github/workflows/pr-pre-post-merge.yml @@ -14,7 +14,6 @@ on: permissions: contents: read packages: read - id-token: write jobs: build: @@ -23,6 +22,7 @@ jobs: if: ${{ github.event.action != 'closed' || github.event.pull_request.merged == true }} uses: qualcomm-linux/qcom-build-utils/.github/workflows/qcom-build-pkg-reusable-workflow.yml@development with: + qcom-build-utils-ref: development # PRE-MERGE: use the PR head branch (github.head_ref) # POST-MERGE: use the base branch name from the PR (e.g. "debian/qcom-next") debian-ref: ${{ (github.event.action == 'closed' && github.event.pull_request.merged) && github.event.pull_request.base.ref || github.head_ref }}