Add CI jobs to update RPM packages

author Andoni Duarte Pintado <andoni@isc.org>

Thu, 5 Mar 2026 14:35:36 +0000 (15:35 +0100)

committer Andoni Duarte Pintado <andoni@isc.org>

Thu, 12 Mar 2026 16:56:02 +0000 (17:56 +0100)
author Andoni Duarte Pintado <andoni@isc.org>
Thu, 5 Mar 2026 14:35:36 +0000 (15:35 +0100)
committer Andoni Duarte Pintado <andoni@isc.org>
Thu, 12 Mar 2026 16:56:02 +0000 (17:56 +0100)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml

index c731808714420352302e6e954f4758a2e3903168..43dc6bf3980ec69f15f96a9cde946f8dac1bef7a 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -305,6 +305,9 @@ stages:
  .rule_tag_open_source: &rule_tag_open_source
    - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_COMMIT_TAG != null && $CI_COMMIT_TAG !~ /-S/'
  
+.rule_tag_open_source_maintenance: &rule_tag_open_source_maintenance
+  - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_COMMIT_TAG != null && $CI_COMMIT_TAG !~ /-S/ && $RELEASE_TYPE != "security"'
+
  .rule_tag_security: &rule_tag_security
    - if: '$CI_PROJECT_NAMESPACE == "isc-private" && $CI_COMMIT_TAG != null && $RELEASE_TYPE == "security"'
  
@@ -1970,6 +1973,85 @@ publish:
    tags:
      - smalljob
  
+# Jobs to update RPMs
+
+.rpm-build-job: &rpm_build_job
+  <<: *manual_release_job_qa
+  needs:
+    - job: publish
+      artifacts: false
+  script:
+    - >
+      "${CI_PROJECT_DIR}"/bind9-qa/releng/update_rpms.py build --service "${SERVICE}" --version "${CI_COMMIT_TAG}"
+
+.rpm-build-job-private: &rpm_build_job_private
+  <<: *manual_release_job_qa
+  needs:
+    - job: publish-private
+      artifacts: false
+  script:
+    - >
+      "${CI_PROJECT_DIR}"/bind9-qa/releng/update_rpms.py build --service "${SERVICE}" --version "${CI_COMMIT_TAG}" --base-url "$(cat "url-${CI_COMMIT_TAG}.txt")"
+
+.rpm-publish-job: &rpm_publish_job
+  <<: *manual_release_job_qa
+  script:
+    - >
+      "${CI_PROJECT_DIR}"/bind9-qa/releng/update_rpms.py publish --service "${SERVICE}" --commit "$(cat "commit.txt")"
+
+# Update Cloudsmith packages
+
+rpms-cloudsmith-build:
+  <<: *rpm_build_job
+  variables:
+    SERVICE: cloudsmith
+  rules:
+    - *rule_tag_open_source_maintenance
+  artifacts:
+    paths:
+      - commit.txt
+
+rpms-cloudsmith-build-private:
+  <<: *rpm_build_job_private
+  variables:
+    SERVICE: cloudsmith
+  rules:
+    - *rule_tag_security_or_subscription
+  artifacts:
+    paths:
+      - commit.txt
+
+# Publish Cloudsmith packages
+
+rpms-cloudsmith-publish:
+  <<: *rpm_publish_job
+  variables:
+    SERVICE: cloudsmith
+  needs:
+    - job: rpms-cloudsmith-build
+      artifacts: true
+  rules:
+    - *rule_tag_open_source_maintenance
+
+rpms-cloudsmith-publish-private:
+  <<: *rpm_publish_job
+  variables:
+    SERVICE: cloudsmith
+  needs:
+    - job: rpms-cloudsmith-build-private
+      artifacts: true
+  rules:
+    - *rule_tag_security_or_subscription
+
+# Update Copr packages
+
+rpms-copr:
+  <<: *rpm_build_job
+  variables:
+    SERVICE: copr
+  rules:
+    - *rule_tag_open_source
+
  # Setting the FORCE_CVE_IDS environment variable to a comma-separated
  # list of CVE IDs enables overriding the autodetected ones.
  #
author	Andoni Duarte Pintado <andoni@isc.org>
	Thu, 5 Mar 2026 14:35:36 +0000 (15:35 +0100)
committer	Andoni Duarte Pintado <andoni@isc.org>
	Thu, 12 Mar 2026 16:56:02 +0000 (17:56 +0100)