Phase 7 COPR + release-sync-manual-channels wrapper + Scoop recipe + install docs#18
Merged
Merged
Conversation
Scoop bucket has been seeded for v0.1.4 and the AUR qn-bin package is registered + installable via yay. Two new install snippets so users on Windows + Arch don't have to know about the GitHub Releases page. Homebrew was already in the install matrix.
johnpmitsch
force-pushed
the
add/copr-and-install-docs
branch
from
ebb3ec1 to
4f1c7ef
Compare
johnpmitsch
changed the title
Adds COPR (Fedora + EPEL) to the cargo-dist user_publish_jobs pipeline.
Same shape as the existing crates.io / Docker / .deb publish jobs.
Why the spec-file approach:
copr-cli's only build entrypoint accepts SRPMs or spec files — it
doesn't import prebuilt binary RPMs. So the binary-everywhere
property we have for crates.io, GHCR, .deb, and AUR needed a thin
spec whose %prep downloads the SLSA-attested upstream tarball
cargo-dist already published, verifies it against the .sha256
sidecar, and then %install just lays the binary into the buildroot.
COPR's mock chroot does this on each Fedora + EPEL chroot in
~30 seconds — no Rust toolchain involved, single trust chain.
Why four secrets instead of one combined config blob:
copr-cli only reads credentials from ~/.config/copr (no env-var
fallback per copr/v3/helpers.py's config_from_file). The workflow
has to assemble that file at runtime regardless. Splitting the four
fields (login, username, token, copr_url) into separate repo secrets
makes each one safe to paste as a single line (no multiline blob to
get malformed) and lets the token be rotated without touching the
other three.
Changes:
* packaging/qn-bin.spec — the thin spec. ExclusiveArch: x86_64
aarch64. Per-arch Source URL via ifarch, sha256 verification in
%prep before %setup.
* .github/workflows/publish-copr.yml — reusable workflow invoked
by cargo-dist. Builds the SRPM from the spec (with QN_VERSION
passed in from the dist manifest), assembles ~/.config/copr from
the four COPR_* secrets, then dispatches via
`copr-cli build --enable-net=on quicknode/qn <srpm>`.
--enable-net=on is required because %prep curls the tarball;
COPR's default mock has network disabled.
* dist-workspace.toml — adds ./publish-copr to publish-jobs and
grants `contents: read` via github-custom-job-permissions.
* RELEASING.md — documents the COPR channel under CI publish
channels and the four-secret provisioning flow.
* release.yml — regenerated to include custom-publish-copr.
The job is gated by cargo-dist on `!is_prerelease`, same as the
others. Until all four COPR_* secrets are set on the repo, the job
will fail loudly at the "Configure copr-cli" step with a clear error
listing which fields are missing — the rest of the release continues
to succeed.
Earlier in this branch I went down a wrong path: a `release-build-copr-rpms`
Justfile recipe + [package.metadata.generate-rpm] block that produced
binary RPMs locally with cargo-generate-rpm. `copr-cli build` doesn't
accept binary RPMs, so that path was a dead-end. Reset and rewrote
before opening the PR for review.
johnpmitsch
force-pushed
the
add/copr-and-install-docs
branch
from
4f1c7ef to
ef100f4
Compare
machito
previously approved these changes
Jun 11, 2026
`release-prepare` ships the automated half of a release end-to-end: bump, PR, merge, tag, CI runs all the in-CI publish jobs. The other half (Homebrew, Scoop, AUR — currently maintainer-driven because we don't yet have the credentials to automate the pushes) was three separate `just release-update-*` invocations with three local clone paths to remember and three push commands to type. Easy to forget, easy to skip a channel. This commit collapses that to one wrapper: just release-sync-manual-channels Auto-detects the just-released version from the latest git tag, expects three sibling clones under ~/qn/ (the established convention across this repo's recipes), runs the three release-update-* recipes in sequence, then prints the three `git -C ... push` commands the maintainer reviews and runs to publish. Both arguments are optional and overridable: just release-sync-manual-channels ~/work/quicknode # alt root just release-sync-manual-channels ~/qn 0.1.4 # backfill Also folds in the `release-update-scoop-bucket` recipe (previously in PR #16, which is now redundant — close it after this lands). Scrubbed the invented secret-name reference from its comment per CLAUDE.md. Adds a "Quick release" section at the top of RELEASING.md showing the happy-path two-command flow: just release-prepare X.Y.Z # … wait for CI … just release-sync-manual-channels The detailed per-channel sections stay below it as reference for when something fails or the maintainer needs to drive a single channel manually.
johnpmitsch
changed the title
machito
approved these changes
Jun 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Three coordinated changes:
1. Scoop + AUR install paths in README. The Scoop bucket has been seeded for v0.1.4 (since superseded by this PR's Scoop recipe — see #3 below) and
qn-binis now live on AUR. README's install matrix documents both.2. Phase 7: COPR (Fedora + EPEL) — CI-automated via a thin spec file.
copr-cli buildaccepts SRPMs or spec files only — it doesn't import prebuilt binary RPMs. To preserve the same-binary-everywhere property (the binary in crates.io, GHCR, .deb, AUR, Homebrew is all one SLSA-attested artifact from cargo-dist's build matrix), this PR adds:packaging/qn-bin.spec— a thin spec whose%prepcurls the prebuilt linux-gnu tarball from the GitHub Release and verifies it against the.sha256sidecar.%installlays the binary into the buildroot. No Rust compilation on COPR's side..github/workflows/publish-copr.yml— reusable workflow that builds an SRPM from the spec at release time, assembles~/.config/coprfrom fourCOPR_*repo secrets (copr-cli has no env-var fallback), then dispatches viacopr-cli build --enable-net=on quicknode/qn <srpm>. COPR's mock rebuilds the SRPM on each Fedora + EPEL chroot in ~30 seconds (no Rust, just curl + install).dist-workspace.toml—./publish-copradded topublish-jobs;contents: readgranted viagithub-custom-job-permissions.RELEASING.md— COPR channel documented; one-time COPR project setup notes (chroots, enable-net, the four-secret provisioning).3.
release-sync-manual-channelswrapper + Scoop recipe in this PR. AJustfilerecipe that wraps the three manual update commands (Homebrew, Scoop, AUR) into one. Auto-detects the version from the latest tag; defaults the clone root to~/qn/. Lets a release happen in two commands:Folds in the
release-update-scoop-bucketrecipe that was sitting in PR #16 (close that as redundant after this lands).Required setup before the next release exercises COPR
quicknode/qnexists ✓ (created during this PR)Until COPR's four secrets are set,
custom-publish-coprwill fail loudly at the "Configure copr-cli" step with a clear pointer at RELEASING.md. Other publish channels (crates.io, GHCR, .deb) continue to succeed independently.Test plan
dist planexits 0 (the regeneratedrelease.ymlmatches whatdist generateproduces).cargo checkpasses; Justfile parses (19 recipes); no internal-secret-name leaks per CLAUDE.md.release-sync-manual-channelsexercised locally end-to-end against a throwaway git repo: auto-detects v0.1.4 from latest tag, expands~/, dispatches each inner recipe correctly, propagates failures.$versionplaceholder in the autoupdate block.custom-publish-coprsucceeds anddnf copr enable quicknode/qn && dnf install qnworks on Fedora 40 + Rocky 9.