.github: workflows: rebase-and-build.yml: add by DaniilKl · Pull Request #26 · TrenchBoot/xen

DaniilKl · 2026-04-10T19:00:05Z

This is because it is being used in other TrenchBoot repos as well but on other branches because of: TrenchBoot/grub#32 TrenchBoot/qubes-antievilmaid#15 TrenchBoot/xen#26 IMHO there is no reason to mention every use of this workflow. Signed-off-by: Danil Klimuk <[email protected]>

We cannot simply rebase commits from TrenchBoot/xen on top of the commits in the QubesOS/qubes-vmm-xen, because: 1. The actual history for xen component is held in patches in the QubesOS/qubes-vmm-xen repository, so we need to do a convertion from patches to commits every time we want to try to rebase. 2. We want to track the changes to the other files from the QubesOS/qubes-vmm-xen except the patches for the xen component, as versions of these files might be closesly related to the changes in the patches for the xen component. Other changes that should be done due to history format difference between the QubesOS/qubes-vmm-xen and TrenchBoot/xen should be resolved by TrenchBoot maintainers in the same way done in the follwoing commit: TrenchBoot/grub@2f477ee Except from the above, there are three workarounds: 1. The "Fix malformed patch header (split URL line in 0627 patch)", otherwise git will not apple the patch. 2. Renaming QubesOS/qubes-vmm-xen/config to TrenchBoot/xen/config-qubesos, so it will not conflict with an already exesting directory "config" in the xen source code. 3. Renaming QubesOS/qubes-vmm-xen/xen.spec.in to QubesOS/qubes-vmm-xen/vmm-xen.spec.in. This is done because the qubes-dom0-packagev2.yml expects the file to have name ${{ inputs.qubes-component }}.spec.in and the correct name for this component in QubesOS is vmm-xen, not xen. Signed-off-by: Danil Klimuk <[email protected]>

m-iwanicki

Pass commit message through a spellchecker

m-iwanicki · 2026-04-17T08:32:14Z

+        run: |
+          git remote add upstream https://xenbits.xenproject.org/git-http/xen.git
+          git fetch upstream "refs/tags/${UPSTREAM_TAG}:refs/tags/${UPSTREAM_TAG}"
+      - name: Fix malformed patch header (split URL line in 0627 patch)


Maybe sed -n '/^From: /,$p' | git am for every patch to just remove everything before From: would work? As those parts are lost anyway during commit. That way you won't have to add hardcoded workarounds for single patch. Not only that but this patch name or number can change (e.g. it's 0268 on Trenchboot fork)

m-iwanicki · 2026-04-17T12:36:21Z

+      - name: Checkout downstream xen repository
+        uses: actions/checkout@v6
+        with:
+          repository: trenchboot/xen


Suggested change

repository: trenchboot/xen

repository: TrenchBoot/xen

m-iwanicki · 2026-04-17T12:37:44Z

+          done
+      - name: Copy QubesOS RPM files to downstream repository, rename spec.in
+        run: |
+          mv qubes-vmm-xen/config qubes-vmm-xen/config-qubesos


why rename? Maybe short comment?

m-iwanicki · 2026-04-17T12:40:31Z

+name: Rebase and build the last successful automatic rebase of aem-next branch
+
+on:
+  workflow_dispatch:


Maybe add dry_run flag that'll do rebase but skip bulding/publishing? So we can at least partially test this in the future?

m-iwanicki · 2026-04-17T13:05:29Z

+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * 6'


I wonder if cron + workflow_dispatch won't conflict (race condition). Maybe add concurrency?

m-iwanicki · 2026-04-17T13:08:17Z

+      ref:      'master'
+      inputs: >-
+        --input GITHUB_REPO=xen
+        --input GITHUB_SHA=${{ github.sha }}


https://docs.github.com/en/actions/reference/workflows-and-actions/events-that-trigger-workflows#schedule

for schedule/cron this will be HEAD of the default branch (master)

m-iwanicki · 2026-04-17T13:14:38Z

+        run: |
+          mv qubes-vmm-xen/config qubes-vmm-xen/config-qubesos
+          sed -i 's/^Source3:[[:space:]]*config$/Source3: config-qubesos/' qubes-vmm-xen/xen.spec.in
+          cp -r qubes-vmm-xen/* xen/


What if you replace some already existing, important files (maybe not currently but in the future)?

m-iwanicki · 2026-04-17T13:19:14Z

+          git commit -m "QubesOS RPM files and Qubes builder metadata"
+      - name: Push qubes-vmm-xen-with-patches branch to downstream
+        working-directory: xen
+        run: git push origin qubes-vmm-xen-with-patches-rebase-prep


I'm assuming this will fail if this branch already exists and cleanup-after-rebase-attempt didn't run (because previous job failed)

m-iwanicki · 2026-04-17T13:43:13Z

+          ref: 'aem-next-rebased'
+      - name: Read version of the QubesOS Component from version file
+        id: read-version
+        run: echo "version=$(cat version)" >> $GITHUB_OUTPUT


Suggested change

run: echo "version=$(cat version)" >> $GITHUB_OUTPUT

run: echo "version=$(cat version)" >> "$GITHUB_OUTPUT"

actionlint suggestion

m-iwanicki · 2026-04-20T08:07:06Z

@@ -0,0 +1,137 @@
+name: Rebase and build the last successful automatic rebase of aem-next branch


I'm not sure if we want Qubes patches on aem-next branch? We are/were using this branch for e.g. upstreaming Trenchboot changes. Maybe separate qubes+aem-next branch?

DaniilKl marked this pull request as draft April 10, 2026 19:00

DaniilKl commented Apr 10, 2026

View reviewed changes

Comment thread .github/workflows/rebase-and-build.yml Outdated

DaniilKl commented Apr 10, 2026

View reviewed changes

Comment thread .github/workflows/rebase-and-build.yml Outdated

DaniilKl commented Apr 10, 2026

View reviewed changes

Comment thread .github/workflows/rebase-and-build.yml Outdated

DaniilKl force-pushed the add-rebase-workflow branch 3 times, most recently from 976adbe to e87d261 Compare April 14, 2026 16:14

DaniilKl changed the base branch from aem-next to master April 14, 2026 16:15

DaniilKl force-pushed the add-rebase-workflow branch 2 times, most recently from 15e1a9d to ea0cec8 Compare April 15, 2026 09:36

DaniilKl marked this pull request as ready for review April 15, 2026 09:36

DaniilKl force-pushed the add-rebase-workflow branch from ea0cec8 to c268f01 Compare April 15, 2026 09:44

DaniilKl requested review from SergiiDmytruk, m-iwanicki and macpijan April 15, 2026 09:45

DaniilKl force-pushed the add-rebase-workflow branch from c268f01 to 4976812 Compare April 15, 2026 10:08

DaniilKl force-pushed the add-rebase-workflow branch from 4976812 to 445d8b0 Compare April 15, 2026 12:59

DaniilKl mentioned this pull request Apr 15, 2026

Public availability of automatically built TrenchBoot packages integrated on top of the QubesOS upstream TrenchBoot/trenchboot-issues#83

Open

DaniilKl commented Apr 15, 2026

View reviewed changes

Comment thread .github/workflows/rebase.yml Outdated

DaniilKl force-pushed the add-rebase-workflow branch 2 times, most recently from 8dcb580 to 93194e3 Compare April 16, 2026 08:56

DaniilKl force-pushed the add-rebase-workflow branch from 93194e3 to 7f4daed Compare April 16, 2026 10:58

m-iwanicki requested changes Apr 17, 2026

View reviewed changes

m-iwanicki reviewed Apr 20, 2026

View reviewed changes

	run: echo "version=$(cat version)" >> $GITHUB_OUTPUT
	run: echo "version=$(cat version)" >> "$GITHUB_OUTPUT"

		@@ -0,0 +1,137 @@
		name: Rebase and build the last successful automatic rebase of aem-next branch

Conversation

DaniilKl commented Apr 10, 2026

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

m-iwanicki left a comment

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants