[CI:BUILD] Packit: add jobs for downstream Fedora package builds

Get rid of `skopeo.spec.rpkg` in favour of
`rpm/skopeo.spec` which gets synced with fedora dist-git on every
upstream release. The version in the new spec file is set to `0` by
default and gets updated by packit automatically on every packit task.

Packit will automatically create a PR on fedora dist-git on every new
upstream release. A sample PR will look like:
https://src.fedoraproject.org/rpms/container-selinux/pull-request/10#

A dry run for this can be triggered using:
`$ packit propose-downstream --local-content`

To run this command locally, you would need to have your packit
user-configuration-file set.
Ref: https://packit.dev/docs/configuration/#user-configuration-file

along with a fedora api key created at:
https://src.fedoraproject.org/settings#nav-api-tab with sufficient ACLs.

This patch incurs zero additional cost to upstream as the downstream
tasks occur only after upstream release and do not block anything
upstream.

[NO NEW TESTS NEEDED]

Signed-off-by: Lokesh Mandvekar <lsm5@fedoraproject.org>

.packit.yaml

@@ -8,8 +8,11 @@
 
 # Build targets can be found at:
 # https://copr.fedorainfracloud.org/coprs/rhcontainerbot/packit-builds/
+# and
+# https://copr.fedorainfracloud.org/coprs/rhcontainerbot/podman-next/
 
-specfile_path: skopeo.spec
+specfile_path: rpm/skopeo.spec
+upstream_tag_template: v{version}
 
 jobs:
   - &copr
@@ -20,15 +23,28 @@ jobs:
     enable_net: true
     srpm_build_deps:
       - make
-      - rpkg
-    actions:
-      post-upstream-clone:
-        - "rpkg spec --outdir ./"
-      fix-spec-file:
-        - "bash .packit.sh"
 
   - <<: *copr
     # Run on commit to main branch
     trigger: commit
     branch: main
     project: podman-next
+
+  - job: propose_downstream
+    trigger: release
+    update_release: false
+    dist_git_branches:
+      - fedora-all
+    actions:
+        pre-sync:
+          - "bash rpm/update-spec-provides.sh"
+
+  - job: koji_build
+    trigger: commit
+    dist_git_branches:
+      - fedora-all
+
+  - job: bodhi_update
+    trigger: commit
+    dist_git_branches:
+      - fedora-branched # rawhide updates are created automatically

rpm/skopeo.spec

@@ -0,0 +1,209 @@
+%global with_debug 1
+
+%if 0%{?with_debug}
+%global _find_debuginfo_dwz_opts %{nil}
+%global _dwz_low_mem_die_limit 0
+%else
+%global debug_package %{nil}
+%endif
+
+# RHEL 8's default %%gobuild macro doesn't account for the BUILDTAGS variable, so we
+# set it separately here and do not depend on RHEL 8's go-srpm-macros package.
+%if !0%{?fedora} && 0%{?rhel} <= 8
+%define gobuild(o:) go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl ${BUILDTAGS:-}" -ldflags "-linkmode=external -compressdwarf=false ${LDFLAGS:-} -B 0x$(head -c20 /dev/urandom|od -An -tx1|tr -d ' \\n') -extldflags '%__global_ldflags'" -a -v -x %{?**};
+%endif
+
+# NOTE: For conditionals %%bcond_with and %%bcond_without,
+# See: https://rpm-software-management.github.io/rpm/manual/conditionalbuilds.html
+
+# copr_username is only set on copr environments, not on others like koji
+%if "%{?copr_username}" != "rhcontainerbot"
+%bcond_with copr
+%else
+%bcond_without copr
+%endif
+
+%if 0%{?rhel}
+%bcond_with btrfs
+%else
+%bcond_without btrfs
+%endif
+
+# go-rpm-macros package and autochangelog exists for fedora and rhel9
+%if 0%{?fedora} || 0%{?rhel} >= 9
+%bcond_without go_rpm_macros
+%bcond_without manual_changelog
+%else
+%bcond_with go_rpm_macros
+%bcond_without manual_changelog
+%endif
+
+# Only used in official koji builds
+# Copr builds set a separate epoch for all environments
+%if 0%{?fedora} && ! 0%{?rhel}
+%define conditional_epoch 1
+%else
+%define conditional_epoch 2
+%endif
+
+%global provider github
+%global provider_tld com
+%global project containers
+%global repo skopeo
+# https://github.com/containers/skopeo
+%global import_path %{provider}.%{provider_tld}/%{project}/%{repo}
+%global git0 https://%{import_path}
+
+Name: %{repo}
+%if %{with copr}
+Epoch: 102
+%else
+Epoch: %{conditional_epoch}
+%endif
+# DO NOT TOUCH the Version string!
+# The TRUE source of this specfile is:
+# https://github.com/containers/skopeo/blob/main/rpm/skopeo.spec
+# If that's what you're reading, Version must be 0, and will be updated by Packit for
+# copr and koji builds.
+# If you're reading this on dist-git, the version is automatically filled in by Packit.
+Version: 1.12.0
+License: Apache-2.0 and BSD-2-Clause and BSD-3-Clause and ISC and MIT and MPL-2.0
+Release: %autorelease
+%if %{defined golang_arches_future}
+ExclusiveArch: %{golang_arches_future}
+%else
+ExclusiveArch: aarch64 ppc64le s390x x86_64
+%endif
+Summary: Inspect container images and repositories on registries
+URL: %{git0}
+# Tarball fetched from upstream
+Source0: %{url}/archive/v%{version}.tar.gz
+BuildRequires: go-md2man
+%if %{with btrfs}
+BuildRequires: btrfs-progs-devel
+%endif
+BuildRequires: git-core
+BuildRequires: golang
+%if %{with go_rpm_macros}
+BuildRequires: go-rpm-macros
+%endif
+BuildRequires: gpgme-devel
+BuildRequires: libassuan-devel
+BuildRequires: pkgconfig(devmapper)
+BuildRequires: ostree-devel
+BuildRequires: glib2-devel
+BuildRequires: make
+BuildRequires: shadow-utils-subid-devel
+Requires: containers-common >= 4:1-21
+# DO NOT DELETE BELOW LINE - used for updating downstream goimports
+# vendored libraries
+
+%description
+Command line utility to inspect images and repositories directly on Docker
+registries without the need to pull them
+
+%package tests
+Summary: Tests for %{name}
+
+Requires: %{name} = %{epoch}:%{version}-%{release}
+Requires: bats
+Requires: gnupg
+Requires: jq
+Requires: golang
+Requires: podman
+Requires: crun
+Requires: httpd-tools
+Requires: openssl
+Requires: fakeroot
+Requires: squashfs-tools
+
+%description tests
+%{summary}
+
+This package contains system tests for %{name}
+
+%prep
+%autosetup -Sgit %{name}-%{version}
+# The %%install stage should not rebuild anything but only install what's
+# built in the %%build stage. So, remove any dependency on build targets.
+sed -i 's/^install-binary: bin\/%{name}.*/install-binary:/' Makefile
+sed -i 's/^completions: bin\/%{name}.*/completions:/' Makefile
+sed -i 's/^install-docs: docs.*/install-docs:/' Makefile
+
+%build
+%set_build_flags
+export CGO_CFLAGS=$CFLAGS
+
+# These extra flags present in $CFLAGS have been skipped for now as they break the build
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-flto=auto//g')
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-Wp,D_GLIBCXX_ASSERTIONS//g')
+CGO_CFLAGS=$(echo $CGO_CFLAGS | sed 's/-specs=\/usr\/lib\/rpm\/redhat\/redhat-annobin-cc1//g')
+
+%ifarch x86_64
+export CGO_CFLAGS="$CGO_CFLAGS -m64 -mtune=generic -fcf-protection=full"
+%endif
+
+BASEBUILDTAGS="$(hack/libdm_tag.sh) $(hack/libsubid_tag.sh)"
+%if %{with btrfs}
+export BUILDTAGS="$BASEBUILDTAGS $(hack/btrfs_tag.sh) $(hack/btrfs_installed_tag.sh)"
+%else
+export BUILDTAGS="$BASEBUILDTAGS btrfs_noversion exclude_graphdriver_btrfs"
+%endif
+
+# unset LDFLAGS earlier set from set_build_flags
+LDFLAGS=''
+
+# These steps are needed for Koji builds
+export GOPATH=$(pwd)/_build:$(pwd)
+mkdir _build
+cd _build
+mkdir -p src/%{provider}.%{provider_tld}/%{project}
+ln -s ../../../../ src/%{import_path}
+cd ..
+mv vendor src
+
+%gobuild -o bin/%{name} ./cmd/%{name}
+%{__make} docs
+
+%install
+make \
+    DESTDIR=%{buildroot} \
+    PREFIX=%{_prefix} \
+    install-binary install-docs install-completions
+
+# system tests
+install -d -p %{buildroot}/%{_datadir}/%{name}/test/system
+cp -pav systemtest/* %{buildroot}/%{_datadir}/%{name}/test/system/
+
+#rm -rf %%{buildroot}
+
+#define license tag if not already defined
+%{!?_licensedir:%global license %doc}
+
+%files
+%license LICENSE
+%doc README.md
+%{_bindir}/%{name}
+%{_mandir}/man1/%{name}*
+%dir %{_datadir}/bash-completion
+%dir %{_datadir}/bash-completion/completions
+%{_datadir}/bash-completion/completions/%{name}
+%dir %{_datadir}/fish/vendor_completions.d
+%{_datadir}/fish/vendor_completions.d/%{name}.fish
+%dir %{_datadir}/zsh/site-functions
+%{_datadir}/zsh/site-functions/_%{name}
+
+%files tests
+%license LICENSE
+%{_datadir}/%{name}/test
+
+%changelog
+%if %{with manual_changelog}
+# NOTE: This changelog will be visible on CentOS 8 Stream builds
+# Other envs are capable of handling autochangelog
+* Tue Jun 13 2023 RH Container Bot <rhcontainerbot@fedoraproject.org>
+- Placeholder changelog for envs that are not autochangelog-ready.
+- Contact upstream if you need to report an issue with the build.
+%else
+%autochangelog
+%endif

rpm/update-spec-provides.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+# This script will update the goimports in the rpm spec for downstream fedora
+# packaging, via the `propose-downstream` packit action.
+# The goimports don't need to be present upstream.
+
+set -e
+
+PACKAGE=$(basename $(git rev-parse --show-toplevel))
+# script is run from git root directory
+SPEC_FILE=rpm/$PACKAGE.spec
+
+sed -i '/Provides: bundled(golang.*/d' $SPEC_FILE
+
+GO_IMPORTS=$(golist --imported --package-path github.com/containers/$PACKAGE --skip-self | sort -u | xargs "-I{}" echo "Provides: bundled(golang({}))")
+
+awk -v r="$GO_IMPORTS" '/^# vendored libraries/ {print; print r; next} 1' $SPEC_FILE > temp && mv temp $SPEC_FILE