ci: Version update for Fedora reproducible build

Closes ElementsProject#7902.

Changelog-None.

.github/workflows/release.yml

@@ -60,7 +60,7 @@ jobs:
       fail-fast: false    # Let each build finish.
       matrix:
         target:
-          - 'bin-Fedora-28-amd64'
+          - 'bin-Fedora'
           - 'bin-Ubuntu-focal'
           - 'bin-Ubuntu-jammy'
           - 'bin-Ubuntu-noble'

doc/contribute-to-core-lightning/release-checklist.md

@@ -117,7 +117,7 @@ Here's a checklist for the release process.
 8. Push the tag to the remote repository `git push --tags`.
 9. Create a new release draft for `v<VERSION>.<POINT_VERSION>` on GitHub, ensuring to check the `Set as a pre-release` option.
 10. Execute the script contrib/cl-repro.sh for the [Builder image setup](https://docs.corelightning.org/docs/repro#builder-image-setup). This will generate the builder images `cl-repro-<codename>` needed for the next step.
-11. Run the following script to prepare the required builds `tools/build-release.sh bin-Fedora-28-amd64 bin-Ubuntu sign`.
+11. Run the following script to prepare the required builds `tools/build-release.sh bin-Fedora bin-Ubuntu sign`.
 12. Upload the reproducible builds along with `SHA256SUMS` and `SHA256SUMS.asc` files from the release folder to the newly drafted release.
 13. Share the `SHA256SUMS` and `SHA256SUMS.asc` files with the team for verification and signing.
 14. Append the signatures received from the team to the `SHA256SUMS.asc` file. Verify the file using `gpg --verify SHA256SUMS.asc`. Then re-upload the file.

doc/getting-started/advanced-setup/repro.md

@@ -124,7 +124,7 @@ The release captain is in charge of creating the manifest, whereas contributors
 ## Script build-release
 1: Pull latest code from master
 
-2: Run the `tools/build-release.sh bin-Fedora-28-amd64 bin-Ubuntu sign` script. This will create a release directory, build binaries for Fedora, and build binaries for Ubuntu (Focal, Jammy, and Noble). Finally, it will sign the ZIP, Fedora, and Ubuntu builds.
+2: Run the `tools/build-release.sh bin-Fedora bin-Ubuntu sign` script. This will create a release directory, build binaries for Fedora, and build binaries for Ubuntu (Focal, Jammy, and Noble). Finally, it will sign the ZIP, Fedora, and Ubuntu builds.
 
 ## Manual
 The release captain creates the manifest as follows:
@@ -199,10 +199,12 @@ sha256sum -c SHA256SUMS
 Producing output similar to the following:
 
 ```shell
-sha256sum: clightning-v0.9.0-Fedora-28-amd64.tar.gz: No such file or directory
-clightning-v0.9.0-Fedora-28-amd64.tar.gz: FAILED open or read
-clightning-v0.9.0-Ubuntu-18.04.tar.xz: OK
-clightning-v0.9.0.zip: OK
+sha256sum: clightning-v24.11-Fedora-35-amd64.tar.gz: No such file or directory
+clightning-v24.11-Fedora-35-amd64.tar.gz: FAILED open or read
+clightning-v24.11-Ubuntu-20.04.tar.xz: OK
+clightning-v24.11-Ubuntu-22.04.tar.xz: OK
+clightning-v24.11-Ubuntu-24.04.tar.xz: OK
+clightning-v24.11.zip: OK
 sha256sum: WARNING: 1 listed file could not be read
 ```
 

tools/build-release.sh

@@ -6,14 +6,17 @@ if [ "$1" = "--inside-docker" ]; then
     echo "Inside docker: starting build"
     VER="$2"
     PLTFM="$3"
+    PLTFMVER="$4"
+    ARCH="$5"
+    git config --global --add safe.directory /src/.git
     git clone /src /build
     cd /build || exit
     poetry export --without-hashes > /tmp/requirements.txt
     python3 -m pip install -r /tmp/requirements.txt
     ./configure
     make VERSION="$VER"
-    make install DESTDIR=/"$VER-$PLTFM" RUST_PROFILE=release
-    cd /"$VER-$PLTFM" && tar cvfz /release/clightning-"$VER-$PLTFM".tar.gz -- *
+    make install DESTDIR=/"$VER-$PLTFM-$PLTFMVER-$ARCH" RUST_PROFILE=release
+    cd /"$VER-$PLTFM-$PLTFMVER-$ARCH" && tar cvfz /release/clightning-"$VER-$PLTFM-$PLTFMVER-$ARCH".tar.gz -- *
     echo "Inside docker: build finished"
     exit 0
 fi
@@ -22,8 +25,8 @@ FORCE_UNCLEAN=false
 VERIFY_RELEASE=false
 WITHOUT_ZIP=false
 
-ALL_TARGETS="bin-Fedora-28-amd64 bin-Ubuntu docker sign"
-# ALL_TARGETS="bin-Fedora-28-amd64 bin-Ubuntu tarball deb docker sign"
+ALL_TARGETS="bin-Fedora bin-Ubuntu docker sign"
+# ALL_TARGETS="bin-Fedora bin-Ubuntu tarball deb docker sign"
 
 for arg; do
     case "$arg" in
@@ -46,7 +49,7 @@ for arg; do
         echo "Usage: [--force-version=<ver>] [--force-unclean] [--force-mtime=YYYY-MM-DD] [--verify] [TARGETS]"
         echo Known targets: "$ALL_TARGETS"
 	    echo "Example: tools/build-release.sh"
-	    echo "Example: tools/build-release.sh --force-version=v23.05 --force-unclean --force-mtime=2023-05-01 bin-Fedora-28-amd64 bin-Ubuntu sign"
+	    echo "Example: tools/build-release.sh --force-version=v23.05 --force-unclean --force-mtime=2023-05-01 bin-Fedora bin-Ubuntu sign"
 	    echo "Example: tools/build-release.sh --verify"
 	    echo "Example: tools/build-release.sh --force-version=v23.05 --force-unclean --force-mtime=2023-05-01 --verify"
         echo "Example: tools/build-release.sh docker"
@@ -151,13 +154,15 @@ for target in $TARGETS; do
     platform=${target#bin-}
     [ "$platform" != "$target" ] || continue
     case $platform in
-    Fedora-28-amd64)
+    Fedora*)
         echo "Building Fedora Image"
-        DOCKERFILE=contrib/docker/Dockerfile.builder.fedora
+        ARCH=amd64
         TAG=fedora
+        DOCKERFILE=contrib/docker/Dockerfile.builder.fedora
+        FEDORA_VERSION=$(grep -oP '^FROM fedora:\K[0-9]+' "$DOCKERFILE")
         docker build -f $DOCKERFILE -t $TAG --load .
-        docker run --rm=true -v "$(pwd)":/src:ro -v "$RELEASEDIR":/release $TAG /src/tools/build-release.sh --inside-docker "$VERSION" "$platform"
-        docker run --rm=true -w /build $TAG rm -rf /"$VERSION-$platform" /build
+        docker run --rm=true -v "$(pwd)":/src:ro -v "$RELEASEDIR":/release $TAG /src/tools/build-release.sh --inside-docker "$VERSION" "$platform" "$FEDORA_VERSION" "$ARCH"
+        docker run --rm=true -w /build $TAG rm -rf /"$VERSION-$platform-$FEDORA_VERSION-$ARCH" /build
         echo "Fedora Image Built"
         ;;
     Ubuntu*)
@@ -226,8 +231,8 @@ if [ "$VERIFY_RELEASE" = "true" ]; then
     # it gives a direct hint which specific checksums don't match if so.
     sha256sum --check --ignore-missing "${sumfile}"
     # Creating SHA256SUMS, except Fedora (copy that from theirs)
-    grep 'Fedora-28-amd64' "$sumfile" > SHA256SUMS
-    sha256sum clightning-"$VERSION"* | grep -v 'bin-Fedora-28-amd64' >> SHA256SUMS
+    grep 'Fedora-' "$sumfile" > SHA256SUMS
+    sha256sum clightning-"$VERSION"* | grep -v 'Fedora' >> SHA256SUMS
     # compare our and release captain's SHA256SUMS contents
     if cmp -s SHA256SUMS "$sumfile"; then
         echo "SHA256SUMS are Identical"