diff --git a/.github/workflows/action_build-aur-repo.yaml b/.github/workflows/action_build-aur-repo.yaml new file mode 100644 index 0000000..984e88f --- /dev/null +++ b/.github/workflows/action_build-aur-repo.yaml @@ -0,0 +1,208 @@ +name: Run - Build Repo + +on: + workflow_call: + inputs: + parallel-build: + description: "Number of maximum simultaneous packages build" + default: 4 + required: false + type: number + artifacts-retention: + description: "Number of artifacts retention days" + default: 1 + required: false + type: number + secrets: + app_id: + description: "App ID of the application used to generate a token" + required: true + app_private_key: + description: "Private key of the application used to generate a token" + required: true + gist_token: + description: "User Token for custom badges creation" + required: true + gpg_private_key: + description: "Private key to sign packages and custom repo" + required: true + +jobs: + metadata: + runs-on: ubuntu-latest + outputs: + matrix: ${{ steps.generate-matrix.outputs.matrix }} + steps: + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + with: + submodules: true + - name: Generate Matrix + id: generate-matrix + run: | + sudo apt-get install jq + MATRIX_JSON=`find * -type f -name "PKGBUILD" -printf "%h\n" | jq -Rnc '."package" |= [inputs]'` + echo ${MATRIX_JSON} + echo "matrix=${MATRIX_JSON}" >> $GITHUB_OUTPUT + + build_packages: + needs: metadata + runs-on: ubuntu-latest + container: + image: archlinux:base-devel + continue-on-error: true + strategy: + max-parallel: ${{ inputs.parallel-build }} + matrix: ${{ fromJson(needs.metadata.outputs.matrix) }} + fail-fast: false + + steps: + - name: Install required binaries + run: | + # Prepare Job REPO_FOLDER env var + # * https://github.com/actions/runner/issues/2058 + echo "REPO_FOLDER=$GITHUB_WORKSPACE/repo/x86_64" >> $GITHUB_ENV + # * Add required default packages + pacman -Syyu --noconfirm --needed --ignore filesystem git gnupg + - name: Checkout + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 + with: + submodules: true + + - name: Setup environment + env: + GPG_SIGNING_KEY: ${{ secrets.gpg_private_key }} + run: | + # Edit makepkg.conf file : disable debug packages + sed -i 's#\(^OPTIONS.*\)\(debug\)\(.*\)#\1!\2\3#' /etc/makepkg.conf + # * makepkg cannot (and should not) be run as root + useradd -m builder + # * Allow builder to run as root (to install packages/deps) + echo "builder ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/builder + # * Setup GPG key for repo signing + echo -n "$GPG_SIGNING_KEY" | base64 --decode | sudo -u builder gpg --batch --import + # * Prepare folder repository folder + mkdir -p ${REPO_FOLDER} + chown -R builder:builder ./ + + - name: Install yay + working-directory: /tmp + run: | + # * Install yay to install dependencies hosted in the AUR. + sudo -u builder git clone https://aur.archlinux.org/yay.git + cd yay/ + sudo -u builder makepkg -si --noconfirm --needed + sudo -u builder yay --version + + - name: Build ${{ matrix.package }} + working-directory: ./${{ matrix.package }} + run: | + # * Install package dependencies + sudo -u builder yay -Sy --noconfirm \ + $(pacman --deptest \ + $(source ./PKGBUILD &&\ + echo ${depends[@]} ${checkdepends[@]} ${makedepends[@]})) + # * Verify source checksum + sudo -u builder makepkg -g >> ./PKGBUILD + # * tor-browser condition + [[ ${{ matrix.package }} == "tor-browser" ]] && \ + sudo -u builder \ + gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org + # * Build package + sudo -u builder PKGDEST=${REPO_FOLDER} makepkg -f --sign + + - name: Workaround '{upload/download}-artifact' #limitation on name for epoch https://github.com/actions/upload-artifact/issues/22#issuecomment-568561966 + run: | + # || [ "$?" = "4" ] // I do not want to exit if nothing was renamed + rename ':' '.' ${REPO_FOLDER}/*.pkg.tar.* || [ "$?" == "4" ] + + - name: Save package + uses: actions/upload-artifact@v4 + with: + name: package-${{ matrix.package }} + path: ${{ env.REPO_FOLDER }}/ + retention-days: ${{ inputs.artifacts-retention }} + + build_repo: + needs: build_packages + runs-on: ubuntu-latest + container: + image: archlinux:base-devel + steps: + - name: Restore packages + id: restore + uses: actions/download-artifact@v4 + with: + pattern: package-* + merge-multiple: true + - name: Import GPG key + uses: crazy-max/ghaction-import-gpg@v6 + with: + gpg_private_key: ${{ secrets.gpg_private_key }} + - name: Create repo DB + run: | + # * Fix Openssl 3 issue with node. + # * https://github.com/tibdex/github-app-token/issues/54 + sed -i 's/^providers = provider_sect/#&/' /etc/ssl/openssl.cnf + # * Build Repo + repo-add --sign $(basename $PWD).db.tar.gz ./*.pkg.tar.zst + # * Delete DB files symlink + find . -type l -delete + # * Rename compressed DB + rename -- .tar.gz '' *.tar.gz + rename -- .tar.gz.sig '.sig' *.tar.gz.sig + - name: Generate Token + uses: tibdex/github-app-token@v2 + id: generate-token + with: + app_id: ${{ secrets.app_id }} + private_key: ${{ secrets.app_private_key }} + - name: "Get current date" + run: | + echo "builddate=$(date +'%Y.%m.%d')" >> $GITHUB_OUTPUT + id: date + - name: Create release and upload artifacts + id: upload-artifacts + continue-on-error: true + uses: ncipollo/release-action@v1 + with: + token: "${{ steps.generate-token.outputs.token }}" + artifactErrorsFailBuild: true + removeArtifacts: true + allowUpdates: true + generateReleaseNotes: true + tag: x86_64 + name: ${{ steps.date.outputs.builddate }} + artifacts: "./*" + body: | + Archlinux x86_64 repo packages + - name: Create release and upload artifacts - Retry + if: steps.upload-artifacts.outcome == 'failure' + uses: ncipollo/release-action@v1 + with: + token: "${{ steps.generate-token.outputs.token }}" + artifactErrorsFailBuild: true + removeArtifacts: true + allowUpdates: true + generateReleaseNotes: true + tag: x86_64 + name: ${{ steps.date.outputs.builddate }} + artifacts: "./*" + body: | + Archlinux x86_64 repo packages + + - name: Count the Arch Packages + run: | + echo "COUNT=$(find ./* -type f -name '*.pkg.tar.zst' | wc -l)" >> $GITHUB_ENV + - name: Create the Count Badge + uses: schneegans/dynamic-badges-action@v1.7.0 + with: + auth: ${{ secrets.gist_token }} + gistID: 627f5c8e17e8deb5326a692079b04625 + filename: count-arch-packages.json + style: for-the-badge + namedLogo: Files + logoColor: white + label: Packages count + message: ${{ env.COUNT }} + color: blue diff --git a/.github/workflows/run-build-repo.yaml b/.github/workflows/run-build-repo.yaml index 655a2f1..f7280f8 100644 --- a/.github/workflows/run-build-repo.yaml +++ b/.github/workflows/run-build-repo.yaml @@ -13,7 +13,7 @@ on: jobs: full_build: name: Build Repo - uses: zaggash/gh-workflows/.github/workflows/action_build-aur-repo.yaml@main + uses: ./.github/workflows/action_build-aur-repo.yaml with: parallel-build: 6 artifacts-retention: 1