Skip to content

Build & Publish

Build & Publish #263

Workflow file for this run

---
name: Build & Publish
on:
push:
branches:
- main
tags:
- v*
pull_request:
release:
types:
- created
schedule:
- cron: "0 18 * * 5"
jobs:
build-publish:
runs-on: ubuntu-20.04
container:
image: ghcr.io/karras/archlinux-package-build:latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Refresh and update packages
run: |
pacman -Syu --noconfirm
- name: Install lint dependencies
run: |
pacman -S --noconfirm shellcheck
- name: Lint shell scripts
run: |
shellcheck *.sh
- name: Import builder private key for package signing
run: |
echo -e "${{ secrets.GPG_PRIVATE_KEY }}" | sudo -u builder gpg --import --batch --no-tty
- name: Initialize pacman secret key, import and trust builder public key
run: |
pacman-key --init
pacman-key --add builder_public_key.asc
pacman-key --lsign-key 25267573FD638312C5EBE4C40C758F9503EDE7AF
- name: Build packages
run: |
sudo -u builder \
PACKAGE_AUTHOR="Builder <[email protected]>" \
PACKAGE_GPG_ID=25267573FD638312C5EBE4C40C758F9503EDE7AF \
./build.sh
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: packages
path: /home/builder/build/*
- name: Add packages to the 'latest' release
if: github.event_name == 'schedule' || github.ref == 'refs/heads/main'
run: |
pacman -S curl jq --noconfirm
RELEASE=$(curl -sSL \
-X GET \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/tags/latest | jq '.id')
OLD_ASSETS=$(curl -sSL \
-X GET \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/${RELEASE}/assets | jq '.[] | .id')
# Delete all assets of "latest" first in order to clean or reupload
# them. This will also knowingly remove any older package versions.
for ASSET in ${OLD_ASSETS}; do
echo "Deleting asset ${ASSET}"
curl -sSL \
-X DELETE \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/assets/${ASSET}
done
for FILE in /home/builder/build/*; do
echo "Uploading file ${FILE}"
curl -sSL \
-X POST \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Content-Type: application/octet-stream" \
-T ${FILE} \
https://uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${RELEASE}/assets?name=${FILE##*/}
done
- name: Add packages to the new release
if: github.event_name == 'release' && github.event.action == 'created'
run: |
pacman -S curl jq --noconfirm
RELEASE=$(jq --raw-output '.release.id' "$GITHUB_EVENT_PATH")
for FILE in /home/builder/build/*; do
echo "Uploading file ${FILE}"
curl -sSL \
-X POST \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Content-Type: application/octet-stream" \
-T ${FILE} \
https://uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${RELEASE}/assets?name=${FILE##*/}
done