-
Notifications
You must be signed in to change notification settings - Fork 0
113 lines (97 loc) · 3.87 KB
/
build-publish.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
---
name: Build & Publish
on:
push:
branches:
- main
tags:
- v*
pull_request:
release:
types:
- created
schedule:
- cron: "0 18 * * 5"
jobs:
build-publish:
runs-on: ubuntu-20.04
container:
image: ghcr.io/karras/archlinux-package-build:latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Refresh and update packages
run: |
pacman -Syu --noconfirm
- name: Install lint dependencies
run: |
pacman -S --noconfirm shellcheck
- name: Lint shell scripts
run: |
shellcheck *.sh
- name: Import builder private key for package signing
run: |
echo -e "${{ secrets.GPG_PRIVATE_KEY }}" | sudo -u builder gpg --import --batch --no-tty
- name: Initialize pacman secret key, import and trust builder public key
run: |
pacman-key --init
pacman-key --add builder_public_key.asc
pacman-key --lsign-key 25267573FD638312C5EBE4C40C758F9503EDE7AF
- name: Build packages
run: |
sudo -u builder \
PACKAGE_AUTHOR="Builder <[email protected]>" \
PACKAGE_GPG_ID=25267573FD638312C5EBE4C40C758F9503EDE7AF \
./build.sh
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: packages
path: /home/builder/build/*
- name: Add packages to the 'latest' release
if: github.event_name == 'schedule' || github.ref == 'refs/heads/main'
run: |
pacman -S curl jq --noconfirm
RELEASE=$(curl -sSL \
-X GET \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/tags/latest | jq '.id')
OLD_ASSETS=$(curl -sSL \
-X GET \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/${RELEASE}/assets | jq '.[] | .id')
# Delete all assets of "latest" first in order to clean or reupload
# them. This will also knowingly remove any older package versions.
for ASSET in ${OLD_ASSETS}; do
echo "Deleting asset ${ASSET}"
curl -sSL \
-X DELETE \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/assets/${ASSET}
done
for FILE in /home/builder/build/*; do
echo "Uploading file ${FILE}"
curl -sSL \
-X POST \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Content-Type: application/octet-stream" \
-T ${FILE} \
https://uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${RELEASE}/assets?name=${FILE##*/}
done
- name: Add packages to the new release
if: github.event_name == 'release' && github.event.action == 'created'
run: |
pacman -S curl jq --noconfirm
RELEASE=$(jq --raw-output '.release.id' "$GITHUB_EVENT_PATH")
for FILE in /home/builder/build/*; do
echo "Uploading file ${FILE}"
curl -sSL \
-X POST \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Content-Type: application/octet-stream" \
-T ${FILE} \
https://uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${RELEASE}/assets?name=${FILE##*/}
done