00dbb1df5f
- package.yml: correct Arch registry upload (octet-stream + binary body), drop --privileged, manual shell clone (archlinux image has no Node), built-in Actions token, --nocheck - mirror.yml: clone --mirror + explicit refs push with --prune
40 lines
1.8 KiB
YAML
40 lines
1.8 KiB
YAML
name: Build and publish package
|
|
|
|
on:
|
|
push:
|
|
tags: ['v*']
|
|
|
|
jobs:
|
|
package:
|
|
runs-on: [self-hosted, hestia]
|
|
container:
|
|
image: archlinux:latest
|
|
steps:
|
|
# Note: no actions/checkout — the archlinux image has no Node, which JS
|
|
# actions require. Everything runs as shell steps and clones manually.
|
|
- name: Build and publish
|
|
env:
|
|
PUBLISH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
set -euo pipefail
|
|
VERSION="${GITHUB_REF_NAME#v}"
|
|
pacman -Syu --noconfirm base-devel git rust cargo gtk4 gtk4-layer-shell libpulse iw
|
|
useradd -m builder
|
|
git config --global --add safe.directory '*'
|
|
git clone --branch "${GITHUB_REF_NAME}" --depth 1 \
|
|
"${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" /home/builder/src
|
|
cd /home/builder/src
|
|
git archive --format=tar.gz --prefix="breadbar-${VERSION}/" HEAD \
|
|
> packaging/arch/breadbar-${VERSION}.tar.gz
|
|
SHA=$(sha256sum packaging/arch/breadbar-${VERSION}.tar.gz | awk '{print $1}')
|
|
sed -i "s/^pkgver=.*/pkgver=${VERSION}/" packaging/arch/PKGBUILD
|
|
sed -i "s/^sha256sums=.*/sha256sums=('${SHA}')/" packaging/arch/PKGBUILD
|
|
chown -R builder:builder /home/builder/src
|
|
# --nocheck: packaging builds the artifact; tests belong in a CI job.
|
|
su builder -c "cd /home/builder/src/packaging/arch && makepkg -f --noconfirm --nocheck"
|
|
PKG=$(find /home/builder/src/packaging/arch -name '*.pkg.tar.zst' | head -1)
|
|
curl -fsS -X PUT \
|
|
-H "Authorization: token ${PUBLISH_TOKEN}" \
|
|
-H "Content-Type: application/octet-stream" \
|
|
--data-binary "@${PKG}" \
|
|
"https://git.breadway.dev/api/packages/Breadway/arch/os"
|