bybrooklyn/openbitdo
1
0
Fork 0
mirror of https://github.com/bybrooklyn/openbitdo.git synced 2026-03-19 04:12:56 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
471ecc807f3722d150b77658b8206a0026b51512
openbitdo/.github/workflows/aur-publish.yml

146 lines
4.8 KiB
YAML
Raw Blame History

name: AUR Publish
on:
workflow_call:
inputs:
tag:
description: "Release tag to publish (for example: v0.0.1-rc.1)"
required: true
type: string
workflow_dispatch:
inputs:
tag:
description: "Release tag to publish (for example: v0.0.1-rc.1)"
required: true
type: string
permissions:
contents: read
jobs:
publish-aur:
if: vars.AUR_PUBLISH_ENABLED == '1'
runs-on: ubuntu-latest
container: archlinux:base
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG: ${{ inputs.tag }}
steps:
- uses: actions/checkout@v4
- name: Install AUR packaging dependencies
run: |
pacman -Sy --noconfirm --needed base-devel git openssh curl github-cli
- name: Wait for release assets
run: |
set -euo pipefail
for attempt in $(seq 1 30); do
if gh release view "$TAG" --repo "$GITHUB_REPOSITORY" >/dev/null 2>&1; then
echo "release ${TAG} is available"
exit 0
fi
sleep 10
done
echo "release ${TAG} was not found after waiting" >&2
exit 1
- name: Render AUR metadata from released assets
run: |
set -euo pipefail
mkdir -p /tmp/release-input /tmp/release-metadata
gh release download "$TAG" --repo "$GITHUB_REPOSITORY" \
--pattern "openbitdo-${TAG}-linux-x86_64.tar.gz" \
--pattern "openbitdo-${TAG}-linux-aarch64.tar.gz" \
--pattern "openbitdo-${TAG}-macos-arm64.tar.gz" \
--dir /tmp/release-input
gh api "repos/${GITHUB_REPOSITORY}/tarball/${TAG}" \
> "/tmp/release-input/openbitdo-${TAG}-source.tar.gz"
bash packaging/scripts/render_release_metadata.sh \
"$TAG" \
"$GITHUB_REPOSITORY" \
/tmp/release-input \
/tmp/release-metadata
useradd -m builder
chown -R builder:builder /tmp/release-metadata
su builder -s /bin/bash -c "set -euo pipefail; \
cd /tmp/release-metadata/aur/openbitdo; \
makepkg --printsrcinfo > .SRCINFO; \
cd /tmp/release-metadata/aur/openbitdo-bin; \
makepkg --printsrcinfo > .SRCINFO"
- name: Upload rendered metadata (audit)
uses: actions/upload-artifact@v4
with:
name: aur-rendered-metadata-${{ inputs.tag }}
path: |
/tmp/release-metadata/aur/openbitdo/PKGBUILD
/tmp/release-metadata/aur/openbitdo/.SRCINFO
/tmp/release-metadata/aur/openbitdo-bin/PKGBUILD
/tmp/release-metadata/aur/openbitdo-bin/.SRCINFO
/tmp/release-metadata/checksums.env
- name: Configure SSH for AUR
run: |
if [[ -z "${{ secrets.AUR_USERNAME }}" ]]; then
echo "missing required secret: AUR_USERNAME" >&2
exit 1
fi
if [[ -z "${{ secrets.AUR_SSH_PRIVATE_KEY }}" ]]; then
echo "missing required secret: AUR_SSH_PRIVATE_KEY" >&2
exit 1
fi
mkdir -p ~/.ssh
echo "${{ secrets.AUR_SSH_PRIVATE_KEY }}" > ~/.ssh/aur
chmod 600 ~/.ssh/aur
ssh-keyscan -H aur.archlinux.org >> ~/.ssh/known_hosts
- name: Publish openbitdo and openbitdo-bin
env:
GIT_SSH_COMMAND: ssh -i ~/.ssh/aur
AUR_USER: ${{ secrets.AUR_USERNAME }}
run: |
set -euo pipefail
publish_pkg() {
local pkg="$1"
local remote="ssh://${AUR_USER}@aur.archlinux.org/${pkg}.git"
local tmp_root
local workdir
tmp_root="$(mktemp -d)"
workdir="${tmp_root}/${pkg}"
if git clone "$remote" "$workdir"; then
echo "${pkg}: updated-existing"
else
echo "${pkg}: bootstrap-created"
mkdir -p "$workdir"
cd "$workdir"
git init
git remote add origin "$remote"
fi
cp "/tmp/release-metadata/aur/${pkg}/PKGBUILD" "${workdir}/PKGBUILD"
cp "/tmp/release-metadata/aur/${pkg}/.SRCINFO" "${workdir}/.SRCINFO"
cd "$workdir"
git config user.name "openbitdo-ci"
git config user.email "actions@users.noreply.github.com"
git add PKGBUILD .SRCINFO
if git diff --cached --quiet; then
echo "${pkg}: no metadata changes"
return 0
fi
git commit -m "Update ${pkg} package for ${TAG}"
if git ls-remote --exit-code --heads origin >/dev/null 2>&1; then
git push
else
git push -u origin HEAD:master
fi
}
publish_pkg openbitdo
publish_pkg openbitdo-bin
Reference in New Issue View Git Blame Copy Permalink