Packages CI #407
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 参考 https://github.com/zaggash/gh-workflows/blob/main/.github/workflows/action_build-aur-repo.yaml | |
| name: Packages CI | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "19 11 * * *" # UTC+8, 即北京时间 | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - ".github/workflows/*.yml" | |
| - ".github/renovate.json" | |
| - ".github/nvchecker.toml" | |
| - ".github/new_ver.json" | |
| - "Archived/**" | |
| jobs: | |
| metadata: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.generate-matrix.outputs.matrix }} | |
| steps: | |
| - name: 导入 PKGBUILD | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: 生成数组 | |
| id: generate-matrix | |
| run: | | |
| MATRIX_JSON=`find * -type f -not -path "Archived/*" -name "PKGBUILD" -printf "%h\n" | jq -Rnc '."package" |= [inputs]'` | |
| echo ${MATRIX_JSON} | |
| echo "matrix=${MATRIX_JSON}" >> $GITHUB_OUTPUT | |
| build_packages: | |
| needs: metadata | |
| runs-on: ubuntu-latest | |
| container: | |
| image: archlinux:base-devel | |
| continue-on-error: true | |
| strategy: | |
| max-parallel: 5 | |
| matrix: ${{ fromJson(needs.metadata.outputs.matrix) }} | |
| fail-fast: false | |
| steps: | |
| - name: 安装依赖 | |
| run: | | |
| # 准备 REPO_FOLDER 变量 | |
| # * https://github.com/actions/runner/issues/2058 | |
| echo "REPO_FOLDER=$GITHUB_WORKSPACE/repo/x86_64" >> $GITHUB_ENV | |
| # 添加基础依赖包 | |
| pacman -Syyuu --noconfirm --needed --ignore filesystem git pacman-contrib | |
| - name: 导入 PKGBUILD | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: 配置环境 | |
| env: | |
| GPG_SIGNING_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| GPG_PUBLIC_KEY: ${{ secrets.GPG_PUBLIC_KEY }} | |
| run: | | |
| # 配置 makepkg.conf: 取消生成 debug 包、添加打包者信息 | |
| sed -i 's#\(^OPTIONS.*\)\(debug\)\(.*\)#\1!\2\3#' /etc/makepkg.conf | |
| echo 'PACKAGER="yidaduizuoye <[email protected]>"' >> /etc/makepkg.conf | |
| # 配置非 root 用户 | |
| useradd -m builder | |
| echo "builder ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/builder | |
| # 配置 GPG key 签名仓库 | |
| echo -n "$GPG_SIGNING_KEY" | sudo -u builder gpg --import | |
| # 导入本项目 AUR 仓库 | |
| sed -i '$a \[zuoye-aur]\nServer = https://github.com/CAB233/myAUR/releases/download/$arch' /etc/pacman.conf | |
| echo -n "$GPG_PUBLIC_KEY" | pacman-key -a - | |
| pacman-key --init | |
| pacman-key --lsign-key 62FFE3FEF4158CF1 | |
| pacman -Syy | |
| # 配置仓库文件结构 | |
| mkdir -p ${REPO_FOLDER} | |
| chown -R builder:builder ./ | |
| - name: 恢复 yay 缓存 | |
| id: cache-yay | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: /usr/bin/yay | |
| key: yay-cache | |
| - name: 安装 yay | |
| if: steps.cache-yay.outputs.cache-hit != 'true' | |
| working-directory: /tmp | |
| run: | | |
| sudo -u builder git clone https://aur.archlinux.org/yay.git | |
| cd yay | |
| sudo -u builder makepkg -si --noconfirm --needed | |
| sudo -u builder yay --version | |
| - name: 构建 ${{ matrix.package }} | |
| id: build-package | |
| working-directory: ./${{ matrix.package }} | |
| continue-on-error: true | |
| run: | | |
| # 安装相关包依赖 | |
| sudo -u builder yay -Sy --noconfirm \ | |
| $(pacman --deptest \ | |
| $(source ./PKGBUILD &&\ | |
| echo ${depends[@]} ${checkdepends[@]} ${makedepends[@]})) | |
| # 验证文件完整性 | |
| sudo -u builder updpkgsums | |
| # 开始构建 | |
| sudo -u builder PKGDEST=${REPO_FOLDER} makepkg -f --sig | |
| - name: 构建 ${{ matrix.package }} (重试) | |
| if: steps.build-package.outcome == 'failure' | |
| working-directory: ./${{ matrix.package }} | |
| run: | | |
| # 安装相关包依赖 | |
| sudo -u builder yay -Sy --noconfirm \ | |
| $(pacman --deptest \ | |
| $(source ./PKGBUILD &&\ | |
| echo ${depends[@]} ${checkdepends[@]} ${makedepends[@]})) | |
| # 验证文件完整性 | |
| sudo -u builder updpkgsums | |
| # 开始构建 | |
| sudo -u builder PKGDEST=${REPO_FOLDER} makepkg -f --sig | |
| - name: 处理产物文件名 #limitation on name for epoch https://github.com/actions/upload-artifact/issues/22#issuecomment-568561966 | |
| run: | | |
| # || [ "$?" = "4" ] // I do not want to exit if nothing was renamed | |
| rename ':' '.' ${REPO_FOLDER}/*.pkg.tar.* || [ "$?" == "4" ] | |
| - name: 将构建产物上传至 artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: package-${{ matrix.package }} | |
| path: ${{ env.REPO_FOLDER }}/ | |
| retention-days: 1 | |
| build_repo: | |
| needs: build_packages | |
| runs-on: ubuntu-latest | |
| container: | |
| image: archlinux:base-devel | |
| steps: | |
| - name: 下载构建产物 | |
| id: restore | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: package-* | |
| merge-multiple: true | |
| - name: 导入 GPG 密钥 | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| - name: 创建包仓库数据库 | |
| env: | |
| REPO_NAME: zuoye-aur | |
| run: | | |
| # 生成包数据库 | |
| repo-add --sign $(basename $REPO_NAME).db.tar.gz ./*.pkg.tar.zst | |
| # 删除数据库中的系统链接 | |
| find . -type l -delete | |
| # 重命名已压缩的数据库文件 | |
| rename -- .tar.gz '' *.tar.gz | |
| rename -- .tar.gz.sig '.sig' *.tar.gz.sig | |
| - name: 上传至 R2 存储桶 | |
| uses: ryand56/[email protected] | |
| with: | |
| r2-account-id: ${{ secrets.R2_ACCOUNT_ID }} | |
| r2-access-key-id: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| r2-secret-access-key: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| r2-bucket: ${{ secrets.R2_BUCKET }} | |
| source-dir: ${{ github.workspace }} | |
| destination-dir: archlinux/x86_64 | |
| keep-file-fresh: true | |
| - name: 获取当前构建时间 | |
| run: echo "builddate=$(date +'%Y.%m.%d')" >> $GITHUB_OUTPUT | |
| id: date | |
| - name: 上传至 GitHub Release | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| artifactErrorsFailBuild: true | |
| removeArtifacts: true | |
| allowUpdates: true | |
| generateReleaseNotes: false | |
| tag: x86_64 | |
| name: ${{ steps.date.outputs.builddate }} | |
| artifacts: "./*" | |
| prerelease: true | |
| body: | | |
| Archlinux x86_64 repo packages |