Build & Publish #289
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Build & Publish | |
| on: | |
| push: | |
| branches: | |
| - main | |
| tags: | |
| - v* | |
| pull_request: | |
| release: | |
| types: | |
| - created | |
| schedule: | |
| - cron: "0 18 * * 5" | |
| jobs: | |
| build-publish: | |
| runs-on: ubuntu-20.04 | |
| container: | |
| image: ghcr.io/karras/archlinux-package-build:latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Refresh and update packages | |
| run: | | |
| pacman -Syu --noconfirm | |
| - name: Install lint dependencies | |
| run: | | |
| pacman -S --noconfirm shellcheck | |
| - name: Lint shell scripts | |
| run: | | |
| shellcheck *.sh | |
| - name: Import builder private key for package signing | |
| run: | | |
| echo -e "${{ secrets.GPG_PRIVATE_KEY }}" | sudo -u builder gpg --import --batch --no-tty | |
| - name: Initialize pacman secret key, import and trust builder public key | |
| run: | | |
| pacman-key --init | |
| pacman-key --add builder_public_key.asc | |
| pacman-key --lsign-key 25267573FD638312C5EBE4C40C758F9503EDE7AF | |
| # See https://github.com/docker/for-mac/issues/7331 | |
| - name: Downgrade fakeroot to avoid freezes | |
| run: | | |
| pacman -U --noconfirm https://archive.archlinux.org/packages/f/fakeroot/fakeroot-1.34-1-x86_64.pkg.tar.zst | |
| - name: Build packages | |
| run: | | |
| sudo -u builder \ | |
| PACKAGE_AUTHOR="Builder <[email protected]>" \ | |
| PACKAGE_GPG_ID=25267573FD638312C5EBE4C40C758F9503EDE7AF \ | |
| ./build.sh | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: packages | |
| path: /home/builder/build/* | |
| - name: Add packages to the 'latest' release | |
| if: github.event_name == 'schedule' || github.ref == 'refs/heads/main' | |
| run: | | |
| pacman -S curl jq --noconfirm | |
| RELEASE=$(curl -sSL \ | |
| -X GET \ | |
| -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/tags/latest | jq '.id') | |
| OLD_ASSETS=$(curl -sSL \ | |
| -X GET \ | |
| -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/${RELEASE}/assets | jq '.[] | .id') | |
| # Delete all assets of "latest" first in order to clean or reupload | |
| # them. This will also knowingly remove any older package versions. | |
| for ASSET in ${OLD_ASSETS}; do | |
| echo "Deleting asset ${ASSET}" | |
| curl -sSL \ | |
| -X DELETE \ | |
| -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Accept: application/vnd.github.v3+json" \ | |
| https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/assets/${ASSET} | |
| done | |
| for FILE in /home/builder/build/*; do | |
| echo "Uploading file ${FILE}" | |
| curl -sSL \ | |
| -X POST \ | |
| -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Content-Type: application/octet-stream" \ | |
| -T ${FILE} \ | |
| https://uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${RELEASE}/assets?name=${FILE##*/} | |
| done | |
| - name: Add packages to the new release | |
| if: github.event_name == 'release' && github.event.action == 'created' | |
| run: | | |
| pacman -S curl jq --noconfirm | |
| RELEASE=$(jq --raw-output '.release.id' "$GITHUB_EVENT_PATH") | |
| for FILE in /home/builder/build/*; do | |
| echo "Uploading file ${FILE}" | |
| curl -sSL \ | |
| -X POST \ | |
| -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ | |
| -H "Content-Type: application/octet-stream" \ | |
| -T ${FILE} \ | |
| https://uploads.github.com/repos/${GITHUB_REPOSITORY}/releases/${RELEASE}/assets?name=${FILE##*/} | |
| done |