测试 (#114) #140
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 参考 https://github.com/zaggash/gh-workflows/blob/main/.github/workflows/action_build-aur-repo.yaml | |
| name: Packages CI | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: "45 3 * * *" # UTC+8, 即北京时间 | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - ".github/workflows/build.yml" | |
| - ".github/renovate.json" | |
| jobs: | |
| metadata: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| matrix: ${{ steps.generate-matrix.outputs.matrix }} | |
| steps: | |
| - name: 仓库导入 PKGBUILD | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: 生成数组 | |
| id: generate-matrix | |
| run: | | |
| sudo apt-get install jq | |
| MATRIX_JSON=`find * -type f -name "PKGBUILD" -printf "%h\n" | jq -Rnc '."package" |= [inputs]'` | |
| echo ${MATRIX_JSON} | |
| echo "matrix=${MATRIX_JSON}" >> $GITHUB_OUTPUT | |
| build_packages: | |
| needs: metadata | |
| runs-on: ubuntu-latest | |
| container: | |
| image: archlinux:base-devel | |
| continue-on-error: true | |
| strategy: | |
| max-parallel: 5 | |
| matrix: ${{ fromJson(needs.metadata.outputs.matrix) }} | |
| fail-fast: false | |
| steps: | |
| - name: 安装依赖 | |
| run: | | |
| # 准备 REPO_FOLDER 变量 | |
| # * https://github.com/actions/runner/issues/2058 | |
| echo "REPO_FOLDER=$GITHUB_WORKSPACE/repo/x86_64" >> $GITHUB_ENV | |
| # 添加基础依赖包 | |
| pacman -Syyuu --noconfirm --needed --ignore filesystem git gnupg | |
| - name: 仓库导入 PKGBUILD | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: 配置环境 | |
| env: | |
| GPG_SIGNING_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| run: | | |
| # 配置 makepkg.conf: 取消生成 debug 包、修改线程数、添加打包者信息 | |
| sed -i 's#\(^OPTIONS.*\)\(debug\)\(.*\)#\1!\2\3#' /etc/makepkg.conf | |
| echo 'MAKEFLAGS="-j$(nproc)"' >> /etc/makepkg.conf | |
| echo 'PACKAGER="yidaduizuoye <[email protected]>"' >> /etc/makepkg.conf | |
| # 配置非 root 用户 | |
| useradd -m builder | |
| echo "builder ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/builder | |
| # 配置 GPG key 签名仓库 | |
| echo -n "$GPG_SIGNING_KEY" | sudo -u builder gpg --import | |
| # 配置仓库文件结构 | |
| mkdir -p ${REPO_FOLDER} | |
| chown -R builder:builder ./ | |
| - name: 恢复 yay 缓存 | |
| id: cache-yay | |
| uses: actions/cache@v4 | |
| with: | |
| path: /usr/bin/yay | |
| key: yay-cache | |
| - name: 安装 yay | |
| if: steps.cache-yay.outputs.cache-hit != 'true' | |
| working-directory: ./yay-bin | |
| run: | | |
| sudo -u builder PKGDEST=${REPO_FOLDER} makepkg -si --noconfirm --needed -p PKGBU1LD | |
| sudo -u builder yay --version | |
| - name: 构建 ${{ matrix.package }} | |
| working-directory: ./${{ matrix.package }} | |
| run: | | |
| # 安装相关包依赖 | |
| sudo -u builder yay -Sy --noconfirm \ | |
| $(pacman --deptest \ | |
| $(source ./PKGBUILD &&\ | |
| echo ${depends[@]} ${checkdepends[@]} ${makedepends[@]})) | |
| # 验证文件完整性 | |
| sudo -u builder makepkg -g >> ./PKGBUILD | |
| # 开始构建 | |
| sudo -u builder PKGDEST=${REPO_FOLDER} makepkg -f --sig | |
| - name: 处理产物文件名 #limitation on name for epoch https://github.com/actions/upload-artifact/issues/22#issuecomment-568561966 | |
| run: | | |
| # || [ "$?" = "4" ] // I do not want to exit if nothing was renamed | |
| rename ':' '.' ${REPO_FOLDER}/*.pkg.tar.* || [ "$?" == "4" ] | |
| - name: 将构建产物上传至 artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: package-${{ matrix.package }} | |
| path: ${{ env.REPO_FOLDER }}/ | |
| retention-days: 1 | |
| build_repo: | |
| needs: build_packages | |
| runs-on: ubuntu-latest | |
| container: | |
| image: archlinux:base-devel | |
| steps: | |
| - name: 下载构建产物 | |
| id: restore | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: package-* | |
| merge-multiple: true | |
| - name: 导入 GPG 密钥 | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} | |
| - name: 创建包仓库数据库 | |
| env: | |
| REPO_NAME: zuoye-aur | |
| run: | | |
| # * Fix Openssl 3 issue with node. | |
| # * https://github.com/tibdex/github-app-token/issues/54 | |
| sed -i 's/^providers = provider_sect/#&/' /etc/ssl/openssl.cnf | |
| # * Build Repo | |
| repo-add --sign $(basename $REPO_NAME).db.tar.gz ./*.pkg.tar.zst | |
| # * Delete DB files symlink | |
| find . -type l -delete | |
| # * Rename compressed DB | |
| rename -- .tar.gz '' *.tar.gz | |
| rename -- .tar.gz.sig '.sig' *.tar.gz.sig | |
| - name: 上传至 R2 存储桶 | |
| uses: ryand56/[email protected] | |
| with: | |
| r2-account-id: ${{ secrets.R2_ACCOUNT_ID }} | |
| r2-access-key-id: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| r2-secret-access-key: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| r2-bucket: ${{ secrets.R2_BUCKET }} | |
| source-dir: ${{ github.workspace }} | |
| destination-dir: archlinux/x86_64 | |
| keep-file-fresh: true |