diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index 0416acc..8193215 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,6 +1,6 @@ # These are supported funding model platforms -github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] +github: KSXGitHub # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] patreon: khai96_ open_collective: # Collective unavailable ko_fi: # Replace with a single Ko-fi username diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..f4d253d --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,10 @@ +version: 2 +updates: +- package-ecosystem: github-actions + directory: "/" + schedule: + interval: weekly + open-pull-requests-limit: 10 + labels: + - dependabot + - github-actions diff --git a/Dockerfile b/Dockerfile index 3c75861..f1416de 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,10 +2,11 @@ FROM archlinux:base RUN pacman -Syu --noconfirm RUN pacman -S --noconfirm --needed --overwrite '*' \ - openssh sudo \ + openssh sudo base-devel \ git fakeroot binutils gcc awk binutils xz \ libarchive bzip2 coreutils file findutils \ - gettext grep gzip sed ncurses util-linux + gettext grep gzip sed ncurses util-linux \ + pacman-contrib debugedit COPY entrypoint.sh /entrypoint.sh COPY build.sh /build.sh diff --git a/README.md b/README.md index b02ac88..e3acfb0 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,27 @@ GitHub Actions to publish AUR package. **Required** Path to PKGBUILD file. This file is often generated by prior steps. +### `assets` + +**Optional** Newline-separated glob patterns for additional files to be added to the AUR repository. +Glob patterns will be expanded by bash when copying the files to the repository. + +### `updpkgsums` + +**Optional** Update checksums using `updpkgsums`. + +### `test` + +**Optional** Check that PKGBUILD could be built. + +### `test_flags` + +**Optional** Command line flags for makepkg to build the package (if `test` is enabled). The default flags are `--clean --cleanbuild --nodeps`. + +### `post_process` + +**Optional** A line of commands to execute after processing the package. + ### `commit_username` **Required** The username to use when creating the new commit. @@ -30,7 +51,7 @@ GitHub Actions to publish AUR package. ### `allow_empty_commits` -**Optional** Allow empty commits, i.e. commits with no change. The default value is `true`. +**Optional** Allow empty commits, i.e. commits with no change. The default value is `false`. ### `force_push` @@ -56,6 +77,9 @@ jobs: steps: - uses: actions/checkout@v2 + - name: Generate PKGBUILD + run: bash ./generate-pkgbuild.bash + - name: Publish AUR package uses: KSXGitHub/github-actions-deploy-aur@ with: @@ -65,7 +89,7 @@ jobs: commit_email: ${{ secrets.AUR_EMAIL }} ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }} commit_message: Update AUR package - ssh_keyscan_types: rsa,dsa,ecdsa,ed25519 + ssh_keyscan_types: rsa,ecdsa,ed25519 ``` **Note:** Replace `` in the above code snippet with a tag of this repo. @@ -84,6 +108,8 @@ jobs: [strip-ansi-cli](https://github.com/KSXGitHub/strip-ansi-cli) has a [workflow](https://github.com/KSXGitHub/strip-ansi-cli/blob/f3de1cf4997bbc2efbf137f77325f12640c2e145/.github/workflows/deploy.yaml) that builds and uploads executables to GitHub Release then generates PKGBUILD files for and use this very action to update [aur/strip-ansi](https://aur.archlinux.org/packages/strip-ansi/) and [aur/strip-ansi-bin](https://aur.archlinux.org/packages/strip-ansi-bin/). +[parallel-disk-usage](https://github.com/KSXGitHub/parallel-disk-usage) has a [workflow](https://github.com/KSXGitHub/parallel-disk-usage/blob/a7fc0937a64d23ae848e44f7ecbf02aec64831e4/.github/workflows/deploy.yaml) that builds and uploads executables to GitHub Release then generates PKGBUILD files for and use this very action to update [aur/parallel-disk-usage](https://aur.archlinux.org/packages/parallel-disk-usage/) and [aur/parallel-disk-usage-bin](https://aur.archlinux.org/packages/parallel-disk-usage-bin/). + ## Become a Patron [My Patreon Page](https://patreon.com/khai96_). diff --git a/action.yml b/action.yml index f8deefb..5f5a0bd 100644 --- a/action.yml +++ b/action.yml @@ -11,6 +11,26 @@ inputs: pkgbuild: description: 'Path to PKGBUILD file' required: true + assets: + description: 'Newline-separated glob patterns for additional files to be added to the AUR repository' + required: false + default: '' + updpkgsums: + description: 'Update checksums using `updpkgsums`' + required: false + default: 'false' + test: + description: 'Check that PKGBUILD could be built' + required: false + default: 'false' + test_flags: + description: 'Command line flags for makepkg to build the package (if `test` is enabled)' + required: false + default: '--clean --cleanbuild --nodeps' + post_process: + description: 'A line of commands to execute after processing the package' + required: false + default: '' commit_username: description: 'The username to use when creating the new commit' required: true @@ -27,7 +47,7 @@ inputs: allow_empty_commits: description: 'Allow empty commits, i.e. commits with no change.' required: false - default: 'true' + default: 'false' force_push: description: 'Use --force when push to the AUR.' required: false @@ -35,7 +55,7 @@ inputs: ssh_keyscan_types: description: 'Comma-separated list of types to use when adding aur.archlinux.org to known hosts' required: false - default: 'rsa,dsa,ecdsa,ed25519' + default: 'rsa,ecdsa,ed25519' runs: using: 'docker' image: 'Dockerfile' diff --git a/build.sh b/build.sh index 71cd786..34063f6 100755 --- a/build.sh +++ b/build.sh @@ -4,6 +4,12 @@ set -o errexit -o pipefail -o nounset pkgname=$INPUT_PKGNAME +pkgbuild=$INPUT_PKGBUILD +assets=$INPUT_ASSETS +updpkgsums=$INPUT_UPDPKGSUMS +test=$INPUT_TEST +read -r -a test_flags <<< "$INPUT_TEST_FLAGS" +post_process=$INPUT_POST_PROCESS commit_username=$INPUT_COMMIT_USERNAME commit_email=$INPUT_COMMIT_EMAIL ssh_private_key=$INPUT_SSH_PRIVATE_KEY @@ -12,8 +18,26 @@ allow_empty_commits=$INPUT_ALLOW_EMPTY_COMMITS force_push=$INPUT_FORCE_PUSH ssh_keyscan_types=$INPUT_SSH_KEYSCAN_TYPES +assert_non_empty() { + name=$1 + value=$2 + if [[ -z "$value" ]]; then + echo "::error::Invalid Value: $name is empty." >&2 + exit 1 + fi +} + +assert_non_empty inputs.pkgname "$pkgname" +assert_non_empty inputs.pkgbuild "$pkgbuild" +assert_non_empty inputs.commit_username "$commit_username" +assert_non_empty inputs.commit_email "$commit_email" +assert_non_empty inputs.ssh_private_key "$ssh_private_key" + export HOME=/home/builder +# Ignore "." and ".." to prevent errors when glob pattern for assets matches hidden files +GLOBIGNORE=".:.." + echo '::group::Adding aur.archlinux.org to known hosts' ssh-keyscan -v -t "$ssh_keyscan_types" aur.archlinux.org >>~/.ssh/known_hosts echo '::endgroup::' @@ -28,7 +52,7 @@ echo '::group::Checksums of SSH keys' sha512sum ~/.ssh/aur ~/.ssh/aur.pub echo '::endgroup::' -echo '::group::Configuring git' +echo '::group::Configuring Git' git config --global user.name "$commit_username" git config --global user.email "$commit_email" echo '::endgroup::' @@ -37,20 +61,56 @@ echo '::group::Cloning AUR package into /tmp/local-repo' git clone -v "https://aur.archlinux.org/${pkgname}.git" /tmp/local-repo echo '::endgroup::' -echo '::group::Generating PKGBUILD and .SRCINFO' -cd /tmp/local-repo +echo '::group::Copying files into /tmp/local-repo' +{ + echo "Copying $pkgbuild" + cp -v "$pkgbuild" /tmp/local-repo/PKGBUILD +} +# shellcheck disable=SC2086 +# Ignore quote rule because we need to expand glob patterns to copy $assets +if [[ -n "$assets" ]]; then + echo 'Copying' $assets + cp -rvt /tmp/local-repo/ $assets +fi +echo '::endgroup::' -echo 'Copying PKGBUILD...' -cp -v /PKGBUILD ./ +if [ "$updpkgsums" == "true" ]; then + echo '::group::Updating checksums' + cd /tmp/local-repo/ + updpkgsums + echo '::endgroup::' +fi -echo "Updating .SRCINFO" -makepkg --printsrcinfo >.SRCINFO +if [ "$test" == "true" ]; then + echo '::group::Building package with makepkg' + cd /tmp/local-repo/ + makepkg "${test_flags[@]}" + echo '::endgroup::' +fi +echo '::group::Generating .SRCINFO' +cd /tmp/local-repo +makepkg --printsrcinfo >.SRCINFO echo '::endgroup::' -echo '::group::Publishing' -git remote add aur "ssh://aur@aur.archlinux.org/${pkgname}.git" -git add -fv PKGBUILD .SRCINFO +if [ -n "$post_process" ]; then + echo '::group::Executing post process commands' + cd /tmp/local-repo/ + eval "$post_process" + echo '::endgroup::' +fi + +echo '::group::Committing files to the repository' +if [[ -z "$assets" ]]; then + # When $assets are not set, we can add just PKGBUILD and .SRCINFO + # This is to prevent unintended behaviour and maintain backwards compatibility + git add -fv PKGBUILD .SRCINFO +else + # We cannot just re-use $assets because it contains absolute paths outside repository + # But we can just add all files in the repository which should also include all $assets + git add --all +fi + case "$allow_empty_commits" in true) git commit --allow-empty -m "$commit_message" @@ -63,6 +123,10 @@ false) exit 2 ;; esac +echo '::endgroup::' + +echo '::group::Publishing the repository' +git remote add aur "ssh://aur@aur.archlinux.org/${pkgname}.git" case "$force_push" in true) git push -v --force aur master diff --git a/entrypoint.sh b/entrypoint.sh index dc9f1d3..a2d9894 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,14 +2,14 @@ set -o errexit -o pipefail -o nounset -pkgbuild=$INPUT_PKGBUILD - echo '::group::Creating builder user' useradd --create-home --shell /bin/bash builder passwd --delete builder +mkdir -p /etc/sudoers.d/ +echo "builder ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/builder echo '::endgroup::' -echo '::group::Initializing ssh directory' +echo '::group::Initializing SSH directory' mkdir -pv /home/builder/.ssh touch /home/builder/.ssh/known_hosts cp -v /ssh_config /home/builder/.ssh/config @@ -17,8 +17,4 @@ chown -vR builder:builder /home/builder chmod -vR 600 /home/builder/.ssh/* echo '::endgroup::' -echo '::group::Copying PKGBUILD' -cp -r "$pkgbuild" /PKGBUILD -echo '::endgroup::' - exec runuser builder --command 'bash -l -c /build.sh' diff --git a/renovate.json b/renovate.json deleted file mode 100644 index f45d8f1..0000000 --- a/renovate.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "extends": [ - "config:base" - ] -}