diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml deleted file mode 100644 index 8193215..0000000 --- a/.github/FUNDING.yml +++ /dev/null @@ -1,12 +0,0 @@ -# These are supported funding model platforms - -github: KSXGitHub # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] -patreon: khai96_ -open_collective: # Collective unavailable -ko_fi: # Replace with a single Ko-fi username -tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel -community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry -liberapay: # Replace with a single Liberapay username -issuehunt: # disabled -otechie: # Replace with a single Otechie username -custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index f4d253d..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,10 +0,0 @@ -version: 2 -updates: -- package-ecosystem: github-actions - directory: "/" - schedule: - interval: weekly - open-pull-requests-limit: 10 - labels: - - dependabot - - github-actions diff --git a/.github/workflows/test-aur.yaml b/.github/workflows/test-aur.yaml new file mode 100644 index 0000000..976f88f --- /dev/null +++ b/.github/workflows/test-aur.yaml @@ -0,0 +1,19 @@ +name: Test publishing AUR package + +on: + - push + +jobs: + publish_aur_package: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + + - name: Publish AUR package + uses: ./ + with: + pkgname: test-publishing-aur-package-using-github-action-a + pkgbuild: ./PKGBUILD + commit_username: ${{ secrets.TEST_AUR_USERNAME }} + commit_email: ${{ secrets.TEST_AUR_EMAIL }} + ssh_private_key: ${{ secrets.TEST_AUR_SSH_PRIVATE_KEY }} diff --git a/Dockerfile b/Dockerfile index f1416de..9917ee9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,10 @@ -FROM archlinux:base +FROM archlinux/base -RUN pacman -Syu --noconfirm -RUN pacman -S --noconfirm --needed --overwrite '*' \ - openssh sudo base-devel \ +RUN pacman -Sy && \ + pacman -Sy --noconfirm --needed openssh sudo \ git fakeroot binutils gcc awk binutils xz \ libarchive bzip2 coreutils file findutils \ - gettext grep gzip sed ncurses util-linux \ - pacman-contrib debugedit + gettext grep gzip sed ncurses util-linux COPY entrypoint.sh /entrypoint.sh COPY build.sh /build.sh diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 0000000..5b85a8f --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,20 @@ +# Maintainer: Hoàng Văn Khải + +pkgname=test-publishing-aur-package-using-github-action-a +pkgver=0.0.0 +pkgrel=2 +pkgdesc='This is a test package. It serves no other purposes.' +url='https://github.com/KSXGitHub/github-actions-deploy-aur.git' +arch=(any) +license=(WTFPL-2.0) +source=() +sha512sums=() + +package() { + msg 'Generating executable...' + ( + echo '#!/bin/sh' + echo 'echo Success' + ) > /usr/bin/test-publishing-aur-package-using-github-action-0 + chmod a+x /usr/bin/test-publishing-aur-package-using-github-action-0 +} diff --git a/README.md b/README.md index e3acfb0..587f655 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Publish AUR package +# Publish AUR packages GitHub Actions to publish AUR package. @@ -10,28 +10,7 @@ GitHub Actions to publish AUR package. ### `pkgbuild` -**Required** Path to PKGBUILD file. This file is often generated by prior steps. - -### `assets` - -**Optional** Newline-separated glob patterns for additional files to be added to the AUR repository. -Glob patterns will be expanded by bash when copying the files to the repository. - -### `updpkgsums` - -**Optional** Update checksums using `updpkgsums`. - -### `test` - -**Optional** Check that PKGBUILD could be built. - -### `test_flags` - -**Optional** Command line flags for makepkg to build the package (if `test` is enabled). The default flags are `--clean --cleanbuild --nodeps`. - -### `post_process` - -**Optional** A line of commands to execute after processing the package. +**Required** Path to PKGBUILD file. ### `commit_username` @@ -49,14 +28,6 @@ Glob patterns will be expanded by bash when copying the files to the repository. **Optional** Commit message to use when creating the new commit. -### `allow_empty_commits` - -**Optional** Allow empty commits, i.e. commits with no change. The default value is `false`. - -### `force_push` - -**Optional** Use `--force` when push to the AUR. The default value is `false`. - ### `ssh_keyscan_types` **Optional** Comma-separated list of types to use when adding aur.archlinux.org to known hosts. @@ -77,11 +48,8 @@ jobs: steps: - uses: actions/checkout@v2 - - name: Generate PKGBUILD - run: bash ./generate-pkgbuild.bash - - name: Publish AUR package - uses: KSXGitHub/github-actions-deploy-aur@ + uses: KSXGitHub/github-actions-deploy-aur@master with: pkgname: my-awesome-package pkgbuild: ./PKGBUILD @@ -89,31 +57,7 @@ jobs: commit_email: ${{ secrets.AUR_EMAIL }} ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }} commit_message: Update AUR package - ssh_keyscan_types: rsa,ecdsa,ed25519 + ssh_keyscan_types: rsa,dsa,ecdsa,ed25519 ``` -**Note:** Replace `` in the above code snippet with a tag of this repo. - **Tip:** To create secrets (such as `secrets.AUR_USERNAME`, `secrets.AUR_EMAIL`, and `secrets.AUR_SSH_PRIVATE_KEY` above), go to `$YOUR_GITHUB_REPO_URL/settings/secrets`. [Read this for more information](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets). - -**Tip:** This action does not generate PKGBUILD for you, you must generate it yourself (e.g. by using actions before this action). - -## Real-world applications - -[sane-fmt](https://github.com/KSXGitHub/sane-fmt) has a [workflow](https://github.com/KSXGitHub/sane-fmt/blob/c07ce4f09c0b8dfa902d28753ebb3800268183f5/.github/workflows/deploy.yaml) that builds and uploads executables to GitHub Release then generates PKGBUILD files for and use this very action to update [aur/sane-fmt](https://aur.archlinux.org/packages/sane-fmt) and [aur/sane-fmt-bin](https://aur.archlinux.org/packages/sane-fmt-bin). - -[pretty-exec](https://github.com/KSXGitHub/pretty-exec) has a [workflow](https://github.com/KSXGitHub/pretty-exec/blob/67473cd85f6aa278367e30fce9e41b4e54e4cb82/.github/workflows/deploy.yaml) that builds and uploads executables to GitHub Release then generates PKGBUILD files for and use this very action to update [aur/pretty-exec](https://aur.archlinux.org/packages/pretty-exec/) and [aur/pretty-exec-bin](https://aur.archlinux.org/packages/pretty-exec-bin/). - -[build-fs-tree](https://github.com/KSXGitHub/build-fs-tree) has a [workflow](https://github.com/KSXGitHub/build-fs-tree/blob/24924d99ae5cd82f00ea62fe8abc1a187bea7a0b/.github/workflows/deploy.yaml) that builds and uploads executables to GitHub Release then generates PKGBUILD files for and use this very action to update [aur/build-fs-tree](https://aur.archlinux.org/packages/build-fs-tree/) and [aur/build-fs-tree-bin](https://aur.archlinux.org/packages/build-fs-tree-bin/). - -[strip-ansi-cli](https://github.com/KSXGitHub/strip-ansi-cli) has a [workflow](https://github.com/KSXGitHub/strip-ansi-cli/blob/f3de1cf4997bbc2efbf137f77325f12640c2e145/.github/workflows/deploy.yaml) that builds and uploads executables to GitHub Release then generates PKGBUILD files for and use this very action to update [aur/strip-ansi](https://aur.archlinux.org/packages/strip-ansi/) and [aur/strip-ansi-bin](https://aur.archlinux.org/packages/strip-ansi-bin/). - -[parallel-disk-usage](https://github.com/KSXGitHub/parallel-disk-usage) has a [workflow](https://github.com/KSXGitHub/parallel-disk-usage/blob/a7fc0937a64d23ae848e44f7ecbf02aec64831e4/.github/workflows/deploy.yaml) that builds and uploads executables to GitHub Release then generates PKGBUILD files for and use this very action to update [aur/parallel-disk-usage](https://aur.archlinux.org/packages/parallel-disk-usage/) and [aur/parallel-disk-usage-bin](https://aur.archlinux.org/packages/parallel-disk-usage-bin/). - -## Become a Patron - -[My Patreon Page](https://patreon.com/khai96_). - -## License - -[MIT](https://git.io/JfWEM) © [Hoàng Văn Khải](https://github.com/KSXGitHub/) diff --git a/action.yml b/action.yml index 5f5a0bd..4cf67a6 100644 --- a/action.yml +++ b/action.yml @@ -1,3 +1,4 @@ +# action.yml name: 'Publish AUR package' description: 'Publish an AUR package' author: KSXGitHub @@ -11,26 +12,6 @@ inputs: pkgbuild: description: 'Path to PKGBUILD file' required: true - assets: - description: 'Newline-separated glob patterns for additional files to be added to the AUR repository' - required: false - default: '' - updpkgsums: - description: 'Update checksums using `updpkgsums`' - required: false - default: 'false' - test: - description: 'Check that PKGBUILD could be built' - required: false - default: 'false' - test_flags: - description: 'Command line flags for makepkg to build the package (if `test` is enabled)' - required: false - default: '--clean --cleanbuild --nodeps' - post_process: - description: 'A line of commands to execute after processing the package' - required: false - default: '' commit_username: description: 'The username to use when creating the new commit' required: true @@ -44,18 +25,10 @@ inputs: description: 'Commit message to use when creating the new commit' required: false default: 'Update PKGBUILD and .SRCINFO with GitHub Actions' - allow_empty_commits: - description: 'Allow empty commits, i.e. commits with no change.' - required: false - default: 'false' - force_push: - description: 'Use --force when push to the AUR.' - required: false - default: 'false' ssh_keyscan_types: description: 'Comma-separated list of types to use when adding aur.archlinux.org to known hosts' required: false - default: 'rsa,ecdsa,ed25519' + default: 'rsa,dsa,ecdsa,ed25519' runs: using: 'docker' image: 'Dockerfile' diff --git a/build.sh b/build.sh index 34063f6..5197654 100755 --- a/build.sh +++ b/build.sh @@ -4,139 +4,41 @@ set -o errexit -o pipefail -o nounset pkgname=$INPUT_PKGNAME -pkgbuild=$INPUT_PKGBUILD -assets=$INPUT_ASSETS -updpkgsums=$INPUT_UPDPKGSUMS -test=$INPUT_TEST -read -r -a test_flags <<< "$INPUT_TEST_FLAGS" -post_process=$INPUT_POST_PROCESS commit_username=$INPUT_COMMIT_USERNAME commit_email=$INPUT_COMMIT_EMAIL ssh_private_key=$INPUT_SSH_PRIVATE_KEY commit_message=$INPUT_COMMIT_MESSAGE -allow_empty_commits=$INPUT_ALLOW_EMPTY_COMMITS -force_push=$INPUT_FORCE_PUSH ssh_keyscan_types=$INPUT_SSH_KEYSCAN_TYPES -assert_non_empty() { - name=$1 - value=$2 - if [[ -z "$value" ]]; then - echo "::error::Invalid Value: $name is empty." >&2 - exit 1 - fi -} - -assert_non_empty inputs.pkgname "$pkgname" -assert_non_empty inputs.pkgbuild "$pkgbuild" -assert_non_empty inputs.commit_username "$commit_username" -assert_non_empty inputs.commit_email "$commit_email" -assert_non_empty inputs.ssh_private_key "$ssh_private_key" - export HOME=/home/builder -# Ignore "." and ".." to prevent errors when glob pattern for assets matches hidden files -GLOBIGNORE=".:.." +echo 'Adding aur.archlinux.org to known hosts...' +ssh-keyscan -v -t "$ssh_keyscan_types" aur.archlinux.org >> ~/.ssh/known_hosts -echo '::group::Adding aur.archlinux.org to known hosts' -ssh-keyscan -v -t "$ssh_keyscan_types" aur.archlinux.org >>~/.ssh/known_hosts -echo '::endgroup::' - -echo '::group::Importing private key' -echo "$ssh_private_key" >~/.ssh/aur +echo 'Importing private key...' +echo "$ssh_private_key" > ~/.ssh/aur chmod -vR 600 ~/.ssh/aur* -ssh-keygen -vy -f ~/.ssh/aur >~/.ssh/aur.pub -echo '::endgroup::' +ssh-keygen -vy -f ~/.ssh/aur > ~/.ssh/aur.pub -echo '::group::Checksums of SSH keys' +echo 'Checksums of SSH keys...' sha512sum ~/.ssh/aur ~/.ssh/aur.pub -echo '::endgroup::' -echo '::group::Configuring Git' +echo 'Configuring git...' git config --global user.name "$commit_username" git config --global user.email "$commit_email" -echo '::endgroup::' -echo '::group::Cloning AUR package into /tmp/local-repo' +echo 'Cloning AUR package into /tmp/local-repo...' git clone -v "https://aur.archlinux.org/${pkgname}.git" /tmp/local-repo -echo '::endgroup::' - -echo '::group::Copying files into /tmp/local-repo' -{ - echo "Copying $pkgbuild" - cp -v "$pkgbuild" /tmp/local-repo/PKGBUILD -} -# shellcheck disable=SC2086 -# Ignore quote rule because we need to expand glob patterns to copy $assets -if [[ -n "$assets" ]]; then - echo 'Copying' $assets - cp -rvt /tmp/local-repo/ $assets -fi -echo '::endgroup::' - -if [ "$updpkgsums" == "true" ]; then - echo '::group::Updating checksums' - cd /tmp/local-repo/ - updpkgsums - echo '::endgroup::' -fi - -if [ "$test" == "true" ]; then - echo '::group::Building package with makepkg' - cd /tmp/local-repo/ - makepkg "${test_flags[@]}" - echo '::endgroup::' -fi - -echo '::group::Generating .SRCINFO' cd /tmp/local-repo -makepkg --printsrcinfo >.SRCINFO -echo '::endgroup::' - -if [ -n "$post_process" ]; then - echo '::group::Executing post process commands' - cd /tmp/local-repo/ - eval "$post_process" - echo '::endgroup::' -fi -echo '::group::Committing files to the repository' -if [[ -z "$assets" ]]; then - # When $assets are not set, we can add just PKGBUILD and .SRCINFO - # This is to prevent unintended behaviour and maintain backwards compatibility - git add -fv PKGBUILD .SRCINFO -else - # We cannot just re-use $assets because it contains absolute paths outside repository - # But we can just add all files in the repository which should also include all $assets - git add --all -fi +echo 'Copying PKGBUILD...' +cp -v /PKGBUILD ./ -case "$allow_empty_commits" in -true) - git commit --allow-empty -m "$commit_message" - ;; -false) - git diff-index --quiet HEAD || git commit -m "$commit_message" # use `git diff-index --quiet HEAD ||` to avoid error - ;; -*) - echo "::error::Invalid Value: inputs.allow_empty_commits is neither 'true' nor 'false': '$allow_empty_commits'" - exit 2 - ;; -esac -echo '::endgroup::' +echo "Updating .SRCINFO" +makepkg --printsrcinfo > .SRCINFO -echo '::group::Publishing the repository' +echo "Publishing..." git remote add aur "ssh://aur@aur.archlinux.org/${pkgname}.git" -case "$force_push" in -true) - git push -v --force aur master - ;; -false) - git push -v aur master - ;; -*) - echo "::error::Invalid Value: inputs.force_push is neither 'true' nor 'false': '$force_push'" - exit 3 - ;; -esac -echo '::endgroup::' +git add -fv PKGBUILD .SRCINFO +git commit --allow-empty -m "$commit_message" +git push -fv aur master diff --git a/entrypoint.sh b/entrypoint.sh index a2d9894..1e88822 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -2,19 +2,21 @@ set -o errexit -o pipefail -o nounset -echo '::group::Creating builder user' +pkgbuild=$INPUT_PKGBUILD + +echo 'Creating builder user...' useradd --create-home --shell /bin/bash builder passwd --delete builder -mkdir -p /etc/sudoers.d/ -echo "builder ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/builder -echo '::endgroup::' -echo '::group::Initializing SSH directory' +echo 'Initializing ssh directory...' mkdir -pv /home/builder/.ssh touch /home/builder/.ssh/known_hosts cp -v /ssh_config /home/builder/.ssh/config chown -vR builder:builder /home/builder chmod -vR 600 /home/builder/.ssh/* -echo '::endgroup::' +echo 'Copying PKGBUILD...' +cp -r "$pkgbuild" /PKGBUILD + +echo 'Running build.sh...' exec runuser builder --command 'bash -l -c /build.sh' diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..f45d8f1 --- /dev/null +++ b/renovate.json @@ -0,0 +1,5 @@ +{ + "extends": [ + "config:base" + ] +}