Add optional repo update functionality

Slinet6056 · Sep 5, 2024 · 0f3d7e8 · 0f3d7e8
1 parent 57180d5
commit 0f3d7e8
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 17 deletions.
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -2,9 +2,9 @@ name: Test build
 
 on:
   push:
-    branches: [master]
+    branches: [dev]
   pull_request:
-    branches: [master]
+    branches: [dev]
   workflow_dispatch:
 
 jobs:
@@ -20,10 +20,18 @@ jobs:
           package_name: ciallo
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}
-          pkgs_directory: test
+          pkgs_path: test
+          repo_name: test-repo
+          repo_path: repo
 
       - name: Upload Package
         uses: actions/upload-artifact@main
         with:
           name: ciallo-package
           path: test/ciallo/*.pkg.tar.zst*
+
+      - name: Upload Repository
+        uses: actions/upload-artifact@main
+        with:
+          name: package-repository
+          path: repo/
diff --git a/README.md b/README.md
@@ -1,5 +1,7 @@
 # archpkg-build action
 
+This action builds ArchLinux packages in a Docker container and optionally updates a package repository.
+
 ## Example usage
 
 ```yml
@@ -8,12 +10,23 @@ with:
   package_name: pkg
   gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
   gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}
-  pkgs_directory: test # optional
+  pkgs_path: test # optional
+  repo_name: test-repo # optional
+  repo_path: repo # optional
 ```
 
+## Inputs
+
+- `package_name`: Name of the package to build (required)
+- `gpg_private_key`: GPG private key for package signing (required)
+- `gpg_passphrase`: Passphrase for the GPG private key (required)
+- `pkgs_path`: Path to the directory containing package subdirectories (optional, default: ".")
+- `repo_name`: Repository name (optional, for repository update)
+- `repo_path`: Repository path (optional, for repository update)
+
 ## Tips
 
-### use matrix to build multi pkgs
+### Use matrix to build multiple packages
 
 ```yml
 strategy:
@@ -27,3 +40,21 @@ steps:
       gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
       gpg_passphrase: ${{ secrets.GPG_PASSPHRASE }}
 ```
+
+## How it works
+
+1. The action uses a Docker container based on the `archlinux:base-devel` image.
+2. It sets up a build environment and creates a non-root user for building packages.
+3. The specified package is built using `makepkg`.
+4. The built package is signed using the provided GPG key.
+5. If `repo_name` and `repo_path` are provided, the action updates the package repository.
+
+## Notes
+
+- Ensure that your repository contains subdirectories named after each `package_name` within the `pkgs_path` (default: "."). Each subdirectory should contain the necessary `PKGBUILD` file.
+- The GPG private key and passphrase should be stored as secrets in your GitHub repository.
+- When updating a repository, the `repo_path` will be automatically created if it doesn't exist.
+
+## License
+
+This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for details.
diff --git a/action.yml b/action.yml
@@ -1,27 +1,35 @@
 name: "Build Arch Packages"
-description: "Build ArchLinux packages in Docker container"
+description: "Build ArchLinux packages in Docker container and optionally update package repository"
 branding:
   icon: package
   color: gray-dark
 inputs:
   package_name:
-    description: "Package name to build"
+    description: "Name of the package to build"
     required: true
   gpg_private_key:
-    description: "GPG private key for building"
+    description: "GPG private key for package signing"
     required: true
   gpg_passphrase:
-    description: "GPG passphrase for building"
+    description: "Passphrase for the GPG private key"
     required: true
-  pkgs_directory:
-    description: "Directory of package subdirectories"
+  pkgs_path:
+    description: "Path to the directory containing package subdirectories (optional)"
     required: false
     default: "."
+  repo_name:
+    description: "Repository name (optional, for repository update)"
+    required: false
+  repo_path:
+    description: "Repository path (optional, for repository update)"
+    required: false
 runs:
   using: "docker"
   image: "Dockerfile"
   args:
     - ${{ inputs.package_name }}
     - ${{ inputs.gpg_private_key }}
     - ${{ inputs.gpg_passphrase }}
-    - ${{ inputs.pkgs_directory }}
+    - ${{ inputs.pkgs_path }}
+    - ${{ inputs.repo_name }}
+    - ${{ inputs.repo_path }}
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -5,10 +5,12 @@ set -e
 pkgname=$1
 gpg_private_key=$2
 gpg_passphrase=$3
-pkgdir=$4
+pkg_path=$4
+repo_name=$5
+repo_path=$6
 
 # Find the PKGBUILD directory
-pkgbuild_dir=$(readlink -f "$pkgdir/$pkgname")
+pkgbuild_dir=$(readlink -f "$pkg_path/$pkgname")
 
 if [[ ! -d $pkgbuild_dir ]]; then
     echo "$pkgbuild_dir should be a directory."
@@ -30,7 +32,6 @@ chown -R builder:builder "$pkgbuild_dir"
 
 # Import GPG key
 sudo -u builder bash <<EOF
-export HOME=/home/builder
 echo "$gpg_private_key" | gpg --batch --import
 EOF
 
@@ -41,8 +42,23 @@ makepkg -srf --noconfirm
 EOF
 
 # Sign package
-sudo -E -u builder bash <<EOF
-export HOME=/home/builder
+sudo -u builder bash <<EOF
 cd "$pkgbuild_dir"
 echo "$gpg_passphrase" | gpg --pinentry-mode loopback --passphrase-fd 0 --detach-sign *.pkg.tar.zst
 EOF
+
+# Check if repo_name and repo_path are provided
+if [ -z "$repo_name" ] || [ -z "$repo_path" ]; then
+    echo "repo_name or repo_path not provided, skipping package repository update"
+    exit 0
+fi
+
+repodir=$(readlink -f "$repo_path")
+
+# Update the package repository
+sudo -u builder bash <<EOF
+mkdir -p "$repodir"
+cp "$pkgbuild_dir"/*.pkg.tar.zst* "$repodir"
+cd "$repodir"
+repo-add --verify --sign "$repo_name.db.tar.gz" *.pkg.tar.zst
+EOF