Skip to content

PKGBUILD+Patches: Upgrade to extra/chromium and ungoogled-chromium re… #206

PKGBUILD+Patches: Upgrade to extra/chromium and ungoogled-chromium re…

PKGBUILD+Patches: Upgrade to extra/chromium and ungoogled-chromium re… #206

Workflow file for this run

name: Build for a release
on:
push:
tags:
- '*'
workflow_dispatch:
jobs:
push-to-aur:
if: ${{ startsWith(github.ref, 'refs/tags/') }}
runs-on: ubuntu-latest
steps:
- name: Checkout latest commit
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
path: packaging
- name: Publish AUR package
run: |
mkdir -p ~/.ssh/
echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_$SSH_KEY_ALGORITHM
sudo chmod 600 ~/.ssh/id_$SSH_KEY_ALGORITHM
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
git clone ssh://[email protected]/ungoogled-chromium.git aur-upstream
source packaging/PKGBUILD
rm -rf packaging/aur
rm packaging/README.md
mv packaging/* aur-upstream
cd aur-upstream
# To avoid conflicts with other steps in this job, makepkg for generating .SRCINFO is the only command running in an arch environment
docker run --mount type=bind,source=$(pwd)/PKGBUILD,target=/home/build/PKGBUILD --entrypoint sh archlinux -c "pacman -Syu --needed --noconfirm binutils && useradd -m build && chown -R build /home/build && su build -c 'cd && makepkg --printsrcinfo > .SRCINFO'"
docker cp $(docker container ls --latest --format '{{.ID}}'):/home/build/.SRCINFO .
git config user.name "$GIT_NAME"
git config user.email "$GIT_EMAIL"
git add .
git commit -m "Upgrade to $pkgver-$pkgrel"
git push
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
SSH_KEY_ALGORITHM: ${{ secrets.SSH_KEY_ALGORITHM }}
GIT_NAME: ${{ secrets.GIT_NAME }}
GIT_EMAIL: ${{ secrets.GIT_EMAIL }}
build:
runs-on: self-hosted
steps:
- name: test
run: |
echo hi
build-container:
if: ${{ startsWith(github.ref, 'refs/tags/') }}
runs-on: ubuntu-latest
container:
image: archlinux
volumes:
- /:/host
steps:
- name: Checkout latest commit
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Install dependencies
run: pacman -Syu --needed --noconfirm docker base-devel
- name: Free space on runner
run: |
sudo rm -rf /host/usr/share/dotnet
sudo rm -rf /host/usr/local/lib/android
sudo rm -rf /host/opt/ghc
sudo rm -rf /host/opt/hostedtoolcache/CodeQL
sudo docker image prune --all --force
- name: Log into registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Build container
id: build
run: |
# Add non root user to run makepkg with
useradd makepkg --no-create-home
chown -R makepkg .
echo "::group::Generating source archive..."
if [ $(su -c "makepkg --printsrcinfo" makepkg | grep -c "fetch-chromium-release") -eq 0 ]; then
SOURCE_TARBALL_URL="$(su -c "makepkg --printsrcinfo" makepkg | grep commondatastorage.googleapis.com | awk '{ print $3 }')"
SOURCE_TARBALL_FILENAME="$(echo "$SOURCE_TARBALL_URL" | awk -F'/' '{ print $NF }')"
SOURCE_TARBALL_INNER_DIRECTORY_NAME="$(echo "$SOURCE_TARBALL_FILENAME" | sed 's/.tar.xz//')"
SOURCE_TARBALL_CHECKSUM="$(su -c "makepkg --printsrcinfo" makepkg | grep sha256sums -m 1 | awk '{ print $3 }')"
# Taken from https://github.com/NixOS/nixpkgs/blob/7a14a916f856dc4acda391a9febc3bfb37f2a732/pkgs/applications/networking/browsers/chromium/recompress-tarball.nix#L31-L54
curl "$SOURCE_TARBALL_URL" \
| xz -d --threads=0 \
| tar xf - \
--warning=no-timestamp \
--exclude=third_party/llvm \
--exclude=third_party/rust-src \
--exclude='build/linux/debian_*-sysroot' \
--exclude='*.tar.[a-zA-Z0-9][a-zA-Z0-9]' \
--exclude='*.tar.[a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9]' \
--exclude=third_party/llvm-build \
--exclude=third_party/rust-toolchain \
--exclude=third_party/instrumented_libs \
--strip-components=1 \
--one-top-level="$SOURCE_TARBALL_INNER_DIRECTORY_NAME"
tar \
--use-compress-program "zstd -T0" \
--sort name \
--mtime "1970-01-01" \
--owner=root --group=root \
--numeric-owner --mode=go=rX,u+rw,a-s \
--remove-files \
-cf "$SOURCE_TARBALL_FILENAME" "$SOURCE_TARBALL_INNER_DIRECTORY_NAME"
RECOMPRESSED_TARBALL_CHECKSUM="$(sha256sum "$SOURCE_TARBALL_FILENAME" | awk '{ print $1 }')"
sed -i "s/$SOURCE_TARBALL_CHECKSUM/$RECOMPRESSED_TARBALL_CHECKSUM/" PKGBUILD
fi
# Generate archive with all required sources for the build
# This either includes local or downloads files using an url
su -c "makepkg --allsource" makepkg
echo "::endgroup::"
CHROMIUM_VERSION="$(compgen -G "*.src.tar.gz" | grep -Po '([0-9\.]+-[0-9]*)')"
REGISTRY="ghcr.io/${{ github.repository_owner }}"
NAME="ungoogled-chromium-archlinux"
ID="$(echo $REGISTRY/$NAME | tr '[A-Z]' '[a-z]')"
REF="$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')"
[[ "${{ github.ref }}" == "refs/tags/"* ]] && REF=$(echo $REF | sed -e 's/^v//')
[ "$REF" == "master" ] && REF=latest
VERSION_TAG="$ID:$CHROMIUM_VERSION"
LATEST_TAG="$ID:latest"
echo "CHROMIUM_VERSION=$CHROMIUM_VERSION"
echo "REGISTRY=$REGISTRY"
echo "NAME=$NAME"
echo "ID=$ID"
echo "REF=$REF"
echo "VERSION_TAG=$REF_TAG"
echo "LATEST_TAG=$LATEST_TAG"
echo "::group::Building container image..."
# Build container from source files
docker build . \
--file .github/workflows/container/Dockerfile \
--tag "$VERSION_TAG" \
--tag "$LATEST_TAG"
# Reduce worker space used
rm -rf *
echo "::endgroup::"
echo "chromium-version=$CHROMIUM_VERSION" >> $GITHUB_OUTPUT
echo "version-tag=$VERSION_TAG" >> $GITHUB_OUTPUT
echo "latest-tag=$LATEST_TAG" >> $GITHUB_OUTPUT
- name: Push image
run: |
docker push "${{ steps.build.outputs.version-tag }}"
docker push "${{ steps.build.outputs.latest-tag }}"
outputs:
chromium-version: "${{ steps.build.outputs.chromium-version }}"
image-tag: "${{ steps.build.outputs.version-tag }}"
build-1:
runs-on: ubuntu-latest
needs: build-container
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Stage
run: npm run setup --prefix ./.github/actions/stage
- name: Run Stage
id: stage
uses: ./.github/actions/stage
with:
chromium-version: "${{ join(needs.*.outputs.chromium-version) }}"
use-registry: true
registry-token: "${{ secrets.GITHUB_TOKEN }}"
image-tag: "${{ join(needs.*.outputs.image-tag) }}"
outputs:
finished: "${{ steps.stage.outputs.finished }}"
chromium-version: "${{ steps.stage.outputs.chromium-version }}"
image-tag: "${{ steps.stage.outputs.image-tag }}"
build-2:
runs-on: ubuntu-latest
needs: build-1
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Stage
run: npm run setup --prefix ./.github/actions/stage
- name: Run Stage
id: stage
uses: ./.github/actions/stage
with:
finished: "${{ join(needs.*.outputs.finished) }}"
progress-name: build-1
chromium-version: "${{ join(needs.*.outputs.chromium-version) }}"
use-registry: true
registry-token: "${{ secrets.GITHUB_TOKEN }}"
image-tag: "${{ join(needs.*.outputs.image-tag) }}"
outputs:
finished: "${{ steps.stage.outputs.finished }}"
chromium-version: "${{ steps.stage.outputs.chromium-version }}"
image-tag: "${{ steps.stage.outputs.image-tag }}"
build-3:
runs-on: ubuntu-latest
needs: build-2
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Stage
run: npm run setup --prefix ./.github/actions/stage
- name: Run Stage
id: stage
uses: ./.github/actions/stage
with:
finished: "${{ join(needs.*.outputs.finished) }}"
progress-name: build-2
chromium-version: "${{ join(needs.*.outputs.chromium-version) }}"
use-registry: true
registry-token: "${{ secrets.GITHUB_TOKEN }}"
image-tag: "${{ join(needs.*.outputs.image-tag) }}"
outputs:
finished: "${{ steps.stage.outputs.finished }}"
chromium-version: "${{ steps.stage.outputs.chromium-version }}"
image-tag: "${{ steps.stage.outputs.image-tag }}"
build-4:
runs-on: ubuntu-latest
needs: build-3
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Stage
run: npm run setup --prefix ./.github/actions/stage
- name: Run Stage
id: stage
uses: ./.github/actions/stage
with:
finished: "${{ join(needs.*.outputs.finished) }}"
progress-name: build-3
chromium-version: "${{ join(needs.*.outputs.chromium-version) }}"
use-registry: true
registry-token: "${{ secrets.GITHUB_TOKEN }}"
image-tag: "${{ join(needs.*.outputs.image-tag) }}"
outputs:
finished: "${{ steps.stage.outputs.finished }}"
chromium-version: "${{ steps.stage.outputs.chromium-version }}"
image-tag: "${{ steps.stage.outputs.image-tag }}"
build-5:
runs-on: ubuntu-latest
needs: build-4
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Stage
run: npm run setup --prefix ./.github/actions/stage
- name: Run Stage
id: stage
uses: ./.github/actions/stage
with:
finished: "${{ join(needs.*.outputs.finished) }}"
progress-name: build-4
chromium-version: "${{ join(needs.*.outputs.chromium-version) }}"
use-registry: true
registry-token: "${{ secrets.GITHUB_TOKEN }}"
image-tag: "${{ join(needs.*.outputs.image-tag) }}"
outputs:
finished: "${{ steps.stage.outputs.finished }}"
chromium-version: "${{ steps.stage.outputs.chromium-version }}"
image-tag: "${{ steps.stage.outputs.image-tag }}"
build-6:
runs-on: ubuntu-latest
needs: build-5
steps:
- name: Checkout
uses: actions/checkout@v2
- name: Setup Stage
run: npm run setup --prefix ./.github/actions/stage
- name: Run Stage
id: stage
uses: ./.github/actions/stage
with:
finished: "${{ join(needs.*.outputs.finished) }}"
progress-name: build-5
chromium-version: "${{ join(needs.*.outputs.chromium-version) }}"
use-registry: true
registry-token: "${{ secrets.GITHUB_TOKEN }}"
image-tag: "${{ join(needs.*.outputs.image-tag) }}"
outputs:
finished: "${{ steps.stage.outputs.finished }}"
chromium-version: "${{ steps.stage.outputs.chromium-version }}"
image-tag: "${{ steps.stage.outputs.image-tag }}"
publish-release:
runs-on: ubuntu-latest
needs: build-6
steps:
- name: Download package
uses: actions/[email protected]
with:
name: "${{ join(needs.*.outputs.chromium-version) }}"
- name: Format GitHub release body
run: |
echo '```' >> body.md
cat sum.txt >> body.md
echo '```' >> body.md
- name: Publish GitHub release
uses: softprops/action-gh-release@cd28b0f5ee8571b76cfdaa62a30d51d752317477
with:
name: "${{ join(needs.*.outputs.chromium-version) }}"
body_path: body.md
files: |
*.pkg.*
sum.txt
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout latest commit
uses: actions/checkout@v2
with:
ref: ${{ github.event.pull_request.head.sha }}
path: packaging
- name: Publish AUR package
run: |
mkdir -p ~/.ssh/
echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_$SSH_KEY_ALGORITHM
sudo chmod 600 ~/.ssh/id_$SSH_KEY_ALGORITHM
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
git clone ssh://[email protected]/ungoogled-chromium-bin.git aur-upstream
source packaging/PKGBUILD
CHECKSUM=($(sha256sum ungoogled-chromium-$pkgver-$pkgrel-x86_64.pkg.tar.zst | head -c 64))
sed -i "s/--pkgver--/$pkgver/g" packaging/aur/PKGBUILD
sed -i "s/--pkgrel--/$pkgrel/g" packaging/aur/PKGBUILD
sed -i "s/--checksum--/$CHECKSUM/g" packaging/aur/PKGBUILD
mv packaging/aur/PKGBUILD aur-upstream/PKGBUILD
cd aur-upstream
# To avoid conflicts with other steps in this job, makepkg for generating .SRCINFO is the only command running in an arch environment
docker run --mount type=bind,source=$(pwd)/PKGBUILD,target=/home/build/PKGBUILD --entrypoint sh archlinux -c "pacman -Syu --needed --noconfirm binutils && useradd -m build && chown -R build /home/build && su build -c 'cd && makepkg --printsrcinfo > .SRCINFO'"
docker cp $(docker container ls --latest --format '{{.ID}}'):/home/build/.SRCINFO .
git config user.name "$GIT_NAME"
git config user.email "$GIT_EMAIL"
git add PKGBUILD .SRCINFO
git commit PKGBUILD .SRCINFO -m "Upgrade to $pkgver-$pkgrel"
git push
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
SSH_KEY_ALGORITHM: ${{ secrets.SSH_KEY_ALGORITHM }}
GIT_NAME: ${{ secrets.GIT_NAME }}
GIT_EMAIL: ${{ secrets.GIT_EMAIL }}
CHECKSUM: ${{ steps.aur-archive.outputs.checksum }}