Remove outdated workflow documentation and update build process to streamline package updates and release notes generation #120
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate and Test Build | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| - dev | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '0 0 * * *' | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| PACMAN_CACHE: /tmp/pacman-cache | |
| WORKSPACE: /workdir | |
| BUILD_DIR: /workdir/workdir | |
| OUTPUT_DIR: /workdir/out | |
| jobs: | |
| validate: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Validate package list | |
| run: | | |
| # Check if package list exists | |
| if [ ! -f packages.x86_64 ]; then | |
| echo "::error::packages.x86_64 file not found" | |
| exit 1 | |
| fi | |
| # Check for duplicate packages | |
| sort packages.x86_64 | uniq -d > duplicates.txt | |
| if [ -s duplicates.txt ]; then | |
| echo "::error::Duplicate packages found:" | |
| cat duplicates.txt | |
| exit 1 | |
| fi | |
| # Validate package names exist in Arch repos | |
| docker run --rm -v "${{ github.workspace }}/packages.x86_64:/packages.x86_64:ro" archlinux:latest bash -c " | |
| set -euo pipefail | |
| pacman -Syu --noconfirm | |
| while read -r pkg; do | |
| [[ \$pkg =~ ^# ]] && continue | |
| [[ -z \$pkg ]] && continue | |
| if ! pacman -Si \$pkg >/dev/null 2>&1; then | |
| echo \"::error::Package not found: \$pkg\" | |
| exit 1 | |
| fi | |
| done < /packages.x86_64 | |
| " | |
| security-scan: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Run Security Scan | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| scan-type: 'fs' | |
| ignore-unfixed: true | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| severity: 'CRITICAL,HIGH' | |
| - name: Upload Scan Results | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| test-build: | |
| needs: [validate, security-scan] | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 120 | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Cache Pacman packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: ${{ env.PACMAN_CACHE }} | |
| key: pacman-${{ runner.os }}-${{ github.sha }} | |
| restore-keys: | | |
| pacman-${{ runner.os }}- | |
| - name: Set up Arch Linux Container | |
| run: | | |
| mkdir -p ${{ env.PACMAN_CACHE }} | |
| docker run --privileged --name arch-container -d \ | |
| -v ${{ github.workspace }}:${{ env.WORKSPACE }} \ | |
| -v ${{ env.PACMAN_CACHE }}:/var/cache/pacman/pkg \ | |
| archlinux:latest sleep infinity | |
| - name: Install Dependencies | |
| run: | | |
| docker exec arch-container bash -c " | |
| set -euo pipefail | |
| pacman -Syu --noconfirm | |
| pacman -S --noconfirm --needed git archiso grub | |
| " | |
| - name: Test Build | |
| id: build | |
| run: | | |
| docker exec arch-container bash -c " | |
| set -euo pipefail | |
| cd ${{ env.WORKSPACE }} | |
| rm -rf ${{ env.BUILD_DIR }} ${{ env.OUTPUT_DIR }} | |
| mkdir -p ${{ env.BUILD_DIR }} ${{ env.OUTPUT_DIR }} | |
| mkarchiso -v -w ${{ env.BUILD_DIR }} -o ${{ env.OUTPUT_DIR }} . | |
| " | |
| - name: Verify ISO | |
| run: | | |
| docker exec arch-container bash -c " | |
| set -euo pipefail | |
| cd ${{ env.OUTPUT_DIR }} | |
| # Check if ISO exists | |
| iso_count=\$(ls -1 *.iso 2>/dev/null | wc -l) | |
| if [ \$iso_count -eq 0 ]; then | |
| echo '::error::No ISO file found' | |
| exit 1 | |
| elif [ \$iso_count -gt 1 ]; then | |
| echo '::error::Multiple ISO files found' | |
| exit 1 | |
| fi | |
| iso_file=\$(ls *.iso) | |
| # Check ISO size (minimum 500MB) | |
| size=\$(stat -c%s \"\$iso_file\") | |
| if [ \$size -lt 524288000 ]; then | |
| echo \"::error::ISO file too small: \$((\$size / 1024 / 1024))MB\" | |
| exit 1 | |
| fi | |
| # Verify ISO checksum | |
| sha256sum \"\$iso_file\" > checksum.sha256 | |
| sha256sum -c checksum.sha256 || { | |
| echo '::error::ISO checksum verification failed' | |
| exit 1 | |
| } | |
| " | |
| - name: Clean Up | |
| if: always() | |
| run: | | |
| if docker ps -a | grep -q arch-container; then | |
| docker stop arch-container || true | |
| docker rm -f arch-container || true | |
| fi | |
| sudo rm -rf ${{ env.BUILD_DIR }} ${{ env.OUTPUT_DIR }} | |
| - name: Report Status | |
| if: always() | |
| run: | | |
| if [ "${{ job.status }}" = "success" ]; then | |
| echo "✅ Build check passed successfully" | |
| else | |
| echo "❌ Build check failed" | |
| exit 1 | |
| fi |