Githubguy132010
diff --git a/‎.github/workflows/build-check.yaml‎
Lines changed: 109 additions & 62 deletions b/‎.github/workflows/build-check.yaml‎
Lines changed: 109 additions & 62 deletions
diff --git a/‎.github/workflows/build.yaml‎
Lines changed: 110 additions & 45 deletions b/‎.github/workflows/build.yaml‎
Lines changed: 110 additions & 45 deletions
@@ -1,94 +1,141 @@
-name: Check if ISO can be built
+name: Validate and Test Build
 
 on:
   pull_request:
     branches:
       - main
+      - dev
   workflow_dispatch:
   schedule:
     - cron: '0 0 * * *'
 
+env:
+  DOCKER_BUILDKIT: 1
+
 jobs:
-  build:
+  validate:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Validate package list
+        run: |
+          # Check for duplicate packages
+          sort packages.x86_64 | uniq -d > duplicates.txt
+          if [ -s duplicates.txt ]; then
+            echo "::error::Duplicate packages found:"
+            cat duplicates.txt
+            exit 1
+          fi
+          
+          # Validate package names exist in Arch repos
+          docker run --rm archlinux:latest bash -c "
+            pacman -Sy
+            while read -r pkg; do
+              [[ \$pkg =~ ^# ]] && continue
+              [[ -z \$pkg ]] && continue
+              pacman -Si \$pkg >/dev/null 2>&1 || {
+                echo \"::error::Package not found: \$pkg\"
+                exit 1
+              }
+            done < packages.x86_64
+          "
+
+  security-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Run Security Scan
+        uses: aquasecurity/trivy-action@master
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+          severity: 'CRITICAL,HIGH'
+
+      - name: Upload Scan Results
+        uses: github/codeql-action/upload-sarif@v2
+        if: always()
+        with:
+          sarif_file: 'trivy-results.sarif'
+
+  test-build:
+    needs: [validate, security-scan]
     runs-on: ubuntu-latest
+    timeout-minutes: 120
 
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
 
+      - name: Cache Pacman packages
+        uses: actions/cache@v3
+        with:
+          path: /tmp/pacman-cache
+          key: pacman-test-${{ github.sha }}
+          restore-keys: |
+            pacman-test-
+
       - name: Set up Arch Linux Container
         run: |
-          docker run --privileged --name arch-container -d -v ${{ github.workspace }}:/workdir archlinux:latest sleep infinity
+          mkdir -p /tmp/pacman-cache
+          docker run --privileged --name arch-container -d \
+            -v ${{ github.workspace }}:/workdir \
+            -v /tmp/pacman-cache:/var/cache/pacman/pkg \
+            archlinux:latest sleep infinity
 
-      - name: Build ISO in Arch Container
+      - name: Install Dependencies
         run: |
           docker exec arch-container bash -c "
-            pacman -Syu --noconfirm &&
-            pacman -S --noconfirm git archiso grub &&
-            cd /workdir &&
-            mkarchiso -v -w workdir/ -o out/ .
+            set -euo pipefail
+            pacman -Sy --noconfirm
+            pacman -S --noconfirm --needed git archiso grub
           "
 
-      - name: Rename ISO to Arch.iso
+      - name: Test Build
+        id: build
         run: |
           docker exec arch-container bash -c "
-            iso_file=\$(ls /workdir/out/*.iso 2>/dev/null | head -n 1) &&
-            [ -n \"\$iso_file\" ] && mv \$iso_file /workdir/out/Arch.iso || echo 'No ISO file found.'
+            set -euo pipefail
+            cd /workdir
+            rm -rf workdir/ out/
+            mkarchiso -v -w workdir/ -o out/ .
           "
 
-      - name: Copy ISO to Host
+      - name: Verify ISO
         run: |
-          docker cp arch-container:/workdir/out/Arch.iso ${{ github.workspace }}/ || echo 'Failed to copy ISO to host.'
-
-      - name: Get current date
-        id: date
-        run: echo "date=$(date +'%Y-%m-%d')" >> $GITHUB_ENV
+          docker exec arch-container bash -c "
+            cd /workdir/out
+            # Check if ISO exists
+            [ -f *.iso ] || {
+              echo '::error::ISO file not found'
+              exit 1
+            }
+            # Check ISO size (minimum 500MB)
+            size=\$(stat -c%s *.iso)
+            [ \$size -gt 524288000 ] || {
+              echo '::error::ISO file too small'
+              exit 1
+            }
+          "
 
-      - name: Create GitHub Release
-        id: create_release
-        uses: actions/[email protected]
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          tag_name: v${{ github.run_id }}-release
-          release_name: "Arch Linux Release"
-          body: "Arch Linux ISO built on ${{ steps.date.outputs.date }}"
-          draft: false
-          prerelease: false
-
-      - name: Upload ISO to GitHub Release
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ${{ github.workspace }}/Arch.iso
-          asset_name: Arch.iso
-          asset_content_type: application/octet-stream
-
-      - name: Delete GitHub Release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          release_id=$(curl -s \
-            -H "Authorization: token $GITHUB_TOKEN" \
-            -H "Accept: application/vnd.github.v3+json" \
-            https://api.github.com/repos/${{ github.repository }}/releases/tags/v${{ github.run_id }}-release | jq -r .id) &&
-          curl -X DELETE \
-            -H "Authorization: token $GITHUB_TOKEN" \
-            -H "Accept: application/vnd.github.v3+json" \
-            https://api.github.com/repos/${{ github.repository }}/releases/$release_id
-
-      - name: Delete Git Tag
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Clean Up
+        if: always()
         run: |
-          curl -X DELETE \
-            -H "Authorization: token $GITHUB_TOKEN" \
-            -H "Accept: application/vnd.github.v3+json" \
-            https://api.github.com/repos/${{ github.repository }}/git/refs/tags/v${{ github.run_id }}-release
+          docker stop arch-container || true
+          docker rm arch-container || true
+          rm -rf workdir/ out/
 
-      - name: Clean Up
+      - name: Report Status
+        if: always()
         run: |
-          docker stop arch-container || echo 'Failed to stop the container.'
-          docker rm arch-container || echo 'Failed to remove the container.'
+          if [ "${{ job.status }}" = "success" ]; then
+            echo "✅ Build check passed successfully"
+          else
+            echo "❌ Build check failed"
+            exit 1
+          fi
@@ -4,81 +4,146 @@ on:
   workflow_dispatch:
   schedule:
     - cron: '0 0 * * *'  # Run the workflow every day at midnight
+  push:
+    branches:
+      - main
+      - dev
+    paths-ignore:
+      - '**.md'
+      - '.gitignore'
+
+env:
+  DOCKER_BUILDKIT: 1
+  ISO_FILENAME: Arch.iso
 
 jobs:
   build:
-    runs-on: ubuntu-latest  # Use a standard runner
+    runs-on: ubuntu-latest
+    timeout-minutes: 120  # Set a timeout to prevent hung builds
 
     steps:
       - name: Checkout Repository
         uses: actions/checkout@v4
 
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          buildkitd-flags: --debug
+
+      - name: Cache Docker layers
+        uses: actions/cache@v3
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Set up environment variables
+        id: env
+        run: |
+          echo "DATE=$(date +'%Y-%m-%d')" >> $GITHUB_ENV
+          echo "VERSION=$(date +'%Y.%m.%d')" >> $GITHUB_ENV
+          echo "CACHE_KEY=$(date +'%Y-%m')" >> $GITHUB_ENV
+
+      - name: Cache Pacman packages
+        uses: actions/cache@v3
+        with:
+          path: /tmp/pacman-cache
+          key: pacman-${{ env.CACHE_KEY }}
+          restore-keys: |
+            pacman-
+
       - name: Set up Arch Linux Container
         run: |
-          docker run --privileged --name arch-container -d -v ${{ github.workspace }}:/workdir archlinux:latest sleep infinity
+          mkdir -p /tmp/pacman-cache
+          docker run --privileged --name arch-container -d \
+            -v ${{ github.workspace }}:/workdir \
+            -v /tmp/pacman-cache:/var/cache/pacman/pkg \
+            archlinux:latest sleep infinity
 
-      - name: Build ISO in Arch Container
+      - name: Update and Install Dependencies
         run: |
-          set -e
           docker exec arch-container bash -c "
-            pacman -Syu --noconfirm &&
-            pacman -S --noconfirm git archiso grub &&
-            cd /workdir &&
-            mkarchiso -v -w workdir/ -o out/ .
+            set -euo pipefail
+            pacman -Sy --noconfirm
+            pacman -S --noconfirm --needed git archiso grub curl jq gnupg
           "
 
-      - name: Rename ISO to Arch.iso
+      - name: Build ISO
+        id: build
         run: |
-          set -e
           docker exec arch-container bash -c "
-            iso_file=\$(ls /workdir/out/*.iso 2>/dev/null | head -n 1) &&
-            [ -n \"\$iso_file\" ] && mv \$iso_file /workdir/out/Arch.iso || echo 'No ISO file found.'
+            set -euo pipefail
+            cd /workdir
+            # Cleanup any previous builds
+            rm -rf workdir/ out/
+            # Build the ISO with verbose output
+            mkarchiso -v -w workdir/ -o out/ . || {
+              echo 'ISO build failed!'
+              exit 1
+            }
           "
 
-      - name: List ISO files
+      - name: Generate Checksums
         run: |
-          docker exec arch-container bash -c "ls -l /workdir/out/" || echo 'Failed to list files.'
+          docker exec arch-container bash -c "
+            cd /workdir/out
+            sha256sum *.iso > sha256sums.txt
+            sha512sum *.iso > sha512sums.txt
+          "
 
-      - name: Copy ISO to Host
+      - name: Rename and Move ISO
         run: |
-          docker cp arch-container:/workdir/out/Arch.iso ${{ github.workspace }}/ || echo 'Failed to copy ISO to host.'
+          docker exec arch-container bash -c "
+            cd /workdir/out
+            for f in *.iso; do
+              mv \"\$f\" \"arch-linux-no-beeps-${{ env.VERSION }}.iso\"
+            done
+          "
 
       - name: Upload ISO Artifact
         uses: actions/upload-artifact@v3
         with:
-          name: Arch.iso
-          path: ${{ github.workspace }}/Arch.iso
-
-      - name: Get current date
-        id: date
-        run: echo "DATE=$(date +'%Y-%m-%d')" >> $GITHUB_ENV
-
-      # Create a release on GitHub using GITHUB_TOKEN
-      - name: Create GitHub Release
-        id: create_release  # Adding an ID to reference the release step
-        uses: actions/[email protected]
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          name: arch-linux-no-beeps-${{ env.VERSION }}
+          path: |
+            ${{ github.workspace }}/out/*.iso
+            ${{ github.workspace }}/out/sha*sums.txt
+          retention-days: 5
+
+      - name: Create Release
+        id: create_release
+        uses: softprops/action-gh-release@v1
+        if: github.ref == 'refs/heads/main'
         with:
-          tag_name: "v${{ github.run_id }}-release"
-          release_name: "Arch Linux Release"
+          tag_name: v${{ env.VERSION }}
+          name: "Arch Linux No Beeps v${{ env.VERSION }}"
           body: |
-            This release contains the Arch Linux ISO built on ${{ steps.date.outputs.DATE }}.
+            🚀 Arch Linux ISO without system beeps (build ${{ env.DATE }})
+            
+            ### Changes
+            - Automatic daily build
+            - System beeps disabled
+            - ISO SHA256 and SHA512 checksums added
+            
+            ### Download
+            - Download the ISO and verify checksums before use
+            
+            ### Checksums
+            SHA256 and SHA512 checksums are available in the uploaded files.
           draft: false
           prerelease: false
-
-      # Upload the ISO to the GitHub release with a specific, predictable name
-      - name: Upload ISO to GitHub Release
-        uses: actions/upload-release-asset@v1
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }}
-          asset_path: ${{ github.workspace }}/Arch.iso
-          asset_name: Arch.iso
-          asset_content_type: application/octet-stream
+          files: |
+            ${{ github.workspace }}/out/*.iso
+            ${{ github.workspace }}/out/sha*sums.txt
 
       - name: Clean Up
+        if: always()
+        run: |
+          docker stop arch-container || true
+          docker rm arch-container || true
+          rm -rf workdir/ out/
+
+      - name: Notify on Failure
+        if: failure()
         run: |
-          docker stop arch-container || echo 'Failed to stop the container.'
-          docker rm arch-container || echo 'Failed to remove the container.'
+          echo "::error::ISO build failed! Check the logs for more details."