penguins-eggs/.github/workflows/24-publish-external-erch-pkg.yml at master · roguesupport-scott/penguins-eggs · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
# .github/workflows/publish-external-package.yml

name: 24. Publish External Arch Pkg

on:
  # Permette l'avvio manuale dalla UI di GitHub
  workflow_dispatch:
    inputs:
      package_url:
        description: 'URL pubblico del pacchetto .pkg.tar.zst da aggiungere al repository'
        required: true
        type: string

jobs:
  publish-package:
    runs-on: ubuntu-latest
    container: archlinux # Usa un container Arch Linux pulito per la massima compatibilità

    steps:
      - name: 1. Checkout del repository di destinazione
        uses: actions/checkout@v4
        with:
          repository: pieroproietti/penguins-eggs-repo
          token: ${{ secrets.PUBLISH_TOKEN }}
          path: repo-dir

      - name: 2. Download del pacchetto dall'URL fornito
        run: |
          echo "Downloading package from ${{ github.event.inputs.package_url }}"
          # Estrae il nome del file dall'URL
          PACKAGE_FILENAME=$(basename "${{ github.event.inputs.package_url }}")
          # Scarica il file nella directory corretta
          curl -L -o "repo-dir/arch/$PACKAGE_FILENAME" "${{ github.event.inputs.package_url }}"
          echo "Package downloaded as repo-dir/arch/$PACKAGE_FILENAME"

      - name: 3. Aggiorna e Firma il Repository Arch Linux
        run: |
          set -e
          # Installa le dipendenze necessarie
          pacman -Syu --noconfirm
          pacman -S --noconfirm base-devel git

          # Importa la chiave GPG dai secret
          echo "${{ secrets.GPG_SIGNING_KEY }}" | gpg --import --batch
          mkdir -p ~/.gnupg
          echo "pinentry-mode loopback" > ~/.gnupg/gpg.conf
          echo "allow-loopback-pinentry" > ~/.gnupg/gpg-agent.conf
          gpg-connect-agent reloadagent /bye

          # Sblocca la chiave per la sessione corrente
          echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --passphrase-fd 0 -o /dev/null -s /dev/null

          # Estrae il nome del file dall'URL di input per passarlo a repo-add
          PACKAGE_FILENAME=$(basename "${{ github.event.inputs.package_url }}")
          echo "Adding package '$PACKAGE_FILENAME' to repository database..."

          # Aggiunge il nuovo pacchetto al database del repository e lo firma
          repo-add --sign --key "${{ secrets.GPG_KEY_ID }}" penguins-eggs.db.tar.gz "$PACKAGE_FILENAME"

        env:
          GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }}
          GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
        working-directory: ./repo-dir/arch

      - name: 4. Deploy delle modifiche su penguins-eggs-repo
        uses: peaceiris/actions-gh-pages@v4
        with:
          personal_token: ${{ secrets.PUBLISH_TOKEN }}
          external_repository: pieroproietti/penguins-eggs-repo
          publish_branch: main
          publish_dir: ./repo-dir
          keep_files: false # Sostituisce completamente il contenuto del repo con quello aggiornato
          user_name: 'github-actions[bot]'
          user_email: 'github-actions[bot]@users.noreply.github.com'
          commit_message: "chore: Add external package to Arch Linux repository"