72 lines
2.9 KiB
YAML
72 lines
2.9 KiB
YAML
name: Update Arch Repository (Binary Sigs)
|
|
|
|
on:
|
|
push:
|
|
paths:
|
|
- 'x86_64/*.pkg.tar.zst'
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
build-and-deploy:
|
|
runs-on: local
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Import GPG Key
|
|
run: |
|
|
echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import --yes
|
|
|
|
- name: Build and Sign Repository
|
|
run: |
|
|
cd x86_64
|
|
rm -f hyprarch-repo.db* hyprarch-repo.files*
|
|
mkdir -p db_temp
|
|
|
|
# We still use --armor for the public key (that's for humans)
|
|
gpg --export --armor 236328A7F2C2001E > pubkey.gpg
|
|
|
|
for pkg in *.pkg.tar.zst; do
|
|
# 1. Create BINARY detached signature (REMOVED --armor)
|
|
echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign --output "$pkg.sig" "$pkg"
|
|
|
|
# 2. Extract Metadata
|
|
pkgname=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^pkgname =" | cut -d' ' -f3 | tr -d '\r')
|
|
pkgver=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^pkgver =" | cut -d' ' -f3 | tr -d '\r')
|
|
pkgdesc=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^pkgdesc =" | cut -d' ' -f3- | sed "s/['\"]//g" | tr -d '\r')
|
|
pkgsize=$(stat -c%s "$pkg")
|
|
instsize=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^size =" | cut -d' ' -f3 | tr -d '\r')
|
|
|
|
mkdir -p "db_temp/$pkgname-$pkgver"
|
|
|
|
# 3. Build 'desc' with internal PGP SIG (Base64 of the binary sig)
|
|
{
|
|
echo "%NAME%"; echo "$pkgname"; echo ""
|
|
echo "%VERSION%"; echo "$pkgver"; echo ""
|
|
echo "%DESC%"; echo "$pkgdesc"; echo ""
|
|
echo "%FILENAME%"; echo "$pkg"; echo ""
|
|
echo "%CSIZE%"; echo "$pkgsize"; echo ""
|
|
echo "%ISIZE%"; echo "$instsize"; echo ""
|
|
echo "%PGPSIG%"
|
|
base64 -w 0 "$pkg.sig"
|
|
echo ""
|
|
echo ""
|
|
} > "db_temp/$pkgname-$pkgver/desc"
|
|
done
|
|
|
|
# 4. Pack and Sign DB (Signatures here should also be binary)
|
|
cd db_temp
|
|
tar --owner=0 --group=0 -c * | gzip -n -9 > ../hyprarch-repo.db.tar.gz
|
|
cd ..
|
|
cp hyprarch-repo.db.tar.gz hyprarch-repo.db
|
|
cp hyprarch-repo.db.tar.gz hyprarch-repo.files
|
|
echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign --output hyprarch-repo.db.sig hyprarch-repo.db
|
|
rm -rf db_temp
|
|
|
|
- name: Deploy
|
|
run: |
|
|
sudo mkdir -p /var/www/hyprarch-repo/x86_64
|
|
sudo cp -rf . /var/www/hyprarch-repo/
|
|
sudo chown -R www-data:www-data /var/www/hyprarch-repo
|
|
sudo chmod -R 755 /var/www/hyprarch-repo |