Update .github/workflows/update-repo.yml

2026-04-14 21:55:47 +02:00
parent 9f60549061
commit 12dc31d95a
1 changed files with 11 additions and 19 deletions
--- a/.github/workflows/update-repo.yml
+++ b/.github/workflows/update-repo.yml
@@ -23,29 +23,27 @@ jobs:
      - name: Build and Sign Repository
        run: |
          cd x86_64
-          rm -f hyprarch-repo.db* hyprarch-repo.files*
+          rm -f hyprarch-repo.db* hyprarch-repo.files* *.sig
          
          gpg --export --armor 236328A7F2C2001E > pubkey.gpg

-          # --- FIX: DETACHED BINARY SIGNATURES ---
+          # Force binary output using the -o flag
          for pkg in *.pkg.tar.zst; do
-            echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --no-armor --detach-sign "$pkg"
+            echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign -o "$pkg.sig" "$pkg"
          done
          
          python3 ~/build_db.py
          
-          # --- FIX: NO SYMLINKS, BINARY DB SIGNATURE ---
-          cp hyprarch-repo.db.tar.gz hyprarch-repo.db
-          cp hyprarch-repo.db.tar.gz hyprarch-repo.files
-          echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --no-armor --detach-sign hyprarch-repo.db
+          # Force binary output for the DB signature
+          echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign -o hyprarch-repo.db.sig hyprarch-repo.db
+          
          cp hyprarch-repo.db.sig hyprarch-repo.db.tar.gz.sig

      - name: Generate Subfolder Index
        run: |
          cd x86_64
          echo "<html><head><title>Index of /x86_64/</title></head><body style='font-family: monospace;'>" > index.html
-          echo "<h1>Index of /x86_64/</h1><hr><pre>" >> index.html
-          echo "<a href='../'>../</a>" >> index.html
+          echo "<h1>Index of /x86_64/</h1><hr><pre><a href='../'>../</a>" >> index.html
          for file in *; do
            if [[ "$file" != "index.html" ]]; then
              size=$(du -sh "$file" | cut -f1)
@@ -65,9 +63,7 @@ jobs:
              <style>
                  body { font-family: sans-serif; margin: 40px; line-height: 1.6; background: #2e3440; color: #eceff4; }
                  a { color: #88c0d0; text-decoration: none; }
-                  a:hover { text-decoration: underline; }
                  .container { max-width: 900px; margin: auto; background: #3b4252; padding: 20px; border-radius: 8px; }
-                  h1 { border-bottom: 2px solid #4c566a; padding-bottom: 10px; color: #81a1c1; }
                  pre { background: #2e3440; padding: 15px; border-radius: 5px; color: #ebcb8b; overflow-x: auto; border: 1px solid #4c566a; }
              </style>
          </head>
@@ -89,13 +85,9 @@ jobs:

      - name: Deploy and Fix Permissions
        run: |
-          # 1. Clean destination
-          rm -rf /var/www/hyprarch-repo/x86_64/*
-          mkdir -p /var/www/hyprarch-repo/x86_64
-          
-          # 2. Copy files
-          cp -rf . /var/www/hyprarch-repo/
-          
-          # 3. Ensure Nginx (www-data) can read them
+          # Use sudo for the cleanup and move if permissions are sticky
+          sudo rm -rf /var/www/hyprarch-repo/x86_64/*
+          sudo mkdir -p /var/www/hyprarch-repo/x86_64
+          sudo cp -rf . /var/www/hyprarch-repo/
          sudo chown -R stui:www-data /var/www/hyprarch-repo
          sudo chmod -R 755 /var/www/hyprarch-repo