Stuple-Networks/hyprarch-repo
1
0
Fork 0
Code Pull Requests Actions Activity

Update .github/workflows/update-repo.yml

Browse Source
This commit is contained in:
Mitsuba100
2026-04-14 21:50:51 +02:00
parent e271713085
commit 9f60549061
1 changed files with 14 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
.github/workflows/update-repo.yml vendored
View File

@@ -23,29 +23,21 @@ jobs:
- name: Build and Sign Repository
run: |
cd x86_64
# Remove ALL old metadata and symlinks to start fresh
rm -f hyprarch-repo.db* hyprarch-repo.files*
# 1. Export public key
gpg --export --armor 236328A7F2C2001E > pubkey.gpg
# 2. Sign packages (Force BINARY by removing --armor)
# --- FIX: DETACHED BINARY SIGNATURES ---
for pkg in *.pkg.tar.zst; do
echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign "$pkg"
echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --no-armor --detach-sign "$pkg"
done
# 3. Build DB using Python helper (Ensure you updated the script on the Pi as well)
python3 ~/build_db.py
# 4. Finalize Files (NO SYMLINKS)
# We manually copy instead of linking so the web server sees real files
# --- FIX: NO SYMLINKS, BINARY DB SIGNATURE ---
cp hyprarch-repo.db.tar.gz hyprarch-repo.db
cp hyprarch-repo.db.tar.gz hyprarch-repo.files
# 5. Sign the DB (Binary)
echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign hyprarch-repo.db
# 6. Ensure .sig files match the main files exactly
echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --no-armor --detach-sign hyprarch-repo.db
cp hyprarch-repo.db.sig hyprarch-repo.db.tar.gz.sig
- name: Generate Subfolder Index
@@ -76,10 +68,7 @@ jobs:
a:hover { text-decoration: underline; }
.container { max-width: 900px; margin: auto; background: #3b4252; padding: 20px; border-radius: 8px; }
h1 { border-bottom: 2px solid #4c566a; padding-bottom: 10px; color: #81a1c1; }
h2 { color: #a3be8c; margin-top: 30px; }
pre { background: #2e3440; padding: 15px; border-radius: 5px; color: #ebcb8b; overflow-x: auto; border: 1px solid #4c566a; }
code { color: #d08770; }
.step { background: #434c5e; padding: 10px 15px; border-left: 4px solid #81a1c1; margin: 10px 0; }
</style>
</head>
<body>
@@ -91,9 +80,6 @@ jobs:
<pre>[hyprarch-repo]
SigLevel = Required DatabaseOptional
Server = https://repo.stuple.net/\$arch</pre>
<h2>3. Sync</h2>
<div class="step"><code>sudo pacman -Syy</code></div>
<hr style="margin-top:40px; border: 0; border-top: 1px solid #4c566a;">
<p><a href="./x86_64/">📁 Browse File Index</a></p>
<p><small>Last updated: '$(date)'</small></p>
</div>
@@ -101,9 +87,15 @@ jobs:
</html>
EOF
- name: Deploy to Local Web Folder
- name: Deploy and Fix Permissions
run: |
# Clean the destination first to ensure no old symlinks remain
# 1. Clean destination
rm -rf /var/www/hyprarch-repo/x86_64/*
mkdir -p /var/www/hyprarch-repo/x86_64
# 2. Copy files
cp -rf . /var/www/hyprarch-repo/
# 3. Ensure Nginx (www-data) can read them
sudo chown -R stui:www-data /var/www/hyprarch-repo
sudo chmod -R 755 /var/www/hyprarch-repo