From e2717130858b8786de30779d04cbd56049a6040e Mon Sep 17 00:00:00 2001
From: Mitsuba100 <stui@stuple.net>
Date: Tue, 14 Apr 2026 21:46:41 +0200
Subject: [PATCH] Update .github/workflows/update-repo.yml

---
 .github/workflows/update-repo.yml | 34 ++++++++++++++++---------------
 1 file changed, 18 insertions(+), 16 deletions(-)

diff --git a/.github/workflows/update-repo.yml b/.github/workflows/update-repo.yml
index 9f9b76e..bdb775e 100644
--- a/.github/workflows/update-repo.yml
+++ b/.github/workflows/update-repo.yml
@@ -1,4 +1,4 @@
-name: Update Arch Repository 
+name: Update Arch Repository
 
 on:
   push:
@@ -23,22 +23,30 @@ jobs:
       - name: Build and Sign Repository
         run: |
           cd x86_64
-          # Clean old metadata
+          # Remove ALL old metadata and symlinks to start fresh
           rm -f hyprarch-repo.db* hyprarch-repo.files*
           
-          # 1. Export public key for landing page
+          # 1. Export public key
           gpg --export --armor 236328A7F2C2001E > pubkey.gpg
 
-          # 2. Generate Binary Signatures
+          # 2. Sign packages (Force BINARY by removing --armor)
           for pkg in *.pkg.tar.zst; do
             echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign "$pkg"
           done
           
-          # 3. Build DB using Python helper
+          # 3. Build DB using Python helper (Ensure you updated the script on the Pi as well)
           python3 ~/build_db.py
           
-          # 4. Sign the database file
+          # 4. Finalize Files (NO SYMLINKS)
+          # We manually copy instead of linking so the web server sees real files
+          cp hyprarch-repo.db.tar.gz hyprarch-repo.db
+          cp hyprarch-repo.db.tar.gz hyprarch-repo.files
+          
+          # 5. Sign the DB (Binary)
           echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign hyprarch-repo.db
+          
+          # 6. Ensure .sig files match the main files exactly
+          cp hyprarch-repo.db.sig hyprarch-repo.db.tar.gz.sig
 
       - name: Generate Subfolder Index
         run: |
@@ -77,25 +85,17 @@ jobs:
           <body>
               <div class="container">
                   <h1>🚀 HyprArch Custom Repository</h1>
-                  
                   <h2>1. Add the GPG Key</h2>
-                  <p>Run this command to trust the repository maintainer (Mitsuba100):</p>
                   <pre>curl -s https://repo.stuple.net/x86_64/pubkey.gpg | sudo pacman-key -a - && sudo pacman-key --lsign-key 236328A7F2C2001E</pre>
-
                   <h2>2. Configure Pacman</h2>
-                  <p>Add the following to the bottom of <code>/etc/pacman.conf</code>:</p>
                   <pre>[hyprarch-repo]
           SigLevel = Required DatabaseOptional
           Server = https://repo.stuple.net/\$arch</pre>
-                  
                   <h2>3. Sync</h2>
-                  <div class="step">
-                      <code>sudo pacman -Syy</code>
-                  </div>
-
+                  <div class="step"><code>sudo pacman -Syy</code></div>
                   <hr style="margin-top:40px; border: 0; border-top: 1px solid #4c566a;">
                   <p><a href="./x86_64/">📁 Browse File Index</a></p>
-                  <p><small>Automated by GitHub Actions • Last updated: '$(date)'</small></p>
+                  <p><small>Last updated: '$(date)'</small></p>
               </div>
           </body>
           </html>
@@ -103,5 +103,7 @@ jobs:
 
       - name: Deploy to Local Web Folder
         run: |
+          # Clean the destination first to ensure no old symlinks remain
+          rm -rf /var/www/hyprarch-repo/x86_64/*
           mkdir -p /var/www/hyprarch-repo/x86_64
           cp -rf . /var/www/hyprarch-repo/
\ No newline at end of file