Stuple-Networks/hyprarch-repo
1
0
Fork 0
Code Pull Requests Actions Activity

Update .github/workflows/update-repo.yml

Browse Source
This commit is contained in:
Mitsuba100
2026-04-14 19:22:00 +02:00
parent 57c4fec84a
commit e34bf82799
1 changed files with 49 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
.github/workflows/update-repo.yml vendored
View File

@@ -1,4 +1,4 @@
name: Update Arch Repository (Gitea) name: Update Arch Repository (Host stui)
on: on:
push: push:
@@ -8,20 +8,15 @@ on:
jobs: jobs:
build-and-deploy: build-and-deploy:
# Use 'host' so the runner can move files directly to /var/www/arch-repo
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout code - name: Checkout code
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Ensure Tools and Directories - name: Ensure Tools
run: | run: |
sudo apt-get update && sudo apt-get install -y libarchive-tools gpg sudo apt-get update && sudo apt-get install -y libarchive-tools gpg
mkdir -p x86_64/db_temp
# Path where your packages will be served to the web
sudo mkdir -p /var/www/arch-repo/x86_64
sudo chown -R $USER:$USER /var/www/arch-repo
- name: Import GPG Key - name: Import GPG Key
run: | run: |
@@ -30,43 +25,63 @@ jobs:
- name: Build and Sign Repository - name: Build and Sign Repository
run: | run: |
cd x86_64 cd x86_64
# Clean up old database files
rm -f hyprarch-repo.db* hyprarch-repo.files* rm -f hyprarch-repo.db* hyprarch-repo.files*
mkdir -p db_temp
# 1. Export Public Key for users # Export Public Key for the landing page link
gpg --export --armor 236328A7F2C2001E > pubkey.gpg gpg --export --armor 236328A7F2C2001E > pubkey.gpg
# 2. Process Packages
for pkg in *.pkg.tar.zst; do for pkg in *.pkg.tar.zst; do
# Sign package (creates .sig file) # 1. Generate detached signature file (.sig)
echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign --no-armor "$pkg" echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign --no-armor "$pkg"
# Extract Metadata # 2. Extract Metadata for DB
pkgname=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^pkgname =" | cut -d' ' -f3) pkgname=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^pkgname =" | cut -d' ' -f3)
pkgver=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^pkgver =" | cut -d' ' -f3) pkgver=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^pkgver =" | cut -d' ' -f3)
pkgdesc=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^pkgdesc =" | cut -d' ' -f3- | sed "s/['\"]//g") pkgdesc=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^pkgdesc =" | cut -d' ' -f3- | sed "s/['\"]//g")
pkgsize=$(stat -c%s "$pkg")
instsize=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^size =" | cut -d' ' -f3)
mkdir -p "db_temp/$pkgname-$pkgver" mkdir -p "db_temp/$pkgname-$pkgver"
# 3. Create the 'desc' file (The heart of the .db)
{ {
echo "%NAME%"; echo "$pkgname"; echo "" echo "%NAME%"
echo "%VERSION%"; echo "$pkgver"; echo "" echo "$pkgname"
echo "%DESC%"; echo "$pkgdesc"; echo "" echo ""
echo "%FILENAME%"; echo "$pkg"; echo "" echo "%VERSION%"
echo "%CSIZE%"; echo "$(stat -c%s "$pkg")"; echo "" echo "$pkgver"
echo "%ISIZE%"; echo "$(bsdtar -xOf "$pkg" .PKGINFO | grep "^size =" | cut -d' ' -f3)"; echo "" echo ""
echo "%DESC%"
echo "$pkgdesc"
echo ""
echo "%FILENAME%"
echo "$pkg"
echo ""
echo "%CSIZE%"
echo "$pkgsize"
echo ""
echo "%ISIZE%"
echo "$instsize"
echo ""
echo "%PGPSIG%" echo "%PGPSIG%"
# Fixed: Use --output - instead of --stdout # Pipe the signature directly into the DB as a base64 string
echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign --no-armor --output - "$pkg" | base64 | tr -d '\n' echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign --no-armor --output - "$pkg" | base64 | tr -d '\n'
echo "" echo ""
echo ""
} > "db_temp/$pkgname-$pkgver/desc" } > "db_temp/$pkgname-$pkgver/desc"
done done
# 3. Create Database # 4. Bundle everything into the .db file
cd db_temp cd db_temp
tar -c * | gzip -9 > ../hyprarch-repo.db.tar.gz tar -c * | gzip -9 > ../hyprarch-repo.db.tar.gz
cd .. cd ..
# 5. Sign the database itself
echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign --no-armor hyprarch-repo.db.tar.gz echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign --no-armor hyprarch-repo.db.tar.gz
# 4. Finalize # 6. Finalize symlinks/copies
cp hyprarch-repo.db.tar.gz hyprarch-repo.db cp hyprarch-repo.db.tar.gz hyprarch-repo.db
cp hyprarch-repo.db.tar.gz.sig hyprarch-repo.db.sig cp hyprarch-repo.db.tar.gz.sig hyprarch-repo.db.sig
cp hyprarch-repo.db.tar.gz hyprarch-repo.files cp hyprarch-repo.db.tar.gz hyprarch-repo.files
@@ -80,36 +95,24 @@ jobs:
<head> <head>
<title>HyprArch Repo</title> <title>HyprArch Repo</title>
<style> <style>
body { font-family: sans-serif; background: #2e3440; color: #eceff4; padding: 40px; line-height: 1.6; } body { font-family: sans-serif; background: #2e3440; color: #eceff4; padding: 40px; }
.container { max-width: 800px; margin: auto; background: #3b4252; padding: 30px; border-radius: 10px; box-shadow: 0 4px 15px rgba(0,0,0,0.3); } .container { max-width: 800px; margin: auto; background: #3b4252; padding: 30px; border-radius: 10px; }
pre { background: #2e3440; padding: 15px; border-radius: 5px; color: #ebcb8b; overflow-x: auto; border: 1px solid #4c566a; } pre { background: #2e3440; padding: 15px; border-radius: 5px; color: #ebcb8b; border: 1px solid #4c566a; }
h1 { color: #81a1c1; border-bottom: 2px solid #4c566a; padding-bottom: 10px; } h1 { color: #81a1c1; }
h2 { color: #a3be8c; }
a { color: #88c0d0; text-decoration: none; } a { color: #88c0d0; text-decoration: none; }
a:hover { text-decoration: underline; }
code { color: #d08770; }
</style> </style>
</head> </head>
<body> <body>
<div class="container"> <div class="container">
<h1>🚀 HyprArch Custom Repository</h1> <h1>🚀 HyprArch Pi Repository</h1>
<p>Trust Key:</p>
<h2>1. Trust the GPG Key</h2>
<p>Run this to add the maintainer key to your pacman keyring:</p>
<pre>curl -s https://repo.stuple.net/x86_64/pubkey.gpg | sudo pacman-key -a - && sudo pacman-key --lsign-key 236328A7F2C2001E</pre> <pre>curl -s https://repo.stuple.net/x86_64/pubkey.gpg | sudo pacman-key -a - && sudo pacman-key --lsign-key 236328A7F2C2001E</pre>
<p>Add to /etc/pacman.conf:</p>
<h2>2. Add to pacman.conf</h2>
<p>Add these lines to the bottom of <code>/etc/pacman.conf</code>:</p>
<pre>[hyprarch-repo] <pre>[hyprarch-repo]
SigLevel = Required DatabaseOptional SigLevel = Required DatabaseOptional
Server = https://repo.stuple.net/\$arch</pre> Server = https://repo.stuple.net/\$arch</pre>
<hr>
<h2>3. Update and Install</h2>
<p><code>sudo pacman -Syy</code></p>
<hr style="border:0; border-top:1px solid #4c566a; margin: 20px 0;">
<p><a href="./x86_64/">📂 Browse File Index</a></p> <p><a href="./x86_64/">📂 Browse File Index</a></p>
<p><small>Hosted on Raspberry Pi 4B • Automated via Gitea Actions</small></p>
</div> </div>
</body> </body>
</html> </html>
@@ -117,5 +120,8 @@ jobs:
- name: Deploy to Local Web Folder - name: Deploy to Local Web Folder
run: | run: |
# Copy current build to the Nginx root # Use sudo (configured in visudo previously) to move to Nginx root
cp -r * /var/www/arch-repo/ sudo mkdir -p /var/www/hyprarch-repo/x86_64
sudo cp -rf . /var/www/hyprarch-repo/
sudo chown -R www-data:www-data /var/www/hyprarch-repo
sudo chmod -R 755 /var/www/hyprarch-repo