name: Update Arch Repository (Host stui) on: push: paths: - 'x86_64/*.pkg.tar.zst' workflow_dispatch: jobs: build-and-deploy: runs-on: local steps: - name: Checkout code uses: actions/checkout@v4 - name: Ensure Tools run: | sudo apt-get update && sudo apt-get install -y libarchive-tools gpg - name: Import GPG Key run: | echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --batch --import --yes - name: Build and Sign Repository run: | cd x86_64 # Clean up old database files rm -f hyprarch-repo.db* hyprarch-repo.files* mkdir -p db_temp # Export Public Key for the landing page link gpg --export --armor 236328A7F2C2001E > pubkey.gpg for pkg in *.pkg.tar.zst; do # 1. Generate detached signature file (.sig) echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign --no-armor "$pkg" # 2. Extract Metadata for DB pkgname=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^pkgname =" | cut -d' ' -f3) pkgver=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^pkgver =" | cut -d' ' -f3) pkgdesc=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^pkgdesc =" | cut -d' ' -f3- | sed "s/['\"]//g") pkgsize=$(stat -c%s "$pkg") instsize=$(bsdtar -xOf "$pkg" .PKGINFO | grep "^size =" | cut -d' ' -f3) mkdir -p "db_temp/$pkgname-$pkgver" # 3. Create the 'desc' file (The heart of the .db) { echo "%NAME%" echo "$pkgname" echo "" echo "%VERSION%" echo "$pkgver" echo "" echo "%DESC%" echo "$pkgdesc" echo "" echo "%FILENAME%" echo "$pkg" echo "" echo "%CSIZE%" echo "$pkgsize" echo "" echo "%ISIZE%" echo "$instsize" echo "" echo "%PGPSIG%" # Pipe the signature directly into the DB as a base64 string echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign --no-armor --output - "$pkg" | base64 | tr -d '\n' echo "" echo "" } > "db_temp/$pkgname-$pkgver/desc" done # 4. Bundle everything into the .db file cd db_temp tar -c * | gzip -9 > ../hyprarch-repo.db.tar.gz cd .. # 5. Sign the database itself echo "${{ secrets.GPG_PASSPHRASE }}" | gpg --batch --yes --pinentry-mode loopback --local-user 236328A7F2C2001E --passphrase-fd 0 --detach-sign --no-armor hyprarch-repo.db.tar.gz # 6. Finalize symlinks/copies cp hyprarch-repo.db.tar.gz hyprarch-repo.db cp hyprarch-repo.db.tar.gz.sig hyprarch-repo.db.sig cp hyprarch-repo.db.tar.gz hyprarch-repo.files rm -rf db_temp - name: Generate Landing Page run: | cat < index.html HyprArch Repo

🚀 HyprArch Pi Repository

Trust Key:

curl -s https://repo.stuple.net/x86_64/pubkey.gpg | sudo pacman-key -a - && sudo pacman-key --lsign-key 236328A7F2C2001E

Add to /etc/pacman.conf:

[hyprarch-repo]
          SigLevel = Required DatabaseOptional
          Server = https://repo.stuple.net/\$arch

📂 Browse File Index

EOF - name: Deploy to Local Web Folder run: | # Use sudo (configured in visudo previously) to move to Nginx root sudo mkdir -p /var/www/hyprarch-repo/x86_64 sudo cp -rf . /var/www/hyprarch-repo/ sudo chown -R www-data:www-data /var/www/hyprarch-repo sudo chmod -R 755 /var/www/hyprarch-repo