blob: 7db6f16f921b8acf76620b87e9129e6639b56423 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
name: Publish to AUR
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
tag:
description: 'Tag (v开头)'
required: false
type: string
jobs:
aur:
runs-on: ubuntu-latest
container:
image: archlinux:latest
steps:
- name: Install dependencies
run: |
pacman -Sy --noconfirm git openssh base-devel aurpublish sudo
# 创建 builder 用户
useradd -m builder
# 允许 builder 无密码 sudo
echo "builder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
- name: Set up SSH for AUR
run: |
mkdir -p /home/builder/.ssh
echo "${{ secrets.AUR_SSH_PRIVATE_KEY }}" > /home/builder/.ssh/id_ed25519
chmod 600 /home/builder/.ssh/id_ed25519
chmod 700 /home/builder/.ssh
# 扫描 host key
ssh-keyscan -t ed25519 aur.archlinux.org >> /home/builder/.ssh/known_hosts || true
chmod 644 /home/builder/.ssh/known_hosts
chown -R builder:builder /home/builder/.ssh
- name: Clone AUR repo
run: |
# 使用 sudo -u builder <<EOF 方式避免引号噩梦
sudo -u builder bash <<EOF
export GIT_SSH_COMMAND="ssh -i /home/builder/.ssh/id_ed25519 -o UserKnownHostsFile=/home/builder/.ssh/known_hosts -o StrictHostKeyChecking=no"
git clone ssh://aur@aur.archlinux.org/soon.git /home/builder/aur-push
EOF
- name: Set git user
run: |
sudo -u builder git config --global user.name "github-actions[bot]"
sudo -u builder git config --global user.email "github-actions[bot]@users.noreply.github.com"
sudo -u builder git config --global --add safe.directory /home/builder/aur-push
- name: Update PKGBUILD and .SRCINFO
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ -n "${{ github.event.inputs.tag }}" ]; then
TAG="${{ github.event.inputs.tag }}"
else
TAG="${GITHUB_REF##*/}"
fi
VERSION="${TAG#v}"
echo "Updating to version: $VERSION"
# 使用 EOF 块,清晰且安全
sudo -u builder bash <<EOF
cd /home/builder/aur-push
sed -i "s/^pkgver=.*/pkgver=${VERSION}/" PKGBUILD
makepkg --printsrcinfo > .SRCINFO
git add PKGBUILD .SRCINFO
if ! git diff --cached --quiet; then
git commit -m "release: $VERSION"
else
echo "No changes to commit"
fi
EOF
- name: Publish to AUR with aurpublish
run: |
sudo -u builder bash <<EOF
cd /home/builder/aur-push
export GIT_SSH_COMMAND="ssh -i /home/builder/.ssh/id_ed25519 -o UserKnownHostsFile=/home/builder/.ssh/known_hosts -o StrictHostKeyChecking=no"
aurpublish soon
EOF
|