Package Build and Sync #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: GPL-2.0-or-later | |
| # Copyright (C) 2025 SteamFork (https://github.com/SteamFork) | |
| # This workflow builds and syncs packages for the SteamFork distribution. | |
| name: Package Build and Sync | |
| on: | |
| workflow_dispatch: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: false | |
| jobs: | |
| build_and_sync: | |
| timeout-minutes: 1440 | |
| runs-on: self-hosted | |
| steps: | |
| - name: Set up job | |
| run: echo "Running job on branch ${{ github.ref }}" | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| with: | |
| clean: false | |
| - name: Verify the repo exists, or fail. | |
| run: | | |
| if [ ! -d "$GITHUB_WORKSPACE/release/repos" ]; then | |
| echo "The repository does not exist, can not continue." | |
| exit 1 | |
| fi | |
| - name: Configure GPG agent | |
| run: | | |
| mkdir -p ~/.gnupg | |
| echo "use-agent" > ~/.gnupg/gpg.conf | |
| echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf | |
| echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf | |
| echo "default-cache-ttl 86400" >> ~/.gnupg/gpg-agent.conf | |
| echo "max-cache-ttl 86400" >> ~/.gnupg/gpg-agent.conf | |
| gpgconf --kill gpg-agent | |
| gpgconf --launch gpg-agent | |
| - name: Save GPG key to file | |
| run: | | |
| echo "$GPG_PRIVATE_KEY" > ~/.gnupg/private.key | |
| env: | |
| GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| - name: Import GPG key | |
| run: | | |
| gpg --batch --yes --import ~/.gnupg/private.key | |
| - name: Set GPG trust level | |
| run: | | |
| echo "${{ secrets.GPG_KEY_ID }}:6:" | gpg --batch --yes --import-ownertrust | |
| - name: Trust GPG key for pacman | |
| run: | | |
| sudo pacman-key --init | |
| sudo pacman-key --add ~/.gnupg/private.key | |
| sudo pacman-key --lsign-key ${{ secrets.GPG_KEY_ID }} | |
| sudo pacman-key --populate steamfork | |
| env: | |
| GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| - name: Sign an empty file to ensure GPG key is available | |
| run: | | |
| touch emptyfile | |
| echo "$GPG_PASSPHRASE" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback --sign emptyfile | |
| rm -f emptyfile emptyfile.gpg | |
| env: | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| - name: Configure ccache | |
| run: | | |
| ccache --max-size=50G | |
| - name: Clear pacman cache | |
| run: | | |
| sudo pacman -Scc --noconfirm | |
| - name: Run checksum_pkgbuild script | |
| id: checksum | |
| run: | | |
| cd $GITHUB_WORKSPACE | |
| OUTPUT=$(./scripts/checksum_pkgbuild) | |
| echo "packages=$OUTPUT" >> $GITHUB_ENV | |
| - name: Build with dependencies | |
| run: | | |
| cd $GITHUB_WORKSPACE | |
| PACKAGES="${{ env.packages }}" | |
| IFS=' ' read -r -a PACKAGE_ARRAY <<< "$PACKAGES" | |
| for PKG in "${PACKAGE_ARRAY[@]}"; do | |
| ./scripts/build_with_dependencies "$PKG" | |
| done | |
| - name: Sync packages | |
| if: github.repository == 'SteamFork/distribution' | |
| run: make packages-sync | |
| - name: Sync mirrors | |
| if: github.repository == 'SteamFork/distribution' | |
| run: make mirrors-sync |