-
Notifications
You must be signed in to change notification settings - Fork 15
107 lines (88 loc) · 3.19 KB
/
build_and_sync.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
# SPDX-License-Identifier: GPL-2.0-or-later
# Copyright (C) 2025 SteamFork (https://github.com/SteamFork)
# This workflow builds and syncs packages for the SteamFork distribution.
name: Package Build and Sync
on:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: false
jobs:
build_and_sync:
timeout-minutes: 1440
runs-on: self-hosted
steps:
- name: Set up job
run: echo "Running job on branch ${{ github.ref }}"
- name: Checkout repository
uses: actions/checkout@v4
with:
clean: false
- name: Verify the repo exists, or fail.
run: |
if [ ! -d "$GITHUB_WORKSPACE/release/repos" ]; then
echo "The repository does not exist, can not continue."
exit 1
fi
- name: Configure GPG agent
run: |
mkdir -p ~/.gnupg
echo "use-agent" > ~/.gnupg/gpg.conf
echo "pinentry-mode loopback" >> ~/.gnupg/gpg.conf
echo "allow-loopback-pinentry" >> ~/.gnupg/gpg-agent.conf
echo "default-cache-ttl 86400" >> ~/.gnupg/gpg-agent.conf
echo "max-cache-ttl 86400" >> ~/.gnupg/gpg-agent.conf
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
- name: Save GPG key to file
run: |
echo "$GPG_PRIVATE_KEY" > ~/.gnupg/private.key
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
- name: Import GPG key
run: |
gpg --batch --yes --import ~/.gnupg/private.key
- name: Set GPG trust level
run: |
echo "${{ secrets.GPG_KEY_ID }}:6:" | gpg --batch --yes --import-ownertrust
- name: Trust GPG key for pacman
run: |
sudo pacman-key --init
sudo pacman-key --add ~/.gnupg/private.key
sudo pacman-key --lsign-key ${{ secrets.GPG_KEY_ID }}
sudo pacman-key --populate steamfork
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
- name: Sign an empty file to ensure GPG key is available
run: |
touch emptyfile
echo "$GPG_PASSPHRASE" | gpg --batch --yes --passphrase-fd 0 --pinentry-mode loopback --sign emptyfile
rm -f emptyfile emptyfile.gpg
env:
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Configure ccache
run: |
ccache --max-size=50G
- name: Clear pacman cache
run: |
sudo pacman -Scc --noconfirm
- name: Run checksum_pkgbuild script
id: checksum
run: |
cd $GITHUB_WORKSPACE
OUTPUT=$(./scripts/checksum_pkgbuild)
echo "packages=$OUTPUT" >> $GITHUB_ENV
- name: Build with dependencies
run: |
cd $GITHUB_WORKSPACE
PACKAGES="${{ env.packages }}"
IFS=' ' read -r -a PACKAGE_ARRAY <<< "$PACKAGES"
for PKG in "${PACKAGE_ARRAY[@]}"; do
./scripts/build_with_dependencies "$PKG"
done
- name: Sync packages
if: github.repository == 'SteamFork/distribution'
run: make packages-sync
- name: Sync mirrors
if: github.repository == 'SteamFork/distribution'
run: make mirrors-sync