11name : Update CARCH PKGBUILD
22
33on :
4- workflow_dispatch :
4+ workflow_dispatch : # Allow manual triggering
55 schedule :
6- - cron : ' 0 */12 * * *'
6+ - cron : ' 0 */12 * * *' # Check twice a day for new releases
77
88jobs :
99 update-pkgbuild :
1010 runs-on : ubuntu-latest
1111 container :
1212 image : archlinux:latest
1313 permissions :
14- contents : write
14+ contents : write # Needed for pushing changes
1515
1616 steps :
1717 - name : Install necessary packages
1818 run : |
1919 pacman -Syu --noconfirm
20- pacman -S --noconfirm git wget base-devel make pacman-contrib less
20+ pacman -S --noconfirm git wget base-devel sudo
21+
22+ # Create a non-root user for building packages
23+ - name : Setup build user
24+ run : |
25+ useradd -m builder
26+ echo "builder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
27+ mkdir -p /home/builder/work
28+ chown -R builder:builder /home/builder
2129
2230name : Checkout pkgs repository
2331 uses : actions/checkout@v4
2432 with :
2533 token : ${{ secrets.GITHUB_TOKEN }}
34+ path : /home/builder/work/pkgs
2635
27- - name : Get latest release from harilvfs/carch
28- id : latest_release
36+ - name : Get latest release info from harilvfs/carch
2937 run : |
38+ cd /home/builder/work
3039 LATEST_RELEASE=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
3140 "https://api.github.com/repos/harilvfs/carch/releases/latest" | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/')
3241 echo "RELEASE=$LATEST_RELEASE" >> $GITHUB_ENV
3342 echo "Latest release: $LATEST_RELEASE"
3443
3544name : Extract version number
36- id : version
3745 run : |
3846 VERSION="${{ env.RELEASE }}"
3947 VERSION="${VERSION#v}" # Remove the 'v' prefix
@@ -42,20 +50,22 @@ jobs:
4250
4351name : Download latest release tar file
4452 run : |
53+ cd /home/builder/work
4554 TAR_URL="https://github.com/harilvfs/carch/archive/refs/tags/v$VERSION.tar.gz"
4655 echo "Downloading from: $TAR_URL"
4756 wget -q "$TAR_URL" -O "carch-$VERSION.tar.gz"
57+ chown builder:builder "carch-$VERSION.tar.gz"
4858
4959name : Calculate SHA256 checksum
50- id : checksum
5160 run : |
61+ cd /home/builder/work
5262 NEW_CHECKSUM=$(sha256sum "carch-$VERSION.tar.gz" | awk '{print $1}')
5363 echo "NEW_CHECKSUM=$NEW_CHECKSUM" >> $GITHUB_ENV
5464 echo "New checksum: $NEW_CHECKSUM"
5565
56- name : Check PKGBUILD
57- id : check_pkgbuild
66+ name : Check PKGBUILD file
5867 run : |
68+ cd /home/builder/work/pkgs
5969 CURRENT_VERSION=$(grep -P "^pkgver=.*$" carch/PKGBUILD | cut -d'=' -f2)
6070 CURRENT_CHECKSUM=$(grep -P "^sha256sums=.*$" carch/PKGBUILD | grep -oP "'[^']*'" | tr -d "'")
6171
@@ -70,20 +80,26 @@ jobs:
7080
7181name : Update PKGBUILD and generate SRCINFO
7282 if : env.UPDATE_NEEDED == 'true'
73- working-directory : carch
7483 run : |
84+ cd /home/builder/work/pkgs/carch
85+
86+ # Update the version
7587 sed -i "s/^pkgver=.*$/pkgver=$VERSION/" PKGBUILD
7688
89+ # Update the checksum
7790 sed -i "s/^sha256sums=.*$/sha256sums=('$NEW_CHECKSUM')/" PKGBUILD
7891
79- makepkg --printsrcinfo > .SRCINFO
92+ # Set permissions and generate .SRCINFO as non-root user
93+ chown -R builder:builder .
94+ su - builder -c "cd /home/builder/work/pkgs/carch && makepkg --printsrcinfo > .SRCINFO"
8095
8196 echo "PKGBUILD updated with new version $VERSION and checksum $NEW_CHECKSUM"
8297 echo "Generated .SRCINFO file"
8398
8499name : Commit and push changes
85100 if : env.UPDATE_NEEDED == 'true'
86101 run : |
102+ cd /home/builder/work/pkgs
87103 git config --local user.email "[email protected] " 88104 git config --local user.name "GitHub Action"
89105 git add carch/PKGBUILD carch/.SRCINFO
0 commit comments