├── .github ├── dependabot.yml ├── release-drafter.yml └── workflows │ ├── ci.yml │ └── release-drafter.yml ├── .gitignore ├── .mergify.yml ├── .yamllint ├── Dockerfile ├── README.md ├── action.yml ├── entrypoint.sh └── justfile /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | # Set update schedule for GitHub Actions 2 | 3 | version: 2 4 | updates: 5 | 6 | - package-ecosystem: "github-actions" 7 | directory: "/" 8 | schedule: 9 | # Check for updates to GitHub Actions every weekday 10 | interval: "daily" 11 | -------------------------------------------------------------------------------- /.github/release-drafter.yml: -------------------------------------------------------------------------------- 1 | template: | 2 | ## What’s Changed 3 | 4 | $CHANGES 5 | 6 | exclude-labels: 7 | - 'dependencies' 8 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | --- 2 | name: ci 3 | 4 | on: # yamllint disable-line rule:truthy 5 | push: 6 | branches: 7 | - main 8 | pull_request: 9 | 10 | jobs: 11 | validation: 12 | runs-on: ubuntu-latest 13 | name: Validate a Pull Request 14 | steps: 15 | - uses: actions/checkout@v4 16 | 17 | - name: Run yamllint 18 | uses: ibiqlik/action-yamllint@v3.1 19 | 20 | - name: Run ShellCheck 21 | uses: ludeeus/action-shellcheck@master 22 | 23 | test: 24 | runs-on: ubuntu-latest 25 | name: Test on project 26 | 27 | strategy: 28 | matrix: 29 | include: 30 | - repo-owner: 2m 31 | repo-name: ucm-bin-pkgbuild 32 | pkg-name: ucm-bin 33 | - repo-owner: 2m 34 | repo-name: paru-pkgbuild 35 | pkg-name: . 36 | fail-fast: false 37 | 38 | steps: 39 | - uses: actions/checkout@v4 40 | with: 41 | path: action 42 | 43 | - uses: actions/checkout@v4 44 | with: 45 | repository: ${{ matrix.repo-owner }}/${{ matrix.repo-name }} 46 | path: ${{ matrix.repo-name }} 47 | 48 | - name: srcinfo 49 | uses: ./action 50 | with: 51 | target: srcinfo 52 | pkgname: ${{ matrix.repo-name }}/${{ matrix.pkg-name }} 53 | 54 | - name: pkgbuild 55 | uses: ./action 56 | with: 57 | target: pkgbuild 58 | pkgname: ${{ matrix.repo-name }}/${{ matrix.pkg-name }} 59 | -------------------------------------------------------------------------------- /.github/workflows/release-drafter.yml: -------------------------------------------------------------------------------- 1 | name: Release Drafter 2 | 3 | on: # yamllint disable-line rule:truthy 4 | push: 5 | branches: 6 | - main 7 | 8 | jobs: 9 | update_release_draft: 10 | runs-on: ubuntu-latest 11 | steps: 12 | # Drafts next Release notes as Pull Requests are merged into "main" 13 | - uses: release-drafter/release-drafter@v6 14 | env: 15 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 16 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | .idea 2 | *.iml 3 | target 4 | -------------------------------------------------------------------------------- /.mergify.yml: -------------------------------------------------------------------------------- 1 | pull_request_rules: 2 | - name: automatic merge for Dependabot pull requests 3 | conditions: 4 | - status-success~=Validate a Pull Request 5 | - author=dependabot[bot] 6 | actions: 7 | merge: 8 | method: merge 9 | 10 | - name: Label dependabot PRs 11 | conditions: 12 | - author=dependabot[bot] 13 | actions: 14 | label: 15 | add: ["dependencies"] 16 | 17 | - name: Delete the PR branch after merge 18 | conditions: 19 | - merged 20 | actions: 21 | delete_head_branch: {} 22 | -------------------------------------------------------------------------------- /.yamllint: -------------------------------------------------------------------------------- 1 | --- 2 | extends: default 3 | 4 | rules: 5 | # Disable requirement for `---` at the beginning of each file 6 | document-start: disable 7 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | FROM martynas/archlinux:latest 2 | 3 | COPY entrypoint.sh /entrypoint.sh 4 | 5 | ENTRYPOINT ["/entrypoint.sh"] 6 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Arch Linux PKGBUILD builder action 2 | 3 | This action builds an validates Arch Linux package. 4 | The `PKGBUILD` and `.SRCINFO` files should be under a subdirectory named the same as the `pkgbuild` of the package. 5 | This assumption is made so this action works well with [aurpublish]. 6 | 7 | [aurpublish]: https://github.com/eli-schwartz/aurpublish 8 | 9 | ## Inputs 10 | 11 | ### `target` 12 | 13 | **Required** Validation target. Can be one of: `pkgbuild`, `srcinfo`, `run`. 14 | 15 | ### `pkgname` 16 | 17 | **Required** Path to DIRECTORY where the PKGBUILD file is. 18 | Assumes the directory is the name of package, ie /path/to/pkgname/' 19 | 20 | ## Example usage 21 | 22 | ### pkgbuild 23 | 24 | Verifies and builds the package. 25 | 26 | ```yml 27 | uses: 2m/arch-pkgbuild-builder@v1.16 28 | with: 29 | target: 'pkgbuild' 30 | pkgname: 'ucm-bin' 31 | ``` 32 | 33 | ### srcinfo 34 | 35 | Verifies if the `.SRCINFO` is up to date with the `PKGBUILD`. 36 | 37 | ```yml 38 | uses: 2m/arch-pkgbuild-builder@v1.16 39 | with: 40 | target: 'srcinfo' 41 | pkgname: 'ucm-bin' 42 | ``` 43 | 44 | ### run 45 | 46 | Installs the package and runs a given `command`. 47 | 48 | ```yml 49 | uses: 2m/arch-pkgbuild-builder@v1.16 50 | with: 51 | target: 'run' 52 | pkgname: 'ucm-bin' 53 | command: `ucm --version` 54 | ``` 55 | 56 | ### debug mode (optional) 57 | 58 | Add a `debug: true` key, ie. 59 | 60 | ```yml 61 | uses: 2m/arch-pkgbuild-builder@v1.16 62 | with: 63 | debug: true 64 | target: 'srcinfo' 65 | pkgname: 'ucm-bin' 66 | ``` 67 | 68 | This will run `entrypoint.sh` with `set -x` on. 69 | 70 | ## Used by 71 | 72 | So far this action is used by the following packages: 73 | 74 | * [ucm-bin](https://github.com/2m/ucm-bin-pkgbuild) 75 | * [authenticator-rs](https://github.com/grumlimited/authenticator-rs) 76 | * [kinesis-tailr](https://github.com/grumlimited/kinesis-tailr) 77 | * [cpeditor](https://github.com/cpeditor/cpeditor) 78 | -------------------------------------------------------------------------------- /action.yml: -------------------------------------------------------------------------------- 1 | name: Arch Linux PKGBUILD builder action 2 | description: Builds an validates PKGBUILD definition 3 | 4 | branding: 5 | icon: triangle 6 | color: blue 7 | 8 | inputs: 9 | pkgname: 10 | description: >- 11 | Path to DIRECTORY where the PKGBUILD file is. 12 | Assumes the directory is the name of package, ie /path/to/pkgname/ 13 | required: true 14 | target: 15 | description: >- 16 | Validation target. 17 | Can be one of: "pkgbuild", "srcinfo", "run" 18 | required: true 19 | default: 'pkgbuild' 20 | command: 21 | description: >- 22 | Command to run after package installation. 23 | Used when target=run 24 | required: false 25 | debug: 26 | description: Turns debugging on 27 | required: false 28 | 29 | runs: 30 | using: docker 31 | image: Dockerfile 32 | args: 33 | - ${{ inputs.target }} 34 | - ${{ inputs.pkgname }} 35 | - ${{ inputs.command }} 36 | - ${{ inputs.debug }} 37 | -------------------------------------------------------------------------------- /entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # fail whole script if any command fails 4 | set -e 5 | 6 | DEBUG=$4 7 | 8 | if [[ -n $DEBUG && $DEBUG = true ]]; then 9 | set -x 10 | fi 11 | 12 | target=$1 13 | pkgname=$2 14 | command=$3 15 | 16 | # assumes that package files are in a subdirectory 17 | # of the same name as "pkgname", so this works well 18 | # with "aurpublish" tool 19 | 20 | pkgbuild_dir=$(readlink "$pkgname" -f) # nicely cleans up path, ie. ///dsq/dqsdsq/my-package//// -> /dsq/dqsdsq/my-package 21 | 22 | if [[ ! -d $pkgbuild_dir ]]; then 23 | echo "$pkgbuild_dir should be a directory." 24 | exit 1 25 | fi 26 | 27 | if [[ ! -e $pkgbuild_dir/PKGBUILD ]]; then 28 | echo "$pkgbuild_dir does not contain a PKGBUILD file." 29 | exit 1 30 | fi 31 | 32 | if [[ ! -e $pkgbuild_dir/.SRCINFO ]]; then 33 | echo "$pkgbuild_dir does not contain a .SRCINFO file." 34 | exit 1 35 | fi 36 | 37 | getfacl -p -R "$pkgbuild_dir" /github/home > /tmp/arch-pkgbuild-builder-permissions.bak 38 | 39 | # '/github/workspace' is mounted as a volume and has owner set to root 40 | # set the owner of $pkgbuild_dir to the 'build' user, so it can access package files. 41 | sudo chown -R build "$pkgbuild_dir" 42 | 43 | # needs permissions so '/github/home/.config/yay' is accessible by yay 44 | sudo chown -R build /github/home 45 | 46 | # use more reliable keyserver 47 | mkdir -p /github/home/.gnupg/ 48 | echo "keyserver hkp://keyserver.ubuntu.com:80" | tee /github/home/.gnupg/gpg.conf 49 | 50 | cd "$pkgbuild_dir" 51 | 52 | pkgname=$(grep -E 'pkgname' .SRCINFO | sed -e 's/.*= //') 53 | 54 | install_deps() { 55 | # install all package dependencies 56 | grep -E 'depends =' .SRCINFO | \ 57 | sed -e 's/.*depends = //' -e 's/:.*//' | \ 58 | xargs yay -S --noconfirm --needed 59 | } 60 | 61 | fetch_gpg_keys() { 62 | awk '/validpgpkeys/ {print $3}' .SRCINFO | \ 63 | xargs gpg --keyserver keyserver.ubuntu.com --recv-key 64 | } 65 | 66 | case $target in 67 | pkgbuild) 68 | namcap PKGBUILD 69 | install_deps 70 | fetch_gpg_keys 71 | makepkg --syncdeps --noconfirm 72 | 73 | # shellcheck disable=SC1091 74 | source /etc/makepkg.conf # get PKGEXT 75 | 76 | namcap "${pkgname}"-*"${PKGEXT}" 77 | pacman -Qip "${pkgname}"-*"${PKGEXT}" 78 | pacman -Qlp "${pkgname}"-*"${PKGEXT}" 79 | ;; 80 | run) 81 | install_deps 82 | fetch_gpg_keys 83 | makepkg --syncdeps --noconfirm --install 84 | eval "$command" 85 | ;; 86 | srcinfo) 87 | makepkg --printsrcinfo | diff --ignore-blank-lines .SRCINFO - || \ 88 | { echo ".SRCINFO is out of sync. Please run 'makepkg --printsrcinfo' and commit the changes."; false; } 89 | ;; 90 | *) 91 | echo "Target should be one of 'pkgbuild', 'srcinfo', 'run'" ;; 92 | esac 93 | 94 | sudo setfacl --restore=/tmp/arch-pkgbuild-builder-permissions.bak 95 | -------------------------------------------------------------------------------- /justfile: -------------------------------------------------------------------------------- 1 | pwd := env_var('PWD') 2 | 3 | # fetch base image and build arch-pkgbuild-builder 4 | build: 5 | docker pull martynas/archlinux 6 | docker build -t arch-pkgbuild-builder . 7 | 8 | # run a command on a project, like: 9 | # just run git@github.com:Marcool04/linux-fix-e1000e.git pkgbuild 10 | # just run https://aur.archlinux.org/ucm-bin.git pkgbuild 11 | run project-uri command: 12 | rm -rf target 13 | mkdir target 14 | git clone {{project-uri}} target 15 | docker run --rm -v {{pwd}}/target:/home/build -v /tmp/gh:/github/home arch-pkgbuild-builder {{command}} . 16 | --------------------------------------------------------------------------------