├── .github
    ├── FUNDING.yml
    └── dependabot.yml
├── Dockerfile
├── LICENSE.md
├── README.md
├── action.yml
├── build.sh
├── entrypoint.sh
└── ssh_config


/.github/FUNDING.yml:
--------------------------------------------------------------------------------
 1 | # These are supported funding model platforms
 2 | 
 3 | github: KSXGitHub # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
 4 | patreon: khai96_
 5 | open_collective: # Collective unavailable
 6 | ko_fi: # Replace with a single Ko-fi username
 7 | tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
 8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
 9 | liberapay: # Replace with a single Liberapay username
10 | issuehunt: # disabled
11 | otechie: # Replace with a single Otechie username
12 | custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
13 | 


--------------------------------------------------------------------------------
/.github/dependabot.yml:
--------------------------------------------------------------------------------
 1 | version: 2
 2 | updates:
 3 | - package-ecosystem: github-actions
 4 |   directory: "/"
 5 |   schedule:
 6 |     interval: weekly
 7 |   open-pull-requests-limit: 10
 8 |   labels:
 9 |     - dependabot
10 |     - github-actions
11 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM archlinux:base
 2 | 
 3 | RUN pacman -Syu --noconfirm
 4 | RUN pacman -S --noconfirm --needed --overwrite '*' \
 5 |       openssh sudo base-devel \
 6 |       git fakeroot binutils gcc awk binutils xz \
 7 |       libarchive bzip2 coreutils file findutils \
 8 |       gettext grep gzip sed ncurses util-linux \
 9 |       pacman-contrib debugedit
10 | 
11 | COPY entrypoint.sh /entrypoint.sh
12 | COPY build.sh /build.sh
13 | COPY ssh_config /ssh_config
14 | 
15 | ENTRYPOINT ["/entrypoint.sh"]
16 | 


--------------------------------------------------------------------------------
/LICENSE.md:
--------------------------------------------------------------------------------
 1 | # The MIT License
 2 | 
 3 | Copyright (c) 2020 Hoàng Văn Khải
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
  1 | # Publish AUR package
  2 | 
  3 | GitHub Actions to publish AUR package.
  4 | 
  5 | ## Inputs
  6 | 
  7 | ### `pkgname`
  8 | 
  9 | **Required** AUR package name.
 10 | 
 11 | ### `pkgbuild`
 12 | 
 13 | **Required** Path to PKGBUILD file. This file is often generated by prior steps.
 14 | 
 15 | ### `assets`
 16 | 
 17 | **Optional** Newline-separated glob patterns for additional files to be added to the AUR repository.
 18 | Glob patterns will be expanded by bash when copying the files to the repository.
 19 | 
 20 | ### `updpkgsums`
 21 | 
 22 | **Optional** Update checksums using `updpkgsums`.
 23 | 
 24 | ### `test`
 25 | 
 26 | **Optional** Check that PKGBUILD could be built.
 27 | 
 28 | ### `test_flags`
 29 | 
 30 | **Optional** Command line flags for makepkg to build the package (if `test` is enabled). The default flags are `--clean --cleanbuild --nodeps`.
 31 | 
 32 | ### `post_process`
 33 | 
 34 | **Optional** A line of commands to execute after processing the package.
 35 | 
 36 | ### `commit_username`
 37 | 
 38 | **Required** The username to use when creating the new commit.
 39 | 
 40 | ### `commit_email`
 41 | 
 42 | **Required** The email to use when creating the new commit.
 43 | 
 44 | ### `ssh_private_key`
 45 | 
 46 | **Required** Your private key with access to AUR package.
 47 | 
 48 | ### `commit_message`
 49 | 
 50 | **Optional** Commit message to use when creating the new commit.
 51 | 
 52 | ### `allow_empty_commits`
 53 | 
 54 | **Optional** Allow empty commits, i.e. commits with no change. The default value is `false`.
 55 | 
 56 | ### `force_push`
 57 | 
 58 | **Optional** Use `--force` when push to the AUR. The default value is `false`.
 59 | 
 60 | ### `ssh_keyscan_types`
 61 | 
 62 | **Optional** Comma-separated list of types to use when adding aur.archlinux.org to known hosts.
 63 | 
 64 | ## Example usage
 65 | 
 66 | ```yaml
 67 | name: aur-publish
 68 | 
 69 | on:
 70 |   push:
 71 |     tags:
 72 |       - '*'
 73 | 
 74 | jobs:
 75 |   aur-publish:
 76 |     runs-on: ubuntu-latest
 77 |     steps:
 78 |       - uses: actions/checkout@v2
 79 | 
 80 |       - name: Generate PKGBUILD
 81 |         run: bash ./generate-pkgbuild.bash
 82 | 
 83 |       - name: Publish AUR package
 84 |         uses: KSXGitHub/github-actions-deploy-aur@<TAG>
 85 |         with:
 86 |           pkgname: my-awesome-package
 87 |           pkgbuild: ./PKGBUILD
 88 |           commit_username: ${{ secrets.AUR_USERNAME }}
 89 |           commit_email: ${{ secrets.AUR_EMAIL }}
 90 |           ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
 91 |           commit_message: Update AUR package
 92 |           ssh_keyscan_types: rsa,ecdsa,ed25519
 93 | ```
 94 | 
 95 | **Note:** Replace `<TAG>` in the above code snippet with a tag of this repo.
 96 | 
 97 | **Tip:** To create secrets (such as `secrets.AUR_USERNAME`, `secrets.AUR_EMAIL`, and `secrets.AUR_SSH_PRIVATE_KEY` above), go to `$YOUR_GITHUB_REPO_URL/settings/secrets`. [Read this for more information](https://help.github.com/en/actions/configuring-and-managing-workflows/creating-and-storing-encrypted-secrets).
 98 | 
 99 | **Tip:** This action does not generate PKGBUILD for you, you must generate it yourself (e.g. by using actions before this action).
100 | 
101 | ## Real-world applications
102 | 
103 | [sane-fmt](https://github.com/KSXGitHub/sane-fmt) has a [workflow](https://github.com/KSXGitHub/sane-fmt/blob/c07ce4f09c0b8dfa902d28753ebb3800268183f5/.github/workflows/deploy.yaml) that builds and uploads executables to GitHub Release then generates PKGBUILD files for and use this very action to update [aur/sane-fmt](https://aur.archlinux.org/packages/sane-fmt) and [aur/sane-fmt-bin](https://aur.archlinux.org/packages/sane-fmt-bin).
104 | 
105 | [pretty-exec](https://github.com/KSXGitHub/pretty-exec) has a [workflow](https://github.com/KSXGitHub/pretty-exec/blob/67473cd85f6aa278367e30fce9e41b4e54e4cb82/.github/workflows/deploy.yaml) that builds and uploads executables to GitHub Release then generates PKGBUILD files for and use this very action to update [aur/pretty-exec](https://aur.archlinux.org/packages/pretty-exec/) and [aur/pretty-exec-bin](https://aur.archlinux.org/packages/pretty-exec-bin/).
106 | 
107 | [build-fs-tree](https://github.com/KSXGitHub/build-fs-tree) has a [workflow](https://github.com/KSXGitHub/build-fs-tree/blob/24924d99ae5cd82f00ea62fe8abc1a187bea7a0b/.github/workflows/deploy.yaml) that builds and uploads executables to GitHub Release then generates PKGBUILD files for and use this very action to update [aur/build-fs-tree](https://aur.archlinux.org/packages/build-fs-tree/) and [aur/build-fs-tree-bin](https://aur.archlinux.org/packages/build-fs-tree-bin/).
108 | 
109 | [strip-ansi-cli](https://github.com/KSXGitHub/strip-ansi-cli) has a [workflow](https://github.com/KSXGitHub/strip-ansi-cli/blob/f3de1cf4997bbc2efbf137f77325f12640c2e145/.github/workflows/deploy.yaml) that builds and uploads executables to GitHub Release then generates PKGBUILD files for and use this very action to update [aur/strip-ansi](https://aur.archlinux.org/packages/strip-ansi/) and [aur/strip-ansi-bin](https://aur.archlinux.org/packages/strip-ansi-bin/).
110 | 
111 | [parallel-disk-usage](https://github.com/KSXGitHub/parallel-disk-usage) has a [workflow](https://github.com/KSXGitHub/parallel-disk-usage/blob/a7fc0937a64d23ae848e44f7ecbf02aec64831e4/.github/workflows/deploy.yaml) that builds and uploads executables to GitHub Release then generates PKGBUILD files for and use this very action to update [aur/parallel-disk-usage](https://aur.archlinux.org/packages/parallel-disk-usage/) and [aur/parallel-disk-usage-bin](https://aur.archlinux.org/packages/parallel-disk-usage-bin/).
112 | 
113 | ## Become a Patron
114 | 
115 | [My Patreon Page](https://patreon.com/khai96_).
116 | 
117 | ## License
118 | 
119 | [MIT](https://git.io/JfWEM) © [Hoàng Văn Khải](https://github.com/KSXGitHub/)
120 | 


--------------------------------------------------------------------------------
/action.yml:
--------------------------------------------------------------------------------
 1 | name: 'Publish AUR package'
 2 | description: 'Publish an AUR package'
 3 | author: KSXGitHub
 4 | branding:
 5 |   color: blue
 6 |   icon: package
 7 | inputs:
 8 |   pkgname:
 9 |     description: 'AUR package name'
10 |     required: true
11 |   pkgbuild:
12 |     description: 'Path to PKGBUILD file'
13 |     required: true
14 |   assets:
15 |     description: 'Newline-separated glob patterns for additional files to be added to the AUR repository'
16 |     required: false
17 |     default: ''
18 |   updpkgsums:
19 |     description: 'Update checksums using `updpkgsums`'
20 |     required: false
21 |     default: 'false'
22 |   test:
23 |     description: 'Check that PKGBUILD could be built'
24 |     required: false
25 |     default: 'false'
26 |   test_flags:
27 |     description: 'Command line flags for makepkg to build the package (if `test` is enabled)'
28 |     required: false
29 |     default: '--clean --cleanbuild --nodeps'
30 |   post_process:
31 |     description: 'A line of commands to execute after processing the package'
32 |     required: false
33 |     default: ''
34 |   commit_username:
35 |     description: 'The username to use when creating the new commit'
36 |     required: true
37 |   commit_email:
38 |     description: 'The email to use when creating the new commit'
39 |     required: true
40 |   ssh_private_key:
41 |     description: 'Your private key with access to AUR package.'
42 |     required: true
43 |   commit_message:
44 |     description: 'Commit message to use when creating the new commit'
45 |     required: false
46 |     default: 'Update PKGBUILD and .SRCINFO with GitHub Actions'
47 |   allow_empty_commits:
48 |     description: 'Allow empty commits, i.e. commits with no change.'
49 |     required: false
50 |     default: 'false'
51 |   force_push:
52 |     description: 'Use --force when push to the AUR.'
53 |     required: false
54 |     default: 'false'
55 |   ssh_keyscan_types:
56 |     description: 'Comma-separated list of types to use when adding aur.archlinux.org to known hosts'
57 |     required: false
58 |     default: 'rsa,ecdsa,ed25519'
59 | runs:
60 |   using: 'docker'
61 |   image: 'Dockerfile'
62 | 


--------------------------------------------------------------------------------
/build.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/bash
  2 | # shellcheck disable=SC2024
  3 | 
  4 | set -o errexit -o pipefail -o nounset
  5 | 
  6 | pkgname=$INPUT_PKGNAME
  7 | pkgbuild=$INPUT_PKGBUILD
  8 | assets=$INPUT_ASSETS
  9 | updpkgsums=$INPUT_UPDPKGSUMS
 10 | test=$INPUT_TEST
 11 | read -r -a test_flags <<< "$INPUT_TEST_FLAGS"
 12 | post_process=$INPUT_POST_PROCESS
 13 | commit_username=$INPUT_COMMIT_USERNAME
 14 | commit_email=$INPUT_COMMIT_EMAIL
 15 | ssh_private_key=$INPUT_SSH_PRIVATE_KEY
 16 | commit_message=$INPUT_COMMIT_MESSAGE
 17 | allow_empty_commits=$INPUT_ALLOW_EMPTY_COMMITS
 18 | force_push=$INPUT_FORCE_PUSH
 19 | ssh_keyscan_types=$INPUT_SSH_KEYSCAN_TYPES
 20 | 
 21 | assert_non_empty() {
 22 |   name=$1
 23 |   value=$2
 24 |   if [[ -z "$value" ]]; then
 25 |     echo "::error::Invalid Value: $name is empty." >&2
 26 |     exit 1
 27 |   fi
 28 | }
 29 | 
 30 | assert_non_empty inputs.pkgname "$pkgname"
 31 | assert_non_empty inputs.pkgbuild "$pkgbuild"
 32 | assert_non_empty inputs.commit_username "$commit_username"
 33 | assert_non_empty inputs.commit_email "$commit_email"
 34 | assert_non_empty inputs.ssh_private_key "$ssh_private_key"
 35 | 
 36 | export HOME=/home/builder
 37 | 
 38 | # Ignore "." and ".." to prevent errors when glob pattern for assets matches hidden files
 39 | GLOBIGNORE=".:.."
 40 | 
 41 | echo '::group::Adding aur.archlinux.org to known hosts'
 42 | ssh-keyscan -v -t "$ssh_keyscan_types" aur.archlinux.org >>~/.ssh/known_hosts
 43 | echo '::endgroup::'
 44 | 
 45 | echo '::group::Importing private key'
 46 | echo "$ssh_private_key" >~/.ssh/aur
 47 | chmod -vR 600 ~/.ssh/aur*
 48 | ssh-keygen -vy -f ~/.ssh/aur >~/.ssh/aur.pub
 49 | echo '::endgroup::'
 50 | 
 51 | echo '::group::Checksums of SSH keys'
 52 | sha512sum ~/.ssh/aur ~/.ssh/aur.pub
 53 | echo '::endgroup::'
 54 | 
 55 | echo '::group::Configuring Git'
 56 | git config --global user.name "$commit_username"
 57 | git config --global user.email "$commit_email"
 58 | echo '::endgroup::'
 59 | 
 60 | echo '::group::Cloning AUR package into /tmp/local-repo'
 61 | git clone -v "https://aur.archlinux.org/${pkgname}.git" /tmp/local-repo
 62 | echo '::endgroup::'
 63 | 
 64 | echo '::group::Copying files into /tmp/local-repo'
 65 | {
 66 |   echo "Copying $pkgbuild"
 67 |   cp -v "$pkgbuild" /tmp/local-repo/PKGBUILD
 68 | }
 69 | # shellcheck disable=SC2086
 70 | # Ignore quote rule because we need to expand glob patterns to copy $assets
 71 | if [[ -n "$assets" ]]; then
 72 |   echo 'Copying' $assets
 73 |   cp -rvt /tmp/local-repo/ $assets
 74 | fi
 75 | echo '::endgroup::'
 76 | 
 77 | if [ "$updpkgsums" == "true" ]; then
 78 | 	echo '::group::Updating checksums'
 79 | 	cd /tmp/local-repo/
 80 | 	updpkgsums
 81 | 	echo '::endgroup::'
 82 | fi
 83 | 
 84 | if [ "$test" == "true" ]; then
 85 | 	echo '::group::Building package with makepkg'
 86 | 	cd /tmp/local-repo/
 87 | 	makepkg "${test_flags[@]}"
 88 | 	echo '::endgroup::'
 89 | fi
 90 | 
 91 | echo '::group::Generating .SRCINFO'
 92 | cd /tmp/local-repo
 93 | makepkg --printsrcinfo >.SRCINFO
 94 | echo '::endgroup::'
 95 | 
 96 | if [ -n "$post_process" ]; then
 97 | 	echo '::group::Executing post process commands'
 98 | 	cd /tmp/local-repo/
 99 |   eval "$post_process"
100 | 	echo '::endgroup::'
101 | fi
102 | 
103 | echo '::group::Committing files to the repository'
104 | if [[ -z "$assets" ]]; then
105 |   # When $assets are not set, we can add just PKGBUILD and .SRCINFO
106 |   # This is to prevent unintended behaviour and maintain backwards compatibility
107 |   git add -fv PKGBUILD .SRCINFO
108 | else
109 |   # We cannot just re-use $assets because it contains absolute paths outside repository
110 |   # But we can just add all files in the repository which should also include all $assets
111 |   git add --all
112 | fi
113 | 
114 | case "$allow_empty_commits" in
115 | true)
116 |   git commit --allow-empty -m "$commit_message"
117 |   ;;
118 | false)
119 |   git diff-index --quiet HEAD || git commit -m "$commit_message" # use `git diff-index --quiet HEAD ||` to avoid error
120 |   ;;
121 | *)
122 |   echo "::error::Invalid Value: inputs.allow_empty_commits is neither 'true' nor 'false': '$allow_empty_commits'"
123 |   exit 2
124 |   ;;
125 | esac
126 | echo '::endgroup::'
127 | 
128 | echo '::group::Publishing the repository'
129 | git remote add aur "ssh://aur@aur.archlinux.org/${pkgname}.git"
130 | case "$force_push" in
131 | true)
132 |   git push -v --force aur master
133 |   ;;
134 | false)
135 |   git push -v aur master
136 |   ;;
137 | *)
138 |   echo "::error::Invalid Value: inputs.force_push is neither 'true' nor 'false': '$force_push'"
139 |   exit 3
140 |   ;;
141 | esac
142 | echo '::endgroup::'
143 | 


--------------------------------------------------------------------------------
/entrypoint.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | set -o errexit -o pipefail -o nounset
 4 | 
 5 | echo '::group::Creating builder user'
 6 | useradd --create-home --shell /bin/bash builder
 7 | passwd --delete builder
 8 | mkdir -p /etc/sudoers.d/
 9 | echo "builder  ALL=(root) NOPASSWD:ALL" > /etc/sudoers.d/builder
10 | echo '::endgroup::'
11 | 
12 | echo '::group::Initializing SSH directory'
13 | mkdir -pv /home/builder/.ssh
14 | touch /home/builder/.ssh/known_hosts
15 | cp -v /ssh_config /home/builder/.ssh/config
16 | chown -vR builder:builder /home/builder
17 | chmod -vR 600 /home/builder/.ssh/*
18 | echo '::endgroup::'
19 | 
20 | exec runuser builder --command 'bash -l -c /build.sh'
21 | 


--------------------------------------------------------------------------------
/ssh_config:
--------------------------------------------------------------------------------
1 | Host aur.archlinux.org
2 |   IdentityFile ~/.ssh/aur
3 |   User aur
4 | 


--------------------------------------------------------------------------------