fix: ci: build-packages #39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build Arch Repository | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [ main ] | |
| env: | |
| REPO_NAME: qcom | |
| BUILD_DIR: build | |
| REPO_DIR: repo | |
| jobs: | |
| build-packages: | |
| name: Build Package (${{ matrix.package }}) | |
| runs-on: ubuntu-22.04-arm | |
| container: danhunsaker/archlinuxarm | |
| env: | |
| BUILD_ALARM_SH: 'sudo su - alarm -c' | |
| strategy: | |
| matrix: | |
| package: [ | |
| 'q6voiced', | |
| 'soc-qcom-sdm845', | |
| 'persistent-mac', | |
| 'linux-firmware', | |
| 'qbootctl', | |
| 'bootmac', | |
| 'alsa-ucm-oneplus', | |
| 'device-oneplus-fajita', | |
| 'device-lenovo-q706f', | |
| 'mkbootimg', | |
| 'linux-firmware-lenovo-sm8250', | |
| 'linux-sdm845', | |
| 'linux-sm8250', | |
| 'sensors/iio-sensor-proxy', | |
| 'sensors/hexagonrpcd', | |
| 'sensors/libssc', | |
| 'tinyalsa-git' | |
| ] | |
| steps: | |
| - name: Install dependencies | |
| run: | | |
| curl -L -o /etc/pacman.conf https://github.com/silime/ArchlinuxARM-qcom-aarch64/raw/main/pacman.conf | |
| pacman-key --init && pacman-key --populate archlinuxarm | |
| pacman-key --recv-keys F60FD4C6D426DAB6 | |
| pacman-key --lsign F60FD4C6D426DAB6 | |
| pacman -Syyu --noconfirm --ask=4 arch-install-scripts cloud-guest-utils sudo binutils fakeroot base-devel git bc distcc ccache meson libqmi protobuf-c glib2 | |
| useradd -m alarm | |
| passwd -d alarm | |
| usermod -aG wheel alarm | |
| echo 'alarm ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers | |
| mkdir /home/alarm/ -p | |
| chown alarm /home/alarm/ | |
| - name: Setup GPG | |
| run: | | |
| # Import the GPG private key | |
| echo 1 | |
| ${{ env.BUILD_ALARM_SH }} 'echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --import --passphrase "${{ secrets.GPG_PASSPHRASE }}" --pinentry-mode loopback' | |
| # Configure the GPG agent to use the passphrase | |
| echo 2 | |
| ${{ env.BUILD_ALARM_SH }} 'echo "default-cache-ttl 18000" > ~/.gnupg/gpg-agent.conf' | |
| echo 3 | |
| ${{ env.BUILD_ALARM_SH }} 'echo "max-cache-ttl 18000" >> ~/.gnupg/gpg-agent.conf' | |
| echo 4 | |
| ${{ env.BUILD_ALARM_SH }} 'gpgconf --reload gpg-agent' | |
| echo 5 | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Build package | |
| working-directory: ${{ github.workspace }}/${{ matrix.package }} | |
| run: | | |
| # 构建参数配置 | |
| export MAKEPKG_CONF="/etc/makepkg.conf" | |
| echo 'BUILDENV=(!distcc color !ccache check !sign)' | sudo tee -a $MAKEPKG_CONF | |
| # 清理并构建 | |
| sudo chown alarm:alarm ./ | |
| echo RELEASE=$(echo ${{ matrix.package }} | sed 's/\//_/g') | |
| echo RELEASE=$(echo ${{ matrix.package }} | sed 's/\//_/g') >> $GITHUB_ENV | |
| cp ./* /home/alarm/ | |
| ${{ env.BUILD_ALARM_SH }} '(makepkg --cleanbuild --syncdeps --noconfirm)' | |
| - name: Upload artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.RELEASE }}-pkg | |
| path: | | |
| /home/alarm/*.pkg.tar.* | |
| create-repository: | |
| name: Create Repository | |
| runs-on: ubuntu-22.04-arm | |
| needs: build-packages | |
| container: danhunsaker/archlinuxarm | |
| env: | |
| BUILD_ALARM_SH: 'sudo su - alarm -c' | |
| steps: | |
| - name: Download all artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: ${{ env.BUILD_DIR }} | |
| - name: Setup repository directory | |
| run: | | |
| mkdir -p ${{ env.REPO_DIR }} | |
| pacman -Syyu --noconfirm --ask=4 arch-install-scripts cloud-guest-utils sudo binutils fakeroot base-devel git bc distcc | |
| useradd -m alarm | |
| passwd -d alarm | |
| usermod -aG wheel alarm | |
| echo 'alarm ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers | |
| mkdir /home/alarm/ -p | |
| chown alarm /home/alarm/ | |
| find ./ -mindepth 2 -name '*.pkg.tar.*' -exec cp {} ${{ env.REPO_DIR }} \; | |
| - name: Setup GPG | |
| run: | | |
| # Import the GPG private key | |
| ${{ env.BUILD_ALARM_SH }} 'echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --import --passphrase "${{ secrets.GPG_PASSPHRASE }}" --pinentry-mode loopback' | |
| # Configure the GPG agent to use the passphrase | |
| ${{ env.BUILD_ALARM_SH }} 'echo "default-cache-ttl 18000" > ~/.gnupg/gpg-agent.conf' | |
| ${{ env.BUILD_ALARM_SH }} 'echo "max-cache-ttl 18000" >> ~/.gnupg/gpg-agent.conf' | |
| ${{ env.BUILD_ALARM_SH }} 'gpgconf --reload gpg-agent' | |
| - name: Sign package | |
| run: | | |
| cp ${{ env.REPO_DIR }}/* /home/alarm/ -r | |
| chown -R alarm:alarm /home/alarm/* | |
| ${{ env.BUILD_ALARM_SH }} ' | |
| for pkg in /home/alarm/*.pkg.tar.*; do | |
| [[ -f "$pkg" ]] || continue | |
| echo "Signing $pkg ..." | |
| gpg --batch --yes --pinentry-mode loopback \ | |
| --passphrase ${{ secrets.GPG_PASSPHRASE }}\ | |
| --detach-sign --no-armor "$pkg" | |
| done' | |
| - name: Generate repository database | |
| run: | | |
| ${{ env.BUILD_ALARM_SH }} 'repo-add -s -v -n ${{ env.REPO_NAME }}.db.tar.xz *.pkg.tar.xz' | |
| - name: Upload repository | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ env.REPO_NAME }} | |
| path: /home/alarm/* | |
| - name: Set variables | |
| run: | | |
| echo RELEASE=$(date +%Y\/%m\/%d) >> $GITHUB_ENV | |
| shell: bash | |
| - name: create release | |
| uses: softprops/action-gh-release@v2 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| body: ${{ env.RELEASE }} | |
| tag_name: ${{ env.RELEASE }} | |
| draft: false | |
| prerelease: false | |
| files: | | |
| /home/alarm/* |