chore: import upstream snapshot with attribution
This commit is contained in:
@@ -0,0 +1,221 @@
|
||||
name: Update AUR Package
|
||||
|
||||
on:
|
||||
release:
|
||||
types: [published]
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
update-aur:
|
||||
name: update-aur
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
|
||||
|
||||
- name: Extract version from tag
|
||||
id: version
|
||||
run: |
|
||||
# Determine the tag based on trigger type
|
||||
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
|
||||
# Get the latest tag when manually triggered
|
||||
git fetch --tags
|
||||
TAG=$(git tag --sort=-version:refname | head -n1)
|
||||
else
|
||||
# For release event, use the release tag
|
||||
TAG="${{ github.event.release.tag_name }}"
|
||||
fi
|
||||
|
||||
# Extract version by removing 'v' prefix
|
||||
VERSION="${TAG#v}"
|
||||
|
||||
echo "version=$VERSION" >> $GITHUB_OUTPUT
|
||||
echo "tag=$TAG" >> $GITHUB_OUTPUT
|
||||
echo "Extracted version: $VERSION"
|
||||
echo "Tag: $TAG"
|
||||
|
||||
- name: Download release assets and calculate checksums
|
||||
id: checksums
|
||||
run: |
|
||||
VERSION="${{ steps.version.outputs.version }}"
|
||||
TAG="${{ steps.version.outputs.tag }}"
|
||||
|
||||
# Define asset names
|
||||
ASSET_X64="rustnet-${TAG}-x86_64-unknown-linux-gnu.tar.gz"
|
||||
ASSET_ARM64="rustnet-${TAG}-aarch64-unknown-linux-gnu.tar.gz"
|
||||
|
||||
echo "Downloading release assets..."
|
||||
|
||||
# Download assets
|
||||
gh release download "$TAG" -p "$ASSET_X64" -p "$ASSET_ARM64"
|
||||
|
||||
# Calculate SHA256 checksums
|
||||
SHA256_X64=$(sha256sum "$ASSET_X64" | awk '{print $1}')
|
||||
SHA256_ARM64=$(sha256sum "$ASSET_ARM64" | awk '{print $1}')
|
||||
|
||||
echo "x64_checksum=$SHA256_X64" >> $GITHUB_OUTPUT
|
||||
echo "arm64_checksum=$SHA256_ARM64" >> $GITHUB_OUTPUT
|
||||
|
||||
echo "Checksums calculated:"
|
||||
echo " x86_64: $SHA256_X64"
|
||||
echo " aarch64: $SHA256_ARM64"
|
||||
env:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
|
||||
- name: Verify checksums match release assets
|
||||
run: |
|
||||
TAG="${{ steps.version.outputs.tag }}"
|
||||
EXPECTED_X64="${{ steps.checksums.outputs.x64_checksum }}"
|
||||
EXPECTED_ARM64="${{ steps.checksums.outputs.arm64_checksum }}"
|
||||
FAILED=0
|
||||
|
||||
echo "Re-downloading assets to verify checksums are stable..."
|
||||
|
||||
ASSET_X64="rustnet-${TAG}-x86_64-unknown-linux-gnu.tar.gz"
|
||||
ASSET_ARM64="rustnet-${TAG}-aarch64-unknown-linux-gnu.tar.gz"
|
||||
|
||||
gh release download "$TAG" -p "$ASSET_X64" -p "$ASSET_ARM64" -D /tmp/verify
|
||||
|
||||
ACTUAL_X64=$(sha256sum "/tmp/verify/$ASSET_X64" | awk '{print $1}')
|
||||
ACTUAL_ARM64=$(sha256sum "/tmp/verify/$ASSET_ARM64" | awk '{print $1}')
|
||||
rm -rf /tmp/verify
|
||||
|
||||
if [ "$ACTUAL_X64" != "$EXPECTED_X64" ]; then
|
||||
echo "::error::x86_64 checksum mismatch: expected $EXPECTED_X64, got $ACTUAL_X64"
|
||||
FAILED=1
|
||||
else
|
||||
echo " ✓ x86_64 checksum verified"
|
||||
fi
|
||||
|
||||
if [ "$ACTUAL_ARM64" != "$EXPECTED_ARM64" ]; then
|
||||
echo "::error::aarch64 checksum mismatch: expected $EXPECTED_ARM64, got $ACTUAL_ARM64"
|
||||
FAILED=1
|
||||
else
|
||||
echo " ✓ aarch64 checksum verified"
|
||||
fi
|
||||
|
||||
if [ "$FAILED" -ne 0 ]; then
|
||||
echo "::error::Checksum verification failed — aborting to prevent pushing stale checksums to AUR"
|
||||
exit 1
|
||||
fi
|
||||
echo "All checksums verified successfully"
|
||||
env:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
|
||||
- name: Setup SSH for AUR
|
||||
env:
|
||||
AUR_SSH_PRIVATE_KEY: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
# Pass the key via env, not inline interpolation, so its bytes are never
|
||||
# spliced into the rendered command line (matches the GPG handling in
|
||||
# ppa-release.yml). printf avoids echo's escape interpretation.
|
||||
printf '%s\n' "$AUR_SSH_PRIVATE_KEY" > ~/.ssh/aur
|
||||
chmod 600 ~/.ssh/aur
|
||||
ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts
|
||||
|
||||
# Configure SSH to use the AUR key
|
||||
cat > ~/.ssh/config <<EOF
|
||||
Host aur.archlinux.org
|
||||
IdentityFile ~/.ssh/aur
|
||||
User aur
|
||||
EOF
|
||||
|
||||
- name: Clone AUR repository
|
||||
run: |
|
||||
git clone ssh://aur@aur.archlinux.org/rustnet-bin.git aur-rustnet-bin
|
||||
cd aur-rustnet-bin
|
||||
|
||||
# Configure git
|
||||
git config user.name "github-actions[bot]"
|
||||
git config user.email "github-actions[bot]@users.noreply.github.com"
|
||||
|
||||
- name: Update PKGBUILD
|
||||
run: |
|
||||
cd aur-rustnet-bin
|
||||
VERSION="${{ steps.version.outputs.version }}"
|
||||
TAG="${{ steps.version.outputs.tag }}"
|
||||
SHA256_X64="${{ steps.checksums.outputs.x64_checksum }}"
|
||||
SHA256_ARM64="${{ steps.checksums.outputs.arm64_checksum }}"
|
||||
|
||||
echo "Updating PKGBUILD to version $VERSION..."
|
||||
|
||||
# Update version and release
|
||||
sed -i "s/^pkgver=.*/pkgver=$VERSION/" PKGBUILD
|
||||
sed -i "s/^pkgrel=.*/pkgrel=1/" PKGBUILD
|
||||
|
||||
# Update source URLs (need to escape special characters for sed)
|
||||
ESCAPED_TAG=$(echo "$TAG" | sed 's/[\/&]/\\&/g')
|
||||
sed -i "s|rustnet-v[0-9.]*-\${arch}|rustnet-${ESCAPED_TAG}-\${arch}|g" PKGBUILD
|
||||
|
||||
# Update checksums
|
||||
sed -i "s/sha256sums_x86_64=.*/sha256sums_x86_64=('$SHA256_X64')/" PKGBUILD
|
||||
sed -i "s/sha256sums_aarch64=.*/sha256sums_aarch64=('$SHA256_ARM64')/" PKGBUILD
|
||||
|
||||
echo "PKGBUILD updated successfully"
|
||||
echo ""
|
||||
echo "Version info:"
|
||||
grep "^pkgver=" PKGBUILD
|
||||
grep "^pkgrel=" PKGBUILD
|
||||
echo ""
|
||||
echo "Checksums:"
|
||||
grep "sha256sums_" PKGBUILD
|
||||
|
||||
- name: Generate .SRCINFO
|
||||
run: |
|
||||
# Use Arch Linux container to run makepkg as the host user
|
||||
docker run --rm -v "$PWD/aur-rustnet-bin:/pkg" --user $(id -u):$(id -g) archlinux:latest bash -c '
|
||||
cd /pkg &&
|
||||
makepkg --printsrcinfo > .SRCINFO
|
||||
' || {
|
||||
# If that fails (no write permissions), install tools as root then run as user
|
||||
docker run --rm -v "$PWD/aur-rustnet-bin:/pkg" archlinux:latest bash -c "
|
||||
pacman -Sy --noconfirm binutils fakeroot sudo &&
|
||||
useradd -m -u $(id -u) builder &&
|
||||
cd /pkg &&
|
||||
su builder -c 'makepkg --printsrcinfo > .SRCINFO'
|
||||
"
|
||||
}
|
||||
|
||||
echo ".SRCINFO generated successfully"
|
||||
|
||||
- name: Commit and push to AUR
|
||||
run: |
|
||||
cd aur-rustnet-bin
|
||||
VERSION="${{ steps.version.outputs.version }}"
|
||||
|
||||
# Check if there are changes to commit
|
||||
if git diff --quiet PKGBUILD .SRCINFO; then
|
||||
echo "No changes to PKGBUILD or .SRCINFO (already at version $VERSION)"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Show changes
|
||||
echo "Changes to be committed:"
|
||||
git diff PKGBUILD .SRCINFO
|
||||
|
||||
# Commit and push
|
||||
git add PKGBUILD .SRCINFO
|
||||
git commit -m "Update to version $VERSION"
|
||||
git push origin master
|
||||
|
||||
echo "Pushed changes to AUR repository"
|
||||
|
||||
- name: Summary
|
||||
run: |
|
||||
VERSION="${{ steps.version.outputs.version }}"
|
||||
echo "## 🎉 AUR Package Updated" >> $GITHUB_STEP_SUMMARY
|
||||
echo "" >> $GITHUB_STEP_SUMMARY
|
||||
echo "- **Package**: rustnet-bin" >> $GITHUB_STEP_SUMMARY
|
||||
echo "- **Version**: $VERSION" >> $GITHUB_STEP_SUMMARY
|
||||
echo "- **Architectures**: x86_64, aarch64" >> $GITHUB_STEP_SUMMARY
|
||||
echo "" >> $GITHUB_STEP_SUMMARY
|
||||
echo "### Checksums" >> $GITHUB_STEP_SUMMARY
|
||||
echo "- **x86_64**: \`${{ steps.checksums.outputs.x64_checksum }}\`" >> $GITHUB_STEP_SUMMARY
|
||||
echo "- **aarch64**: \`${{ steps.checksums.outputs.arm64_checksum }}\`" >> $GITHUB_STEP_SUMMARY
|
||||
echo "" >> $GITHUB_STEP_SUMMARY
|
||||
echo "[View AUR Package →](https://aur.archlinux.org/packages/rustnet-bin)" >> $GITHUB_STEP_SUMMARY
|
||||
Reference in New Issue
Block a user