-
-
Notifications
You must be signed in to change notification settings - Fork 158
116 lines (79 loc) · 2.88 KB
/
publish-native-packages.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
name: Publish native packages
on:
workflow_dispatch:
push:
# Before being able to run the workflow manually, it needs to run at least
# once via a push event.
branches:
- force-github-action-run
# For now, do not run automatically on tags.
# We are currently executing this workflow manually, via "gh workflow run".
#tags:
# - 'snoopy-*.*.*'
jobs:
publish-native-packages:
name: Publish for ${{matrix.container}}
runs-on: ubuntu-20.04
### Define the list of container images
#
container: ${{ matrix.container }}
strategy:
max-parallel: 1
matrix:
container:
- ciready/archlinux:base-devel-ci-c
- ciready/almalinux:8-ci-c
- ciready/almalinux:9-ci-c
- ciready/centos:stream-9-ci-c
- ciready/debian:buster-ci-c
- ciready/debian:bullseye-ci-c
- ciready/debian:bookworm-ci-c
- ciready/opensuse:leap-15.4-ci-c
- ciready/opensuse:leap-15.5-ci-c
- ciready/ubuntu:20.04-ci-c
- ciready/ubuntu:22.04-ci-c
- ciready/ubuntu:24.04-ci-c
###
### Steps to run
###
steps:
### Fetch the code
#
- uses: actions/checkout@v2
with:
fetch-depth: 0
# Work around the fix for CVE-2022-24765
- run: git config --global --add safe.directory $GITHUB_WORKSPACE || true
### Install required tools
#
- run: ./dev-tools/install-dev-software.sh
- run: ./dev-tools/install-packaging-software.sh
### Archlinux "workaround"
#
- name: "WORKAROUND: Make makepkg run as roon on Arch Linux"
run: |
sed -i 's/EUID == 0/EUID == 1987/' /usr/sbin/makepkg
if: ${{ startsWith(matrix.container, 'ciready/archlinux:') }}
### Set up authentication and signing keys
#
- name: "Setup SSH key for managing [email protected]:a2o/snoopy-packages repository"
env:
SSH_PRIVKEY_TO_SNOOPY_PACKAGES_REPO: ${{ secrets.SSH_PRIVKEY_TO_SNOOPY_PACKAGES_REPO }}
run: |
mkdir -p /root/.ssh
echo "$SSH_PRIVKEY_TO_SNOOPY_PACKAGES_REPO" > /root/.ssh/id_rsa
chmod 600 /root/.ssh/id_rsa
ssh-keyscan -H github.com >> /root/.ssh/known_hosts
- name: "Setup repository signing GPG key"
env:
GPG_PRIVKEY_SNOOPY_PACKAGES: ${{ secrets.GPG_PRIVKEY_SNOOPY_PACKAGES }}
run: |
echo "$GPG_PRIVKEY_SNOOPY_PACKAGES" | gpg --import
- name: "Setup git commit settings"
run: |
git config --global user.email "[email protected]"
git config --global user.name "Publish native packages workflow @ github.com:a2o/snoopy"
### Build & publish
#
- run: ./dev-tools/build-native-package.sh
- run: ./dev-tools/publish-native-package.sh