aur-publish #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: aur-publish | |
| # Publish the `mcpp-bin` and `mcpp` AUR packages after a release. | |
| # | |
| # Triggers on COMPLETION of the `release` workflow (not on `release: | |
| # published`): release.yml creates the GitHub Release in its first job but | |
| # uploads the aarch64 / macOS / Windows assets in LATER jobs, so the aarch64 | |
| # .sha256 that mcpp-bin needs only exists once the whole workflow finishes. | |
| # | |
| # Requires one repository secret: | |
| # AUR_SSH_PRIVATE_KEY — private key whose public half is registered on the | |
| # AUR account that owns mcpp / mcpp-bin. | |
| # See scripts/aur/README.md → "Automated publishing" for the full setup. | |
| on: | |
| workflow_run: | |
| workflows: [release] | |
| types: [completed] | |
| workflow_dispatch: | |
| inputs: | |
| version: | |
| description: "Version to publish (default: [package].version in mcpp.toml)" | |
| required: false | |
| concurrency: | |
| group: aur-publish | |
| cancel-in-progress: false | |
| jobs: | |
| publish: | |
| runs-on: ubuntu-latest | |
| # On the workflow_run trigger, only proceed if the release actually | |
| # succeeded (skip failed/cancelled release runs). | |
| if: >- | |
| github.event_name == 'workflow_dispatch' || | |
| github.event.workflow_run.conclusion == 'success' | |
| steps: | |
| - name: Checkout released commit | |
| uses: actions/checkout@v4 | |
| with: | |
| # workflow_run: the exact commit the release was built from. | |
| # workflow_dispatch: default ref (HEAD of the branch). | |
| ref: ${{ github.event.workflow_run.head_sha || github.ref }} | |
| - name: Refresh both PKGBUILDs to the release version | |
| id: refresh | |
| env: | |
| # CI runs as root; force update.sh's template .SRCINFO path. | |
| MCPP_AUR_NO_MAKEPKG: "1" | |
| run: | | |
| VER="${{ github.event.inputs.version }}" | |
| if [ -z "$VER" ]; then | |
| # mcpp.toml at the released commit carries the right version. | |
| VER=$(grep -m1 -E '^\s*version\s*=' mcpp.toml | sed -E 's/.*"([^"]+)".*/\1/') | |
| fi | |
| echo "version=$VER" >> "$GITHUB_OUTPUT" | |
| ./scripts/aur/update.sh "$VER" | |
| - name: Configure AUR SSH | |
| run: | | |
| install -dm700 ~/.ssh | |
| printf '%s\n' "${{ secrets.AUR_SSH_PRIVATE_KEY }}" > ~/.ssh/aur | |
| chmod 600 ~/.ssh/aur | |
| ssh-keyscan -t rsa,ed25519 aur.archlinux.org >> ~/.ssh/known_hosts 2>/dev/null | |
| cat > ~/.ssh/config <<'EOF' | |
| Host aur.archlinux.org | |
| User aur | |
| IdentityFile ~/.ssh/aur | |
| IdentitiesOnly yes | |
| EOF | |
| - name: Push to the AUR | |
| env: | |
| VER: ${{ steps.refresh.outputs.version }} | |
| run: | | |
| set -eu | |
| git config --global user.name "mcpp-ci" | |
| git config --global user.email "x.d2learn.org@gmail.com" | |
| publish() { # $1 = package name (= dir under scripts/aur/) | |
| pkg="$1"; src="scripts/aur/${pkg}"; work="/tmp/aur-${pkg}" | |
| # Clone the existing AUR repo; if the package doesn't exist yet | |
| # (first publish), start an empty repo — AUR creates it on push. | |
| if git clone "ssh://aur@aur.archlinux.org/${pkg}.git" "$work" 2>/dev/null \ | |
| && [ -e "$work/.git" ]; then :; else | |
| rm -rf "$work"; mkdir -p "$work" | |
| git -C "$work" init -q | |
| git -C "$work" remote add origin "ssh://aur@aur.archlinux.org/${pkg}.git" | |
| fi | |
| # AUR repos contain only PKGBUILD, .SRCINFO and local sources. | |
| cp "$src/PKGBUILD" "$src/.SRCINFO" "$src/mcpp.sh" "$work/" | |
| git -C "$work" add -A | |
| if git -C "$work" diff --cached --quiet; then | |
| echo ":: ${pkg}: no changes, skipping" | |
| return 0 | |
| fi | |
| git -C "$work" commit -q -m "${pkg} ${VER}" | |
| git -C "$work" push origin HEAD:master | |
| echo ":: ${pkg}: published ${VER}" | |
| } | |
| publish mcpp-bin | |
| publish mcpp |