Arch Chroot Test #21

Workflow file for this run

	name: Arch Chroot Test

	on:
	workflow_dispatch:

	jobs:
	arch-chroot:
	runs-on: ubuntu-latest
	env:
	AUR_MAINTAINER_NAME: envolution
	GIT_USERNAME: envolution
	ROOT: /home/runner/work/aur/aur
	ARCHROOT: /home/runner/work/aur/aur/arch-root
	WORKFLOWCMD: /tmp/workflowcmd.sh

	steps:
	- name: Maximize build space
	uses: easimon/maximize-build-space@master
	with:
	root-reserve-mb: 512
	swap-size-mb: 1024
	remove-dotnet: "true"
	- name: Checkout
	uses: actions/checkout@v5

	- name: Download Arch bootstrap
	run: \|
	curl -sSLO https://iad.mirror.rackspace.com/archlinux/iso/latest/archlinux-bootstrap-x86_64.tar.zst
	tar --zstd -xf archlinux-bootstrap-x86_64.tar.zst --ignore-failed-read --warning=no-timestamp 2>/dev/null \|\| true
	sudo mv root.x86_64 ${ARCHROOT}

	- name: Bind mounts
	run: \|
	sudo mount --bind ${ARCHROOT} ${ARCHROOT}
	sudo touch ${ARCHROOT}/github_env
	sudo mount --bind "$GITHUB_ENV" ${ARCHROOT}/github_env
	sudo mount --bind /dev ${ARCHROOT}/dev
	sudo mount --bind /proc ${ARCHROOT}/proc
	sudo mount --bind /sys ${ARCHROOT}/sys
	sudo mount --bind /run ${ARCHROOT}/run

	- name: Build
	run: \|
	echo "Free space:"
	df -h
	ls -la ${ARCHROOT}

	- name: Test pacman 2
	run: \|
	cat > ${ARCHROOT}/${WORKFLOWCMD} <<'EOF'
	echo "::group::Initialize pacman, Update System, and Configure Makepkg"
	echo "Initializing pacman keyring..."
	mkdir -p /etc/pacman.d/gnupg
	pacman-key --init
	pacman-key --populate archlinux

	echo "Enabling multilib repository..."
	echo -e "\n[multilib]\nInclude = /etc/pacman.d/mirrorlist" >> /etc/pacman.conf

	echo "Adding mirrors"
	echo -e "Server = https://geo.mirror.pkgbuild.com/\$repo/os/\$arch" > /etc/pacman.d/mirrorlist
	echo -e "Server = https://mirror.rackspace.com/archlinux/\$repo/os/\$arch" >> /etc/pacman.d/mirrorlist


	echo "Updating system and installing core dependencies..."
	pacman -Sy --noconfirm --needed archlinux-keyring
	pacman -Syu --noconfirm

	echo "Installing necessary packages..."
	pacman -S --noconfirm --needed \
	git base-devel pacman-contrib openssh github-cli jq expac \
	ruby-rdoc ruby-pkg-config gnupg \
	python python-pip \
	pyalpm python-awesomeversion python-packaging python-lxml \
	python-gobject python-requests libnotify nvchecker \
	binutils multilib-devel python-aiohttp clang python-jq \
	sudo

	echo "Configuring makepkg for parallel compilation..."
	# Check if MAKEFLAGS is already set and uncommented
	if grep -q -E '^#?\s*MAKEFLAGS=' /etc/makepkg.conf; then
	# If found (commented or uncommented), replace the line
	sed -i "s\|^#\sMAKEFLAGS=.*\|MAKEFLAGS=\"-j$(nproc)\"\|g" /etc/makepkg.conf
	echo "Updated existing MAKEFLAGS in /etc/makepkg.conf."
	else
	# If not found, append it
	echo "MAKEFLAGS=\"-j$(nproc)\"" >> /etc/makepkg.conf
	echo "Appended MAKEFLAGS to /etc/makepkg.conf."
	fi
	echo "Current MAKEFLAGS setting in /etc/makepkg.conf:"
	grep --color=auto MAKEFLAGS /etc/makepkg.conf \|\| echo "MAKEFLAGS not found after attempting to set."

	echo "::endgroup::"
	EOF
	chmod +x ${ARCHROOT}/${WORKFLOWCMD}
	sudo chroot ${ARCHROOT} ${WORKFLOWCMD}

	- name: Setup non-root user for AUR operations
	shell: bash
	env:
	GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY}}
	run: \|
	# export -p \| sed 's/^export //' > ${ARCHCHROOT}/env.tmp
	cat > ${ARCHROOT}/${WORKFLOWCMD} <<'EOF'
	echo "::group::Setup non-root user 'builder'"
	# source /env.tmp && rm /env.tmp
	source /github_env
	echo "Creating build user 'builder'..."
	useradd -m -s /bin/bash builder
	echo "builder ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/builder
	chmod 0440 /etc/sudoers.d/builder

	echo "Setting up directories for builder..."
	install -d -o builder -g builder -m 700 /home/builder/.gnupg
	install -d -o builder -g builder -m 755 /home/builder/.cache
	install -d -o builder -g builder -m 755 /home/builder/.local
	install -d -o builder -g builder -m 755 /home/builder/.local/share
	install -d -o builder -g builder -m 755 /home/builder/.cache/paru
	install -d -o builder -g builder -m 755 /home/builder/.local/share/paru

	echo "$GPG_PRIVATE_KEY" > private.key.asc
	sudo mv private.key.asc /home/builder/private.key.asc
	sudo chown builder:builder /home/builder/private.key.asc
	sudo -u builder env HOME=/home/builder gpg --batch --yes --import /home/builder/private.key.asc
	rm /home/builder/private.key.asc

	echo "Builder user setup complete."
	echo "::endgroup::"
	EOF
	chmod +x ${ARCHROOT}/${WORKFLOWCMD}
	sudo chroot ${ARCHROOT} ${WORKFLOWCMD}

	- name: Export GPG signature if key is present
	if: env.GPG_PRIVATE_KEY != ''
	env:
	GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
	run: \|
	# export -p \| sed 's/^export //' > ${ARCHCHROOT}/env.tmp
	cat > ${ARCHROOT}/${WORKFLOWCMD} <<'EOF'
	echo "::group::Exporting GPG_SIGNATURE short key"
	# source /env.tmp && rm /env.tmp
	source /github_env
	SHORT_KEY=$(sudo -u builder env HOME=/home/builder \
	gpg --with-colons --import-options show-only --import <<< "$GPG_PRIVATE_KEY" \
	\| awk -F: '/^fpr:/ { print $10; exit }')
	echo "GPG_SIGNATURE = $SHORT_KEY"
	echo "GPG_SIGNATURE=${SHORT_KEY}" >> /github_env
	echo "::endgroup::"
	EOF
	chmod +x ${ARCHROOT}/${WORKFLOWCMD}
	sudo chroot ${ARCHROOT} ${WORKFLOWCMD}

	- name: Install paru (AUR helper)
	run: \|
	cat > ${ARCHROOT}/${WORKFLOWCMD} <<'EOF'
	echo "::group::Install paru (AUR helper)"
	echo "Installing paru for 'builder' user..."
	cd /tmp
	sudo -u builder mkdir -p paru-bin && cd paru-bin
	sudo -u builder git clone --depth 1 --filter=blob:none --sparse --branch paru-bin https://github.com/archlinux/aur.git
	cd aur && sudo -u builder makepkg -si --noconfirm
	cd ../.. && rm -rf paru-bin
	echo "::endgroup::"
	EOF
	chmod +x ${ARCHROOT}/${WORKFLOWCMD}
	sudo chroot ${ARCHROOT} ${WORKFLOWCMD}

	- name: Setup SSH key for AUR
	env:
	AUR_SSH_PRIVATE_KEY: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
	run: \|
	cat > ${ARCHROOT}/${WORKFLOWCMD} <<'EOF'
	echo "::group::Setup SSH key for AUR"
	source /github_env
	echo "Setting up SSH key for AUR access..."
	SSH_DIR="/home/builder/.ssh"
	mkdir -p "${SSH_DIR}"
	echo "${AUR_SSH_PRIVATE_KEY}" > "${SSH_DIR}/aur"

	#ssh-keyscan aur.archlinux.org >> "${SSH_DIR}/known_hosts"
	echo 'aur.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKF9vAFWdgm9Bi8uc+tYRBmXASBb5cB5iZsB7LOWWFeBrLp3r14w0/9S2vozjgqY5sJLDPONWoTTaVTbhe3vwO8CBKZTEt1AcWxuXNlRnk9FliR1/eNB9uz/7y1R0+c1Md+P98AJJSJWKN12nqIDIhjl2S1vOUvm7FNY43fU2knIhEbHybhwWeg+0wxpKwcAd/JeL5i92Uv03MYftOToUijd1pqyVFdJvQFhqD4v3M157jxS5FTOBrccAEjT+zYmFyD8WvKUa9vUclRddNllmBJdy4NyLB8SvVZULUPrP3QOlmzemeKracTlVOUG1wsDbxknF1BwSCU7CmU6UFP90kpWIyz66bP0bl67QAvlIc52Yix7pKJPbw85+zykvnfl2mdROsaT8p8R9nwCdFsBc9IiD0NhPEHcyHRwB8fokXTajk2QnGhL+zP5KnkmXnyQYOCUYo3EKMXIlVOVbPDgRYYT/XqvBuzq5S9rrU70KoI/S5lDnFfx/+lPLdtcnnEPk=' \
	>> "${SSH_DIR}/known_hosts"

	echo "Host aur.archlinux.org" >> "${SSH_DIR}/config"
	echo " IdentityFile ${SSH_DIR}/aur" >> "${SSH_DIR}/config"
	echo " User aur" >> "${SSH_DIR}/config"
	echo " StrictHostKeyChecking yes" >> "${SSH_DIR}/config"

	chown -R builder:builder "${SSH_DIR}"
	chmod 700 "${SSH_DIR}"
	chmod 600 "${SSH_DIR}/aur"
	chmod 600 "${SSH_DIR}/config"
	chmod 644 "${SSH_DIR}/known_hosts"

	echo "SSH key setup complete. Permissions:"
	ls -ldn "${SSH_DIR}" "${SSH_DIR}/aur" "${SSH_DIR}/config" "${SSH_DIR}/known_hosts" # Use -n to show numeric UID/GID
	echo "::endgroup::"
	EOF
	chmod +x ${ARCHROOT}/${WORKFLOWCMD}
	sudo chroot ${ARCHROOT} ${WORKFLOWCMD}

	- name: Cleanup mounts
	if: always()
	run: \|
	sudo umount ${ROOT}/arch-root/dev \|\| true
	sudo umount ${ROOT}/arch-root/proc \|\| true
	sudo umount ${ROOT}/arch-root/sys \|\| true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Arch Chroot Test #21

Workflow file

Arch Chroot Test #21

Uh oh!

Workflow file for this run