-
Notifications
You must be signed in to change notification settings - Fork 3
238 lines (207 loc) · 9.76 KB
/
test.yml
File metadata and controls
238 lines (207 loc) · 9.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
name: Arch Chroot Test
on:
workflow_dispatch:
jobs:
arch-chroot:
runs-on: ubuntu-latest
env:
AUR_MAINTAINER_NAME: envolution
GIT_USERNAME: envolution
ROOT: /home/runner/work/aur/aur
ARCHROOT: /home/runner/work/aur/aur/arch-root
WORKFLOWCMD: /tmp/workflowcmd.sh
TEMPENV: /github_env
ENV_EXPORTS: "AUR_MAINTAINER_NAME GIT_USERNAME ROOT ARCHROOT WORKFLOWCMD TEMPENV"
steps:
- name: Maximize build space
uses: easimon/maximize-build-space@master
with:
root-reserve-mb: 512
swap-size-mb: 1024
remove-dotnet: "true"
- name: Checkout
uses: actions/checkout@v5
- name: Relocate Docker storage
run: |
sudo systemctl stop docker
sudo rm -rf /var/lib/docker
mkdir -p /home/runner/work/aur/aur/DOCKER
sudo ln -s /home/runner/work/aur/aur/DOCKER /var/lib/docker
sudo systemctl start docker
docker info | grep "Docker Root Dir"
- name: Create Dockerfile
run: |
cat > Dockerfile <<'EOF'
FROM archlinux:base-devel
WORKDIR /workspace
CMD ["df", "-h", "/workspace"]
EOF
- name: Build Docker image
run: docker build -t archlinux-space .
- name: Run container using /home/runner/work/aur/aur
run: |
docker run --rm -v /home/runner/work/aur/aur:/workspace/aur:ro archlinux-space
exit 1
- name: Download Arch bootstrap
run: |
curl -sSLO https://iad.mirror.rackspace.com/archlinux/iso/latest/archlinux-bootstrap-x86_64.tar.zst
tar --zstd -xf archlinux-bootstrap-x86_64.tar.zst --ignore-failed-read --warning=no-timestamp 2>/dev/null || true
sudo chown -R root:root root.x86_64
sudo chmod 777 root.x86_64/tmp
sudo mv root.x86_64 ${ARCHROOT}
- name: Bind mounts
run: |
sudo mount --bind ${ARCHROOT} ${ARCHROOT}
sudo touch ${ARCHROOT}/github_env
sudo mount --bind "$GITHUB_ENV" ${ARCHROOT}/github_env
sudo mount --bind /dev ${ARCHROOT}/dev
sudo mount --bind /proc ${ARCHROOT}/proc
sudo mount --bind /sys ${ARCHROOT}/sys
sudo mount --bind /run ${ARCHROOT}/run
for var in $ENV_EXPORTS; do
echo "export $var=\${$var:-$(eval echo \$$var)}" >> ${ARCHROOT}/${TEMPENV}
done
- name: Build
run: |
echo "Free space:"
df -h
ls -la ${ARCHROOT}
cat ${ARCHROOT}/${TEMPENV}
- name: Test pacman 2
run: |
cat > ${ARCHROOT}/${WORKFLOWCMD} <<'EOF'
echo "::group::Initialize pacman, Update System, and Configure Makepkg"
echo "Initializing pacman keyring..."
mkdir -p /etc/pacman.d/gnupg
pacman-key --init
pacman-key --populate archlinux
echo "Enabling multilib repository..."
echo -e "\n[multilib]\nInclude = /etc/pacman.d/mirrorlist" >> /etc/pacman.conf
echo "Adding mirrors"
echo -e "Server = https://geo.mirror.pkgbuild.com/\$repo/os/\$arch" > /etc/pacman.d/mirrorlist
echo -e "Server = https://mirror.rackspace.com/archlinux/\$repo/os/\$arch" >> /etc/pacman.d/mirrorlist
echo "Updating system and installing core dependencies..."
pacman -Sy --noconfirm --needed archlinux-keyring
pacman -Syu --noconfirm
echo "Installing necessary packages..."
pacman -S --noconfirm --needed \
git base-devel pacman-contrib openssh github-cli jq expac \
ruby-rdoc ruby-pkg-config gnupg \
python python-pip \
pyalpm python-awesomeversion python-packaging python-lxml \
python-gobject python-requests libnotify nvchecker \
binutils multilib-devel python-aiohttp clang python-jq \
sudo
echo "Configuring makepkg for parallel compilation..."
# Check if MAKEFLAGS is already set and uncommented
if grep -q -E '^#?\s*MAKEFLAGS=' /etc/makepkg.conf; then
# If found (commented or uncommented), replace the line
sed -i "s|^#*\s*MAKEFLAGS=.*|MAKEFLAGS=\"-j$(nproc)\"|g" /etc/makepkg.conf
echo "Updated existing MAKEFLAGS in /etc/makepkg.conf."
else
# If not found, append it
echo "MAKEFLAGS=\"-j$(nproc)\"" >> /etc/makepkg.conf
echo "Appended MAKEFLAGS to /etc/makepkg.conf."
fi
echo "Current MAKEFLAGS setting in /etc/makepkg.conf:"
grep --color=auto MAKEFLAGS /etc/makepkg.conf || echo "MAKEFLAGS not found after attempting to set."
echo "::endgroup::"
EOF
chmod +x ${ARCHROOT}/${WORKFLOWCMD}
sudo chroot ${ARCHROOT} ${WORKFLOWCMD}
- name: Setup non-root user for AUR operations
shell: bash
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY}}
run: |
cat > ${ARCHROOT}/${WORKFLOWCMD} <<'EOF'
echo "::group::Setup non-root user 'builder'"
source /github_env
echo "Creating build user 'builder'..."
useradd -m -s /bin/bash builder
echo "builder ALL=(ALL) NOPASSWD: ALL" > /etc/sudoers.d/builder
chmod 0440 /etc/sudoers.d/builder
echo "Setting up directories for builder..."
install -d -o builder -g builder -m 700 /home/builder/.gnupg
install -d -o builder -g builder -m 755 /home/builder/.cache
install -d -o builder -g builder -m 755 /home/builder/.local
install -d -o builder -g builder -m 755 /home/builder/.local/share
install -d -o builder -g builder -m 755 /home/builder/.cache/paru
install -d -o builder -g builder -m 755 /home/builder/.local/share/paru
echo "$GPG_PRIVATE_KEY" > private.key.asc
sudo mv private.key.asc /home/builder/private.key.asc
sudo chown builder:builder /home/builder/private.key.asc
sudo -u builder env HOME=/home/builder gpg --batch --yes --import /home/builder/private.key.asc
rm /home/builder/private.key.asc
echo "Builder user setup complete."
echo "::endgroup::"
EOF
chmod +x ${ARCHROOT}/${WORKFLOWCMD}
sudo chroot ${ARCHROOT} ${WORKFLOWCMD}
- name: Export GPG signature if key is present
if: env.GPG_PRIVATE_KEY != ''
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
run: |
printf "GPG_PRIVATE_KEY<<EOF\n%s\nEOF\n" "$GPG_PRIVATE_KEY" >> "$GITHUB_ENV"
cat > ${ARCHROOT}/${WORKFLOWCMD} <<'EOF'
echo "::group::Exporting GPG_SIGNATURE short key"
source /github_env
SHORT_KEY=$(sudo -u builder env HOME=/home/builder \
gpg --with-colons --import-options show-only --import <<< "$GPG_PRIVATE_KEY" \
| awk -F: '/^fpr:/ { print $10; exit }')
echo "GPG_SIGNATURE = $SHORT_KEY"
echo "GPG_SIGNATURE=${SHORT_KEY}" >> /github_env
echo "::endgroup::"
EOF
chmod +x ${ARCHROOT}/${WORKFLOWCMD}
sudo chroot ${ARCHROOT} ${WORKFLOWCMD}
- name: Install paru (AUR helper)
run: |
cat > ${ARCHROOT}/${WORKFLOWCMD} <<'EOF'
echo "::group::Install paru (AUR helper)"
echo "Installing paru for 'builder' user..."
cd /tmp
sudo -u builder mkdir -p paru-bin && cd paru-bin
sudo -u builder git clone --depth 1 --filter=blob:none --sparse --branch paru-bin https://github.com/archlinux/aur.git
cd aur && sudo -u builder makepkg -si --noconfirm
cd ../.. && rm -rf paru-bin
echo "::endgroup::"
EOF
chmod +x ${ARCHROOT}/${WORKFLOWCMD}
sudo chroot ${ARCHROOT} ${WORKFLOWCMD}
- name: Setup SSH key for AUR
env:
AUR_SSH_PRIVATE_KEY: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
run: |
cat > ${ARCHROOT}/${WORKFLOWCMD} <<'EOF'
echo "::group::Setup SSH key for AUR"
source /github_env
echo "Setting up SSH key for AUR access..."
SSH_DIR="/home/builder/.ssh"
mkdir -p "${SSH_DIR}"
touch "${SSH_DIR}/aur"
#ssh-keyscan aur.archlinux.org >> "${SSH_DIR}/known_hosts"
echo 'aur.archlinux.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKF9vAFWdgm9Bi8uc+tYRBmXASBb5cB5iZsB7LOWWFeBrLp3r14w0/9S2vozjgqY5sJLDPONWoTTaVTbhe3vwO8CBKZTEt1AcWxuXNlRnk9FliR1/eNB9uz/7y1R0+c1Md+P98AJJSJWKN12nqIDIhjl2S1vOUvm7FNY43fU2knIhEbHybhwWeg+0wxpKwcAd/JeL5i92Uv03MYftOToUijd1pqyVFdJvQFhqD4v3M157jxS5FTOBrccAEjT+zYmFyD8WvKUa9vUclRddNllmBJdy4NyLB8SvVZULUPrP3QOlmzemeKracTlVOUG1wsDbxknF1BwSCU7CmU6UFP90kpWIyz66bP0bl67QAvlIc52Yix7pKJPbw85+zykvnfl2mdROsaT8p8R9nwCdFsBc9IiD0NhPEHcyHRwB8fokXTajk2QnGhL+zP5KnkmXnyQYOCUYo3EKMXIlVOVbPDgRYYT/XqvBuzq5S9rrU70KoI/S5lDnFfx/+lPLdtcnnEPk=' \
>> "${SSH_DIR}/known_hosts"
echo "Host aur.archlinux.org" >> "${SSH_DIR}/config"
echo " IdentityFile ${SSH_DIR}/aur" >> "${SSH_DIR}/config"
echo " User aur" >> "${SSH_DIR}/config"
echo " StrictHostKeyChecking yes" >> "${SSH_DIR}/config"
chown -R builder:builder "${SSH_DIR}"
chmod 700 "${SSH_DIR}"
chmod 600 "${SSH_DIR}/aur"
chmod 600 "${SSH_DIR}/config"
chmod 644 "${SSH_DIR}/known_hosts"
echo "::endgroup::"
EOF
chmod +x ${ARCHROOT}/${WORKFLOWCMD}
sudo chroot ${ARCHROOT} ${WORKFLOWCMD}
echo "$AUR_SSH_PRIVATE_KEY" | sudo tee ${ARCHROOT}/home/builder/.ssh/aur > /dev/null
sudo ls -la ${ARCHROOT}/home/builder/.ssh/
- name: Cleanup mounts
if: always()
run: |
sudo umount ${ROOT}/arch-root/dev || true
sudo umount ${ROOT}/arch-root/proc || true
sudo umount ${ROOT}/arch-root/sys || true