Update the workflow, split into multiple steps.
This commit is contained in:
parent
4c2c5bf397
commit
5daed056a3
29
.github/workflows/release.yml
vendored
29
.github/workflows/release.yml
vendored
|
@ -17,25 +17,38 @@ jobs:
|
|||
uses: actions/checkout@v2
|
||||
|
||||
- name: Build
|
||||
env:
|
||||
GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }}
|
||||
GPG_PASSPHRASE: ${{ secrets.GITHUB_GPG_PASSPHRASE }}
|
||||
run: |
|
||||
pushd pkg/arch
|
||||
# Create user
|
||||
cd pkg/arch
|
||||
|
||||
# Create build user (can't makepkg as root)
|
||||
useradd -m -g wheel -s /bin/bash build
|
||||
echo "build ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
||||
chown -R build:wheel .
|
||||
chown -R build:wheel $HOME
|
||||
|
||||
# Install makepkg deps
|
||||
pacman -Sy sudo binutils fakeroot grep base-devel git --noconfirm
|
||||
|
||||
# Build
|
||||
su build --pty -s /bin/bash -c './build.sh'
|
||||
popd
|
||||
|
||||
- name: Prepare Release
|
||||
run: |
|
||||
mkdir release
|
||||
mv pkg/arch/**/*.pkg.tar.zst* release
|
||||
mv pkg/arch/**/*.pkg.tar.zst release
|
||||
|
||||
- name: Sign Packages
|
||||
env:
|
||||
GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }}
|
||||
GPG_PASSPHRASE: ${{ secrets.GITHUB_GPG_PASSPHRASE }}
|
||||
run: |
|
||||
cd release
|
||||
|
||||
# import GPG key
|
||||
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
|
||||
export GPG_TTY=$(tty)
|
||||
|
||||
# sign packages
|
||||
ls *.pkg.tar.zst | xargs -L1 gpg --detach-sign --batch --no-tty --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -u 5B574D1B513F9A05
|
||||
|
||||
- name: Upload artifacts
|
||||
uses: actions/upload-artifact@v1
|
||||
|
|
|
@ -5,19 +5,11 @@ set -euxo pipefail
|
|||
export PKGEXT='.pkg.tar.zst'
|
||||
export COMPRESSZST=(zstd -c -T0 --ultra -20 -)
|
||||
|
||||
# Import GPG key
|
||||
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
|
||||
export GPG_TTY=$(tty)
|
||||
|
||||
# Build the packages as `build' user
|
||||
# Build the packages
|
||||
pushd surface-ipts-firmware
|
||||
makepkg -f --syncdeps --skippgpcheck --noconfirm
|
||||
# Sign as a separate step (makepkg -s needs pinentry)
|
||||
makepkg --packagelist | xargs -L1 gpg --detach-sign --batch --no-tty --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -u 5B574D1B513F9A05
|
||||
popd
|
||||
|
||||
pushd kernel
|
||||
makepkg -f --syncdeps --skippgpcheck --noconfirm
|
||||
# Sign as a separate step (makepkg -s needs pinentry)
|
||||
makepkg --packagelist | xargs -L1 gpg --detach-sign --batch --no-tty --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -u 5B574D1B513F9A05
|
||||
popd
|
||||
|
|
Loading…
Reference in a new issue