beenull/linux-surface
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Update the workflow, split into multiple steps.

Browse source
This commit is contained in:
Blaž Hrastnik 2020-01-10 10:25:28 +09:00
parent 4c2c5bf397
commit 5daed056a3
2 changed files with 22 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
.github/workflows/release.yml vendored
View file

@ -17,25 +17,38 @@ jobs:
uses: actions/checkout@v2 uses: actions/checkout@v2
- name: Build - name: Build
env:
GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }}
GPG_PASSPHRASE: ${{ secrets.GITHUB_GPG_PASSPHRASE }}
run: | run: |
pushd pkg/arch cd pkg/arch
# Create user
# Create build user (can't makepkg as root)
useradd -m -g wheel -s /bin/bash build useradd -m -g wheel -s /bin/bash build
echo "build ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers echo "build ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
chown -R build:wheel . chown -R build:wheel .
chown -R build:wheel $HOME
# Install makepkg deps # Install makepkg deps
pacman -Sy sudo binutils fakeroot grep base-devel git --noconfirm pacman -Sy sudo binutils fakeroot grep base-devel git --noconfirm
# Build # Build
su build --pty -s /bin/bash -c './build.sh' su build --pty -s /bin/bash -c './build.sh'
popd
- name: Prepare Release
run: |
mkdir release mkdir release
mv pkg/arch/**/*.pkg.tar.zst* release mv pkg/arch/**/*.pkg.tar.zst release
- name: Sign Packages
env:
GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }}
GPG_PASSPHRASE: ${{ secrets.GITHUB_GPG_PASSPHRASE }}
run: |
cd release
# import GPG key
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
export GPG_TTY=$(tty)
# sign packages
ls *.pkg.tar.zst | xargs -L1 gpg --detach-sign --batch --no-tty --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -u 5B574D1B513F9A05
- name: Upload artifacts - name: Upload artifacts
uses: actions/upload-artifact@v1 uses: actions/upload-artifact@v1

10
pkg/arch/build.sh
View file

@ -5,19 +5,11 @@ set -euxo pipefail
export PKGEXT='.pkg.tar.zst' export PKGEXT='.pkg.tar.zst'
export COMPRESSZST=(zstd -c -T0 --ultra -20 -) export COMPRESSZST=(zstd -c -T0 --ultra -20 -)
# Import GPG key # Build the packages
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
export GPG_TTY=$(tty)
# Build the packages as `build' user
pushd surface-ipts-firmware pushd surface-ipts-firmware
makepkg -f --syncdeps --skippgpcheck --noconfirm makepkg -f --syncdeps --skippgpcheck --noconfirm
# Sign as a separate step (makepkg -s needs pinentry)
makepkg --packagelist | xargs -L1 gpg --detach-sign --batch --no-tty --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -u 5B574D1B513F9A05
popd popd
pushd kernel pushd kernel
makepkg -f --syncdeps --skippgpcheck --noconfirm makepkg -f --syncdeps --skippgpcheck --noconfirm
# Sign as a separate step (makepkg -s needs pinentry)
makepkg --packagelist | xargs -L1 gpg --detach-sign --batch --no-tty --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -u 5B574D1B513F9A05
popd popd