Update the workflow, split into multiple steps.
This commit is contained in:
parent
4c2c5bf397
commit
5daed056a3
29
.github/workflows/release.yml
vendored
29
.github/workflows/release.yml
vendored
|
@ -17,25 +17,38 @@ jobs:
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
|
|
||||||
- name: Build
|
- name: Build
|
||||||
env:
|
|
||||||
GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }}
|
|
||||||
GPG_PASSPHRASE: ${{ secrets.GITHUB_GPG_PASSPHRASE }}
|
|
||||||
run: |
|
run: |
|
||||||
pushd pkg/arch
|
cd pkg/arch
|
||||||
# Create user
|
|
||||||
|
# Create build user (can't makepkg as root)
|
||||||
useradd -m -g wheel -s /bin/bash build
|
useradd -m -g wheel -s /bin/bash build
|
||||||
echo "build ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
echo "build ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
|
||||||
chown -R build:wheel .
|
chown -R build:wheel .
|
||||||
chown -R build:wheel $HOME
|
|
||||||
|
|
||||||
# Install makepkg deps
|
# Install makepkg deps
|
||||||
pacman -Sy sudo binutils fakeroot grep base-devel git --noconfirm
|
pacman -Sy sudo binutils fakeroot grep base-devel git --noconfirm
|
||||||
|
|
||||||
# Build
|
# Build
|
||||||
su build --pty -s /bin/bash -c './build.sh'
|
su build --pty -s /bin/bash -c './build.sh'
|
||||||
popd
|
|
||||||
|
- name: Prepare Release
|
||||||
|
run: |
|
||||||
mkdir release
|
mkdir release
|
||||||
mv pkg/arch/**/*.pkg.tar.zst* release
|
mv pkg/arch/**/*.pkg.tar.zst release
|
||||||
|
|
||||||
|
- name: Sign Packages
|
||||||
|
env:
|
||||||
|
GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }}
|
||||||
|
GPG_PASSPHRASE: ${{ secrets.GITHUB_GPG_PASSPHRASE }}
|
||||||
|
run: |
|
||||||
|
cd release
|
||||||
|
|
||||||
|
# import GPG key
|
||||||
|
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
|
||||||
|
export GPG_TTY=$(tty)
|
||||||
|
|
||||||
|
# sign packages
|
||||||
|
ls *.pkg.tar.zst | xargs -L1 gpg --detach-sign --batch --no-tty --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -u 5B574D1B513F9A05
|
||||||
|
|
||||||
- name: Upload artifacts
|
- name: Upload artifacts
|
||||||
uses: actions/upload-artifact@v1
|
uses: actions/upload-artifact@v1
|
||||||
|
|
|
@ -5,19 +5,11 @@ set -euxo pipefail
|
||||||
export PKGEXT='.pkg.tar.zst'
|
export PKGEXT='.pkg.tar.zst'
|
||||||
export COMPRESSZST=(zstd -c -T0 --ultra -20 -)
|
export COMPRESSZST=(zstd -c -T0 --ultra -20 -)
|
||||||
|
|
||||||
# Import GPG key
|
# Build the packages
|
||||||
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
|
|
||||||
export GPG_TTY=$(tty)
|
|
||||||
|
|
||||||
# Build the packages as `build' user
|
|
||||||
pushd surface-ipts-firmware
|
pushd surface-ipts-firmware
|
||||||
makepkg -f --syncdeps --skippgpcheck --noconfirm
|
makepkg -f --syncdeps --skippgpcheck --noconfirm
|
||||||
# Sign as a separate step (makepkg -s needs pinentry)
|
|
||||||
makepkg --packagelist | xargs -L1 gpg --detach-sign --batch --no-tty --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -u 5B574D1B513F9A05
|
|
||||||
popd
|
popd
|
||||||
|
|
||||||
pushd kernel
|
pushd kernel
|
||||||
makepkg -f --syncdeps --skippgpcheck --noconfirm
|
makepkg -f --syncdeps --skippgpcheck --noconfirm
|
||||||
# Sign as a separate step (makepkg -s needs pinentry)
|
|
||||||
makepkg --packagelist | xargs -L1 gpg --detach-sign --batch --no-tty --pinentry-mode=loopback --passphrase $GPG_PASSPHRASE -u 5B574D1B513F9A05
|
|
||||||
popd
|
popd
|
||||||
|
|
Loading…
Reference in a new issue