wdevs/unitdore
5
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases 7 Wiki Activity

Compare commits

base: wdevs:v0.0.3
Branches Tags
wdevs:main
wdevs:v0.0.9 wdevs:v0.0.8 wdevs:v0.0.7 wdevs:v0.0.6 wdevs:v0.0.5 wdevs:v0.0.4 wdevs:v0.0.3 wdevs:v0.0.2 wdevs:v0.0.1
..
compare: wdevs:v0.0.4
Branches Tags
wdevs:main
wdevs:v0.0.9 wdevs:v0.0.8 wdevs:v0.0.7 wdevs:v0.0.6 wdevs:v0.0.5 wdevs:v0.0.4 wdevs:v0.0.3 wdevs:v0.0.2 wdevs:v0.0.1

6 Commits
v0.0.3 ... v0.0.4

Author SHA1 Message Date
Hein
77b86dc3fc chore(aur): improve AUR SSH key handling logic
Some checks failed
Release / test (push) Successful in -30m41s
Details
Release / pkg-deb (push) Successful in -30m32s
Details
Release / release (push) Successful in -30m33s
Details
Release / pkg-rpm (push) Failing after -30m32s
Details
Release / pkg-aur (push) Successful in -30m34s
Details
2026-04-08 17:19:13 +02:00
Hein
0999303cd3 chore(aur): enhance AUR SSH setup for key handling 
* Improve SSH key handling with support for raw, escaped, and base64-encoded keys
* Add validation for AUR_SSH_KEY to ensure it's a valid private key
* Update SSH command options for better security and reliability
 2026-04-08 17:02:10 +02:00
Hein
384c4592d1 chore(release): remove key content diagnostics from AUR SSH setup 2026-04-08 16:39:06 +02:00
Hein
815bdfed80 chore(release): enhance AUR SSH setup for key handling 
* Improve SSH key setup by auto-detecting key format
* Add diagnostics for key validation and size
 2026-04-08 15:41:35 +02:00
Hein
243da39fe3 chore(release): update AUR SSH setup to use base64 decoding 2026-04-08 15:29:21 +02:00
Hein
0a1e768dfe chore(release): remove Arch package build steps from workflow 2026-04-08 15:23:10 +02:00
1 changed files with 49 additions and 72 deletions
Expand all files Collapse all files

111
.gitea/workflows/release.yml
View File

@@ -92,62 +92,6 @@ jobs:
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
pkg-arch:
needs: release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Build Arch package
run: |
VERSION="${{ github.event.inputs.tag || github.ref_name }}"
PKGVER="${VERSION#v}"
# Source archive — prefix=unitdore-vVERSION/ matches `cd "$pkgname-v$pkgver"` in PKGBUILD
git archive --format=zip --prefix=unitdore-v${PKGVER}/ HEAD \
> pkg/arch/unitdore-${PKGVER}.zip
SHA=$(sha256sum pkg/arch/unitdore-${PKGVER}.zip | cut -d' ' -f1)
# Patch PKGBUILD for local build
sed -i \
-e "s/^pkgver=.*/pkgver=${PKGVER}/" \
-e "s/^sha256sums=.*/sha256sums=('${SHA}')/" \
-e "s|source=.*|source=(\"unitdore-\${pkgver}.zip\")|" \
pkg/arch/PKGBUILD
mkdir -p pkg/arch/out
docker run --rm \
-v "$PWD/pkg/arch:/build" \
-v "$PWD/pkg/arch/out:/out" \
-w /build \
archlinux:latest \
bash -c "
pacman -Syu --noconfirm base-devel go &&
useradd -m builder &&
chown -R builder:builder /build &&
runuser -u builder -- bash -c 'cd /build && makepkg --noconfirm --noprogressbar' &&
cp /build/*.pkg.tar.zst /out/
"
- name: Upload to release
run: |
TAG="${{ github.event.inputs.tag || github.ref_name }}"
RELEASE=$(curl -s "${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY}/releases/tags/${TAG}" \
-H "Authorization: token ${GITHUB_TOKEN}")
UPLOAD_URL=$(echo "$RELEASE" | grep -o '"upload_url":"[^"]*"' | cut -d'"' -f4)
for f in pkg/arch/out/*.pkg.tar.zst; do
FNAME=$(basename "$f")
echo "Uploading $FNAME..."
curl -s -X POST "${UPLOAD_URL}?name=${FNAME}" \
-H "Authorization: token ${GITHUB_TOKEN}" \
-H "Content-Type: application/octet-stream" \
--data-binary "@${f}" > /dev/null
done
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
pkg-aur: pkg-aur:
needs: release needs: release
runs-on: ubuntu-latest runs-on: ubuntu-latest
@@ -158,17 +102,49 @@ jobs:
env: env:
AUR_SSH_KEY: ${{ secrets.AUR_SSH_KEY }} AUR_SSH_KEY: ${{ secrets.AUR_SSH_KEY }}
run: | run: |
set -euo pipefail
VERSION="${{ github.event.inputs.tag || github.ref_name }}" VERSION="${{ github.event.inputs.tag || github.ref_name }}"
PKGVER="${VERSION#v}" PKGVER="${VERSION#v}"
AUR_KEY_PATH="$HOME/.ssh/aur"
AUR_KNOWN_HOSTS="$HOME/.ssh/known_hosts"
# Setup SSH for AUR # Setup SSH for AUR
mkdir -p ~/.ssh mkdir -p ~/.ssh
echo "$AUR_SSH_KEY" > ~/.ssh/aur chmod 700 ~/.ssh
chmod 600 ~/.ssh/aur
ssh-keyscan aur.archlinux.org >> ~/.ssh/known_hosts if [ -z "${AUR_SSH_KEY:-}" ]; then
echo "AUR_SSH_KEY is empty"
exit 1
fi
# Support raw multiline keys, escaped \\n secrets, or base64-encoded keys.
CLEAN_AUR_SSH_KEY="$(printf '%s' "$AUR_SSH_KEY" | tr -d '\r')"
if printf '%s' "$CLEAN_AUR_SSH_KEY" | grep -q "^-----BEGIN .*PRIVATE KEY-----$"; then
printf '%s\n' "$CLEAN_AUR_SSH_KEY" > "$AUR_KEY_PATH"
elif printf '%s' "$CLEAN_AUR_SSH_KEY" | grep -q '\\n'; then
printf '%b\n' "$CLEAN_AUR_SSH_KEY" > "$AUR_KEY_PATH"
else
if printf '%s' "$CLEAN_AUR_SSH_KEY" | tr -d '[:space:]' | base64 --decode > "$AUR_KEY_PATH" 2>/dev/null; then
:
else
printf '%s\n' "$CLEAN_AUR_SSH_KEY" > "$AUR_KEY_PATH"
fi
fi
chmod 600 "$AUR_KEY_PATH"
if ! ssh-keygen -y -f "$AUR_KEY_PATH" >/dev/null 2>&1; then
echo "AUR_SSH_KEY is not a valid private key."
echo "Store it as a raw private key, an escaped private key with \\n, or a base64-encoded private key."
exit 1
fi
ssh-keyscan -t rsa,ed25519 aur.archlinux.org >> "$AUR_KNOWN_HOSTS"
chmod 644 "$AUR_KNOWN_HOSTS"
# Clone AUR repo # Clone AUR repo
GIT_SSH_COMMAND="ssh -i ~/.ssh/aur" git clone ssh://aur@aur.archlinux.org/unitdore.git aur-repo GIT_SSH_COMMAND="ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes -o UserKnownHostsFile=$AUR_KNOWN_HOSTS -i $AUR_KEY_PATH" \
git clone ssh://aur@aur.archlinux.org/unitdore.git aur-repo
# Compute SHA256 of the release tarball (same URL the PKGBUILD will download) # Compute SHA256 of the release tarball (same URL the PKGBUILD will download)
SHA=$(curl -fsSL "https://git.warky.dev/wdevs/unitdore/archive/v${PKGVER}.zip" | sha256sum | cut -d' ' -f1) SHA=$(curl -fsSL "https://git.warky.dev/wdevs/unitdore/archive/v${PKGVER}.zip" | sha256sum | cut -d' ' -f1)
@@ -179,17 +155,17 @@ jobs:
-e "s/^sha256sums=.*/sha256sums=('${SHA}')/" \ -e "s/^sha256sums=.*/sha256sums=('${SHA}')/" \
pkg/arch/PKGBUILD > aur-repo/PKGBUILD pkg/arch/PKGBUILD > aur-repo/PKGBUILD
# Generate .SRCINFO inside an Arch container # Generate .SRCINFO inside an Arch container (docker cp avoids DinD volume mount issues)
docker run --rm \ CID=$(docker run -d archlinux:latest sleep infinity)
-v "$PWD/aur-repo:/build" \ docker cp aur-repo/PKGBUILD $CID:/build/PKGBUILD || (docker exec $CID mkdir -p /build && docker cp aur-repo/PKGBUILD $CID:/build/PKGBUILD)
-w /build \ docker exec $CID bash -c "
archlinux:latest \
bash -c "
pacman -Sy --noconfirm base-devel && pacman -Sy --noconfirm base-devel &&
useradd -m builder && useradd -m builder &&
chown -R builder:builder /build && chown -R builder:builder /build &&
runuser -u builder -- bash -c 'cd /build && makepkg --printsrcinfo > .SRCINFO' runuser -u builder -- bash -c 'cd /build && makepkg --printsrcinfo > .SRCINFO'
" "
docker cp $CID:/build/.SRCINFO aur-repo/.SRCINFO
docker rm -f $CID
# Commit and push to AUR master # Commit and push to AUR master
cd aur-repo cd aur-repo
@@ -197,7 +173,8 @@ jobs:
git config user.name "Hein" git config user.name "Hein"
git add PKGBUILD .SRCINFO git add PKGBUILD .SRCINFO
git commit -m "Update to v${PKGVER}" git commit -m "Update to v${PKGVER}"
GIT_SSH_COMMAND="ssh -i ~/.ssh/aur" git push origin HEAD:master GIT_SSH_COMMAND="ssh -o IdentitiesOnly=yes -o StrictHostKeyChecking=yes -o UserKnownHostsFile=$AUR_KNOWN_HOSTS -i $AUR_KEY_PATH" \
git push origin HEAD:master
pkg-deb: pkg-deb:
needs: release needs: release