From 96a2574c7efbee00528ba86d121920a2bf5e85fd Mon Sep 17 00:00:00 2001 From: nevaforget Date: Wed, 1 Apr 2026 15:44:02 +0200 Subject: [PATCH] Fix CI: run makepkg in Arch container with non-root user The act_runner now uses docker mode with archlinux:base-devel. Install git/curl and create a builder user since makepkg refuses to run as root. --- .gitea/workflows/build-and-publish.yaml | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/build-and-publish.yaml b/.gitea/workflows/build-and-publish.yaml index c4db437..1d7ff38 100644 --- a/.gitea/workflows/build-and-publish.yaml +++ b/.gitea/workflows/build-and-publish.yaml @@ -11,12 +11,21 @@ on: - '*/PKGBUILD' jobs: - detect-changes: + build-and-publish: runs-on: moonarch steps: - - name: Detect changed PKGBUILDs + - name: Setup build environment + run: | + pacman -Sy --noconfirm git curl + + # makepkg refuses to run as root — create a build user + useradd -m builder + echo "builder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers + + - name: Build and publish changed packages run: | git clone http://gitea:3000/nevaforget/moonarch-pkgbuilds.git repo + chown -R builder:builder repo cd repo CHANGED=$(git diff --name-only HEAD~1 HEAD | grep '/PKGBUILD$' | sed 's|/PKGBUILD||' || true) @@ -32,8 +41,8 @@ jobs: echo "==> Building $pkg" cd "$pkg" - # Build package (skip dep checks — deps are already installed or in optdepends) - makepkg -sfd --noconfirm + # Build package as non-root user + su builder -c "makepkg -sfd --noconfirm" # Find the built package file PKG_FILE=$(ls -t *.pkg.tar.zst 2>/dev/null | head -1)