nevaforget/moonarch-pkgbuilds
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
moonarch-pkgbuilds/.gitea/workflows/build-and-publish.yaml
nevaforget 6dea33bc22 Revert "ci(build): persist cargo registry via CARGO_HOME on existing volume" 
This reverts commit bed8aa7f8879a0269d28349b82b1a2c6e8d58b9c.
2026-04-24 11:41:43 +02:00

141 lines
6.0 KiB
YAML
Raw Permalink Blame History

# ABOUTME: Builds changed packages and publishes them to Gitea Package Registry.
# ABOUTME: Triggered by pkgver-bot commits (from per-project CI workflows).
name: Build and publish packages
on:
push:
branches:
- main
paths:
- '*/PKGBUILD'
jobs:
build-and-publish:
runs-on: moonarch
steps:
- name: Build and publish changed packages
run: |
rm -rf repo
git clone http://gitea:3000/nevaforget/moonarch-pkgbuilds.git repo
cd repo
CHANGED=$(git diff --name-only HEAD~1 HEAD | grep '/PKGBUILD$' | sed 's|/PKGBUILD||' || true)
if [ -z "$CHANGED" ]; then
echo "No PKGBUILD changes detected"
exit 0
fi
echo "Changed packages: $CHANGED"
# Sync pacman DB so makepkg -s can resolve current deps.
# NEVER change this to -Syu. The runner shares I/O with the host
# (act_runner runs in network-host mode on the Gitea server). A full
# system upgrade here took the host down on 2026-04-20 and required
# a hard reboot + Contabo abuse-block recovery. -Sy syncs the DB
# only; -s picks targeted makedepends via pacman.
sudo pacman -Sy --noconfirm
for pkg in $CHANGED; do
echo "==> Building $pkg"
cd "$pkg"
# Install makedepends manually (cargo, go, …) and skip the full
# depends check via -d. Rationale: moonarch-git's runtime depends
# include AUR-only packages (stasis, auto-cpufreq, ttf-ubuntusans-nerd)
# which pacman can't resolve. Those deps aren't needed at build time.
# Source the PKGBUILD in a subshell to read the array robustly —
# awk/grep parsing breaks on single-line vs multi-line formats.
MAKEDEPS=$(bash -c 'source ./PKGBUILD 2>/dev/null; printf "%s " "${makedepends[@]}"')
if [ -n "${MAKEDEPS// }" ]; then
# shellcheck disable=SC2086
sudo pacman -S --needed --noconfirm $MAKEDEPS
fi
# Parallel build with two cargo jobs. Previous single-threaded
# throttling was based on an unverified OOM assumption (run 86
# on 2026-04-23 stalled; no dmesg/journalctl evidence of
# OOMKiller was ever captured). If a real OOM happens, capture
# `dmesg | grep -i "killed process"` first before re-throttling.
export CARGO_BUILD_JOBS=2
export MAKEFLAGS="-j2"
makepkg -sfd --noconfirm
# makepkg can emit multiple artifacts per build (main + -debug
# split package). Upload each. Arch filename convention:
# <pkgname>-<pkgver>-<pkgrel>-<arch>.pkg.tar.zst; pkgver never
# contains '-', so we can strip from the right.
shopt -s nullglob
PKG_FILES=(*.pkg.tar.zst)
shopt -u nullglob
if [ "${#PKG_FILES[@]}" -eq 0 ]; then
echo "ERROR: No package file found for $pkg"
cd ..
continue
fi
# Collect unique package names (includes split packages like
# foo + foo-debug). We delete ALL existing versions of each
# before upload: Gitea's Arch registry doesn't fully regenerate
# the repo DB on pkgver change — old entries stick around as
# zombies and block pacman from seeing updates.
declare -A SEEN_NAMES
for PKG_FILE in "${PKG_FILES[@]}"; do
base="${PKG_FILE%.pkg.tar.zst}"
base="${base%-*}"; base="${base%-*}"; base="${base%-*}"
SEEN_NAMES["$base"]=1
done
sudo pacman -S --needed --noconfirm jq
for PKG_NAME in "${!SEEN_NAMES[@]}"; do
echo "==> Clearing existing versions of $PKG_NAME"
# Listing API returns every matching package across all types,
# so we filter by exact name client-side.
VERSIONS=$(curl -s \
-H "Authorization: token ${{ secrets.PKG_REGISTRY_TOKEN }}" \
"https://gitea.moonarch.de/api/v1/packages/nevaforget?type=arch&q=${PKG_NAME}&page=1&limit=100" \
| jq -r --arg n "$PKG_NAME" '.[] | select(.name==$n) | .version')
for V in $VERSIONS; do
echo " delete $PKG_NAME@$V"
DEL_CODE=$(curl -s -o /dev/null -w '%{http_code}' -X DELETE \
-H "Authorization: token ${{ secrets.PKG_REGISTRY_TOKEN }}" \
"https://gitea.moonarch.de/api/v1/packages/nevaforget/arch/${PKG_NAME}/${V}")
echo " HTTP $DEL_CODE"
done
done
for PKG_FILE in "${PKG_FILES[@]}"; do
base="${PKG_FILE%.pkg.tar.zst}"
PKG_ARCH="${base##*-}"
base="${base%-*}"
PKG_REL="${base##*-}"
base="${base%-*}"
PKG_VER="${base##*-}"
PKG_NAME="${base%-*}"
FULL_VER="${PKG_VER}-${PKG_REL}"
echo "==> Uploading $PKG_FILE ($PKG_NAME $FULL_VER $PKG_ARCH)"
# Upload new version. Capture HTTP status — curl -sf alone
# hides the response, and a silent failure lets the run green
# while the registry stays stale.
HTTP_CODE=$(curl -s -w '%{http_code}' -o /tmp/upload.log \
-H "Authorization: token ${{ secrets.PKG_REGISTRY_TOKEN }}" \
--upload-file "$PKG_FILE" \
"https://gitea.moonarch.de/api/packages/nevaforget/arch/moonarch")
echo "--- server response (HTTP $HTTP_CODE) ---"
cat /tmp/upload.log
echo
echo "-----------------------"
if [[ ! "$HTTP_CODE" =~ ^2 ]]; then
echo "ERROR: Upload failed with HTTP $HTTP_CODE for $PKG_FILE"
exit 1
fi
echo "==> Published $PKG_NAME $FULL_VER (HTTP $HTTP_CODE)"
done
cd ..
done
Reference in New Issue View Git Blame Copy Permalink