moonarch-pkgbuilds/.gitea/workflows/build-and-publish.yaml

# ABOUTME: Builds changed packages and publishes them to Gitea Package Registry.
# ABOUTME: Triggered by pkgver-bot commits (from per-project CI workflows).

name: Build and publish packages

on:
  push:
    branches:
      - main
    paths:
      - '*/PKGBUILD'

jobs:
  build-and-publish:
    runs-on: moonarch
    steps:
      - name: Build and publish changed packages
        run: |
          rm -rf repo
          git clone http://gitea:3000/nevaforget/moonarch-pkgbuilds.git repo
          cd repo

          CHANGED=$(git diff --name-only HEAD~1 HEAD | grep '/PKGBUILD$' | sed 's|/PKGBUILD||' || true)

          if [ -z "$CHANGED" ]; then
            echo "No PKGBUILD changes detected"
            exit 0
          fi

          echo "Changed packages: $CHANGED"

          # Sync pacman DB so makepkg -s can resolve current deps.
          # NEVER change this to -Syu. The runner shares I/O with the host
          # (act_runner runs in network-host mode on the Gitea server). A full
          # system upgrade here took the host down on 2026-04-20 and required
          # a hard reboot + Contabo abuse-block recovery. -Sy syncs the DB
          # only; -s picks targeted makedepends via pacman.
          sudo pacman -Sy --noconfirm

          for pkg in $CHANGED; do
            echo "==> Building $pkg"
            cd "$pkg"

            makepkg -sf --noconfirm

            # Find the built package file
            PKG_FILE=$(ls -t *.pkg.tar.zst 2>/dev/null | head -1)
            if [ -z "$PKG_FILE" ]; then
              echo "ERROR: No package file found for $pkg"
              cd ..
              continue
            fi

            # Extract version for delete endpoint
            PKG_NAME=$(grep '^pkgname=' PKGBUILD | cut -d= -f2)
            PKG_VER=$(grep '^pkgver=' PKGBUILD | cut -d= -f2)
            PKG_REL=$(grep '^pkgrel=' PKGBUILD | cut -d= -f2)
            PKG_ARCH=$(grep '^arch=' PKGBUILD | sed "s/.*('\(.*\)').*/\1/")
            FULL_VER="${PKG_VER}-${PKG_REL}"

            echo "==> Uploading $PKG_FILE ($PKG_NAME $FULL_VER $PKG_ARCH)"

            # Delete old version if it exists (ignore 404)
            curl -s -o /dev/null -X DELETE \
              -H "Authorization: token ${{ secrets.PKG_REGISTRY_TOKEN }}" \
              "https://gitea.moonarch.de/api/packages/nevaforget/arch/moonarch/${PKG_NAME}/${FULL_VER}/${PKG_ARCH}" || true

            # Upload new version
            curl -sf \
              -H "Authorization: token ${{ secrets.PKG_REGISTRY_TOKEN }}" \
              --upload-file "$PKG_FILE" \
              "https://gitea.moonarch.de/api/packages/nevaforget/arch/moonarch"

            echo "==> Published $PKG_NAME $FULL_VER"
            cd ..
          done