nevaforget/moonarch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: nevaforget:18357384e67c379c19dee074e607ab8cb1c3d6a5
Branches Tags
nevaforget:main
...
compare: nevaforget:7f06c8e50171ec216fea4ba8ea0eed4895e4bad2
Branches Tags
nevaforget:main

4 Commits
18357384e6 ... 7f06c8e501

Author SHA1 Message Date
nevaforget
7f06c8e501 Add Moonarch package registry setup with signed packages
All checks were successful
Update PKGBUILD version / update-pkgver (push) Successful in 1s
Details 
Import Gitea Arch registry key dynamically and configure pacman
with SigLevel = Required DatabaseOptional. Key ID is extracted
from the downloaded key file to avoid hardcoding.
 2026-04-01 18:09:10 +02:00
nevaforget
93ff264824 Add custom Arch-based act_runner image 
Runner based on archlinux:base-devel with git, curl, makepkg.
Runs as non-root builder user so makepkg works natively without
permission workarounds. Registration data stored in /data volume.
 2026-04-01 18:09:09 +02:00
nevaforget
d4eec1c506 Add custom Arch-based act_runner image, revert workflow workaround 
The runner image is now built on archlinux:base-devel with git,
curl, makepkg and a non-root builder user baked in. This removes
the need for per-workflow pacman installs and enables host mode.
 2026-04-01 18:09:09 +02:00
nevaforget
6b21b6d50c Fix CI: install git in Arch container for update-pkgver 
The runner now uses docker mode with archlinux:base-devel which
does not include git by default.
 2026-04-01 18:09:09 +02:00
3 changed files with 65 additions and 0 deletions
Show Stats Expand all files Collapse all files

10
ci/act-runner/Dockerfile Normal file
View File

@ -0,0 +1,10 @@
FROM archlinux:base-devel
RUN pacman -Sy --noconfirm git curl && pacman -Scc --noconfirm
RUN useradd -m builder && echo "builder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
ADD https://gitea.com/gitea/act_runner/releases/download/v0.3.1/act_runner-0.3.1-linux-amd64 /usr/local/bin/act_runner
RUN chmod +x /usr/local/bin/act_runner
COPY --from=gitea/act_runner:latest /usr/local/bin/run.sh /usr/local/bin/run.sh
RUN mkdir -p /data && chown builder:builder /data
USER builder
ENV HOME=/home/builder
ENTRYPOINT ["/usr/local/bin/run.sh"]

28
scripts/post-install.sh
View File

@ -20,6 +20,34 @@ else
log "paru already installed."
fi
# --- Set up Moonarch package registry ---
log "Setting up Moonarch package registry..."
if ! grep -q '\[moonarch\]' /etc/pacman.conf 2>/dev/null; then
sudo tee -a /etc/pacman.conf > /dev/null <<'EOCONF'
[moonarch]
SigLevel = Required DatabaseOptional
Server = https://gitea.moonarch.de/api/packages/nevaforget/arch/$repo/$arch
EOCONF
log " + Moonarch repo added to pacman.conf."
else
log " ~ Moonarch repo already in pacman.conf."
fi
log "Importing Moonarch registry signing key..."
KEY_FILE=$(mktemp)
curl -sf https://gitea.moonarch.de/api/packages/nevaforget/arch/repository.key -o "$KEY_FILE"
KEY_ID=$(gpg --show-keys --with-colons "$KEY_FILE" 2>/dev/null | awk -F: '/^pub/{print $5}')
if [[ -n "$KEY_ID" ]] && ! sudo pacman-key --list-keys "$KEY_ID" &>/dev/null; then
sudo pacman-key --add "$KEY_FILE"
sudo pacman-key --lsign-key "$KEY_ID"
log " + Registry key $KEY_ID imported and locally signed."
else
log " ~ Registry key already imported."
fi
rm -f "$KEY_FILE"
# --- Set up Moonarch custom paru repo ---
log "Setting up Moonarch paru repo..."

27
scripts/transform.sh
View File

@ -206,6 +206,33 @@ else
log "paru already installed."
fi
# Moonarch package registry
log "Setting up Moonarch package registry..."
if ! grep -q '\[moonarch\]' /etc/pacman.conf 2>/dev/null; then
sudo tee -a /etc/pacman.conf > /dev/null <<'EOCONF'
[moonarch]
SigLevel = Required DatabaseOptional
Server = https://gitea.moonarch.de/api/packages/nevaforget/arch/$repo/$arch
EOCONF
log " + Moonarch repo added to pacman.conf."
else
log " ~ Moonarch repo already in pacman.conf."
fi
log "Importing Moonarch registry signing key..."
KEY_FILE=$(mktemp)
curl -sf https://gitea.moonarch.de/api/packages/nevaforget/arch/repository.key -o "$KEY_FILE"
KEY_ID=$(gpg --show-keys --with-colons "$KEY_FILE" 2>/dev/null | awk -F: '/^pub/{print $5}')
if [[ -n "$KEY_ID" ]] && ! sudo pacman-key --list-keys "$KEY_ID" &>/dev/null; then
sudo pacman-key --add "$KEY_FILE"
sudo pacman-key --lsign-key "$KEY_ID"
log " + Registry key $KEY_ID imported and locally signed."
else
log " ~ Registry key already imported."
fi
rm -f "$KEY_FILE"
# Moonarch custom paru repo
log "Setting up Moonarch paru repo..."
PARU_CONF="$HOME/.config/paru/paru.conf"