Use sudo to ignore permission error #413
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Auto Build Arch Packages | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - 'pacman-hooks' | |
| - 'LICENSE' | |
| - 'README.md' | |
| - '.gitignore' | |
| pull_request: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - 'pacman-hooks' | |
| - 'LICENSE' | |
| - 'README.md' | |
| - '.gitignore' | |
| workflow_dispatch: | |
| inputs: | |
| bump-pkgrel: | |
| description: If bump pkgrel by adding 1 to existing | |
| required: false | |
| default: false | |
| jobs: | |
| package-build: | |
| name: Build and Upload Packages for PKGBUILD in this repository | |
| runs-on: ubuntu-24.04-arm | |
| outputs: | |
| artifact-name: ${{ steps.artifact-name.outputs.artifact-name }} | |
| strategy: | |
| matrix: | |
| package: | |
| - raspberrypi-overlays | |
| - uefi-raspberrypi4 | |
| - uefi-raspberrypi4-bin | |
| - raspberrypi4-uefi-devel-meta | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Get pkgbase | |
| id: pkgbase | |
| uses: arenekosreal/pkgbuild-actions/[email protected] | |
| with: | |
| directory: ${{ matrix.package }} | |
| name: pkgbase | |
| - name: Get pkgver | |
| id: pkgver | |
| uses: arenekosreal/pkgbuild-actions/[email protected] | |
| with: | |
| directory: ${{ matrix.package }} | |
| name: pkgver | |
| - name: Get pkgrel | |
| id: pkgrel | |
| if: inputs.bump-pkgrel | |
| uses: arenekosreal/pkgbuild-actions/[email protected] | |
| with: | |
| directory: ${{ matrix.package }} | |
| name: pkgrel | |
| - name: Bump pkgrel | |
| if: inputs.bump-pkgrel | |
| run: | | |
| pkgrel="${{ steps.pkgrel.outputs.value }}" | |
| new="$(( pkgrel + 1 ))" | |
| sed -i "s/pkgrel=.*/pkgrel=$new/" "${{ matrix.package }}/PKGBUILD" | |
| - name: Get updated pkgrel | |
| id: final-pkgrel | |
| uses: arenekosreal/pkgbuild-actions/[email protected] | |
| with: | |
| directory: ${{ matrix.package }} | |
| name: pkgrel | |
| - name: Generate target architecture | |
| id: target-arch | |
| run: | | |
| case "${{ runner.arch }}" in | |
| X64) | |
| echo "arch=x86_64" >> "$GITHUB_OUTPUT" | |
| ;; | |
| ARM64) | |
| echo "arch=aarch64" >> "$GITHUB_OUTPUT" | |
| ;; | |
| *) | |
| echo "::error::Unsupported runner arch ${{ runner.arch }}" | |
| exit 1 | |
| ;; | |
| esac | |
| - name: Generate artifact name | |
| id: artifact-name | |
| run: | | |
| printf "artifact-name=%s %s-%d %s\n" \ | |
| "${{ steps.pkgbase.outputs.value }}" \ | |
| "${{ steps.pkgver.outputs.value }}" \ | |
| "${{ steps.final-pkgrel.outputs.value }}" \ | |
| "${{ steps.target-arch.outputs.arch }}" \ | |
| >> "$GITHUB_OUTPUT" | |
| - name: Setup cache | |
| id: cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: srcdest | |
| key: ${{ steps.artifact-name.outputs.artifact-name }} | |
| # This file will return 403 if downloads directly. | |
| # Original url: https://uefi.org/sites/default/files/resources/dbxupdate_arm64.bin | |
| - name: Place static file | |
| if: matrix.package == 'uefi-raspberrypi4' && steps.cache.cache-hit != 'true' | |
| run: | | |
| mkdir -p srcdest | |
| base64 -d dbxupdate_arm64.bin.base64.txt > | sudo tee srcdest/arm64_dbx.bin > /dev/null | |
| - name: Build | |
| uses: arenekosreal/pkgbuild-actions/[email protected] | |
| with: | |
| directory: ${{ matrix.package }} | |
| - name: Ensure pkgdest permission | |
| if: ${{ !github.event.act.local }} | |
| run: sudo chown -R "$(id -u):$(id -g)" pkgdest | |
| - name: Ensure filename suitable for uploading | |
| if: ${{ !github.event.act.local }} | |
| run: | | |
| EOF="$(dd if=/dev/urandom bs=15 count=1 status=none | base64)" | |
| echo "packages<<$EOF" >> "$GITHUB_OUTPUT" | |
| declare f base="pkgdest" | |
| while read -r f | |
| do | |
| declare -a invalid_chars=('\:' '\"' '\<' '\>' '\|' '\*' '\?' "$(printf '\r')" "$(printf '\n')") | |
| declare name validname char | |
| name="$(basename "$f")" | |
| validname="$name" | |
| for char in "${invalid_chars[@]}" | |
| do | |
| validname="${validname//$char/#}" | |
| done | |
| if [[ "$name" != "$validname" ]] | |
| then | |
| echo "::notice::Rewriting $name to $validname..." | |
| echo "$name" > "$base/$validname.original.txt" | |
| mv "$base/$name" "$base/$validname" | |
| fi | |
| echo "$validname" >> "$GITHUB_OUTPUT" | |
| done < <(find "pkgdest" -maxdepth 1 -mindepth 1 -type f -regex '.+\.pkg\.tar\.[0-9a-zA-Z]+$') | |
| echo "$EOF" >> "$GITHUB_OUTPUT" | |
| - name: Upload artifacts | |
| if: ${{ ! github.event.act.local }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ steps.artifact-name.outputs.artifact-name }} | |
| path: pkgdest/*.pkg.tar.* | |
| if-no-files-found: error | |
| release: | |
| name: Grab built packages and release | |
| runs-on: ubuntu-24.04-arm | |
| needs: package-build | |
| if: ${{ !github.event.act.local && github.event_name != 'pull_request' }} | |
| steps: | |
| - name: Generare Release info | |
| id: release-info | |
| run: | | |
| cd out | |
| EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
| echo "sums<<$EOF" >> "$GITHUB_OUTPUT" | |
| sha256sum *.pkg.tar.* >> "$GITHUB_OUTPUT" | |
| echo "$EOF" >> "$GITHUB_OUTPUT" | |
| echo date=$(date -I | sed s/-//g) >> "$GITHUB_OUTPUT" | |
| - name: Push to GitHub Releases | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| draft: false | |
| generate_release_notes: true | |
| prerelease: false | |
| tag_name: ${{ steps.release-info.outputs.date }} | |
| files: "out/*.pkg.tar.*" | |
| name: Raspberry Pi 4 UEFI Boot Packages for Arch Based Linux Distribution | |
| body: | | |
| CI Build for commit ${{ github.sha }} | |
| sha256sums: | |
| ``` | |
| ${{ steps.release-info.outputs.sums }} | |
| ``` |