name: Build Arch package on: release: types: [published] workflow_dispatch: inputs: version: description: 'Version' required: false create-pr: description: 'Create a PR for aur repo' type: boolean default: false push: branches-ignore: - 'dependabot/**' paths: - '.github/workflows/linux-makepkg.yml' - 'dist/linux/makepkg/**' - 'dist/linux/common/**' - 'dist/linux/resources/**' jobs: get-version: uses: ./.github/workflows/get-version.yml with: version: ${{ inputs.version }} makepkg: name: Build with makepkg needs: [get-version] runs-on: ubuntu-latest container: image: archlinux:base-devel env: PKGDEST: ${{ github.workspace }}/pkgdest SRCDEST: ${{ github.workspace }}/srcdest steps: - name: Prepare pacman run: | pacman-key --init pacman-key --populate archlinux pacman -Syu --noconfirm --needed git base-devel sudo gnupg maven unzip - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: path: cryptomator - name: Create build user run: | useradd -m builder echo 'builder ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/builder chown -R builder:builder "$GITHUB_WORKSPACE" install -d -m 0755 -o builder -g builder "$PKGDEST" "$SRCDEST" - name: Prepare PKGBUILD # cannot use github.workspace due to https://github.com/actions/runner/issues/2058 run: | export SOURCES="${SOURCES_1}${GITHUB_WORKSPACE}${SOURCES_2}" envsubst '$PKG_VERSION $PKG_RELEASE $SOURCES $SOURCES_SHA' < cryptomator/dist/linux/makepkg/PKGBUILD.template > PKGBUILD env: PKG_VERSION: ${{ needs.get-version.outputs.semVerNum }} PKG_RELEASE: 1 SOURCES_1: '"${_src_app_dir}::git+file://' SOURCES_2: '/cryptomator"' SOURCES_SHA: "'SKIP'" - name: Build package with makepkg run: > sudo -u builder env PKGDEST="$PKGDEST" SRCDEST="$SRCDEST" makepkg --syncdeps --cleanbuild --noconfirm --log - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: arch-package if-no-files-found: error path: | ${{ env.PKGDEST }}/*.pkg.tar.zst - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: pkgbuild-file if-no-files-found: error path: | cryptomator/dist/linux/makepkg/PKGBUILD.template create-pr: name: Create PR for aur repo if: github.event_name == 'workflow_dispatch' && inputs.create-pr || github.event_name == 'release' && needs.get-version.outputs.versionType == 'stable' runs-on: ubuntu-latest needs: [get-version, makepkg] container: image: archlinux:base-devel env: PKGDEST: ${{ github.workspace }}/pkgdest SRCDEST: ${{ github.workspace }}/srcdest steps: - name: Prepare pacman run: | pacman-key --init pacman-key --populate archlinux pacman -Syu --noconfirm --needed git base-devel sudo gnupg maven unzip github-cli curl - name: Download source tarball and compute checksum id: sha256 run: | URL="https://github.com/cryptomator/cryptomator/archive/refs/tags/${TAG}.tar.gz" curl --silent --fail-with-body --proto "=https" -L -H "Accept: application/vnd.github+json" ${URL} --output cryptomator.tar.gz TARBALL_SHA256=$(sha256sum cryptomator.tar.gz | cut -d ' ' -f1) echo "value=${TARBALL_SHA256}" >> "$GITHUB_OUTPUT" env: TAG: ${{ needs.get-version.outputs.semVerStr || github.event.release.tag_name }} - name: Checkout cryptomator/aur repo uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: 'cryptomator/aur' token: ${{ secrets.CRYPTOBOT_PR_TOKEN }} - name: Create build user run: | useradd -m builder echo 'builder ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers.d/builder chown -R builder:builder "$GITHUB_WORKSPACE" install -d -m 0755 -o builder -g builder "$PKGDEST" "$SRCDEST" - name: Import Cryptomator release signing key # try first ubuntu. on failure try openpgp keyservers run: > sudo -u builder gpg --batch --keyserver hkps://keyserver.ubuntu.com --recv-keys 58117AFA1F85B3EEC154677D615D449FE6E6A235 || sudo -u builder gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys 58117AFA1F85B3EEC154677D615D449FE6E6A235 - name: Checkout release branch run: | git config --global safe.directory '*' git checkout -b release/${VERSION} env: VERSION: ${{ needs.get-version.outputs.semVerStr }} - name: Determine pkgrel id: pkgrel run: | TARGET_VERSION='${{ needs.get-version.outputs.semVerStr }}' CURRENT_VERSION="$(sed -nE 's/^pkgver=(.*)$/\1/p' PKGBUILD | head -n1)" CURRENT_REL="$(sed -nE 's/^pkgrel=([0-9]+).*$/\1/p' PKGBUILD | head -n1)" if [[ "$CURRENT_VERSION" == "$TARGET_VERSION" && "$CURRENT_REL" =~ ^[0-9]+$ ]]; then NEXT_REL=$((CURRENT_REL + 1)) else NEXT_REL=1 fi echo "value=${NEXT_REL}" >> "$GITHUB_OUTPUT" echo "dist-version=${VERSION}-${NEXT_REL}" >> "$GITHUB_OUTPUT" env: VERSION: ${{ needs.get-version.outputs.semVerStr }} - name: Download PKGBUILD template uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.0 with: name: pkgbuild-file - name: Prepare PKGBUILD run: | envsubst '$PKG_VERSION $PKG_RELEASE $SOURCES $SOURCES_SHA' < PKGBUILD.template > PKGBUILD sudo -u builder makepkg --printsrcinfo > .SRCINFO env: PKG_VERSION: ${{ needs.get-version.outputs.semVerNum }} PKG_RELEASE: ${{ steps.pkgrel.outputs.value }} SOURCES: |- "cryptomator-${pkgver//_/-}.tar.gz::https://github.com/cryptomator/cryptomator/archive/refs/tags/${pkgver//_/-}.tar.gz" "cryptomator-${pkgver//_/-}.tar.gz.asc::https://github.com/cryptomator/cryptomator/releases/download/${pkgver//_/-}/cryptomator-${pkgver//_/-}.tar.gz.asc" SOURCES_SHA: |- '${{steps.sha256.outputs.value}}' 'SKIP' - name: Build package with makepkg run: > sudo -u builder env PKGDEST="$PKGDEST" SRCDEST="$SRCDEST" makepkg --syncdeps --cleanbuild --noconfirm --log - name: Commit and push run: | git config user.name "cryptobot" git config user.email "cryptobot@users.noreply.github.com" git config push.autoSetupRemote true git stage PKGBUILD .SRCINFO git commit -m "Prepare release ${DIST_VERSION}" git push env: DIST_VERSION: ${{ steps.pkgrel.outputs.dist-version }} - name: Create pull request id: create-pr run: | printf "Created by $GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID" > pr_body.md PR_URL=$(gh pr create --title "Release $DIST_VERSION" --body-file pr_body.md) echo "url=$PR_URL" >> "$GITHUB_OUTPUT" env: DIST_VERSION: ${{ steps.pkgrel.outputs.dist-version }} GH_TOKEN: ${{ secrets.CRYPTOBOT_PR_TOKEN }} - name: Slack Notification if: github.event_name == 'release' uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_CRYPTOMATOR_DESKTOP }} SLACK_USERNAME: 'Cryptobot' SLACK_ICON: false SLACK_ICON_EMOJI: ':bot:' SLACK_CHANNEL: 'cryptomator-desktop' SLACK_TITLE: "AUR release PR created for ${{ github.event.repository.name }} ${{ steps.pkgrel.outputs.dist-version }} ." SLACK_MESSAGE: "See <${{ steps.create-pr.outputs.url }}|PR> on how to proceed." SLACK_FOOTER: false MSG_MINIMAL: true