From 381cefa6b2222503cdfca4e44488697cfe4102f0 Mon Sep 17 00:00:00 2001 From: Austin Date: Sun, 12 Apr 2026 08:24:11 -0400 Subject: [PATCH] PPA: Use SFTP method for uploads (#10138) * Upload to PPA via SFTP * PPA-SFTP: Trust Launchpad's SSH Key * Move SSH key import next to GPG * Increase dput timeout... * Use env for inputs (address semgrep gripe) --- .github/workflows/package_ppa.yml | 47 +++++++++++++++++++++++++++---- 1 file changed, 42 insertions(+), 5 deletions(-) diff --git a/.github/workflows/package_ppa.yml b/.github/workflows/package_ppa.yml index 334a7016d..c51e64e78 100644 --- a/.github/workflows/package_ppa.yml +++ b/.github/workflows/package_ppa.yml @@ -5,6 +5,8 @@ on: secrets: PPA_GPG_PRIVATE_KEY: required: true + PPA_SFTP_PRIVATE_KEY: + required: true inputs: ppa_repo: description: Meshtastic PPA to target @@ -27,6 +29,7 @@ jobs: build_location: ppa package-ppa: + if: ${{ github.event_name != 'pull_request_target' && github.event_name != 'pull_request' }} runs-on: ubuntu-24.04 needs: build-debian-src steps: @@ -40,7 +43,7 @@ jobs: shell: bash run: | sudo apt-get update -y --fix-missing - sudo apt-get install -y dput + sudo apt-get install -y dput openssh-client - name: Import GPG key uses: crazy-max/ghaction-import-gpg@v7 @@ -65,8 +68,42 @@ jobs: - name: Display structure of downloaded files run: ls -lah - - name: Publish with dput - if: ${{ github.event_name != 'pull_request_target' && github.event_name != 'pull_request' }} - timeout-minutes: 15 # dput is terrible, sometimes runs 'forever' + - name: Trust Launchpad's SSH key run: | - dput ${{ inputs.ppa_repo }} meshtasticd_${{ steps.version.outputs.deb }}~${{ inputs.series }}_source.changes + mkdir -p ~/.ssh + ssh-keyscan -H ppa.launchpad.net >> ~/.ssh/known_hosts + + - name: Setup dput config + env: + ppa_login: meshtasticorg + run: | + sudo tee /etc/meshtastic-dput.cf >/dev/null < + dput -c /etc/meshtastic-dput.cf + ssh-${up_ppa_repo} + meshtasticd_${up_version}~${up_series}_source.changes