chore: init

.github/workflows/test.yml

@@ -0,0 +1,31 @@
+name: 'build-test'
+on:
+  pull_request:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-release:
+    runs-on: ubuntu-20.04
+    strategy:
+      matrix:
+        pkgbuild: ["PKGBUILD.any", "PKGBUILD.multi"]
+        archlinux_arch: [aarch64, x86_64]
+        include:
+          - archlinux_arch: aarch64
+            docker_arch: aarch64
+          - archlinux_arch: x86_64
+            docker_arch: amd64
+    steps:
+      - uses: actions/checkout@v2
+      - id: pkgbuild
+        uses: ./
+        with:
+          docker_arch: ${{ matrix.docker_arch }}
+          archlinux_arch: ${{ matrix.archlinux_arch }}
+          gpg_keyid: ${{ secrets.GPG_KEYID }}
+          gpg_signing_key_base64: ${{ secrets.GPG_SECRET_KEY_BASE64 }}
+          pkgbuild: ${{ matrix.pkgbuild }}
+          dispatch-token: ${{ secrets.DISPATCH }}

PKGBUILD.any

@@ -0,0 +1,21 @@
+pkgname=dummy
+pkgrel=1
+pkgver=1.0.0
+pkgdesc="Dummy Package"
+url="https://www.github.com/dummy/dummy"
+depends=('python-pip')
+makedepends=('python-setuptools')
+conflicts=('dummy')
+provides=('dummy')
+license=('GPL')
+arch=('any')
+
+build() {
+    echo "build"
+    sleep 1
+}
+
+package() {
+    echo "package"
+    sleep 1
+}

PKGBUILD.multi

@@ -0,0 +1,21 @@
+pkgname=dummy
+pkgrel=1
+pkgver=1.0.0
+pkgdesc="Dummy Package"
+url="https://www.github.com/dummy/dummy"
+depends=('python-pip')
+makedepends=('python-setuptools')
+conflicts=('dummy')
+provides=('dummy')
+license=('GPL')
+arch=('x86_64' 'aarch64')
+
+build() {
+    echo "build"
+    sleep 1
+}
+
+package() {
+    echo "package"
+    sleep 1
+}

action.yml

@@ -0,0 +1,116 @@
+name: 'Manjaro package action'
+description: 'builds packages for Manjaro'
+
+inputs:
+  docker_arch:
+    description: 'amd64|aarch64'
+    required: true
+  archlinux_arch:
+    description: 'any|aarch64|x86_64'
+    required: true
+  gpg_keyid:
+    description: 'additional trustworthy gpg key id'
+    required: false
+  gpg_signing_key_base64:
+    description: 'base64 encoded signing-key'
+    required: true
+  pkgbuild:
+    description: 'path of the PKGBUILD file'
+    default: "PKGBUILD"
+    required: false
+  force-update:
+    description: force action to build, even if not updateable
+    default: "false"
+    required: false
+  dispatch-token:
+    description: token required for dispatch to Manjaro-Sway/packages
+    required: true
+
+outputs:
+  filename:
+    description: "name of the result file"
+    value: ${{ steps.filename.outputs.name }}
+
+runs:
+  using: "composite"
+  steps:
+    - uses: actions/checkout@v2
+    - id: info
+      shell: bash
+      run: |
+        echo "::set-output name=archs::$(cat ${{ inputs.pkgbuild }} | grep arch= | sed -e 's/^arch=(\(.*\))/\1/')"
+        VERSION=$(cat ${{ matrix.pkgbuild }} | grep pkgver= | sed -e 's/^pkgver=//' | awk '{print $1}')-$(cat ${{ matrix.pkgbuild }} | grep pkgrel= | sed -e 's/^pkgrel=//' | awk '{print $1}')
+        echo "::set-output name=version::${VERSION}"
+    - name: x86_64-build
+      shell: bash
+      if: ${{ ( contains(steps.info.outputs.archs, 'any') && inputs.archlinux_arch == 'x86_64' ) }}
+      run: echo "BUILD=true" >>$GITHUB_ENV
+    - name: aarch64-build
+      shell: bash
+      if: ${{ contains(steps.info.outputs.archs, inputs.archlinux_arch) }}
+      run: echo "BUILD=true" >>$GITHUB_ENV
+    - name: check updatable
+      if: ${{ env.BUILD == 'true' }}
+      shell: bash
+      run: |
+        git fetch --tags
+        git rev-list "${{ steps.info.outputs.version }}" >/dev/null && \
+          echo "BUILD=${{ inputs.force-update }}" >>$GITHUB_ENV || \
+          echo "BUILD=true" >>$GITHUB_ENV
+    - uses: Manjaro-Sway/run-on-arch-action@master
+      if: ${{ env.BUILD == 'true' }}
+      name: build
+      id: build
+      with:
+        arch: ${{ inputs.docker_arch }}
+        distro: manjaro_latest
+        githubToken: ${{ github.token }}
+        setup: |
+          mkdir -p "${PWD}/artifacts"
+        dockerRunArgs: |
+          --volume "${PWD}/artifacts:/artifacts"
+          --cap-add=SYS_ADMIN
+        shell: /bin/sh
+        install: |
+          echo ${{ inputs.gpg_keyid }} >>additional_gpg
+          for key in "$(cat additional_gpg)";do
+            sudo -u builder gpg --keyserver keys.openpgp.org --recv-key $key
+          done
+          sudo -u builder gpg --keyserver keys.openpgp.org --recv-key ${{ inputs.gpg_keyid }}
+          pacman-key --keyserver keys.openpgp.org --recv-keys ${{ inputs.gpg_keyid }}
+
+          sed -i '/^\[core\]/i \[manjaro-sway\]\nSigLevel = Optional TrustAll\nServer = https://packages.manjaro-sway.download/$arch\n' /etc/pacman.conf
+          pacman-mirrors --geoip
+        run: |
+          pacman -Syy
+          chown builder $PWD
+          sudo -u builder makepkg -fsAc --noconfirm --noprogressbar -p ${{ inputs.pkgbuild }}
+          cp *.pkg.tar.zst* /artifacts/
+    - id: filename
+      shell: bash
+      if: ${{ env.BUILD == 'true' }}
+      run: |
+        echo "::set-output name=name::$(basename $(find ./artifacts/ -type f  \( -name "*.pkg.tar.zst" \)))"
+    - name: sign
+      shell: bash
+      if: ${{ env.BUILD == 'true' }}
+      run: |
+        # import signing key (no passphrase)
+        cat <(echo -e "${{ inputs.gpg_signing_key_base64 }}" | base64 --decode) | gpg --batch --import
+        gpg --pinentry-mode loopback --detach-sign ./artifacts/${{ steps.filename.outputs.name }}
+    - name: release
+      shell: bash
+      if: ${{ env.BUILD == 'true' }}
+      run: |
+          echo ${{ github.token }} | gh auth login --with-token
+          gh release create ${{ steps.info.outputs.version }} --repo ${{ github.repository }} --notes "automated release" || echo "release already exists"
+          gh release upload ${{ steps.info.outputs.version }} --repo ${{ github.repository }} --clobber \
+            ./artifacts/${{ steps.filename.outputs.name }} ./artifacts/${{ steps.filename.outputs.name }}.sig
+    - name: dispatch
+      if: ${{ env.BUILD == 'true' }}
+      uses: peter-evans/repository-dispatch@v1
+      with:
+        token: ${{ inputs.dispatch-token }}
+        repository: manjaro-sway/packages
+        event-type: package_update
+        client-payload: '{ "repository": "${{ github.repository }}", "version": "${{ steps.info.outputs.version }}", "file_name": "${{ steps.filename.outputs.name }}"}'