-
Notifications
You must be signed in to change notification settings - Fork 7
142 lines (115 loc) · 3.87 KB
/
linux-surface.yml
File metadata and controls
142 lines (115 loc) · 3.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
on:
push:
tags:
- 'linux_surface-*'
env:
GPG_KEY_ID: 56C464BAAC421453
jobs:
build:
name: Build Linux kernel package
runs-on: ubuntu-24.04-arm
container: pkgforge/archlinux
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install build dependencies
run: |
# Install makepkg deps
pacman --noconfirm -Syu
pacman --noconfirm -S sudo binutils fakeroot base-devel git \
xmlto docbook-xsl kmod inetutils bc dtc \
python
# Fix permissions (can't makepkg as root)
echo "nobody ALL=(ALL) NOPASSWD: /usr/bin/pacman" >> /etc/sudoers
- name: Build Package
run: |
cd linux-surface
# Fix permissions (can't makepkg as root)
chown -R nobody .
# Package compression settings (Matches latest Arch)
export PKGEXT='.pkg.tar.zst'
export COMPRESSZST=(zstd -c -T0 --ultra -20 -)
export MAKEFLAGS="-j2"
# Build
runuser -u nobody -- makepkg -f --syncdeps --skippgpcheck --noconfirm
- name: Prepare release
run: |
mkdir release
mv linux-surface/*.pkg.tar.zst release
- name: Sign packages
env:
GPG_KEY: ${{ secrets.LINUX_SURFACE_GPG_KEY }}
run: |
cd release
# import GPG key
echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
export GPG_TTY=$(tty)
# sign packages
ls *.pkg.tar.zst | xargs -L1 gpg --detach-sign --batch --no-tty -u $GPG_KEY_ID
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: linux-surface-aarch64-latest
path: release
release:
name: Publish release
needs: [build]
runs-on: ubuntu-latest
steps:
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: linux-surface-aarch64-latest
path: linux-surface-aarch64-latest
- name: Upload assets
uses: svenstaro/upload-release-action@v2
with:
repo_token: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }}
file: ./*-latest/*
tag: ${{ github.ref }}
overwrite: true
file_glob: true
repo:
name: Update package repository
needs: [release]
runs-on: ubuntu-latest
container: archlinux
steps:
- name: Install dependencies
run: |
pacman -Syu --noconfirm
pacman -S --noconfirm base-devel git
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: linux-surface-aarch64-latest
path: linux-surface-aarch64-latest
- name: Update repository
env:
SURFACEBOT_TOKEN: ${{ secrets.LINUX_SURFACE_BOT_TOKEN }}
BRANCH_STAGING: u/staging
GIT_REF: ${{ github.ref }}
run: |
repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git"
# clone package repository
git clone -b "${BRANCH_STAGING}" "${repo}" repo
# copy packages
mkdir -p repo/arch-aarch64
cp -a linux-surface-aarch64-latest/. repo/arch-aarch64/
cd repo/arch-aarch64
# parse git tag from ref
GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
# convert packages into references
for pkg in $(find . -name '*.pkg.tar.zst'); do
echo "aarch64-packages:$GIT_TAG/$(basename $pkg)" > $pkg.blob
rm $pkg
done
# set git identity
git config --global user.email "surfacebot@users.noreply.github.com"
git config --global user.name "surfacebot"
# commit and push
update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
git switch -c "${update_branch}"
git add .
git commit -m "Update Arch Linux AArch64 kernel"
git push --set-upstream origin "${update_branch}"