diff --git a/.github/workflows/deploy-aur.yml b/.github/workflows/deploy-aur.yml index e3cd21e..2fa60c5 100644 --- a/.github/workflows/deploy-aur.yml +++ b/.github/workflows/deploy-aur.yml @@ -1,4 +1,4 @@ -name: Deploy AUR +name: Deploy AUR Mirror on: workflow_call: @@ -22,9 +22,7 @@ on: type: boolean default: false secrets: - AUR_PRIVATE_SSH_KEY: - required: false - AUR_PRIVATE_SSH_KEY_PASSPHRASE: + AUR_REPO_TOKEN: required: false workflow_dispatch: inputs: @@ -37,12 +35,12 @@ on: required: false type: string aur_repo: - description: "Defaults to AUR_GIT_REPOSITORY when omitted." + description: "Target GitHub repo in OWNER/REPO form (e.g. Auto-Explore/aur-gitcomet). Defaults to AUR_GITHUB_REPO when omitted." required: false default: "" type: string aur_branch: - description: "Defaults to AUR_GIT_REPOSITORY when omitted." + description: "Target branch in aur repo. Defaults to AUR_GITHUB_BRANCH when omitted." required: false default: "main" type: string @@ -61,7 +59,7 @@ concurrency: jobs: deploy: - name: Publish PKGBUILD and .SRCINFO to AUR + name: Publish PKGBUILD and .SRCINFO to AUR mirror repo runs-on: ubuntu-latest timeout-minutes: 30 container: @@ -70,7 +68,7 @@ jobs: - name: Install Arch packaging tooling run: | set -euo pipefail - pacman -Sy --noconfirm --needed ca-certificates ca-certificates-utils curl expect git openssh perl shadow + pacman -Sy --noconfirm --needed ca-certificates ca-certificates-utils curl git perl shadow - uses: actions/checkout@v6 @@ -83,10 +81,10 @@ jobs: DISPATCH_VERSION: ${{ github.event.inputs.version }} INPUT_AUR_REPO: ${{ inputs.aur_repo }} DISPATCH_AUR_REPO: ${{ github.event.inputs.aur_repo }} - VAR_AUR_REPO: ${{ vars.AUR_GIT_REPOSITORY }} + VAR_AUR_REPO: ${{ vars.AUR_GITHUB_REPO }} INPUT_AUR_BRANCH: ${{ inputs.aur_branch }} DISPATCH_AUR_BRANCH: ${{ github.event.inputs.aur_branch }} - VAR_AUR_BRANCH: ${{ vars.AUR_GIT_BRANCH }} + VAR_AUR_BRANCH: ${{ vars.AUR_GITHUB_BRANCH }} INPUT_DRY_RUN: ${{ inputs.dry_run }} DISPATCH_DRY_RUN: ${{ github.event.inputs.dry_run }} REPO_OWNER: ${{ github.repository_owner }} @@ -134,12 +132,12 @@ jobs: fi if ! [[ "$aur_repo" =~ ^[^/]+/[^/]+$ ]]; then - echo "::error title=Invalid GitHub remote::aur_repo must be OWNER/REPO." + echo "::error title=Invalid AUR repo::aur_repo must be OWNER/REPO." exit 1 fi if [ -z "$aur_branch" ]; then - echo "::error title=Missing GitHub branch::aur_branch must not be empty." + echo "::error title=Missing AUR branch::aur_branch must not be empty." exit 1 fi @@ -178,15 +176,26 @@ jobs: "https://github.com/${GITHUB_REPOSITORY}/archive/refs/tags/${TAG}.tar.gz" \ -o "dist/aur/${source_name}" - - name: Clone AUR repository and configure GitHub remote + - name: Clone AUR mirror repository env: AUR_REPO: ${{ steps.norm.outputs.aur_repo }} AUR_BRANCH: ${{ steps.norm.outputs.aur_branch }} - AUR_PACKAGE: gitcomet + DRY_RUN: ${{ steps.norm.outputs.dry_run }} + AUR_TOKEN: ${{ secrets.AUR_REPO_TOKEN }} run: | set -euo pipefail + clone_url="https://github.com/${AUR_REPO}.git" + + if [ "$DRY_RUN" != "true" ]; then + if [ -z "${AUR_TOKEN:-}" ]; then + echo "::error title=Missing secret::Set AUR_REPO_TOKEN to push to ${AUR_REPO}." + exit 1 + fi + clone_url="https://x-access-token:${AUR_TOKEN}@github.com/${AUR_REPO}.git" + fi + rm -rf aur-repo - git clone --depth 1 "https://aur.archlinux.org/${AUR_PACKAGE}.git" aur-repo + git clone --depth 1 --branch "$AUR_BRANCH" --single-branch "$clone_url" aur-repo chown -R builder:builder aur-repo dist - name: Update PKGBUILD and regenerate .SRCINFO @@ -209,9 +218,8 @@ jobs: echo "### AUR deployment dry run" echo "" echo "- Source release: \`${{ steps.norm.outputs.tag }}\`" - echo "- AUR push remote: \`ssh://aur@aur.archlinux.org/gitcomet.git\`" - echo "- GitHub remote: \`${{ steps.norm.outputs.aur_repo }}\`" - echo "- GitHub branch: \`${{ steps.norm.outputs.aur_branch }}\`" + echo "- Target repo: \`${{ steps.norm.outputs.aur_repo }}\`" + echo "- Target branch: \`${{ steps.norm.outputs.aur_branch }}\`" echo "" echo "PKGBUILD preview:" echo '```bash' @@ -224,27 +232,19 @@ jobs: echo '```' } >> "$GITHUB_STEP_SUMMARY" - - name: Publish metadata to AUR + - name: Publish metadata to AUR mirror repo if: ${{ steps.norm.outputs.dry_run != 'true' }} env: + AUR_BRANCH: ${{ steps.norm.outputs.aur_branch }} TAG: ${{ steps.norm.outputs.tag }} - AUR_PACKAGE: gitcomet - AUR_PRIVATE_SSH_KEY: ${{ secrets.AUR_PRIVATE_SSH_KEY }} - AUR_PRIVATE_SSH_KEY_PASSPHRASE: ${{ secrets.AUR_PRIVATE_SSH_KEY_PASSPHRASE }} run: | set -euo pipefail - - if [ -z "${AUR_PRIVATE_SSH_KEY:-}" ] || [ -z "${AUR_PRIVATE_SSH_KEY_PASSPHRASE:-}" ]; then - echo "::error title=Missing secret::Set AUR_PRIVATE_SSH_KEY and AUR_PRIVATE_SSH_KEY_PASSPHRASE to push to AUR." - exit 1 - fi - git config --global --add safe.directory "$GITHUB_WORKSPACE/aur-repo" pushd aur-repo >/dev/null git add PKGBUILD .SRCINFO if git diff --cached --quiet -- PKGBUILD .SRCINFO; then - echo "No AUR metadata changes detected; repository is already up to date." + echo "No AUR metadata changes detected; mirror repo is already up to date." popd >/dev/null exit 0 fi @@ -252,55 +252,17 @@ jobs: git config user.name "github-actions[bot]" git config user.email "41898282+github-actions[bot]@users.noreply.github.com" git commit -m "gitcomet ${TAG}" - - install -d -m 700 "$HOME/.ssh" - key_path="$HOME/.ssh/aur" - printf '%s\n' "$AUR_PRIVATE_SSH_KEY" > "$key_path" - chmod 600 "$key_path" - touch "$HOME/.ssh/known_hosts" - chmod 600 "$HOME/.ssh/known_hosts" - ssh-keyscan -H aur.archlinux.org >> "$HOME/.ssh/known_hosts" 2>/dev/null - - eval "$(ssh-agent -s)" - cleanup() { - rm -f "$key_path" - if [ -n "${SSH_AGENT_PID:-}" ]; then - ssh-agent -k >/dev/null - fi - } - trap cleanup EXIT - - export KEY_PATH="$key_path" - export AUR_PRIVATE_SSH_KEY_PASSPHRASE - expect <<'EOF' - set timeout 30 - log_user 0 - spawn ssh-add "$env(KEY_PATH)" - expect { - "Enter passphrase for*" { - send -- "$env(AUR_PRIVATE_SSH_KEY_PASSPHRASE)\r" - exp_continue - } - eof - } - catch wait result - exit [lindex $result 3] - EOF - - aur_branch="$(git branch --show-current)" - git remote set-url --push origin "ssh://aur@aur.archlinux.org/${AUR_PACKAGE}.git" - git push origin "HEAD:${aur_branch}" + git push origin "HEAD:${AUR_BRANCH}" popd >/dev/null - name: Emit deployment summary run: | set -euo pipefail { - echo "### AUR deployment" + echo "### AUR mirror deployment" echo "" echo "- Release: \`${{ steps.norm.outputs.tag }}\`" - echo "- AUR push remote: \`ssh://aur@aur.archlinux.org/gitcomet.git\`" - echo "- GitHub remote: \`${{ steps.norm.outputs.aur_repo }}\`" - echo "- GitHub branch: \`${{ steps.norm.outputs.aur_branch }}\`" + echo "- Target repo: \`${{ steps.norm.outputs.aur_repo }}\`" + echo "- Target branch: \`${{ steps.norm.outputs.aur_branch }}\`" echo "- Dry run: \`${{ steps.norm.outputs.dry_run }}\`" } >> "$GITHUB_STEP_SUMMARY" diff --git a/.github/workflows/deployment-ci.yml b/.github/workflows/deployment-ci.yml index 1540391..f1920da 100644 --- a/.github/workflows/deployment-ci.yml +++ b/.github/workflows/deployment-ci.yml @@ -65,8 +65,8 @@ jobs: - name: Validate deployment workflow config keys run: | set -euo pipefail - grep -Fq 'vars.AUR_GIT_REPOSITORY' .github/workflows/release-manual-main.yml - grep -Fq 'vars.AUR_GIT_BRANCH' .github/workflows/release-manual-main.yml + grep -Fq 'vars.AUR_GITHUB_REPO' .github/workflows/release-manual-main.yml + grep -Fq 'vars.AUR_GITHUB_BRANCH' .github/workflows/release-manual-main.yml grep -Fq 'vars.APT_STORAGE_ACCOUNT' .github/workflows/release-manual-main.yml grep -Fq 'vars.APT_STORAGE_CONTAINER' .github/workflows/release-manual-main.yml grep -Fq 'vars.APT_REPO_DISTRIBUTION' .github/workflows/release-manual-main.yml @@ -83,11 +83,9 @@ jobs: grep -Fq 'vars.APT_REPO_LABEL' .github/workflows/deploy-apt-repo.yml grep -Fq 'vars.APT_REPO_DESCRIPTION' .github/workflows/deploy-apt-repo.yml grep -Fq 'vars.APT_STORAGE_PUBLIC_ACCESS' .github/workflows/deploy-apt-repo.yml - grep -Fq 'vars.AUR_GIT_REPOSITORY' .github/workflows/deploy-aur.yml - grep -Fq 'vars.AUR_GIT_BRANCH' .github/workflows/deploy-aur.yml - grep -Fq 'AUR_PRIVATE_SSH_KEY' .github/workflows/deploy-aur.yml - grep -Fq 'AUR_PRIVATE_SSH_KEY_PASSPHRASE' .github/workflows/deploy-aur.yml - grep -Fq 'ssh://aur@aur.archlinux.org/gitcomet.git' .github/workflows/deploy-aur.yml + grep -Fq 'vars.AUR_GITHUB_REPO' .github/workflows/deploy-aur.yml + grep -Fq 'vars.AUR_GITHUB_BRANCH' .github/workflows/deploy-aur.yml + grep -Fq 'AUR_REPO_TOKEN' .github/workflows/deploy-aur.yml grep -Fq 'HOMEBREW_TAP_TOKEN' .github/workflows/deploy-homebrew-tap.yml - name: Generate Homebrew cask and formula from synthetic artifacts diff --git a/.github/workflows/release-manual-main.yml b/.github/workflows/release-manual-main.yml index 7d7d881..29e7f22 100644 --- a/.github/workflows/release-manual-main.yml +++ b/.github/workflows/release-manual-main.yml @@ -188,15 +188,15 @@ jobs: secrets: inherit deploy_aur: - name: Deploy AUR metadata + name: Deploy AUR mirror metadata needs: [validate, build_and_upload, publish_release] if: ${{ fromJSON(needs.validate.outputs.draft) == false && needs.build_and_upload.result == 'success' }} uses: ./.github/workflows/deploy-aur.yml with: tag: ${{ needs.validate.outputs.tag }} version: ${{ needs.validate.outputs.version }} - aur_repo: ${{ vars.AUR_GIT_REPOSITORY }} - aur_branch: ${{ vars.AUR_GIT_BRANCH }} + aur_repo: ${{ vars.AUR_GITHUB_REPO }} + aur_branch: ${{ vars.AUR_GITHUB_BRANCH }} dry_run: false secrets: inherit diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index efa590a..32937b3 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -108,16 +108,15 @@ This release flow will: You can also run `.github/workflows/deploy-homebrew-tap.yml` manually for backfills or dry-runs. -### AUR deployment +### AUR mirror deployment -To push `PKGBUILD` and `.SRCINFO` into the live AUR repository automatically on release: +To push `PKGBUILD` and `.SRCINFO` into a GitHub-hosted AUR mirror repo automatically on release: -1. Ensure the `gitcomet` AUR package repository exists and, if you keep a GitHub mirror, note its `OWNER/REPO`. +1. Create the target repository (default expected name: `OWNER/aur-gitcomet`). 2. In this repo, configure: - - secret `AUR_SSH_PRIVATE_KEY`: the AUR-authorized SSH private key. - - secret `AUR_SSH_PASSPHRASE`: the passphrase for that SSH key. - - optional variable `AUR_GIT_REPOSITORY`: GitHub remote in `OWNER/REPO` form (default: `OWNER/aur-gitcomet`). - - optional variable `AUR_GIT_BRANCH`: GitHub branch for that remote (default `main`). + - secret `AUR_REPO_TOKEN`: GitHub token with `contents:write` access to the AUR mirror repository. + - optional variable `AUR_GITHUB_REPO`: target repository in `OWNER/REPO` form. + - optional variable `AUR_GITHUB_BRANCH`: target branch (default `main`). 3. Run `.github/workflows/release-manual-main.yml` with `draft=false`. This release flow will: @@ -126,10 +125,6 @@ This release flow will: - update `PKGBUILD` `pkgver` and `sha256sums` - regenerate `.SRCINFO` - validate sources with `makepkg --verifysource` -- clone `https://aur.archlinux.org/gitcomet.git` -- configure a `github` remote from `AUR_GIT_REPOSITORY` -- push the updated metadata into AUR over SSH using the configured key - -The previous `AUR_REPO_TOKEN` secret is no longer used. +- push the updated metadata into the configured AUR mirror repository You can also run `.github/workflows/deploy-aur.yml` manually for backfills or dry-runs. diff --git a/README.md b/README.md index c8c5235..35ec3bd 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,9 @@ [![Discord](https://img.shields.io/badge/Discord-Join%20chat-5865F2?logo=discord&logoColor=white)](https://discord.gg/2ufDGP8RnA) [![Website](https://img.shields.io/badge/Website-gitcomet.dev-0A66C2?logo=googlechrome&logoColor=white)](https://gitcomet.dev) [![AutoExplore](https://img.shields.io/badge/AutoExplore-autoexplore.ai-0B7A75?logo=safari&logoColor=white)](https://autoexplore.ai) +[![license](https://img.shields.io/github/license/Auto-Explore/gitcomet.svg)](LICENSE) +[![latest](https://img.shields.io/github/v/release/Auto-Explore/gitcomet.svg)](https://github.com/Auto-Explore/gitcomet/releases/latest) +[![downloads](https://img.shields.io/github/downloads/Auto-Explore/gitcomet/total)](https://github.com/Auto-Explore/gitcomet/releases) **Fastest Open Source Git GUI** @@ -201,6 +204,10 @@ SourceTree, GitKraken, Zed, GPUI, KDiff3, Meld, Github Desktop, Git, Gix, Rust, This project has been created with the help of AI tools, including OpenAI Codex and Claude Code. +### Star History + +[![Star History Chart](https://api.star-history.com/svg?repos=Auto-Explore/gitcomet&type=Date)](https://star-history.com/#Auto-Explore/gitcomet&Date) + ### License GitComet is licensed under the GNU Affero General Public License Version 3 diff --git a/scripts/update-aur.sh b/scripts/update-aur.sh index 596fcab..85c3a35 100755 --- a/scripts/update-aur.sh +++ b/scripts/update-aur.sh @@ -10,7 +10,7 @@ Usage: scripts/update-aur.sh \ --source-tar PATH \ [--verify-source] -Updates PKGBUILD metadata for an AUR package repo checkout, regenerates +Updates PKGBUILD metadata for the GitHub-hosted AUR mirror repo, regenerates .SRCINFO, and optionally verifies the referenced sources with makepkg. USAGE }