vrr/GitComet
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: vrr:main
Branches Tags
vrr:main
vrr:feat/support_aur_repository
vrr:fix/aur-pkgnaming
vrr:feat/flatpak
vrr:v0.1.6
vrr:v0.1.5
vrr:v0.1.4
vrr:v0.1.3
vrr:v0.1.2
vrr:v0.1.1
vrr:v0.1.0
...
pull from: vrr:feat/support_aur_repository
Branches Tags
vrr:feat/support_aur_repository
vrr:main
vrr:fix/aur-pkgnaming
vrr:feat/flatpak
vrr:v0.1.6
vrr:v0.1.5
vrr:v0.1.4
vrr:v0.1.3
vrr:v0.1.2
vrr:v0.1.1
vrr:v0.1.0
Sign in to create a new pull request.

2 commits
main ... feat/suppo

Author SHA1 Message Date
Sampo Kivistö
9ed72648a4
renamed remaining github leftovers 2026-03-19 15:45:32 +02:00
Sampo Kivistö
ca881d005f
feat: push deployments directly to aur repository fixes: https://github.com/Auto-Explore/GitComet/issues/42 2026-03-19 15:39:50 +02:00
5 changed files with 94 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

104
.github/workflows/deploy-aur.yml vendored
View file

@ -1,4 +1,4 @@
name: Deploy AUR Mirror
name: Deploy AUR
on:
workflow_call:
@ -22,7 +22,9 @@ on:
type: boolean
default: false
secrets:
AUR_REPO_TOKEN:
AUR_PRIVATE_SSH_KEY:
required: false
AUR_PRIVATE_SSH_KEY_PASSPHRASE:
required: false
workflow_dispatch:
inputs:
@ -35,12 +37,12 @@ on:
required: false
type: string
aur_repo:
description: "Target GitHub repo in OWNER/REPO form (e.g. Auto-Explore/aur-gitcomet). Defaults to AUR_GITHUB_REPO when omitted."
description: "Defaults to AUR_GIT_REPOSITORY when omitted."
required: false
default: ""
type: string
aur_branch:
description: "Target branch in aur repo. Defaults to AUR_GITHUB_BRANCH when omitted."
description: "Defaults to AUR_GIT_REPOSITORY when omitted."
required: false
default: "main"
type: string
@ -59,7 +61,7 @@ concurrency:
jobs:
deploy:
name: Publish PKGBUILD and .SRCINFO to AUR mirror repo
name: Publish PKGBUILD and .SRCINFO to AUR
runs-on: ubuntu-latest
timeout-minutes: 30
container:
@ -68,7 +70,7 @@ jobs:
- name: Install Arch packaging tooling
run: |
set -euo pipefail
pacman -Sy --noconfirm --needed ca-certificates ca-certificates-utils curl git perl shadow
pacman -Sy --noconfirm --needed ca-certificates ca-certificates-utils curl expect git openssh perl shadow
- uses: actions/checkout@v6
@ -81,10 +83,10 @@ jobs:
DISPATCH_VERSION: ${{ github.event.inputs.version }}
INPUT_AUR_REPO: ${{ inputs.aur_repo }}
DISPATCH_AUR_REPO: ${{ github.event.inputs.aur_repo }}
VAR_AUR_REPO: ${{ vars.AUR_GITHUB_REPO }}
VAR_AUR_REPO: ${{ vars.AUR_GIT_REPOSITORY }}
INPUT_AUR_BRANCH: ${{ inputs.aur_branch }}
DISPATCH_AUR_BRANCH: ${{ github.event.inputs.aur_branch }}
VAR_AUR_BRANCH: ${{ vars.AUR_GITHUB_BRANCH }}
VAR_AUR_BRANCH: ${{ vars.AUR_GIT_BRANCH }}
INPUT_DRY_RUN: ${{ inputs.dry_run }}
DISPATCH_DRY_RUN: ${{ github.event.inputs.dry_run }}
REPO_OWNER: ${{ github.repository_owner }}
@ -132,12 +134,12 @@ jobs:
fi
if ! [[ "$aur_repo" =~ ^[^/]+/[^/]+$ ]]; then
echo "::error title=Invalid AUR repo::aur_repo must be OWNER/REPO."
echo "::error title=Invalid GitHub remote::aur_repo must be OWNER/REPO."
exit 1
fi
if [ -z "$aur_branch" ]; then
echo "::error title=Missing AUR branch::aur_branch must not be empty."
echo "::error title=Missing GitHub branch::aur_branch must not be empty."
exit 1
fi
@ -176,26 +178,15 @@ jobs:
"https://github.com/${GITHUB_REPOSITORY}/archive/refs/tags/${TAG}.tar.gz" \
-o "dist/aur/${source_name}"
- name: Clone AUR mirror repository
- name: Clone AUR repository and configure GitHub remote
env:
AUR_REPO: ${{ steps.norm.outputs.aur_repo }}
AUR_BRANCH: ${{ steps.norm.outputs.aur_branch }}
DRY_RUN: ${{ steps.norm.outputs.dry_run }}
AUR_TOKEN: ${{ secrets.AUR_REPO_TOKEN }}
AUR_PACKAGE: gitcomet
run: |
set -euo pipefail
clone_url="https://github.com/${AUR_REPO}.git"
if [ "$DRY_RUN" != "true" ]; then
if [ -z "${AUR_TOKEN:-}" ]; then
echo "::error title=Missing secret::Set AUR_REPO_TOKEN to push to ${AUR_REPO}."
exit 1
fi
clone_url="https://x-access-token:${AUR_TOKEN}@github.com/${AUR_REPO}.git"
fi
rm -rf aur-repo
git clone --depth 1 --branch "$AUR_BRANCH" --single-branch "$clone_url" aur-repo
git clone --depth 1 "https://aur.archlinux.org/${AUR_PACKAGE}.git" aur-repo
chown -R builder:builder aur-repo dist
- name: Update PKGBUILD and regenerate .SRCINFO
@ -218,8 +209,9 @@ jobs:
echo "### AUR deployment dry run"
echo ""
echo "- Source release: \`${{ steps.norm.outputs.tag }}\`"
echo "- Target repo: \`${{ steps.norm.outputs.aur_repo }}\`"
echo "- Target branch: \`${{ steps.norm.outputs.aur_branch }}\`"
echo "- AUR push remote: \`ssh://aur@aur.archlinux.org/gitcomet.git\`"
echo "- GitHub remote: \`${{ steps.norm.outputs.aur_repo }}\`"
echo "- GitHub branch: \`${{ steps.norm.outputs.aur_branch }}\`"
echo ""
echo "PKGBUILD preview:"
echo '```bash'
@ -232,19 +224,27 @@ jobs:
echo '```'
} >> "$GITHUB_STEP_SUMMARY"
- name: Publish metadata to AUR mirror repo
- name: Publish metadata to AUR
if: ${{ steps.norm.outputs.dry_run != 'true' }}
env:
AUR_BRANCH: ${{ steps.norm.outputs.aur_branch }}
TAG: ${{ steps.norm.outputs.tag }}
AUR_PACKAGE: gitcomet
AUR_PRIVATE_SSH_KEY: ${{ secrets.AUR_PRIVATE_SSH_KEY }}
AUR_PRIVATE_SSH_KEY_PASSPHRASE: ${{ secrets.AUR_PRIVATE_SSH_KEY_PASSPHRASE }}
run: |
set -euo pipefail
if [ -z "${AUR_PRIVATE_SSH_KEY:-}" ] || [ -z "${AUR_PRIVATE_SSH_KEY_PASSPHRASE:-}" ]; then
echo "::error title=Missing secret::Set AUR_PRIVATE_SSH_KEY and AUR_PRIVATE_SSH_KEY_PASSPHRASE to push to AUR."
exit 1
fi
git config --global --add safe.directory "$GITHUB_WORKSPACE/aur-repo"
pushd aur-repo >/dev/null
git add PKGBUILD .SRCINFO
if git diff --cached --quiet -- PKGBUILD .SRCINFO; then
echo "No AUR metadata changes detected; mirror repo is already up to date."
echo "No AUR metadata changes detected; repository is already up to date."
popd >/dev/null
exit 0
fi
@ -252,17 +252,55 @@ jobs:
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git commit -m "gitcomet ${TAG}"
git push origin "HEAD:${AUR_BRANCH}"
install -d -m 700 "$HOME/.ssh"
key_path="$HOME/.ssh/aur"
printf '%s\n' "$AUR_PRIVATE_SSH_KEY" > "$key_path"
chmod 600 "$key_path"
touch "$HOME/.ssh/known_hosts"
chmod 600 "$HOME/.ssh/known_hosts"
ssh-keyscan -H aur.archlinux.org >> "$HOME/.ssh/known_hosts" 2>/dev/null
eval "$(ssh-agent -s)"
cleanup() {
rm -f "$key_path"
if [ -n "${SSH_AGENT_PID:-}" ]; then
ssh-agent -k >/dev/null
fi
}
trap cleanup EXIT
export KEY_PATH="$key_path"
export AUR_PRIVATE_SSH_KEY_PASSPHRASE
expect <<'EOF'
set timeout 30
log_user 0
spawn ssh-add "$env(KEY_PATH)"
expect {
"Enter passphrase for*" {
send -- "$env(AUR_PRIVATE_SSH_KEY_PASSPHRASE)\r"
exp_continue
}
eof
}
catch wait result
exit [lindex $result 3]
EOF
aur_branch="$(git branch --show-current)"
git remote set-url --push origin "ssh://aur@aur.archlinux.org/${AUR_PACKAGE}.git"
git push origin "HEAD:${aur_branch}"
popd >/dev/null
- name: Emit deployment summary
run: |
set -euo pipefail
{
echo "### AUR mirror deployment"
echo "### AUR deployment"
echo ""
echo "- Release: \`${{ steps.norm.outputs.tag }}\`"
echo "- Target repo: \`${{ steps.norm.outputs.aur_repo }}\`"
echo "- Target branch: \`${{ steps.norm.outputs.aur_branch }}\`"
echo "- AUR push remote: \`ssh://aur@aur.archlinux.org/gitcomet.git\`"
echo "- GitHub remote: \`${{ steps.norm.outputs.aur_repo }}\`"
echo "- GitHub branch: \`${{ steps.norm.outputs.aur_branch }}\`"
echo "- Dry run: \`${{ steps.norm.outputs.dry_run }}\`"
} >> "$GITHUB_STEP_SUMMARY"

12
.github/workflows/deployment-ci.yml vendored
View file

@ -65,8 +65,8 @@ jobs:
- name: Validate deployment workflow config keys
run: |
set -euo pipefail
grep -Fq 'vars.AUR_GITHUB_REPO' .github/workflows/release-manual-main.yml
grep -Fq 'vars.AUR_GITHUB_BRANCH' .github/workflows/release-manual-main.yml
grep -Fq 'vars.AUR_GIT_REPOSITORY' .github/workflows/release-manual-main.yml
grep -Fq 'vars.AUR_GIT_BRANCH' .github/workflows/release-manual-main.yml
grep -Fq 'vars.APT_STORAGE_ACCOUNT' .github/workflows/release-manual-main.yml
grep -Fq 'vars.APT_STORAGE_CONTAINER' .github/workflows/release-manual-main.yml
grep -Fq 'vars.APT_REPO_DISTRIBUTION' .github/workflows/release-manual-main.yml
@ -83,9 +83,11 @@ jobs:
grep -Fq 'vars.APT_REPO_LABEL' .github/workflows/deploy-apt-repo.yml
grep -Fq 'vars.APT_REPO_DESCRIPTION' .github/workflows/deploy-apt-repo.yml
grep -Fq 'vars.APT_STORAGE_PUBLIC_ACCESS' .github/workflows/deploy-apt-repo.yml
grep -Fq 'vars.AUR_GITHUB_REPO' .github/workflows/deploy-aur.yml
grep -Fq 'vars.AUR_GITHUB_BRANCH' .github/workflows/deploy-aur.yml
grep -Fq 'AUR_REPO_TOKEN' .github/workflows/deploy-aur.yml
grep -Fq 'vars.AUR_GIT_REPOSITORY' .github/workflows/deploy-aur.yml
grep -Fq 'vars.AUR_GIT_BRANCH' .github/workflows/deploy-aur.yml
grep -Fq 'AUR_PRIVATE_SSH_KEY' .github/workflows/deploy-aur.yml
grep -Fq 'AUR_PRIVATE_SSH_KEY_PASSPHRASE' .github/workflows/deploy-aur.yml
grep -Fq 'ssh://aur@aur.archlinux.org/gitcomet.git' .github/workflows/deploy-aur.yml
grep -Fq 'HOMEBREW_TAP_TOKEN' .github/workflows/deploy-homebrew-tap.yml
- name: Generate Homebrew cask and formula from synthetic artifacts

6
.github/workflows/release-manual-main.yml vendored
View file

@ -188,15 +188,15 @@ jobs:
secrets: inherit
deploy_aur:
name: Deploy AUR mirror metadata
name: Deploy AUR metadata
needs: [validate, build_and_upload, publish_release]
if: ${{ fromJSON(needs.validate.outputs.draft) == false && needs.build_and_upload.result == 'success' }}
uses: ./.github/workflows/deploy-aur.yml
with:
tag: ${{ needs.validate.outputs.tag }}
version: ${{ needs.validate.outputs.version }}
aur_repo: ${{ vars.AUR_GITHUB_REPO }}
aur_branch: ${{ vars.AUR_GITHUB_BRANCH }}
aur_repo: ${{ vars.AUR_GIT_REPOSITORY }}
aur_branch: ${{ vars.AUR_GIT_BRANCH }}
dry_run: false
secrets: inherit

19
CONTRIBUTING.md
View file

@ -108,15 +108,16 @@ This release flow will:
You can also run `.github/workflows/deploy-homebrew-tap.yml` manually for backfills or dry-runs.
### AUR mirror deployment
### AUR deployment
To push `PKGBUILD` and `.SRCINFO` into a GitHub-hosted AUR mirror repo automatically on release:
To push `PKGBUILD` and `.SRCINFO` into the live AUR repository automatically on release:
1. Create the target repository (default expected name: `OWNER/aur-gitcomet`).
1. Ensure the `gitcomet` AUR package repository exists and, if you keep a GitHub mirror, note its `OWNER/REPO`.
2. In this repo, configure:
- secret `AUR_REPO_TOKEN`: GitHub token with `contents:write` access to the AUR mirror repository.
- optional variable `AUR_GITHUB_REPO`: target repository in `OWNER/REPO` form.
- optional variable `AUR_GITHUB_BRANCH`: target branch (default `main`).
- secret `AUR_SSH_PRIVATE_KEY`: the AUR-authorized SSH private key.
- secret `AUR_SSH_PASSPHRASE`: the passphrase for that SSH key.
- optional variable `AUR_GIT_REPOSITORY`: GitHub remote in `OWNER/REPO` form (default: `OWNER/aur-gitcomet`).
- optional variable `AUR_GIT_BRANCH`: GitHub branch for that remote (default `main`).
3. Run `.github/workflows/release-manual-main.yml` with `draft=false`.
This release flow will:
@ -125,6 +126,10 @@ This release flow will:
- update `PKGBUILD` `pkgver` and `sha256sums`
- regenerate `.SRCINFO`
- validate sources with `makepkg --verifysource`
- push the updated metadata into the configured AUR mirror repository
- clone `https://aur.archlinux.org/gitcomet.git`
- configure a `github` remote from `AUR_GIT_REPOSITORY`
- push the updated metadata into AUR over SSH using the configured key
The previous `AUR_REPO_TOKEN` secret is no longer used.
You can also run `.github/workflows/deploy-aur.yml` manually for backfills or dry-runs.

2
scripts/update-aur.sh
View file

@ -10,7 +10,7 @@ Usage: scripts/update-aur.sh \
--source-tar PATH \
[--verify-source]
Updates PKGBUILD metadata for the GitHub-hosted AUR mirror repo, regenerates
Updates PKGBUILD metadata for an AUR package repo checkout, regenerates
.SRCINFO, and optionally verifies the referenced sources with makepkg.
USAGE
}