Skip to content
Build AUR Packages

Build AUR Packages #330

Sign in to view logs

Build AUR Packages

Build AUR Packages #330

Workflow file for this run

.github/workflows/build-packages.yml at 1870ac4
name: Build AUR Packages
on:
push:
branches: [ main ]
#pull_request:
# branches: [ main ]
schedule:
- cron: '0 2 * * *'
workflow_dispatch: # Allow manual triggering
# Sets permissions of the GITHUB_TOKEN:
# - contents: read - to checkout repository code
# - pages: write - to deploy to GitHub Pages
# - id-token: write - for GitHub Pages deployment
# - issues: write - to create security notifications for removed packages
permissions:
contents: read
pages: write
id-token: write
issues: write
# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
concurrency:
group: "pages"
cancel-in-progress: false
jobs:
build-packages:
runs-on: ubuntu-latest
container:
image: docker.io/library/archlinux:latest
steps:
- name: Checkout repository
uses: actions/checkout@v5
- name: Update system and install dependencies
run: |
# Update the system
pacman -Syu --noconfirm
# Install required dependencies
pacman -S --noconfirm base-devel pacman-contrib git rsync curl jq python python-requests openssh sudo
# Create a build user (makepkg cannot run as root)
useradd -m -G wheel builduser
echo 'builduser ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
- name: Set up workspace permissions
run: |
# Get the current working directory and set proper ownership
WORKSPACE_DIR=$(pwd)
echo "Workspace directory: $WORKSPACE_DIR"
chown -R builduser:builduser "$WORKSPACE_DIR"
# Verify targets.txt exists
ls -la targets.txt
echo "Target packages to build:"
cat targets.txt
- name: Configure pacman for recursive AUR building
run: |
# Create packages directory if it doesn't exist
WORKSPACE_DIR=$(pwd)
mkdir -p "$WORKSPACE_DIR/packages"
# Add aurdist repository to pacman.conf for recursive building
# This allows packages to depend on other packages we've already built
echo "" >> /etc/pacman.conf
echo "[aurdist]" >> /etc/pacman.conf
echo "SigLevel = Never" >> /etc/pacman.conf
echo "Server = https://aur.mattcompton.dev/" >> /etc/pacman.conf
echo "Server = file://$WORKSPACE_DIR/packages" >> /etc/pacman.conf
echo "Added aurdist repository to pacman.conf:"
tail -n 6 /etc/pacman.conf
pacman -Sy
- name: Configure workspace for remote syncing
run: |
# Create ssh.toml configuration file
WORKSPACE_DIR=$(pwd)
cat > "$WORKSPACE_DIR/ssh.toml" << 'EOF'
[ssh]
# SSH configuration for remote operations
user = "root@h.goober.cloud:/var/www/aur"
port = 2022
strict_host_key_checking = "no"
EOF
echo "Created ssh.toml configuration:"
cat "$WORKSPACE_DIR/ssh.toml"
chown builduser:builduser "$WORKSPACE_DIR/ssh.toml"
# Create .where file for backward compatibility (if needed)
echo "root@h.goober.cloud:/var/www/aur" > "$WORKSPACE_DIR/.where"
echo "Created .where file for remote syncing:"
cat "$WORKSPACE_DIR/.where"
chown builduser:builduser "$WORKSPACE_DIR/.where"
- name: Set up SSH key
run: |
# Create SSH directory for builduser
sudo -u builduser mkdir -p /home/builduser/.ssh
# Set up SSH key from secrets
echo "$SSH_KEY" | sudo -u builduser tee /home/builduser/.ssh/id_rsa > /dev/null
sudo -u builduser chmod 600 /home/builduser/.ssh/id_rsa
# Add the remote host to known_hosts to avoid host key verification
# Port 2022 is configured in ssh.toml
# sudo -u builduser ssh-keyscan -p 2022 h.goober.cloud >> /home/builduser/.ssh/known_hosts 2>/dev/null || true
# sudo -u builduser chmod 644 /home/builduser/.ssh/known_hosts
env:
SSH_KEY: ${{ secrets.SSH_KEY }}
- name: Build AUR packages
id: build_packages
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_REPOSITORY: ${{ github.repository }}
run: |
# Switch to builduser and run the build process with SSH config from ssh.toml
# Pass environment variables securely through sudo
WORKSPACE_DIR=$(pwd)
pacman -Sy
# Capture output and exit code
set +e # Don't exit on error, we want to capture the output
sudo -u builduser \
GITHUB_TOKEN="$GITHUB_TOKEN" \
GITHUB_REPOSITORY="$GITHUB_REPOSITORY" \
bash -c "
cd '$WORKSPACE_DIR'
echo 'Starting AUR package build process using ssh.toml configuration...'
python aurutil.py --remote-dest root@h.goober.cloud:/var/www/aur --debug --no-cleanup
" 2>&1 | tee build_output.log
EXIT_CODE=${PIPESTATUS[0]}
set -e
# Check if there were AUR connectivity errors
if grep -q "AUR CONNECTIVITY ERRORS" build_output.log; then
echo "build_status=aur_connectivity_error" >> $GITHUB_OUTPUT
echo "⚠️ AUR connectivity issues detected - check logs above for details"
elif [ $EXIT_CODE -ne 0 ]; then
echo "build_status=build_failure" >> $GITHUB_OUTPUT
echo "❌ Build failed - check logs above for details"
else
echo "build_status=success" >> $GITHUB_OUTPUT
echo "✅ Build completed successfully"
fi
# Exit with the original exit code
exit $EXIT_CODE
- name: Report AUR connectivity issues
if: steps.build_packages.outputs.build_status == 'aur_connectivity_error'
run: |
echo "::error::AUR connectivity issues detected. The AUR RPC API could not be reached after multiple retry attempts."
echo "::error::This may indicate network connectivity issues or AUR service outages."
echo ""
echo "Failed to connect to AUR RPC API. Details:"
grep -A 20 "AUR CONNECTIVITY ERRORS" build_output.log || echo "See build logs for details"
- name: Verify and create repository database
id: verify_packages
run: |
WORKSPACE_DIR=$(pwd)
# Check if packages directory exists and has packages
if [ -d packages ]; then
echo 'Contents of packages directory:'
ls -la packages/
# Check for package files
if ls packages/*.pkg.tar.zst 1> /dev/null 2>&1; then
echo 'Found package files, creating repository database...'
sudo -u builduser bash -c "
cd '$WORKSPACE_DIR/packages'
repo-add -vn aurdist.db.tar.zst *.pkg.tar.zst
"
echo 'Repository database created successfully'
ls -la packages/aurdist.db*
echo "packages_built=true" >> $GITHUB_OUTPUT
else
echo 'No package files found in packages directory'
echo 'This means all tracked packages are up to date - exiting cleanly'
echo "packages_built=false" >> $GITHUB_OUTPUT
fi
else
echo 'Packages directory not found - this is an error'
exit 1
fi
- name: Create repository archive
if: steps.verify_packages.outputs.packages_built == 'true'
run: |
# Create a compressed archive of the entire packages directory
# This avoids issues with special characters in filenames (like : in repo database files)
sudo -u builduser bash -c "
cd /tmp
tar -czf repo.tar.zst -C '$WORKSPACE_DIR' packages/
mv repo.tar.zst '$WORKSPACE_DIR/'
echo 'Repository archive created:'
ls -la '$WORKSPACE_DIR/repo.tar.zst'
"
env:
WORKSPACE_DIR: ${{ github.workspace }}
- name: Upload packages as artifact
if: steps.verify_packages.outputs.packages_built == 'true'
uses: actions/upload-artifact@v5
with:
name: aurdist-packages
path: repo.tar.zst
retention-days: 30
if-no-files-found: error
- name: Deploy with rsync
if: steps.verify_packages.outputs.packages_built == 'true'
uses: burnett01/rsync-deployments@7.1.0
with:
switches: -avzr
path: packages/
remote_path: /var/www/aur/
remote_host: h.goober.cloud
remote_port: 2022
remote_user: root
remote_key: ${{ secrets.SSH_KEY }}
- name: Clean up old versions on remote
if: steps.verify_packages.outputs.packages_built == 'true'
run: |
WORKSPACE_DIR=$(pwd)
echo 'Cleaning up old package versions from remote repository...'
sudo -u builduser bash -c "
cd '$WORKSPACE_DIR'
python aurutil.py --cleanup-old-versions
"
echo 'Remote cleanup complete - only latest versions of each package remain'