PKGBUILD: Fix hash of ungoogled-chromium release tarball #207
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build for a release | |
on: | |
push: | |
tags: | |
- '*' | |
workflow_dispatch: | |
jobs: | |
push-to-aur: | |
if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout latest commit | |
uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
path: packaging | |
- name: Publish AUR package | |
run: | | |
mkdir -p ~/.ssh/ | |
echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_$SSH_KEY_ALGORITHM | |
sudo chmod 600 ~/.ssh/id_$SSH_KEY_ALGORITHM | |
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts | |
git clone ssh://[email protected]/ungoogled-chromium.git aur-upstream | |
source packaging/PKGBUILD | |
rm -rf packaging/aur | |
rm packaging/README.md | |
mv packaging/* aur-upstream | |
cd aur-upstream | |
# To avoid conflicts with other steps in this job, makepkg for generating .SRCINFO is the only command running in an arch environment | |
docker run --mount type=bind,source=$(pwd)/PKGBUILD,target=/home/build/PKGBUILD --entrypoint sh archlinux -c "pacman -Syu --needed --noconfirm binutils && useradd -m build && chown -R build /home/build && su build -c 'cd && makepkg --printsrcinfo > .SRCINFO'" | |
docker cp $(docker container ls --latest --format '{{.ID}}'):/home/build/.SRCINFO . | |
git config user.name "$GIT_NAME" | |
git config user.email "$GIT_EMAIL" | |
git add . | |
git commit -m "Upgrade to $pkgver-$pkgrel" | |
git push | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }} | |
SSH_KEY_ALGORITHM: ${{ secrets.SSH_KEY_ALGORITHM }} | |
GIT_NAME: ${{ secrets.GIT_NAME }} | |
GIT_EMAIL: ${{ secrets.GIT_EMAIL }} | |
build: | |
runs-on: self-hosted | |
steps: | |
- name: test | |
run: | | |
echo hi | |
build-container: | |
if: ${{ startsWith(github.ref, 'refs/tags/') }} | |
runs-on: ubuntu-latest | |
container: | |
image: archlinux | |
volumes: | |
- /:/host | |
steps: | |
- name: Checkout latest commit | |
uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Install dependencies | |
run: pacman -Syu --needed --noconfirm docker base-devel | |
- name: Free space on runner | |
run: | | |
sudo rm -rf /host/usr/share/dotnet | |
sudo rm -rf /host/usr/local/lib/android | |
sudo rm -rf /host/opt/ghc | |
sudo rm -rf /host/opt/hostedtoolcache/CodeQL | |
sudo docker image prune --all --force | |
- name: Log into registry | |
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
- name: Build container | |
id: build | |
run: | | |
# Add non root user to run makepkg with | |
useradd makepkg --no-create-home | |
chown -R makepkg . | |
echo "::group::Generating source archive..." | |
if [ $(su -c "makepkg --printsrcinfo" makepkg | grep -c "fetch-chromium-release") -eq 0 ]; then | |
SOURCE_TARBALL_URL="$(su -c "makepkg --printsrcinfo" makepkg | grep commondatastorage.googleapis.com | awk '{ print $3 }')" | |
SOURCE_TARBALL_FILENAME="$(echo "$SOURCE_TARBALL_URL" | awk -F'/' '{ print $NF }')" | |
SOURCE_TARBALL_INNER_DIRECTORY_NAME="$(echo "$SOURCE_TARBALL_FILENAME" | sed 's/.tar.xz//')" | |
SOURCE_TARBALL_CHECKSUM="$(su -c "makepkg --printsrcinfo" makepkg | grep sha256sums -m 1 | awk '{ print $3 }')" | |
# Taken from https://github.com/NixOS/nixpkgs/blob/7a14a916f856dc4acda391a9febc3bfb37f2a732/pkgs/applications/networking/browsers/chromium/recompress-tarball.nix#L31-L54 | |
curl "$SOURCE_TARBALL_URL" \ | |
| xz -d --threads=0 \ | |
| tar xf - \ | |
--warning=no-timestamp \ | |
--exclude=third_party/llvm \ | |
--exclude=third_party/rust-src \ | |
--exclude='build/linux/debian_*-sysroot' \ | |
--exclude='*.tar.[a-zA-Z0-9][a-zA-Z0-9]' \ | |
--exclude='*.tar.[a-zA-Z0-9][a-zA-Z0-9][a-zA-Z0-9]' \ | |
--exclude=third_party/llvm-build \ | |
--exclude=third_party/rust-toolchain \ | |
--exclude=third_party/instrumented_libs \ | |
--strip-components=1 \ | |
--one-top-level="$SOURCE_TARBALL_INNER_DIRECTORY_NAME" | |
tar \ | |
--use-compress-program "zstd -T0" \ | |
--sort name \ | |
--mtime "1970-01-01" \ | |
--owner=root --group=root \ | |
--numeric-owner --mode=go=rX,u+rw,a-s \ | |
--remove-files \ | |
-cf "$SOURCE_TARBALL_FILENAME" "$SOURCE_TARBALL_INNER_DIRECTORY_NAME" | |
RECOMPRESSED_TARBALL_CHECKSUM="$(sha256sum "$SOURCE_TARBALL_FILENAME" | awk '{ print $1 }')" | |
sed -i "s/$SOURCE_TARBALL_CHECKSUM/$RECOMPRESSED_TARBALL_CHECKSUM/" PKGBUILD | |
fi | |
# Generate archive with all required sources for the build | |
# This either includes local or downloads files using an url | |
su -c "makepkg --allsource" makepkg | |
echo "::endgroup::" | |
CHROMIUM_VERSION="$(compgen -G "*.src.tar.gz" | grep -Po '([0-9\.]+-[0-9]*)')" | |
REGISTRY="ghcr.io/${{ github.repository_owner }}" | |
NAME="ungoogled-chromium-archlinux" | |
ID="$(echo $REGISTRY/$NAME | tr '[A-Z]' '[a-z]')" | |
REF="$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')" | |
[[ "${{ github.ref }}" == "refs/tags/"* ]] && REF=$(echo $REF | sed -e 's/^v//') | |
[ "$REF" == "master" ] && REF=latest | |
VERSION_TAG="$ID:$CHROMIUM_VERSION" | |
LATEST_TAG="$ID:latest" | |
echo "CHROMIUM_VERSION=$CHROMIUM_VERSION" | |
echo "REGISTRY=$REGISTRY" | |
echo "NAME=$NAME" | |
echo "ID=$ID" | |
echo "REF=$REF" | |
echo "VERSION_TAG=$REF_TAG" | |
echo "LATEST_TAG=$LATEST_TAG" | |
echo "::group::Building container image..." | |
# Build container from source files | |
docker build . \ | |
--file .github/workflows/container/Dockerfile \ | |
--tag "$VERSION_TAG" \ | |
--tag "$LATEST_TAG" | |
# Reduce worker space used | |
rm -rf * | |
echo "::endgroup::" | |
echo "chromium-version=$CHROMIUM_VERSION" >> $GITHUB_OUTPUT | |
echo "version-tag=$VERSION_TAG" >> $GITHUB_OUTPUT | |
echo "latest-tag=$LATEST_TAG" >> $GITHUB_OUTPUT | |
- name: Push image | |
run: | | |
docker push "${{ steps.build.outputs.version-tag }}" | |
docker push "${{ steps.build.outputs.latest-tag }}" | |
outputs: | |
chromium-version: "${{ steps.build.outputs.chromium-version }}" | |
image-tag: "${{ steps.build.outputs.version-tag }}" | |
build-1: | |
runs-on: ubuntu-latest | |
needs: build-container | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Setup Stage | |
run: npm run setup --prefix ./.github/actions/stage | |
- name: Run Stage | |
id: stage | |
uses: ./.github/actions/stage | |
with: | |
chromium-version: "${{ join(needs.*.outputs.chromium-version) }}" | |
use-registry: true | |
registry-token: "${{ secrets.GITHUB_TOKEN }}" | |
image-tag: "${{ join(needs.*.outputs.image-tag) }}" | |
outputs: | |
finished: "${{ steps.stage.outputs.finished }}" | |
chromium-version: "${{ steps.stage.outputs.chromium-version }}" | |
image-tag: "${{ steps.stage.outputs.image-tag }}" | |
build-2: | |
runs-on: ubuntu-latest | |
needs: build-1 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Setup Stage | |
run: npm run setup --prefix ./.github/actions/stage | |
- name: Run Stage | |
id: stage | |
uses: ./.github/actions/stage | |
with: | |
finished: "${{ join(needs.*.outputs.finished) }}" | |
progress-name: build-1 | |
chromium-version: "${{ join(needs.*.outputs.chromium-version) }}" | |
use-registry: true | |
registry-token: "${{ secrets.GITHUB_TOKEN }}" | |
image-tag: "${{ join(needs.*.outputs.image-tag) }}" | |
outputs: | |
finished: "${{ steps.stage.outputs.finished }}" | |
chromium-version: "${{ steps.stage.outputs.chromium-version }}" | |
image-tag: "${{ steps.stage.outputs.image-tag }}" | |
build-3: | |
runs-on: ubuntu-latest | |
needs: build-2 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Setup Stage | |
run: npm run setup --prefix ./.github/actions/stage | |
- name: Run Stage | |
id: stage | |
uses: ./.github/actions/stage | |
with: | |
finished: "${{ join(needs.*.outputs.finished) }}" | |
progress-name: build-2 | |
chromium-version: "${{ join(needs.*.outputs.chromium-version) }}" | |
use-registry: true | |
registry-token: "${{ secrets.GITHUB_TOKEN }}" | |
image-tag: "${{ join(needs.*.outputs.image-tag) }}" | |
outputs: | |
finished: "${{ steps.stage.outputs.finished }}" | |
chromium-version: "${{ steps.stage.outputs.chromium-version }}" | |
image-tag: "${{ steps.stage.outputs.image-tag }}" | |
build-4: | |
runs-on: ubuntu-latest | |
needs: build-3 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Setup Stage | |
run: npm run setup --prefix ./.github/actions/stage | |
- name: Run Stage | |
id: stage | |
uses: ./.github/actions/stage | |
with: | |
finished: "${{ join(needs.*.outputs.finished) }}" | |
progress-name: build-3 | |
chromium-version: "${{ join(needs.*.outputs.chromium-version) }}" | |
use-registry: true | |
registry-token: "${{ secrets.GITHUB_TOKEN }}" | |
image-tag: "${{ join(needs.*.outputs.image-tag) }}" | |
outputs: | |
finished: "${{ steps.stage.outputs.finished }}" | |
chromium-version: "${{ steps.stage.outputs.chromium-version }}" | |
image-tag: "${{ steps.stage.outputs.image-tag }}" | |
build-5: | |
runs-on: ubuntu-latest | |
needs: build-4 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Setup Stage | |
run: npm run setup --prefix ./.github/actions/stage | |
- name: Run Stage | |
id: stage | |
uses: ./.github/actions/stage | |
with: | |
finished: "${{ join(needs.*.outputs.finished) }}" | |
progress-name: build-4 | |
chromium-version: "${{ join(needs.*.outputs.chromium-version) }}" | |
use-registry: true | |
registry-token: "${{ secrets.GITHUB_TOKEN }}" | |
image-tag: "${{ join(needs.*.outputs.image-tag) }}" | |
outputs: | |
finished: "${{ steps.stage.outputs.finished }}" | |
chromium-version: "${{ steps.stage.outputs.chromium-version }}" | |
image-tag: "${{ steps.stage.outputs.image-tag }}" | |
build-6: | |
runs-on: ubuntu-latest | |
needs: build-5 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: Setup Stage | |
run: npm run setup --prefix ./.github/actions/stage | |
- name: Run Stage | |
id: stage | |
uses: ./.github/actions/stage | |
with: | |
finished: "${{ join(needs.*.outputs.finished) }}" | |
progress-name: build-5 | |
chromium-version: "${{ join(needs.*.outputs.chromium-version) }}" | |
use-registry: true | |
registry-token: "${{ secrets.GITHUB_TOKEN }}" | |
image-tag: "${{ join(needs.*.outputs.image-tag) }}" | |
outputs: | |
finished: "${{ steps.stage.outputs.finished }}" | |
chromium-version: "${{ steps.stage.outputs.chromium-version }}" | |
image-tag: "${{ steps.stage.outputs.image-tag }}" | |
publish-release: | |
runs-on: ubuntu-latest | |
needs: build-6 | |
steps: | |
- name: Download package | |
uses: actions/[email protected] | |
with: | |
name: "${{ join(needs.*.outputs.chromium-version) }}" | |
- name: Format GitHub release body | |
run: | | |
echo '```' >> body.md | |
cat sum.txt >> body.md | |
echo '```' >> body.md | |
- name: Publish GitHub release | |
uses: softprops/action-gh-release@cd28b0f5ee8571b76cfdaa62a30d51d752317477 | |
with: | |
name: "${{ join(needs.*.outputs.chromium-version) }}" | |
body_path: body.md | |
files: | | |
*.pkg.* | |
sum.txt | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Checkout latest commit | |
uses: actions/checkout@v2 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
path: packaging | |
- name: Publish AUR package | |
run: | | |
mkdir -p ~/.ssh/ | |
echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_$SSH_KEY_ALGORITHM | |
sudo chmod 600 ~/.ssh/id_$SSH_KEY_ALGORITHM | |
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts | |
git clone ssh://[email protected]/ungoogled-chromium-bin.git aur-upstream | |
source packaging/PKGBUILD | |
CHECKSUM=($(sha256sum ungoogled-chromium-$pkgver-$pkgrel-x86_64.pkg.tar.zst | head -c 64)) | |
sed -i "s/--pkgver--/$pkgver/g" packaging/aur/PKGBUILD | |
sed -i "s/--pkgrel--/$pkgrel/g" packaging/aur/PKGBUILD | |
sed -i "s/--checksum--/$CHECKSUM/g" packaging/aur/PKGBUILD | |
mv packaging/aur/PKGBUILD aur-upstream/PKGBUILD | |
cd aur-upstream | |
# To avoid conflicts with other steps in this job, makepkg for generating .SRCINFO is the only command running in an arch environment | |
docker run --mount type=bind,source=$(pwd)/PKGBUILD,target=/home/build/PKGBUILD --entrypoint sh archlinux -c "pacman -Syu --needed --noconfirm binutils && useradd -m build && chown -R build /home/build && su build -c 'cd && makepkg --printsrcinfo > .SRCINFO'" | |
docker cp $(docker container ls --latest --format '{{.ID}}'):/home/build/.SRCINFO . | |
git config user.name "$GIT_NAME" | |
git config user.email "$GIT_EMAIL" | |
git add PKGBUILD .SRCINFO | |
git commit PKGBUILD .SRCINFO -m "Upgrade to $pkgver-$pkgrel" | |
git push | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }} | |
SSH_KEY_ALGORITHM: ${{ secrets.SSH_KEY_ALGORITHM }} | |
GIT_NAME: ${{ secrets.GIT_NAME }} | |
GIT_EMAIL: ${{ secrets.GIT_EMAIL }} | |
CHECKSUM: ${{ steps.aur-archive.outputs.checksum }} |