From 8ce7671017851276e1fe221d1907a17a4b78e915 Mon Sep 17 00:00:00 2001 From: Simon Weald Date: Sun, 10 Jan 2021 22:08:20 +0000 Subject: [PATCH 1/5] initial commit --- Dockerfile | 9 +++++++++ action.yml | 15 +++++++++++++++ entrypoint.sh | 0 3 files changed, 24 insertions(+) create mode 100644 Dockerfile create mode 100644 action.yml create mode 100644 entrypoint.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..23332fb --- /dev/null +++ b/Dockerfile @@ -0,0 +1,9 @@ +FROM glitchcrab/arch-build-container:latest + +USER root + +COPY entrypoint.sh /entrypoint.sh + +USER notroot + +ENTRYPOINT ["/entrypoint.sh"] diff --git a/action.yml b/action.yml new file mode 100644 index 0000000..cffdfd0 --- /dev/null +++ b/action.yml @@ -0,0 +1,15 @@ +name: 'Build AUR package & push to AUR' +description: 'Build an AUR package, test it and optionally push to the AUR' +branding: + icon: user-check + color: gray-dark +inputs: + push-to-aur: + description: 'Push changes to the AUR' + required: false + default: 'false' +runs: + using: 'docker' + image: 'Dockerfile' + args: + - ${{ inputs.push-to-aur }} diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..e69de29 From 5663c895462f8186fde814228786762d695fe569 Mon Sep 17 00:00:00 2001 From: Simon Weald Date: Sun, 10 Jan 2021 22:16:20 +0000 Subject: [PATCH 2/5] add personal access token to inputs --- action.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/action.yml b/action.yml index cffdfd0..ac02975 100644 --- a/action.yml +++ b/action.yml @@ -1,4 +1,4 @@ -name: 'Build AUR package & push to AUR' +name: 'Build AUR package & push to the AUR' description: 'Build an AUR package, test it and optionally push to the AUR' branding: icon: user-check @@ -8,6 +8,10 @@ inputs: description: 'Push changes to the AUR' required: false default: 'false' + personal-access-token: + description: 'Github access token' + required: false + default: '' runs: using: 'docker' image: 'Dockerfile' From 0a4f262b0464163374282d0c97cf47ad607b9f74 Mon Sep 17 00:00:00 2001 From: Simon Weald Date: Mon, 11 Jan 2021 23:06:53 +0000 Subject: [PATCH 3/5] commit WIP entrypoint.sh --- entrypoint.sh | 130 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) diff --git a/entrypoint.sh b/entrypoint.sh index e69de29..385b55c 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -0,0 +1,130 @@ +#!/usr/bin/env bash + +set -o errexit +set -o nounset +set -o pipefail + +main() { + # sanity check required files + check_requirements + + # pick up variables needed to run + source VARS.env + + # get tag of the latest version + LATEST_TAG=$(get_latest_version "${REPO}") + check_response "${LATEST_TAG}" LATEST_TAG + + # pick up the version of the last package build + source VERSION.env + + ## compare version to version.txt + compare_versions "${CURRENT_VERSION}" "${LATEST_TAG}" + + # get the asset download url + ASSET_URL=$(get_asset_url "${REPO}" "${ASSET_FILE}") + check_response "${ASSET_URL}" ASSET_URL + + # download the asset file + wget "${ASSET_URL}" -O tmp_asset_file + + # sha256sum the asset file + ASSET_SHA=$(sha256sum tmp_asset_file) + check_response "${ASSET_SHA}" ASSET_SHA + + # clone aur repo + if ! git clone "${AUR_REPO}" aur_repo; then + err "failed to clone AUR repo" + fi + + # move into the AUR checkout + cd aur_repo + + ## update pkgbuild with sha256sum and version + ## drop pkgrel if updating version + + #namcap pkgbuild + #build pkg file + #namcap pkg file + #install + #update .SRCINFO + #commit + #push +} + +# helper functions +log() { + level=$1 + shift 1 + date -u +"%Y-%m-%dT%H:%M:%SZ" | tr -d '\n' + echo " [${level}] $@" +} + +info() { + log "INFO" "$@" +} + +err() { + log "ERROR" "$@" + exit 1 +} + +check_requirements() { + # check file containing last bult version number exists + [ -f VERSION.env ] || err "VERSION.env file not found" + + # check the version is in the file + if ! grep -q "CURRENT_VERSION" VERSION.env; then + err "CURRENT_VERSION not found in VERSION.env file" + fi + + # check the vars file exists + [ -f VARS.env ] || err "VARS.ENV file not found" + + # check the vars file contains the requirements + if ! grep -qE 'UPSTREAM|AUR|PKG|STUB' VARS.env; then + err "required variable not set in VARS.env file" + fi +} + +check_response() { + # takes two inputs and calls err() if the variable is empty + # $1 - variable name (for logging) + # $2 - variable value (for checking) + + [ ! -z "${2}" ] || err "${1} is an empty var" +} + +get_latest_version() { + # takes one input and returns tag name for latest release + # $1 - repo in format 'org/repo' + + curl --silent \ + "https://api.github.com/repos/${1}/releases/latest" \ + | jq -r .tag_name +} + +get_asset_url() { + # takes two inputs and returns download URL for asset file + # $1 - repo in format 'org/repo' + # $2 - asset file name stub to match + + curl --silent \ + "https://api.github.com/repos/${1}/releases/latest" \ + | jq -r --arg ASSET_FILE "${2}" \ + '.assets[] | select(.name | contains($ASSET_FILE)) | .browser_download_url' +} + +compare_versions() { + # takes two version strings and compares them (stripping leading 'v' if required) + # $1 - previous package version string + # $2 - latest package version string + + if [[ "${1#v}" == "${2#v}" ]]; then + log "latest upstream version is the same as the current package version, nothing to do" + exit 0 + fi +} + +# run +main "$@" From 784a08a1fe2e5a061d64498b6e2ae341ecd03a47 Mon Sep 17 00:00:00 2001 From: Simon Weald Date: Tue, 12 Jan 2021 10:52:48 +0000 Subject: [PATCH 4/5] rename input and use token if provided --- action.yml | 8 +++++--- entrypoint.sh | 16 ++++++++++++---- 2 files changed, 17 insertions(+), 7 deletions(-) diff --git a/action.yml b/action.yml index ac02975..99bd4bf 100644 --- a/action.yml +++ b/action.yml @@ -8,12 +8,14 @@ inputs: description: 'Push changes to the AUR' required: false default: 'false' - personal-access-token: + github-token: description: 'Github access token' required: false default: '' runs: using: 'docker' image: 'Dockerfile' - args: - - ${{ inputs.push-to-aur }} + entrypoint: '/entrypoint.sh' + env: + PUSH_TO_AUR: ${{ inputs.push-to-aur }} + GITHUB_TOKEN: ${{ inputs.github-token }} diff --git a/entrypoint.sh b/entrypoint.sh index 385b55c..32f4a8d 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -109,10 +109,18 @@ get_asset_url() { # $1 - repo in format 'org/repo' # $2 - asset file name stub to match - curl --silent \ - "https://api.github.com/repos/${1}/releases/latest" \ - | jq -r --arg ASSET_FILE "${2}" \ - '.assets[] | select(.name | contains($ASSET_FILE)) | .browser_download_url' + if [ ! -z "${GITHUB_TOKEN}" ]; then + curl --silent \ + -H "Authorization: token ${GITHUB_TOKEN}" + "https://api.github.com/repos/${1}/releases/latest" \ + | jq -r --arg ASSET_FILE "${2}" \ + '.assets[] | select(.name | contains($ASSET_FILE)) | .browser_download_url' + else + curl --silent \ + "https://api.github.com/repos/${1}/releases/latest" \ + | jq -r --arg ASSET_FILE "${2}" \ + '.assets[] | select(.name | contains($ASSET_FILE)) | .browser_download_url' + fi } compare_versions() { From d17e36a1e66dc92f6cddbabd5a97a84f7d846641 Mon Sep 17 00:00:00 2001 From: Simon Weald Date: Tue, 12 Jan 2021 20:30:17 +0000 Subject: [PATCH 5/5] more changes --- Dockerfile | 3 -- action.yml | 5 ---- entrypoint.sh | 78 +++++++++++++++++++++++++++++++++++++++++---------- 3 files changed, 63 insertions(+), 23 deletions(-) mode change 100644 => 100755 entrypoint.sh diff --git a/Dockerfile b/Dockerfile index 23332fb..8349c36 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,6 @@ FROM glitchcrab/arch-build-container:latest USER root - COPY entrypoint.sh /entrypoint.sh -USER notroot - ENTRYPOINT ["/entrypoint.sh"] diff --git a/action.yml b/action.yml index 99bd4bf..04d1b1d 100644 --- a/action.yml +++ b/action.yml @@ -8,14 +8,9 @@ inputs: description: 'Push changes to the AUR' required: false default: 'false' - github-token: - description: 'Github access token' - required: false - default: '' runs: using: 'docker' image: 'Dockerfile' entrypoint: '/entrypoint.sh' env: PUSH_TO_AUR: ${{ inputs.push-to-aur }} - GITHUB_TOKEN: ${{ inputs.github-token }} diff --git a/entrypoint.sh b/entrypoint.sh old mode 100644 new mode 100755 index 32f4a8d..70860d6 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,18 +1,20 @@ #!/usr/bin/env bash set -o errexit -set -o nounset set -o pipefail main() { # sanity check required files check_requirements + # prep SSH + prepare_ssh + # pick up variables needed to run source VARS.env # get tag of the latest version - LATEST_TAG=$(get_latest_version "${REPO}") + LATEST_TAG=$(get_latest_version "${UPSTREAM_REPO}") check_response "${LATEST_TAG}" LATEST_TAG # pick up the version of the last package build @@ -22,7 +24,7 @@ main() { compare_versions "${CURRENT_VERSION}" "${LATEST_TAG}" # get the asset download url - ASSET_URL=$(get_asset_url "${REPO}" "${ASSET_FILE}") + ASSET_URL=$(get_asset_url "${UPSTREAM_REPO}" "${ASSET_FILE_STUB}") check_response "${ASSET_URL}" ASSET_URL # download the asset file @@ -40,16 +42,43 @@ main() { # move into the AUR checkout cd aur_repo - ## update pkgbuild with sha256sum and version - ## drop pkgrel if updating version + # update pkgbuild with sha256sum and version + sed -i "s/^pkgver.*/pkgver=${LATEST_TAG}/g" PKGBUILD + sed -i "s/^sha256sums.*/sha256sums=('${ASSET_SHA}')/g" PKGBUILD + + # drop pkgrel back to 1 + sed -i "s/^pkgrel.*/pkgrel=1/g" PKGBUILD + + # check pkgbuild with namcap + if ! namcap PKGBUILD ; then + err "PKGBUILD failed namcap check" + fi + + # build package + makepkg + + # check package file with namcap + find -name \*pkg.tar.zst -exec namcap {} \; + + # test installing package + find -name \*pkg.tar.zst -exec pacman -U {} \; + + # update .SRCINFO + makepkg --printsrcinfo > .SRCINFO + + # prepare git config + git config --global user.email "${GIT_EMAIL}" + git config --global user.name "${GIT_USER}" + + if ! git add PKGBUILD .SRCINFO ; then + err "Couldn't add files for committing" + fi - #namcap pkgbuild - #build pkg file - #namcap pkg file - #install - #update .SRCINFO - #commit - #push + git commit -m "bump to ${LATEST_TAG}" + + if ! git push ; then + err "Couldn't push commit to the AUR" + fi } # helper functions @@ -87,12 +116,31 @@ check_requirements() { fi } +prepare_ssh() { + # prepares the container for SSH + + if [ ! -d $HOME/.ssh ] ; then + mkdir -m 0700 $HOME/.ssh + fi + + # pull down the public key(s) from the AUR servers + if ! ssh-keyscan aur.archlinux.org > $HOME/.ssh/known_hosts ; then + err "Couldn't get SSH public key from AUR servers" + fi + + # write the private SSH key out to disk + if [ ! -z "${AUR_SSH_KEY}" ] ; then + echo "${AUR_SSH_KEY}" > $HOME/.ssh/ssh_key + chmod 0400 $HOME/.ssh/ssh_key + fi +} + check_response() { # takes two inputs and calls err() if the variable is empty # $1 - variable name (for logging) # $2 - variable value (for checking) - [ ! -z "${2}" ] || err "${1} is an empty var" + [ ! -z "${1}" ] || err "${2} is an empty var" } get_latest_version() { @@ -109,9 +157,9 @@ get_asset_url() { # $1 - repo in format 'org/repo' # $2 - asset file name stub to match - if [ ! -z "${GITHUB_TOKEN}" ]; then + if [ ! -z "${PERSONAL_ACCESS_TOKEN}" ]; then curl --silent \ - -H "Authorization: token ${GITHUB_TOKEN}" + -H "Authorization: token ${PERSONAL_ACCESS_TOKEN}" "https://api.github.com/repos/${1}/releases/latest" \ | jq -r --arg ASSET_FILE "${2}" \ '.assets[] | select(.name | contains($ASSET_FILE)) | .browser_download_url'