-
Notifications
You must be signed in to change notification settings - Fork 24
/
entrypoint.sh
executable file
·94 lines (73 loc) · 2.49 KB
/
entrypoint.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
#!/bin/bash
# fail whole script if any command fails
set -e
DEBUG=$4
if [[ -n $DEBUG && $DEBUG = true ]]; then
set -x
fi
target=$1
pkgname=$2
command=$3
# assumes that package files are in a subdirectory
# of the same name as "pkgname", so this works well
# with "aurpublish" tool
pkgbuild_dir=$(readlink "$pkgname" -f) # nicely cleans up path, ie. ///dsq/dqsdsq/my-package//// -> /dsq/dqsdsq/my-package
if [[ ! -d $pkgbuild_dir ]]; then
echo "$pkgbuild_dir should be a directory."
exit 1
fi
if [[ ! -e $pkgbuild_dir/PKGBUILD ]]; then
echo "$pkgbuild_dir does not contain a PKGBUILD file."
exit 1
fi
if [[ ! -e $pkgbuild_dir/.SRCINFO ]]; then
echo "$pkgbuild_dir does not contain a .SRCINFO file."
exit 1
fi
getfacl -p -R "$pkgbuild_dir" /github/home > /tmp/arch-pkgbuild-builder-permissions.bak
# '/github/workspace' is mounted as a volume and has owner set to root
# set the owner of $pkgbuild_dir to the 'build' user, so it can access package files.
sudo chown -R build "$pkgbuild_dir"
# needs permissions so '/github/home/.config/yay' is accessible by yay
sudo chown -R build /github/home
# use more reliable keyserver
mkdir -p /github/home/.gnupg/
echo "keyserver hkp://keyserver.ubuntu.com:80" | tee /github/home/.gnupg/gpg.conf
cd "$pkgbuild_dir"
pkgname=$(grep -E 'pkgname' .SRCINFO | sed -e 's/.*= //')
install_deps() {
# install all package dependencies
grep -E 'depends =' .SRCINFO | \
sed -e 's/.*depends = //' -e 's/:.*//' | \
xargs yay -S --noconfirm --needed
}
fetch_gpg_keys() {
awk '/validpgpkeys/ {print $3}' .SRCINFO | \
xargs gpg --keyserver keyserver.ubuntu.com --recv-key
}
case $target in
pkgbuild)
namcap PKGBUILD
install_deps
fetch_gpg_keys
makepkg --syncdeps --noconfirm
# shellcheck disable=SC1091
source /etc/makepkg.conf # get PKGEXT
namcap "${pkgname}"-*"${PKGEXT}"
pacman -Qip "${pkgname}"-*"${PKGEXT}"
pacman -Qlp "${pkgname}"-*"${PKGEXT}"
;;
run)
install_deps
fetch_gpg_keys
makepkg --syncdeps --noconfirm --install
eval "$command"
;;
srcinfo)
makepkg --printsrcinfo | diff --ignore-blank-lines .SRCINFO - || \
{ echo ".SRCINFO is out of sync. Please run 'makepkg --printsrcinfo' and commit the changes."; false; }
;;
*)
echo "Target should be one of 'pkgbuild', 'srcinfo', 'run'" ;;
esac
sudo setfacl --restore=/tmp/arch-pkgbuild-builder-permissions.bak