feat: asked claude sonnet 4.6 to rework as github workflow instead of on my machine

.github/workflows/build.yml

@@ -0,0 +1,176 @@
+name: Build and publish webkit2gtk
+
+on:
+  workflow_dispatch:
+    inputs:
+      aur_version:
+        description: 'Full AUR version string to build (e.g. 2.46.3-1)'
+        required: true
+        type: string
+
+jobs:
+  build-and-publish:
+    name: Build webkit2gtk ${{ inputs.aur_version }}
+    runs-on: ubuntu-latest-96-cores
+    container:
+      image: archlinux:latest
+      # Needed so makepkg can use FUSE/user namespaces inside the container
+      options: --privileged
+
+    permissions:
+      contents: write  # create GitHub Releases and upload assets
+
+    env:
+      GITHUB_REPO: ${{ github.repository }}
+      AUR_PACKAGE_NAME: webkit2gtk-bin
+      AUR_MAINTAINER_NAME: ${{ secrets.AUR_MAINTAINER_NAME }}
+      AUR_MAINTAINER_EMAIL: ${{ secrets.AUR_MAINTAINER_EMAIL }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6.0.2
+
+      - name: Install build dependencies
+        run: |
+          pacman -Syu --noconfirm
+          pacman -S --noconfirm --needed \
+            base-devel \
+            git \
+            sudo \
+            curl \
+            jq \
+            openssh \
+            github-cli \
+            clang \
+            cmake \
+            gi-docgen \
+            glib2-devel \
+            gobject-introspection \
+            gperf \
+            gst-plugins-bad \
+            lld \
+            ninja \
+            python \
+            ruby \
+            ruby-stdlib \
+            systemd \
+            unifdef \
+            wayland-protocols \
+            at-spi2-core \
+            atk \
+            bubblewrap \
+            cairo \
+            enchant \
+            expat \
+            fontconfig \
+            freetype2 \
+            gdk-pixbuf2 \
+            glib2 \
+            glibc \
+            gst-plugins-bad-libs \
+            gst-plugins-base-libs \
+            gstreamer \
+            gtk3 \
+            harfbuzz \
+            harfbuzz-icu \
+            hyphen \
+            icu \
+            lcms2 \
+            libatomic \
+            libavif \
+            libdrm \
+            libegl \
+            libepoxy \
+            libgcrypt \
+            libgl \
+            libjpeg-turbo \
+            libjxl \
+            libmanette \
+            libpng \
+            libseccomp \
+            libsecret \
+            libsoup \
+            libsystemd \
+            libtasn1 \
+            libwebp \
+            libx11 \
+            libxml2 \
+            libxslt \
+            mesa \
+            openjpeg2 \
+            pango \
+            sqlite \
+            ttf-dejavu \
+            wayland \
+            woff2 \
+            xdg-dbus-proxy \
+            zlib
+
+      - name: Create builduser (makepkg refuses to run as root)
+        run: |
+          useradd -m -G wheel builduser
+          echo '%wheel ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
+          # Allow builduser to write to the workspace
+          chown -R builduser:builduser "$GITHUB_WORKSPACE"
+          git config --system --add safe.directory '*'
+
+      - name: Set up AUR SSH key
+        env:
+          AUR_SSH_KEY: ${{ secrets.AUR_SSH_KEY }}
+        run: |
+          SSH_DIR=/home/builduser/.ssh
+          mkdir -p "${SSH_DIR}"
+          printf '%s\n' "${AUR_SSH_KEY}" > "${SSH_DIR}/aur_id_rsa"
+          chown -R builduser:builduser "${SSH_DIR}"
+          chmod 700 "${SSH_DIR}"
+          chmod 600 "${SSH_DIR}/aur_id_rsa"
+          printf 'Host aur.archlinux.org\n  User aur\n  IdentityFile /home/builduser/.ssh/aur_id_rsa\n  StrictHostKeyChecking no\n' \
+            > "${SSH_DIR}/config"
+          chmod 600 "${SSH_DIR}/config"
+
+      - name: Configure git identity for builduser
+        run: |
+          sudo -u builduser HOME=/home/builduser git config --global user.name  "${AUR_MAINTAINER_NAME}"
+          sudo -u builduser HOME=/home/builduser git config --global user.email "${AUR_MAINTAINER_EMAIL}"
+
+      - name: Import WebKitGTK PGP signing keys
+        run: |
+          sudo -u builduser HOME=/home/builduser gpg \
+            --keyserver keyserver.ubuntu.com \
+            --recv-keys \
+              5AA3BC334FD7E3369E7C77B291C559DBE4C9123B \
+              013A0127AC9C65B34FFA62526C1009B693975393 || \
+          sudo -u builduser HOME=/home/builduser gpg \
+            --keyserver hkps://keys.openpgp.org \
+            --recv-keys \
+              5AA3BC334FD7E3369E7C77B291C559DBE4C9123B \
+              013A0127AC9C65B34FFA62526C1009B693975393
+
+      - name: Clone webkit2gtk from AUR
+        run: |
+          sudo -u builduser HOME=/home/builduser \
+            git clone https://aur.archlinux.org/webkit2gtk.git "${GITHUB_WORKSPACE}/webkit2gtk"
+
+      - name: Build webkit2gtk
+        env:
+          NPROC: 96
+        run: |
+          sudo -u builduser \
+            HOME=/home/builduser \
+            GITHUB_WORKSPACE="${GITHUB_WORKSPACE}" \
+            NPROC="${NPROC}" \
+            bash "${GITHUB_WORKSPACE}/scripts/build.sh"
+
+      - name: Publish to GitHub Releases and AUR
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          sudo -u builduser \
+            HOME=/home/builduser \
+            GITHUB_WORKSPACE="${GITHUB_WORKSPACE}" \
+            GITHUB_TOKEN="${GITHUB_TOKEN}" \
+            GITHUB_REPO="${GITHUB_REPO}" \
+            AUR_PACKAGE_NAME="${AUR_PACKAGE_NAME}" \
+            AUR_MAINTAINER_NAME="${AUR_MAINTAINER_NAME}" \
+            AUR_MAINTAINER_EMAIL="${AUR_MAINTAINER_EMAIL}" \
+            bash "${GITHUB_WORKSPACE}/scripts/publish.sh"

.github/workflows/check.yml

@@ -0,0 +1,66 @@
+name: Check for webkit2gtk update
+
+on:
+  # schedule:
+    # Run every hour
+    # - cron: '0 * * * *'
+  workflow_dispatch:
+
+jobs:
+  check:
+    name: Poll AUR for new version
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      actions: write   # required to trigger workflow_dispatch on build.yml
+
+    steps:
+      - name: Fetch latest AUR version
+        id: aur
+        run: |
+          response=$(curl -fsSL "https://aur.archlinux.org/rpc/v5/info/webkit2gtk")
+          aur_version=$(echo "${response}" | jq -r '.results[0].Version')
+          if [[ -z "${aur_version}" || "${aur_version}" == "null" ]]; then
+            echo "ERROR: Failed to parse version from AUR response: ${response}" >&2
+            exit 1
+          fi
+          echo "AUR version: ${aur_version}"
+          echo "version=${aur_version}" >> "$GITHUB_OUTPUT"
+
+      - name: Fetch last published version from GitHub Releases
+        id: last
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          # Get the tag of the latest release; strip the leading 'v'
+          tag=$(gh release list \
+            --repo "${{ github.repository }}" \
+            --limit 1 \
+            --json tagName \
+            --jq '.[0].tagName // ""')
+          last_version="${tag#v}"
+          echo "Last published version: ${last_version:-<none>}"
+          echo "version=${last_version}" >> "$GITHUB_OUTPUT"
+
+      - name: Decide whether to build
+        id: decision
+        run: |
+          aur="${{ steps.aur.outputs.version }}"
+          last="${{ steps.last.outputs.version }}"
+          if [[ "${aur}" == "${last}" ]]; then
+            echo "Already up to date (${aur}), nothing to do"
+            echo "should_build=false" >> "$GITHUB_OUTPUT"
+          else
+            echo "New version detected: ${aur} (was: ${last:-<none>})"
+            echo "should_build=true" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Trigger build workflow
+        if: steps.decision.outputs.should_build == 'true'
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          gh workflow run build.yml \
+            --repo "${{ github.repository }}" \
+            --field aur_version="${{ steps.aur.outputs.version }}"
+          echo "Dispatched build.yml for version ${{ steps.aur.outputs.version }}"