diff --git a/.env.example b/.env.example deleted file mode 100644 index 9b053e2..0000000 --- a/.env.example +++ /dev/null @@ -1,25 +0,0 @@ -# GitHub credentials -# Personal access token with 'repo' and 'write:packages' scopes -GITHUB_TOKEN=your_github_token_here - -# GitHub repository in the form owner/repo -GITHUB_REPO=Brodino96/webkit2gtk-automator - -# Path to the SSH private key registered on your AUR account -# The key must NOT have a passphrase (or use ssh-agent) -AUR_SSH_KEY_PATH=/run/secrets/aur_id_rsa - -# Name of the AUR binary package to publish to -AUR_PACKAGE_NAME=webkit2gtk-bin - -# AUR maintainer info (used in the generated PKGBUILD) -AUR_MAINTAINER_NAME=Your Name -AUR_MAINTAINER_EMAIL=your@email.com - -# How often to poll the AUR for updates, in seconds (default: 3600 = 1 hour) -POLL_INTERVAL_SECONDS=3600 - -# Number of CPU cores to use for compilation (default: 4) -# This controls both the make -jN parallelism inside the build and the CPU -# cap enforced by Docker on the container. Set it once, it applies everywhere -NPROC=4 diff --git a/.github/workflows/build-release.yml b/.github/workflows/build-release.yml new file mode 100644 index 0000000..30cebdb --- /dev/null +++ b/.github/workflows/build-release.yml @@ -0,0 +1,44 @@ +name: Build and Release + +on: + workflow_dispatch: + inputs: + version: + description: "webkit2gtk version to build (e.g. 1.1.1)" + required: true + type: string + +jobs: + build: + runs-on: ubuntu-latest-64-cores + container: + image: archlinux:latest + + permissions: + contents: write + + steps: + - name: Checkout repository + uses: actions/checkout@v6.0.2 + + - name: Build webkit2gtk package + id: build + run: bash scripts/build-package.sh + + - name: Create GitHub release and upload artifact + id: release + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + bash scripts/create-release.sh \ + "${{ inputs.version }}" \ + "${{ steps.build.outputs.pkg_path }}" + + - name: Update webkit2gtk-bin AUR package + env: + AUR_SSH_KEY: ${{ secrets.AUR_SSH_KEY }} + run: | + bash scripts/update-aur.sh \ + "${{ inputs.version }}" \ + "${{ steps.build.outputs.pkg_path }}" \ + "${{ steps.release.outputs.asset_url }}" diff --git a/.github/workflows/check-version.yml b/.github/workflows/check-version.yml new file mode 100644 index 0000000..83f28a9 --- /dev/null +++ b/.github/workflows/check-version.yml @@ -0,0 +1,32 @@ +name: Version check + +on: + schedule: + - cron: "0 0 * * *" + workflow_dispatch: + +jobs: + check: + runs-on: ubuntu-latest + permissions: + contents: read + actions: write + + steps: + - name: Checkout repository + uses: actions/checkout@v6.0.2 + + - name: Check AUR against release version + id: check + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: bash scripts/check-version.sh + + - name: Trigger build-release workflow + if: steps.check.outputs.trigger_version != '' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh workflow run build-release.yml \ + --repo "${{ github.repository }}" \ + --field version="${{ steps.check.outputs.trigger_version }}" diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index eeb0399..0000000 --- a/Dockerfile +++ /dev/null @@ -1,34 +0,0 @@ -FROM archlinux:latest - -# System update & base tools -RUN pacman -Syu --noconfirm && \ - pacman -S --noconfirm --needed \ - base-devel \ - git \ - sudo \ - curl \ - jq \ - openssh \ - github-cli \ - && pacman -Scc --noconfirm - -# Non-root build user (makepkg refuses to run as root) -RUN useradd -m -G wheel builduser && \ - echo '%wheel ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers - -# SSH config for AUR -RUN mkdir -p /home/builduser/.ssh && \ - printf 'Host aur.archlinux.org\n User aur\n IdentityFile /home/builduser/.ssh/aur_id_rsa\n StrictHostKeyChecking no\n' \ - > /home/builduser/.ssh/config && \ - chown -R builduser:builduser /home/builduser/.ssh && \ - chmod 700 /home/builduser/.ssh && \ - chmod 600 /home/builduser/.ssh/config - -# Allow git to operate on the mounted workspace -RUN git config --system --add safe.directory '*' - -WORKDIR /workspace - -# The entrypoint runs as root, sets up the SSH key, then drops to builduser -# for the polling loop. -ENTRYPOINT ["/workspace/scripts/entrypoint.sh"] diff --git a/docker-compose.yml b/docker-compose.yml deleted file mode 100644 index d14f412..0000000 --- a/docker-compose.yml +++ /dev/null @@ -1,23 +0,0 @@ -services: - builder: - build: - context: . - dockerfile: Dockerfile - image: webkit2gtk-builder - container_name: webkit2gtk-builder - restart: unless-stopped - env_file: - - .env - # NPROC in .env controls both the number of compiler jobs (make -jN) and - # the CPU cap enforced by the kernel. Set it once, it applies everywhere - cpus: '${NPROC:-4}' - mem_limit: 12g - memswap_limit: 12g - volumes: - # Entire project mounted so the container can read/write state, artifacts, - # and the webkit2gtk / webkit2gtk-bin git repos - - .:/workspace - # AUR SSH private key (path set in .env via AUR_SSH_KEY_PATH) - - ${AUR_SSH_KEY_PATH}:/run/secrets/aur_id_rsa:ro - # No ports needed – this is a pure background worker - # Logs are available via: docker compose logs -f diff --git a/scripts/build-package.sh b/scripts/build-package.sh new file mode 100644 index 0000000..273aa5d --- /dev/null +++ b/scripts/build-package.sh @@ -0,0 +1,42 @@ +#!/usr/bin/env bash +set -euo pipefail + +# Setups Arch building environment, clones webkit2gtk from the AUR and builds it +# Outputs the path and filename of the built .pkg.tar.zst to GITHUB_OUTPUT + +BUILD_DIR="/build/webkit2gtk" + +echo "Initializing pacman keyring..." +pacman-key --init +pacman-key --populate archlinux + +echo "Updating system..." +pacman -Syu --noconfirm + +echo "Installing build dependencies..." +pacman -S --noconfirm base-devel git curl jq github-cli + +echo "Creating builduser..." +if ! id builder &>/dev/null; then + useradd -m builder +fi +echo "builder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers + +echo "Cloning webkit2gtk AUR repo..." +git clone https://aur.archlinux.org/webkit2gtk.git "$BUILD_DIR" +chown -R builder:builder "$BUILD_DIR" + +echo "Building package..." +su builder -c "cd $BUILD_DIR && makepkg -s --noconfirm" + +echo "Locating build package..." +PKG_PATH=$(find "$BUILD_DIR" -maxdepth 1 -name "*.pkg.tar.zst" | head -n 1) + +if [ -z "$PKG_PATH" ]; then + echo "ERROR: No .pkg.tar.zst found after build" >&2 + exit 1 +fi + +echo "Build package: $PKG_PATH" +echo "pkg_path=$PKG_PATH" >> "$GITHUB_OUTPUT" +echo "pkg_name=$(basename "$PKG_PATH")" >> "$GITHUB_OUTPUT" \ No newline at end of file diff --git a/scripts/build.sh b/scripts/build.sh deleted file mode 100755 index 5f96727..0000000 --- a/scripts/build.sh +++ /dev/null @@ -1,81 +0,0 @@ -#!/usr/bin/env bash -# build.sh -# Runs INSIDE the Docker container as builduser. -# Builds webkit2gtk from the AUR PKGBUILD and copies the resulting -# .pkg.tar.zst packages to /workspace/state/artifacts/. - -set -euo pipefail - -WORKSPACE=/workspace -SRC_DIR="${WORKSPACE}/webkit2gtk" -ARTIFACTS_DIR="${WORKSPACE}/state/artifacts" - -log() { - echo "[$(date '+%Y-%m-%d %H:%M:%S')] [build] $*" -} - -# Sanity checks -if [[ ! -f "${SRC_DIR}/PKGBUILD" ]]; then - log "ERROR: PKGBUILD not found at ${SRC_DIR}/PKGBUILD" - exit 1 -fi - -mkdir -p "${ARTIFACTS_DIR}" - -# Skip rebuild if artifacts for this version already exist -pkgver=$(bash -c "source ${SRC_DIR}/PKGBUILD; echo \${pkgver}") -pkgrel=$(bash -c "source ${SRC_DIR}/PKGBUILD; echo \${pkgrel}") -existing=$(find "${ARTIFACTS_DIR}" -maxdepth 1 \ - -name "webkit2gtk-${pkgver}-${pkgrel}-*.pkg.tar.zst" \ - ! -name 'webkit2gtk-docs-*' \ - -print | head -n1) - -if [[ -n "${existing}" ]]; then - log "Artifacts for ${pkgver}-${pkgrel} already exist, skipping build" - log "Using cached: $(basename "${existing}")" - exit 0 -fi - -# Clean any leftover build artifacts from a previous run -log "Cleaning previous build artifacts in ${SRC_DIR}" -# makepkg leaves behind src/, pkg/ and the .pkg.tar.zst files -cd "${SRC_DIR}" -rm -rf src/ pkg/ -find . -maxdepth 1 -name '*.pkg.tar.zst' -delete -find . -maxdepth 1 -name '*.pkg.tar.zst.sig' -delete - -# Build -# Use all available cores. MAKEFLAGS is respected by makepkg and passed -# through to cmake/ninja. NPROC can be overridden via the environment. -nproc="${NPROC:-$(nproc)}" -export MAKEFLAGS="-j${nproc}" -log "Building with ${nproc} cores" -log "Running makepkg in ${SRC_DIR}" -# --syncdeps : install missing makedepends automatically -# --noconfirm : do not ask for confirmations -# --clean : clean up src/ and pkg/ after a successful build -# --log : write build log to makepkg-.log -makepkg \ - --syncdeps \ - --noconfirm \ - --log - -# Collect artifacts -log "Collecting built packages" -packages=() -while IFS= read -r -d '' pkg; do - packages+=("${pkg}") -done < <(find "${SRC_DIR}" -maxdepth 1 -name '*.pkg.tar.zst' -print0) - -if [[ ${#packages[@]} -eq 0 ]]; then - log "ERROR: No .pkg.tar.zst files found after build" - exit 1 -fi - -for pkg in "${packages[@]}"; do - log "Copying $(basename "${pkg}") to ${ARTIFACTS_DIR}/" - cp "${pkg}" "${ARTIFACTS_DIR}/" -done - -log "Build complete, artifacts:" -ls -lh "${ARTIFACTS_DIR}"/*.pkg.tar.zst diff --git a/scripts/check-update.sh b/scripts/check-update.sh index a16a48d..527aa3c 100755 --- a/scripts/check-update.sh +++ b/scripts/check-update.sh @@ -1,82 +1,38 @@ #!/usr/bin/env bash -# check-update.sh -# Polls the AUR RPC API for the latest webkit2gtk version. -# If a newer version is detected, runs build.sh then publish.sh directly. -# Called by entrypoint.sh on a loop — runs entirely inside the container. - set -euo pipefail -SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" -ROOT_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)" +# Fetches the latest webkit2gtk version from the AUR and compares with latest Github release +# Outputs the AUR version to GITHUB_OUTPUT if a build should be triggered, otherwiste ouputs an empty string -# Paths -STATE_DIR="${ROOT_DIR}/state" -LAST_VERSION_FILE="${STATE_DIR}/last_version" -mkdir -p "${STATE_DIR}" +REPO="${GITHUB_REPOSITORY}" -# Logging -# Output goes to stdout so docker compose logs picks it up automatically. -log() { - echo "[$(date '+%Y-%m-%d %H:%M:%S')] [check-update] $*" -} +echo "Fetching AUR version..." +AUR_VERSION=$(curl -s "https://aur.archlinux.org/rpc/v5/info/webkit2gtk" \ + | jq -r ".results[0].Version" \ +) -# Fetch latest AUR version -AUR_API_URL="https://aur.archlinux.org/rpc/v5/info/webkit2gtk" - -log "Querying AUR for webkit2gtk" -response=$(curl -fsSL "${AUR_API_URL}") -aur_version=$(echo "${response}" | jq -r '.results[0].Version') - -if [[ -z "${aur_version}" || "${aur_version}" == "null" ]]; then - log "ERROR: Failed to parse version from AUR response: ${response}" +if [ -z "$AUR_VERSION" ] || [ "$AUR_VERSION" = "null" ]; then + echo "ERROR: Could not fetch AUR version" >&2 exit 1 fi -log "AUR version: ${aur_version}" +echo "AUR version: $AUR_VERSION" -# Compare with last built version -last_version="" -if [[ -f "${LAST_VERSION_FILE}" ]]; then - last_version=$(cat "${LAST_VERSION_FILE}") -fi +echo "Fetching latest Github release..." +TAG=$(gh release list \ + --repo "$REPO" \ + --limit 1 \ + --json tagName \ + --jq '.[0].tagName // ""' +) +RELEASE_VERSION="${TAG#v}" -log "Last built version: ${last_version:-}" +echo "Release version: ${RELEASE_VERSION:-"(none)"}" -if [[ "${aur_version}" == "${last_version}" ]]; then - log "Already up to date, nothing to do" - exit 0 -fi - -log "New version detected: ${aur_version} (was: ${last_version:-}), starting build" - -# Update the webkit2gtk AUR clone -WEBKIT2GTK_DIR="${ROOT_DIR}/webkit2gtk" -if [[ -d "${WEBKIT2GTK_DIR}/.git" ]]; then - log "Pulling latest PKGBUILD from AUR" - git -C "${WEBKIT2GTK_DIR}" pull --ff-only +if [ -z "$RELEASE_VERSION" ] || [ "$AUR_VERSION" != "$RELEASE_VERSION" ]; then + echo "Version mismatch or no release found, build required" + echo "trigger_version=$AUR_VERSION" >> "$GITHUB_OUTPUT" else - log "Cloning webkit2gtk from AUR" - git clone https://aur.archlinux.org/webkit2gtk.git "${WEBKIT2GTK_DIR}" -fi - -# Build -log "Running build" -if "${SCRIPT_DIR}/build.sh"; then - log "Build succeeded" -else - log "ERROR: Build failed, aborting" - exit 1 -fi - -# Publish -log "Running publish" -if "${SCRIPT_DIR}/publish.sh"; then - log "Publish succeeded" -else - log "ERROR: Publish failed, exit code: $?" - exit 1 -fi - -# Record new version -echo "${aur_version}" > "${LAST_VERSION_FILE}" -log "Updated last_version to ${aur_version}, done" + echo "Version match, no build required" + echo "trigger_version=" >> "$GITHUB_OUTPUT" +fi \ No newline at end of file diff --git a/scripts/create-release.sh b/scripts/create-release.sh new file mode 100644 index 0000000..a144287 --- /dev/null +++ b/scripts/create-release.sh @@ -0,0 +1,36 @@ +#!/usr/bin/env bash +set -euo pipefail + +# Creates a Github release for the given version and uploads the built .pkg.tar.zst artifact +# Outputs asset download URL to GITHUB_OUTPUT + +VERSION="${1:?Usage: create-release.sh }" +PKG_PATH="${2:?Usage: create-release.sh }" +REPO="${GITHUB_REPOSITORY}" + +if [ ! -f "$PKG_PATH" ]; then + echo "ERROR: Package file not found at $PKG_PATH" >&2 + exit 1 +fi + +echo "Creating Github release v${VERSION}..." +gh release create "v${VERSION}" \ + --repo "$REPO" \ + --title "v${VERSION}" \ + --notes "Automated build of webkit2gtk v${VERSION} from AUR" \ + "$PKG_PATH" + +echo "Fetching asset URL..." +ASSET_URL=$(gh release view "v${VERSION}" \ + --repo "$REPO" \ + --json assets \ + --jq '.assets[] | select(.name | endswith(".pkg.tar.zst")) | .url' +) + +if [ -z "$ASSET_URL" ]; then + echo "ERROR: Could not retrieve asset URL after upload" >&2 + exit 1 +fi + +echo "Asset URL: $ASSET_URL" +echo "asset_url=$ASSET_URL" >> "$GITHUB_OUTPUT" \ No newline at end of file diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh deleted file mode 100755 index f589813..0000000 --- a/scripts/entrypoint.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/env bash -# entrypoint.sh -# Container entry point. Runs as root, sets up the SSH key and git identity -# for builduser, then drops to builduser and starts the polling loop. -# -# The loop runs check-update.sh every POLL_INTERVAL_SECONDS (default: 3600). -# All output goes to stdout/stderr so 'docker compose logs -f' works naturally. - -set -euo pipefail - -# Load .env so all variables are available both here (root) and in child -# processes running as builduser. Docker's env_file only sets variables for -# the initial process; sudo drops them by default. -if [[ -f /workspace/.env ]]; then - set -a - # shellcheck source=/dev/null - source /workspace/.env - set +a -fi - -POLL_INTERVAL_SECONDS="${POLL_INTERVAL_SECONDS:-3600}" - -# Set up AUR SSH key -SSH_DIR=/home/builduser/.ssh -KEY_SRC=/run/secrets/aur_id_rsa -KEY_DST="${SSH_DIR}/aur_id_rsa" - -if [[ -f "${KEY_SRC}" ]]; then - cp "${KEY_SRC}" "${KEY_DST}" - chown builduser:builduser "${KEY_DST}" - chmod 600 "${KEY_DST}" - echo "[entrypoint] AUR SSH key installed" -else - echo "[entrypoint] WARNING: AUR SSH key not found at ${KEY_SRC}, publishing to AUR will fail" >&2 -fi - -# Set git identity for builduser -sudo -u builduser HOME=/home/builduser git config --global user.name "${AUR_MAINTAINER_NAME:-webkit2gtk-automator}" -sudo -u builduser HOME=/home/builduser git config --global user.email "${AUR_MAINTAINER_EMAIL:-noreply@localhost}" - -# Import WebKitGTK PGP signing keys into builduser's keyring -# makepkg verifies the source tarball signature against these keys. -# Try the bundled local keys first (no network needed), then fall back to keyservers. -echo "[entrypoint] Importing WebKitGTK PGP signing keys" -if ls /workspace/webkit2gtk/keys/pgp/*.asc &>/dev/null; then - sudo -u builduser HOME=/home/builduser gpg --import /workspace/webkit2gtk/keys/pgp/*.asc - echo "[entrypoint] PGP keys imported from local bundle" -else - sudo -u builduser HOME=/home/builduser gpg --keyserver keyserver.ubuntu.com --recv-keys \ - 5AA3BC334FD7E3369E7C77B291C559DBE4C9123B \ - 013A0127AC9C65B34FFA62526C1009B693975393 || \ - sudo -u builduser HOME=/home/builduser gpg --keyserver hkps://keys.openpgp.org --recv-keys \ - 5AA3BC334FD7E3369E7C77B291C559DBE4C9123B \ - 013A0127AC9C65B34FFA62526C1009B693975393 - echo "[entrypoint] PGP keys imported from keyserver" -fi - -# Drop to builduser and start the polling loop -echo "[entrypoint] Starting polling loop, interval: ${POLL_INTERVAL_SECONDS}s" -exec sudo -u builduser --preserve-env HOME=/home/builduser bash -c ' - set -euo pipefail - POLL_INTERVAL_SECONDS="'"${POLL_INTERVAL_SECONDS}"'" - NPROC="'"${NPROC:-}"'" - [[ -n "${NPROC}" ]] && export NPROC - while true; do - /workspace/scripts/check-update.sh - echo "[entrypoint] Sleeping for ${POLL_INTERVAL_SECONDS}s" - sleep "${POLL_INTERVAL_SECONDS}" - done -' diff --git a/scripts/publish.sh b/scripts/publish.sh deleted file mode 100755 index 2e4ea28..0000000 --- a/scripts/publish.sh +++ /dev/null @@ -1,238 +0,0 @@ -#!/usr/bin/env bash -# publish.sh -# Runs INSIDE the Docker container as builduser. -# -# Steps: -# 1. Find the built webkit2gtk .pkg.tar.zst in state/artifacts/ -# 2. Upload it to a GitHub Release (creates the release if needed) -# 3. Update webkit2gtk-bin/PKGBUILD with the new version, URL and sha256sum -# 4. Regenerate webkit2gtk-bin/.SRCINFO -# 5. Commit and push webkit2gtk-bin/ to the AUR - -set -euo pipefail - -WORKSPACE=/workspace -ARTIFACTS_DIR="${WORKSPACE}/state/artifacts" -BIN_PKG_DIR="${WORKSPACE}/webkit2gtk-bin" -SRC_PKGBUILD="${WORKSPACE}/webkit2gtk/PKGBUILD" - -log() { - echo "[$(date '+%Y-%m-%d %H:%M:%S')] [publish] $*" -} - -die() { - log "ERROR: $*" >&2 - exit 1 -} - -# Validate required env vars -: "${GITHUB_TOKEN:?GITHUB_TOKEN is not set}" -: "${GITHUB_REPO:?GITHUB_REPO is not set}" -: "${AUR_PACKAGE_NAME:?AUR_PACKAGE_NAME is not set}" -: "${AUR_MAINTAINER_NAME:?AUR_MAINTAINER_NAME is not set}" -: "${AUR_MAINTAINER_EMAIL:?AUR_MAINTAINER_EMAIL is not set}" - -# Authenticate gh CLI -# GITHUB_TOKEN is already in the environment and picked up by gh automatically - -# Find the main webkit2gtk package only (exclude -docs and -debug variants) -log "Looking for built package in ${ARTIFACTS_DIR}" -pkgver=$(bash -c "source ${SRC_PKGBUILD}; echo \${pkgver}") -pkgrel=$(bash -c "source ${SRC_PKGBUILD}; echo \${pkgrel}") -full_version="${pkgver}-${pkgrel}" -log "Package version: ${full_version}" - -pkg_file="${ARTIFACTS_DIR}/webkit2gtk-${pkgver}-${pkgrel}-x86_64.pkg.tar.zst" -[[ -f "${pkg_file}" ]] || die "Expected artifact not found: ${pkg_file}" -log "Found package: ${pkg_file}" -# Compute sha256sum of the artifact -sha256=$(sha256sum "${pkg_file}" | awk '{print $1}') -log "sha256sum: ${sha256}" -pkg_filename=$(basename "${pkg_file}") - -# Upload to GitHub Releases -release_tag="v${full_version}" -release_title="webkit2gtk ${full_version}" - -log "Creating/updating GitHub release ${release_tag}" - -# Create the release if it doesn't exist -if gh release view "${release_tag}" --repo "${GITHUB_REPO}" &>/dev/null; then - log "Release ${release_tag} already exists, proceeding to upload asset" -else - log "Creating GitHub release ${release_tag}" - gh release create "${release_tag}" \ - --repo "${GITHUB_REPO}" \ - --title "${release_title}" \ - --notes "Automated build of webkit2gtk ${full_version}" -fi - -# Upload the package (--clobber overwrites an existing asset with the same name) -log "Uploading ${pkg_filename} to release ${release_tag}" -gh release upload "${release_tag}" \ - --repo "${GITHUB_REPO}" \ - --clobber \ - "${pkg_file}" - -# Build the public download URL -download_url="https://github.com/${GITHUB_REPO}/releases/download/${release_tag}/${pkg_filename}" -log "Download URL: ${download_url}" -# Ensure webkit2gtk-bin AUR clone exists -AUR_REMOTE="ssh://aur@aur.archlinux.org/${AUR_PACKAGE_NAME}.git" - -if [[ ! -d "${BIN_PKG_DIR}/.git" ]]; then - log "Cloning ${AUR_PACKAGE_NAME} from AUR" - git clone "${AUR_REMOTE}" "${BIN_PKG_DIR}" -else - log "Pulling latest ${AUR_PACKAGE_NAME} from AUR" - git -C "${BIN_PKG_DIR}" pull --ff-only -fi - -# Generate PKGBUILD -log "Generating PKGBUILD for ${AUR_PACKAGE_NAME}" - -# Read the full depends array from the source PKGBUILD to keep them in sync -depends_block=$(bash -c " - source ${SRC_PKGBUILD} - for d in \"\${depends[@]}\"; do printf ' %s\n' \"\$d\"; done -") -provides_block=$(bash -c " - source ${SRC_PKGBUILD} - # package_webkit2gtk() sets provides; source the function then call it in a subshell - # Simpler: hardcode from .SRCINFO since provides is stable - echo ' libjavascriptcoregtk-4.0.so' - echo ' libwebkit2gtk-4.0.so' - echo ' webkit2gtk' -") - -cat > "${BIN_PKG_DIR}/PKGBUILD" < -# Automated binary repackaging of webkit2gtk built from AUR sources. -# Source: https://github.com/${GITHUB_REPO} - -pkgname=${AUR_PACKAGE_NAME} -pkgver=${pkgver} -pkgrel=${pkgrel} -pkgdesc="Web content engine for GTK (prebuilt binary)" -url="https://webkitgtk.org" -arch=(x86_64) -license=( - 'AFL-2.0 OR GPL-2.0-or-later' - Apache-2.0 - 'Apache-2.0 WITH LLVM-exception' - BSD-2-Clause - BSD-2-Clause-Views - BSD-3-Clause - BSD-Source-Code - BSL-1.0 - bzip2-1.0.6 - GPL-2.0-only - 'GPL-3.0-only WITH Autoconf-exception-3.0' - 'GPL-3.0-or-later WITH Bison-exception-2.2' - ICU - ISC - LGPL-2.1-only - LGPL-2.1-or-later - MIT - MPL-1.1 - MPL-2.0 - NCSA - 'NCSA OR MIT' - OFL-1.1 - SunPro - Unicode-TOU -) -depends=( - at-spi2-core - atk - bubblewrap - cairo - enchant - expat - fontconfig - freetype2 - gdk-pixbuf2 - glib2 - glibc - gst-plugins-bad-libs - gst-plugins-base-libs - gstreamer - gtk3 - harfbuzz - harfbuzz-icu - hyphen - icu - lcms2 - libatomic - libavif - libdrm - libegl - libepoxy - libgcc - libgcrypt - libgl - libgles - libjpeg-turbo - libjxl - libmanette - libpng - libseccomp - libsecret - libsoup - libstdc++ - libsystemd - libtasn1 - libwebp - libx11 - libxml2 - libxslt - mesa - openjpeg2 - pango - sqlite - ttf-font - wayland - woff2 - xdg-dbus-proxy - zlib -) -provides=( - libjavascriptcoregtk-4.0.so - libwebkit2gtk-4.0.so - webkit2gtk -) -conflicts=(webkit2gtk) -source=("${pkg_filename}::${download_url}") -sha256sums=('${sha256}') - -package() { - # The .pkg.tar.zst is a pre-built Arch package. - # bsdtar extracts it; we relocate its contents into \$pkgdir. - cd "\${srcdir}" - bsdtar -xf "${pkg_filename}" -C "\${pkgdir}" - # Remove the embedded .PKGINFO and .MTREE metadata files that - # bsdtar includes – they are not part of the installed file tree. - rm -f "\${pkgdir}"/.PKGINFO "\${pkgdir}"/.MTREE "\${pkgdir}"/.BUILDINFO -} -PKGBUILD - -log "PKGBUILD generated" - -# Generate .SRCINFO -log "Generating .SRCINFO" -cd "${BIN_PKG_DIR}" -makepkg --printsrcinfo > .SRCINFO -log ".SRCINFO generated" - -# Commit and push to AUR -log "Committing changes to AUR" -git -C "${BIN_PKG_DIR}" add PKGBUILD .SRCINFO -git -C "${BIN_PKG_DIR}" commit -m "Update to ${full_version}" || { - log "Nothing to commit, package already at ${full_version}" - exit 0 -} - -log "Pushing to AUR remote (${AUR_REMOTE})" -git -C "${BIN_PKG_DIR}" push origin master - -log "Successfully published ${AUR_PACKAGE_NAME} ${full_version} to AUR" diff --git a/scripts/update-aur.sh b/scripts/update-aur.sh new file mode 100644 index 0000000..fe14741 --- /dev/null +++ b/scripts/update-aur.sh @@ -0,0 +1,46 @@ +#!/usr/bin/env bash +set -euo pipefail + +VERSION="${1:?Usage: update-aur.sh }" +PKG_PATH="${2:?Usage: update-aur.sh }" +ASSET_URL="${3:?Usage: update-aur.sh }" +AUR_DIR="/build/webkit2gtk-bin" + +echo "Configuring AUR SSH key..." +mkdir -p /root/.ssh +echo "${AUR_SSH_KEY:?AUR_SSH_KEY environment variable is not set}" > /root/.ssh/aur +chmod 600 /root/.ssh/aur + +cat >> /root/.ssh/config <> root/.ssh/known_hosts + +echo "Cloning webkit2gtk-bin AUR repo" +git clone ssh://aur@aur.archlinux.org/webkit2gtk-bin.git "$AUR_DIR" + +echo "Hashing artifact..." +SHA256=$(sha256sum "$PKG_PATH" | awk '{print $1}' ) +echo "sha256: $SHA256" + +echo "Updating PKBUILD..." +cd "$AUR_DIR" + +sed -i "s|^pkgver=.*|pkgver=${VERSION}|" PKGBUILD +sed -i "s|^pkgrel=.*|pkgrel=1|" PKGBUILD +sed -i "s|^source=.*|source=(\"${ASSET_URL}\")|" PKGBUILD +sed -i "s|^sha256sums=.*|sha256sums=(\"${SHA256}\")|" PKGBUILDù + +echo "Regenerating .SRCINFO..." +chown -R builder:builder "$AUR_DIR" +su builder -c "cd $AUR_DIR && makepkg --printsrcinfo > .SRCINFO" + +echo "Committing and pushing to AUR..." +git config user.name "Brodino" +git config user.email "brodino96@gmail.com" +git add PKGBUILD .SRCINFO +git commit -m "Update to v${VERSION}" +git push \ No newline at end of file