fix(release): now handles different pkgrel

chore(README): updated readme to follow new rework
fix(update aur): typo
2026-05-05 22:29:57 +02:00 · 2026-05-05 19:23:29 +02:00 · 2026-05-05 19:16:52 +02:00 · 2026-05-05 19:09:37 +02:00 · 2026-05-05 19:08:33 +02:00 · 2026-05-05 19:02:03 +02:00
15 changed files with 278 additions and 588 deletions
@@ -1,24 +0,0 @@
 # GitHub credentials
 # Personal access token with 'repo' and 'write:packages' scopes
 GITHUB_TOKEN=your_github_token_here
 # GitHub repository in the form owner/repo
 GITHUB_REPO=Brodino96/webkit2gtk-automator
 # Path to the SSH private key registered on your AUR account
 # The key must NOT have a passphrase (or use ssh-agent)
 AUR_SSH_KEY_PATH=/run/secrets/aur_id_rsa
 # Name of the AUR binary package to publish to
 AUR_PACKAGE_NAME=webkit2gtk-bin
 # AUR maintainer info (used in the generated PKGBUILD)
 AUR_MAINTAINER_NAME=Your Name
 AUR_MAINTAINER_EMAIL=your@email.com
 # How often to poll the AUR for updates, in seconds (default: 3600 = 1 hour)
 POLL_INTERVAL_SECONDS=3600
 # Number of CPU cores to use for compilation (default: all available cores)
 # Reduce this if you want to leave headroom for other processes on the server
 # NPROC=4
@@ -0,0 +1,44 @@
 name: Build and Release
 on:
  workflow_dispatch:
    inputs:
      version:
        description: "webkit2gtk version to build in pkgver-pkgrel format (e.g. 2.46.5-2)"
        required: true
        type: string
 jobs:
  build:
    runs-on: ubuntu-latest-64-cores
    container:
      image: archlinux:latest
    permissions:
      contents: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6.0.2
      - name: Build webkit2gtk package
        id: build
        run: bash scripts/build-package.sh
      - name: Create GitHub release and upload artifact
        id: release
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          bash scripts/create-release.sh \
            "${{ inputs.version }}" \
            "${{ steps.build.outputs.pkg_path }}"
      - name: Update webkit2gtk-bin AUR package
        env:
          AUR_SSH_KEY: ${{ secrets.AUR_SSH_KEY }}
        run: |
          bash scripts/update-aur.sh \
            "${{ inputs.version }}" \
            "${{ steps.build.outputs.pkg_path }}" \
            "${{ steps.release.outputs.asset_url }}"
@@ -0,0 +1,32 @@
 name: Version check
 on:
  schedule:
    - cron: "0 0 * * *"
  workflow_dispatch:
 jobs:
  check:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      actions: write
    steps:
      - name: Checkout repository
        uses: actions/checkout@v6.0.2
      - name: Check AUR against release version
        id: check
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: bash scripts/check-update.sh
      - name: Trigger build-release workflow
        if: steps.check.outputs.trigger_version != ''
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        run: |
          gh workflow run build-release.yml \
            --repo "${{ github.repository }}" \
            --field version="${{ steps.check.outputs.trigger_version }}"
@@ -1,20 +1,26 @@
 # Secrets
 .env
-# Build artifacts
+# Build state — artifacts are large binaries, last_version is runtime state
-state/artifacts/
+state/
 state/build.log
 state/cron.log
-# AUR SSH key (if stored locally)
+# AUR clones — managed at runtime by the container, not part of the repo
 webkit2gtk/
 webkit2gtk-bin/
 # makepkg build leftovers (if they end up in the workspace)
 *.pkg.tar.zst
 *.pkg.tar.zst.sig
 src/
 pkg/
 # AUR SSH keys if stored locally
 *.pem
 *.key
 id_rsa
 id_ed25519
-# Docker
+# Editor
 .docker/
 # Misc
 *.tmp
 *.swp
 *.tmp
 .DS_Store
@@ -1,100 +0,0 @@
 FROM archlinux:latest
 # System update & base tools
 RUN pacman -Syu --noconfirm && \
    pacman -S --noconfirm --needed \
        base-devel \
        git \
        sudo \
        curl \
        jq \
        openssh \
        github-cli \
        # webkit2gtk makedepends
        clang \
        cmake \
        gi-docgen \
        glib2-devel \
        gobject-introspection \
        gperf \
        gst-plugins-bad \
        lld \
        ninja \
        python \
        ruby \
        ruby-stdlib \
        systemd \
        unifdef \
        wayland-protocols \
        # webkit2gtk runtime depends
        at-spi2-core \
        atk \
        bubblewrap \
        cairo \
        enchant \
        expat \
        fontconfig \
        freetype2 \
        gdk-pixbuf2 \
        glib2 \
        glibc \
        gst-plugins-bad-libs \
        gst-plugins-base-libs \
        gstreamer \
        gtk3 \
        harfbuzz \
        harfbuzz-icu \
        hyphen \
        icu \
        lcms2 \
        libatomic \
        libavif \
        libdrm \
        libegl \
        libepoxy \
        libgcrypt \
        libgl \
        libjpeg-turbo \
        libjxl \
        libmanette \
        libpng \
        libseccomp \
        libsecret \
        libsoup \
        libsystemd \
        libtasn1 \
        libwebp \
        libx11 \
        libxml2 \
        libxslt \
        mesa \
        openjpeg2 \
        pango \
        sqlite \
        ttf-dejavu \
        wayland \
        woff2 \
        xdg-dbus-proxy \
        zlib \
    && pacman -Scc --noconfirm
 # Non-root build user (makepkg refuses to run as root)
 RUN useradd -m -G wheel builduser && \
    echo '%wheel ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
 # SSH config for AUR
 RUN mkdir -p /home/builduser/.ssh && \
    printf 'Host aur.archlinux.org\n  User aur\n  IdentityFile /home/builduser/.ssh/aur_id_rsa\n  StrictHostKeyChecking no\n' \
        > /home/builduser/.ssh/config && \
    chown -R builduser:builduser /home/builduser/.ssh && \
    chmod 700 /home/builduser/.ssh && \
    chmod 600 /home/builduser/.ssh/config
 # Allow git to operate on the mounted workspace
 RUN git config --system --add safe.directory '*'
 WORKDIR /workspace
 # The entrypoint runs as root, sets up the SSH key, then drops to builduser
 # for the polling loop.
 ENTRYPOINT ["/workspace/scripts/entrypoint.sh"]
@@ -0,0 +1,33 @@
 # webkit2gtk-automator
 Automated builder and AUR publisher for [webkit2gtk](https://aur.archlinux.org/packages/webkit2gtk), running on GitHub Actions.
 Every day a workflow checks the AUR for a new `webkit2gtk` version. When an update is detected, it triggers a build on a 64 cores runner, compiles the package from source inside an Arch Linux container, publishes the resulting binary as a GitHub Release, and updates the [webkit2gtk-bin](https://aur.archlinux.org/packages/webkit2gtk-bin) AUR package to point to the new artifact.
 ## How it works
 ```
 check-version.yml (runs daily at midnight UTC)
    │
    ├── query AUR RPC API for webkit2gtk version
    ├── query latest GitHub Release tag
    ├── if unchanged -> stop
    └── if newer -> trigger build-release.yml with the new version
        │
        └── build-release.yml (ubuntu-latest-64-cores, archlinux container)
            │
            ├── build-package.sh
            │   ├── pacman -Syu, install base-devel, git, curl, jq, github-cli
            │   ├── clone webkit2gtk from AUR
            │   └── makepkg -s -> .pkg.tar.zst
            │
            ├── create-release.sh
            │   ├── gh release create vX.Y.Z
            │   └── upload .pkg.tar.zst as release asset
            │
            └── update-aur.sh
                ├── clone webkit2gtk-bin AUR repo via SSH
                ├── patch pkgver, source, sha256sums in PKGBUILD
                ├── makepkg --printsrcinfo -> .SRCINFO
                └── git push to AUR
 ```
@@ -1,21 +0,0 @@
 services:
  builder:
    build:
      context: .
      dockerfile: Dockerfile
    image: webkit2gtk-builder
    container_name: webkit2gtk-builder
    restart: unless-stopped
    env_file:
      - .env
    # By default Docker exposes all host CPUs to the container.
    # You can cap it here or set NPROC in .env to limit parallelism at the build level.
    # cpus: '4'
    volumes:
      # Entire project mounted so the container can read/write state, artifacts,
      # and the webkit2gtk / webkit2gtk-bin git repos.
      - .:/workspace
      # AUR SSH private key (path set in .env via AUR_SSH_KEY_PATH)
      - ${AUR_SSH_KEY_PATH}:/run/secrets/aur_id_rsa:ro
    # No ports needed – this is a pure background worker.
    # Logs are available via: docker compose logs -f
@@ -0,0 +1,42 @@
 #!/usr/bin/env bash
 set -euo pipefail
 # Setups Arch building environment, clones webkit2gtk from the AUR and builds it
 # Outputs the path and filename of the built .pkg.tar.zst to GITHUB_OUTPUT
 BUILD_DIR="/build/webkit2gtk"
 echo "Initializing pacman keyring..."
 pacman-key --init
 pacman-key --populate archlinux
 echo "Updating system..."
 pacman -Syu --noconfirm
 echo "Installing build dependencies..."
 pacman -S --noconfirm base-devel git curl jq github-cli
 echo "Creating builduser..."
 if ! id builder &>/dev/null; then
    useradd -m builder
 fi
 echo "builder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
 echo "Cloning webkit2gtk AUR repo..."
 git clone https://aur.archlinux.org/webkit2gtk.git "$BUILD_DIR"
 chown -R builder:builder "$BUILD_DIR"
 echo "Building package..."
 su builder -c "cd $BUILD_DIR && makepkg -s --noconfirm"
 echo "Locating build package..."
 PKG_PATH=$(find "$BUILD_DIR" -maxdepth 1 -name "*.pkg.tar.zst" | head -n 1)
 if [ -z "$PKG_PATH" ]; then
    echo "ERROR: No .pkg.tar.zst found after build" >&2
    exit 1
 fi
 echo "Build package: $PKG_PATH"
 echo "pkg_path=$PKG_PATH" >> "$GITHUB_OUTPUT"
 echo "pkg_name=$(basename "$PKG_PATH")" >> "$GITHUB_OUTPUT"
@@ -1,67 +0,0 @@
 #!/usr/bin/env bash
 # build.sh
 # Runs INSIDE the Docker container as builduser.
 # Builds webkit2gtk from the AUR PKGBUILD and copies the resulting
 # .pkg.tar.zst packages to /workspace/state/artifacts/.
 set -euo pipefail
 WORKSPACE=/workspace
 SRC_DIR="${WORKSPACE}/webkit2gtk"
 ARTIFACTS_DIR="${WORKSPACE}/state/artifacts"
 log() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] [build] $*"
 }
 # Sanity checks
 if [[ ! -f "${SRC_DIR}/PKGBUILD" ]]; then
    log "ERROR: PKGBUILD not found at ${SRC_DIR}/PKGBUILD"
    exit 1
 fi
 mkdir -p "${ARTIFACTS_DIR}"
 # Clean any leftover build artifacts from a previous run
 log "Cleaning previous build artifacts in ${SRC_DIR}"
 # makepkg leaves behind src/, pkg/ and the .pkg.tar.zst files
 cd "${SRC_DIR}"
 rm -rf src/ pkg/
 find . -maxdepth 1 -name '*.pkg.tar.zst' -delete
 find . -maxdepth 1 -name '*.pkg.tar.zst.sig' -delete
 # Build
 # Use all available cores. MAKEFLAGS is respected by makepkg and passed
 # through to cmake/ninja. NPROC can be overridden via the environment.
 nproc="${NPROC:-$(nproc)}"
 export MAKEFLAGS="-j${nproc}"
 log "Building with ${nproc} cores"
 log "Running makepkg in ${SRC_DIR}"
 # --syncdeps  : install missing makedepends automatically
 # --noconfirm : do not ask for confirmations
 # --clean     : clean up src/ and pkg/ after a successful build
 # --log       : write build log to makepkg-<pkgname>.log
 makepkg \
    --syncdeps \
    --noconfirm \
    --log
 # Collect artifacts
 log "Collecting built packages"
 packages=()
 while IFS= read -r -d '' pkg; do
    packages+=("${pkg}")
 done < <(find "${SRC_DIR}" -maxdepth 1 -name '*.pkg.tar.zst' -print0)
 if [[ ${#packages[@]} -eq 0 ]]; then
    log "ERROR: No .pkg.tar.zst files found after build"
    exit 1
 fi
 for pkg in "${packages[@]}"; do
    log "Copying $(basename "${pkg}") to ${ARTIFACTS_DIR}/"
    cp "${pkg}" "${ARTIFACTS_DIR}/"
 done
 log "Build complete, artifacts:"
 ls -lh "${ARTIFACTS_DIR}"/*.pkg.tar.zst
@@ -1,82 +1,38 @@
 #!/usr/bin/env bash
 # check-update.sh
 # Polls the AUR RPC API for the latest webkit2gtk version.
 # If a newer version is detected, runs build.sh then publish.sh directly.
 # Called by entrypoint.sh on a loop — runs entirely inside the container.
 set -euo pipefail
-SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+# Fetches the latest webkit2gtk version from the AUR and compares with latest Github release
-ROOT_DIR="$(cd "${SCRIPT_DIR}/.." && pwd)"
+# Outputs the AUR version to GITHUB_OUTPUT if a build should be triggered, otherwiste ouputs an empty string
-# Paths
+REPO="${GITHUB_REPOSITORY}"
 STATE_DIR="${ROOT_DIR}/state"
 LAST_VERSION_FILE="${STATE_DIR}/last_version"
 mkdir -p "${STATE_DIR}"
-# Logging
+echo "Fetching AUR version..."
-# Output goes to stdout so docker compose logs picks it up automatically.
+AUR_VERSION=$(curl -s "https://aur.archlinux.org/rpc/v5/info/webkit2gtk" \
-log() {
+    | jq -r ".results[0].Version" \
-    echo "[$(date '+%Y-%m-%d %H:%M:%S')] [check-update] $*"
+)
 }
-# Fetch latest AUR version
+if [ -z "$AUR_VERSION" ] || [ "$AUR_VERSION" = "null" ]; then
-AUR_API_URL="https://aur.archlinux.org/rpc/v5/info/webkit2gtk"
+    echo "ERROR: Could not fetch AUR version" >&2
 log "Querying AUR for webkit2gtk"
 response=$(curl -fsSL "${AUR_API_URL}")
 aur_version=$(echo "${response}" | jq -r '.results[0].Version')
 if [[ -z "${aur_version}" || "${aur_version}" == "null" ]]; then
    log "ERROR: Failed to parse version from AUR response: ${response}"
    exit 1
 fi
-log "AUR version: ${aur_version}"
+echo "AUR version: $AUR_VERSION"
-# Compare with last built version
+echo "Fetching latest Github release..."
-last_version=""
+TAG=$(gh release list \
-if [[ -f "${LAST_VERSION_FILE}" ]]; then
+    --repo "$REPO" \
-    last_version=$(cat "${LAST_VERSION_FILE}")
+    --limit 1 \
-fi
+    --json tagName \
    --jq '.[0].tagName // ""'
 )
 RELEASE_VERSION="${TAG#v}"
-log "Last built version: ${last_version:-<none>}"
+echo "Release version: ${RELEASE_VERSION:-"(none)"}"
-if [[ "${aur_version}" == "${last_version}" ]]; then
+if [ -z "$RELEASE_VERSION" ] || [ "$AUR_VERSION" != "$RELEASE_VERSION" ]; then
-    log "Already up to date, nothing to do"
+    echo "Version mismatch or no release found, build required"
-    exit 0
+    echo "trigger_version=$AUR_VERSION" >> "$GITHUB_OUTPUT"
 fi
 log "New version detected: ${aur_version} (was: ${last_version:-<none>}), starting build"
 # Update the webkit2gtk AUR clone
 WEBKIT2GTK_DIR="${ROOT_DIR}/webkit2gtk"
 if [[ -d "${WEBKIT2GTK_DIR}/.git" ]]; then
    log "Pulling latest PKGBUILD from AUR"
    git -C "${WEBKIT2GTK_DIR}" pull --ff-only
 else
-    log "Cloning webkit2gtk from AUR"
+    echo "Version match, no build required"
-    git clone https://aur.archlinux.org/webkit2gtk.git "${WEBKIT2GTK_DIR}"
+    echo "trigger_version=" >> "$GITHUB_OUTPUT"
-fi
+fi
 # Build
 log "Running build"
 if "${SCRIPT_DIR}/build.sh"; then
    log "Build succeeded"
 else
    log "ERROR: Build failed, aborting"
    exit 1
 fi
 # Publish
 log "Running publish"
 if "${SCRIPT_DIR}/publish.sh"; then
    log "Publish succeeded"
 else
    log "ERROR: Publish failed"
    exit 1
 fi
 # Record new version
 echo "${aur_version}" > "${LAST_VERSION_FILE}"
 log "Updated last_version to ${aur_version}, done"
@@ -0,0 +1,36 @@
 #!/usr/bin/env bash
 set -euo pipefail
 # Creates a Github release for the given version and uploads the built .pkg.tar.zst artifact
 # Outputs asset download URL to GITHUB_OUTPUT
 VERSION="${1:?Usage: create-release.sh <version> <pkg_path>}"
 PKG_PATH="${2:?Usage: create-release.sh <version> <pkg_path>}"
 REPO="${GITHUB_REPOSITORY}"
 if [ ! -f "$PKG_PATH" ]; then
    echo "ERROR: Package file not found at $PKG_PATH" >&2
    exit 1
 fi
 echo "Creating Github release v${VERSION}..."
 gh release create "v${VERSION}" \
    --repo "$REPO" \
    --title "v${VERSION}" \
    --notes "Automated build of webkit2gtk v${VERSION} from AUR" \
    "$PKG_PATH"
 echo "Fetching asset URL..."
 ASSET_URL=$(gh release view "v${VERSION}" \
    --repo "$REPO" \
    --json assets \
    --jq '.assets[] | select(.name | endswith(".pkg.tar.zst")) | .url'
 )
 if [ -z "$ASSET_URL" ]; then
    echo "ERROR: Could not retrieve asset URL after upload" >&2
    exit 1
 fi
 echo "Asset URL: $ASSET_URL"
 echo "asset_url=$ASSET_URL" >> "$GITHUB_OUTPUT"
@@ -1,58 +0,0 @@
 #!/usr/bin/env bash
 # entrypoint.sh
 # Container entry point. Runs as root, sets up the SSH key and git identity
 # for builduser, then drops to builduser and starts the polling loop.
 #
 # The loop runs check-update.sh every POLL_INTERVAL_SECONDS (default: 3600).
 # All output goes to stdout/stderr so 'docker compose logs -f' works naturally.
 set -euo pipefail
 POLL_INTERVAL_SECONDS="${POLL_INTERVAL_SECONDS:-3600}"
 # Set up AUR SSH key
 SSH_DIR=/home/builduser/.ssh
 KEY_SRC=/run/secrets/aur_id_rsa
 KEY_DST="${SSH_DIR}/aur_id_rsa"
 if [[ -f "${KEY_SRC}" ]]; then
    cp "${KEY_SRC}" "${KEY_DST}"
    chown builduser:builduser "${KEY_DST}"
    chmod 600 "${KEY_DST}"
    echo "[entrypoint] AUR SSH key installed"
 else
    echo "[entrypoint] WARNING: AUR SSH key not found at ${KEY_SRC}, publishing to AUR will fail" >&2
 fi
 # Set git identity for builduser
 sudo -u builduser git config --global user.name  "${AUR_MAINTAINER_NAME:-webkit2gtk-automator}"
 sudo -u builduser git config --global user.email "${AUR_MAINTAINER_EMAIL:-noreply@localhost}"
 # Import WebKitGTK PGP signing keys into builduser's keyring
 # makepkg verifies the source tarball signature against these keys.
 # Try the bundled local keys first (no network needed), then fall back to keyservers.
 echo "[entrypoint] Importing WebKitGTK PGP signing keys"
 if ls /workspace/webkit2gtk/keys/pgp/*.asc &>/dev/null; then
    sudo -u builduser gpg --import /workspace/webkit2gtk/keys/pgp/*.asc
    echo "[entrypoint] PGP keys imported from local bundle"
 else
    sudo -u builduser gpg --keyserver keyserver.ubuntu.com --recv-keys \
        5AA3BC334FD7E3369E7C77B291C559DBE4C9123B \
        013A0127AC9C65B34FFA62526C1009B693975393 || \
    sudo -u builduser gpg --keyserver hkps://keys.openpgp.org --recv-keys \
        5AA3BC334FD7E3369E7C77B291C559DBE4C9123B \
        013A0127AC9C65B34FFA62526C1009B693975393
    echo "[entrypoint] PGP keys imported from keyserver"
 fi
 # Drop to builduser and start the polling loop
 echo "[entrypoint] Starting polling loop, interval: ${POLL_INTERVAL_SECONDS}s"
 exec sudo -u builduser bash -c '
    set -euo pipefail
    POLL_INTERVAL_SECONDS="'"${POLL_INTERVAL_SECONDS}"'"
    while true; do
        /workspace/scripts/check-update.sh
        echo "[entrypoint] Sleeping for ${POLL_INTERVAL_SECONDS}s"
        sleep "${POLL_INTERVAL_SECONDS}"
    done
 '
@@ -1,239 +0,0 @@
 #!/usr/bin/env bash
 # publish.sh
 # Runs INSIDE the Docker container as builduser.
 #
 # Steps:
 #   1. Find the built webkit2gtk .pkg.tar.zst in state/artifacts/
 #   2. Upload it to a GitHub Release (creates the release if needed)
 #   3. Update webkit2gtk-bin/PKGBUILD with the new version, URL and sha256sum
 #   4. Regenerate webkit2gtk-bin/.SRCINFO
 #   5. Commit and push webkit2gtk-bin/ to the AUR
 set -euo pipefail
 WORKSPACE=/workspace
 ARTIFACTS_DIR="${WORKSPACE}/state/artifacts"
 BIN_PKG_DIR="${WORKSPACE}/webkit2gtk-bin"
 SRC_PKGBUILD="${WORKSPACE}/webkit2gtk/PKGBUILD"
 log() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] [publish] $*"
 }
 die() {
    log "ERROR: $*" >&2
    exit 1
 }
 # Validate required env vars
 : "${GITHUB_TOKEN:?GITHUB_TOKEN is not set}"
 : "${GITHUB_REPO:?GITHUB_REPO is not set}"
 : "${AUR_PACKAGE_NAME:?AUR_PACKAGE_NAME is not set}"
 : "${AUR_MAINTAINER_NAME:?AUR_MAINTAINER_NAME is not set}"
 : "${AUR_MAINTAINER_EMAIL:?AUR_MAINTAINER_EMAIL is not set}"
 # Authenticate gh CLI
 echo "${GITHUB_TOKEN}" | gh auth login --with-token
 # Find the main webkit2gtk package (not -docs)
 log "Looking for built package in ${ARTIFACTS_DIR}"
 # We want webkit2gtk-<ver>-<rel>-x86_64.pkg.tar.zst, NOT webkit2gtk-docs-*
 pkg_file=$(find "${ARTIFACTS_DIR}" -maxdepth 1 \
    -name 'webkit2gtk-*.pkg.tar.zst' \
    ! -name 'webkit2gtk-docs-*' \
    -print | sort -V | tail -n1)
 [[ -n "${pkg_file}" ]] || die "No webkit2gtk .pkg.tar.zst found in ${ARTIFACTS_DIR}"
 log "Found package: ${pkg_file}"
 # Derive version from the built PKGBUILD
 pkgver=$(bash -c "source ${SRC_PKGBUILD}; echo \${pkgver}")
 pkgrel=$(bash -c "source ${SRC_PKGBUILD}; echo \${pkgrel}")
 full_version="${pkgver}-${pkgrel}"
 log "Package version: ${full_version}"
 # Compute sha256sum of the artifact
 sha256=$(sha256sum "${pkg_file}" | awk '{print $1}')
 log "sha256sum: ${sha256}"
 pkg_filename=$(basename "${pkg_file}")
 # Upload to GitHub Releases
 release_tag="v${full_version}"
 release_title="webkit2gtk ${full_version}"
 log "Creating/updating GitHub release ${release_tag}"
 # Create the release if it doesn't exist; ignore error if it already does
 gh release create "${release_tag}" \
    --repo "${GITHUB_REPO}" \
    --title "${release_title}" \
    --notes "Automated build of webkit2gtk ${full_version}" \
    2>/dev/null || log "Release ${release_tag} already exists, proceeding to upload asset"
 # Upload the package (--clobber overwrites an existing asset with the same name)
 log "Uploading ${pkg_filename} to release ${release_tag}"
 gh release upload "${release_tag}" \
    --repo "${GITHUB_REPO}" \
    --clobber \
    "${pkg_file}"
 # Build the public download URL
 download_url="https://github.com/${GITHUB_REPO}/releases/download/${release_tag}/${pkg_filename}"
 log "Download URL: ${download_url}"
 # Ensure webkit2gtk-bin AUR clone exists
 AUR_REMOTE="ssh://aur@aur.archlinux.org/${AUR_PACKAGE_NAME}.git"
 if [[ ! -d "${BIN_PKG_DIR}/.git" ]]; then
    log "Cloning ${AUR_PACKAGE_NAME} from AUR"
    git clone "${AUR_REMOTE}" "${BIN_PKG_DIR}"
 else
    log "Pulling latest ${AUR_PACKAGE_NAME} from AUR"
    git -C "${BIN_PKG_DIR}" pull --ff-only
 fi
 # Generate PKGBUILD
 log "Generating PKGBUILD for ${AUR_PACKAGE_NAME}"
 # Read the full depends array from the source PKGBUILD to keep them in sync
 depends_block=$(bash -c "
    source ${SRC_PKGBUILD}
    for d in \"\${depends[@]}\"; do printf '  %s\n' \"\$d\"; done
 ")
 provides_block=$(bash -c "
    source ${SRC_PKGBUILD}
    # package_webkit2gtk() sets provides; source the function then call it in a subshell
    # Simpler: hardcode from .SRCINFO since provides is stable
    echo '  libjavascriptcoregtk-4.0.so'
    echo '  libwebkit2gtk-4.0.so'
    echo '  webkit2gtk'
 ")
 cat > "${BIN_PKG_DIR}/PKGBUILD" <<PKGBUILD
 # Maintainer: ${AUR_MAINTAINER_NAME} <${AUR_MAINTAINER_EMAIL}>
 # Automated binary repackaging of webkit2gtk built from AUR sources.
 # Source: https://github.com/${GITHUB_REPO}
 pkgname=${AUR_PACKAGE_NAME}
 pkgver=${pkgver}
 pkgrel=${pkgrel}
 pkgdesc="Web content engine for GTK (prebuilt binary)"
 url="https://webkitgtk.org"
 arch=(x86_64)
 license=(
  'AFL-2.0 OR GPL-2.0-or-later'
  Apache-2.0
  'Apache-2.0 WITH LLVM-exception'
  BSD-2-Clause
  BSD-2-Clause-Views
  BSD-3-Clause
  BSD-Source-Code
  BSL-1.0
  bzip2-1.0.6
  GPL-2.0-only
  'GPL-3.0-only WITH Autoconf-exception-3.0'
  'GPL-3.0-or-later WITH Bison-exception-2.2'
  ICU
  ISC
  LGPL-2.1-only
  LGPL-2.1-or-later
  MIT
  MPL-1.1
  MPL-2.0
  NCSA
  'NCSA OR MIT'
  OFL-1.1
  SunPro
  Unicode-TOU
 )
 depends=(
  at-spi2-core
  atk
  bubblewrap
  cairo
  enchant
  expat
  fontconfig
  freetype2
  gdk-pixbuf2
  glib2
  glibc
  gst-plugins-bad-libs
  gst-plugins-base-libs
  gstreamer
  gtk3
  harfbuzz
  harfbuzz-icu
  hyphen
  icu
  lcms2
  libatomic
  libavif
  libdrm
  libegl
  libepoxy
  libgcc
  libgcrypt
  libgl
  libgles
  libjpeg-turbo
  libjxl
  libmanette
  libpng
  libseccomp
  libsecret
  libsoup
  libstdc++
  libsystemd
  libtasn1
  libwebp
  libx11
  libxml2
  libxslt
  mesa
  openjpeg2
  pango
  sqlite
  ttf-font
  wayland
  woff2
  xdg-dbus-proxy
  zlib
 )
 provides=(
  libjavascriptcoregtk-4.0.so
  libwebkit2gtk-4.0.so
  webkit2gtk
 )
 conflicts=(webkit2gtk)
 source=("${pkg_filename}::${download_url}")
 sha256sums=('${sha256}')
 package() {
  # The .pkg.tar.zst is a pre-built Arch package.
  # bsdtar extracts it; we relocate its contents into \$pkgdir.
  cd "\${srcdir}"
  bsdtar -xf "${pkg_filename}" -C "\${pkgdir}"
  # Remove the embedded .PKGINFO and .MTREE metadata files that
  # bsdtar includes – they are not part of the installed file tree.
  rm -f "\${pkgdir}"/.PKGINFO "\${pkgdir}"/.MTREE "\${pkgdir}"/.BUILDINFO
 }
 PKGBUILD
 log "PKGBUILD generated"
 # Generate .SRCINFO
 log "Generating .SRCINFO"
 cd "${BIN_PKG_DIR}"
 makepkg --printsrcinfo > .SRCINFO
 log ".SRCINFO generated"
 # Commit and push to AUR
 log "Committing changes to AUR"
 git -C "${BIN_PKG_DIR}" add PKGBUILD .SRCINFO
 git -C "${BIN_PKG_DIR}" commit -m "Update to ${full_version}" || {
    log "Nothing to commit, package already at ${full_version}"
    exit 0
 }
 log "Pushing to AUR remote (${AUR_REMOTE})"
 git -C "${BIN_PKG_DIR}" push origin master
 log "Successfully published ${AUR_PACKAGE_NAME} ${full_version} to AUR"
@@ -0,0 +1,50 @@
 #!/usr/bin/env bash
 set -euo pipefail
 VERSION="${1:?Usage: update-aur.sh <version> <pkg_path> <asset_url>}"
 PKG_PATH="${2:?Usage: update-aur.sh <version> <pkg_path> <asset_url>}"
 ASSET_URL="${3:?Usage: update-aur.sh <version> <pkg_path> <asset_url>}"
 AUR_DIR="/build/webkit2gtk-bin"
 # VERSION is in the format pkgver-pkgrel (e.g. 2.46.5-2)
 PKGVER="${VERSION%-*}"
 PKGREL="${VERSION##*-}"
 echo "Configuring AUR SSH key..."
 mkdir -p /root/.ssh
 echo "${AUR_SSH_KEY:?AUR_SSH_KEY environment variable is not set}" > /root/.ssh/aur
 chmod 600 /root/.ssh/aur
 cat >> /root/.ssh/config <<EOF
    IdentityFile /root/.ssh/aur
    User aur
    StrictHostKeyChecking accept-new
 EOF
 ssh-keyscan aur.archlinux.org >> root/.ssh/known_hosts
 echo "Cloning webkit2gtk-bin AUR repo"
 git clone ssh://aur@aur.archlinux.org/webkit2gtk-bin.git "$AUR_DIR"
 echo "Hashing artifact..."
 SHA256=$(sha256sum "$PKG_PATH" | awk '{print $1}' )
 echo "sha256: $SHA256"
 echo "Updating PKBUILD..."
 cd "$AUR_DIR"
 sed -i "s|^pkgver=.*|pkgver=${PKGVER}|" PKGBUILD
 sed -i "s|^pkgrel=.*|pkgrel=${PKGREL}|" PKGBUILD
 sed -i "s|^source=.*|source=(\"${ASSET_URL}\")|" PKGBUILD
 sed -i "s|^sha256sums=.*|sha256sums=(\"${SHA256}\")|" PKGBUILD
 echo "Regenerating .SRCINFO..."
 chown -R builder:builder "$AUR_DIR"
 su builder -c "cd $AUR_DIR && makepkg --printsrcinfo > .SRCINFO"
 echo "Committing and pushing to AUR..."
 git config user.name "Brodino"
 git config user.email "brodino96@gmail.com"
 git add PKGBUILD .SRCINFO
 git commit -m "Update to v${VERSION}"
 git push
Author	SHA1	Message	Date
Brodino	23245e43ee	fix(release): now handles different pkgrel	2026-05-05 19:23:29 +02:00
Brodino	f069fd82ee	chore(README): updated readme to follow new rework	2026-05-05 19:16:52 +02:00
Brodino	858b760e10	fix(update aur): typo	2026-05-05 19:09:37 +02:00
Brodino	fe285b0d78	fix(workflow): typo	2026-05-05 19:08:33 +02:00
Brodino	0fbf1b0663	rewrite: rewrote as github actions runnable	2026-05-05 19:02:03 +02:00
Brodino	28e6506d05	refactor(build): remove unnecessary dependencies from Dockerfile	2026-04-30 10:21:23 +02:00
Brodino	475ffc8445	feat(build): now limits hardware usage also on docker	2026-04-27 21:50:20 +02:00
Brodino	18e834b08c	fix(build): now respects core limitations	2026-04-27 21:49:46 +02:00
Brodino	761b48f535	feat(readme): created readme file	2026-04-27 14:32:44 +02:00
Brodino	47e8d717a6	feat: add artifact caching to build process and improve error logging	2026-04-27 14:21:15 +02:00
Brodino	f29ef992a9	feat(git): updated gitignore	2026-04-27 14:21:10 +02:00
Brodino	726d9cebb0	feat: removed file	2026-04-27 14:21:01 +02:00