Brodino/webkit2gtk-automator
1
0
Fork 0
mirror of https://github.com/Brodino96/webkit2gtk-automator.git synced 2026-05-06 06:31:13 +02:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: Brodino/webkit2gtk-automator:workflow
Branches Tags
Brodino/webkit2gtk-automator:main Brodino/webkit2gtk-automator:workflow
Brodino/webkit2gtk-automator:v2.50.6-7 Brodino/webkit2gtk-automator:v2.50.6-5
..
compare: Brodino/webkit2gtk-automator:main
Branches Tags
Brodino/webkit2gtk-automator:main Brodino/webkit2gtk-automator:workflow
Brodino/webkit2gtk-automator:v2.50.6-7 Brodino/webkit2gtk-automator:v2.50.6-5

6 Commits
workflow .. main

Author SHA1 Message Date
Brodino 23245e43ee fix(release): now handles different pkgrel 2026-05-05 19:23:29 +02:00
Brodino f069fd82ee chore(README): updated readme to follow new rework 2026-05-05 19:16:52 +02:00
Brodino 858b760e10 fix(update aur): typo 2026-05-05 19:09:37 +02:00
Brodino fe285b0d78 fix(workflow): typo 2026-05-05 19:08:33 +02:00
Brodino 0fbf1b0663 rewrite: rewrote as github actions runnable 2026-05-05 19:02:03 +02:00
Brodino 28e6506d05 refactor(build): remove unnecessary dependencies from Dockerfile 2026-04-30 10:21:23 +02:00
16 changed files with 250 additions and 1201 deletions
Expand all files Collapse all files
.env.example
-25
View File
@@ -1,25 +0,0 @@
# GitHub credentials
# Personal access token with 'repo' and 'write:packages' scopes
GITHUB_TOKEN=your_github_token_here
# GitHub repository in the form owner/repo
GITHUB_REPO=Brodino96/webkit2gtk-automator
# Path to the SSH private key registered on your AUR account
# The key must NOT have a passphrase (or use ssh-agent)
AUR_SSH_KEY_PATH=/run/secrets/aur_id_rsa
# Name of the AUR binary package to publish to
AUR_PACKAGE_NAME=webkit2gtk-bin
# AUR maintainer info (used in the generated PKGBUILD)
AUR_MAINTAINER_NAME=Your Name
AUR_MAINTAINER_EMAIL=your@email.com
# How often to poll the AUR for updates, in seconds (default: 3600 = 1 hour)
POLL_INTERVAL_SECONDS=3600
# Number of CPU cores to use for compilation (default: 4)
# This controls both the make -jN parallelism inside the build and the CPU
# cap enforced by Docker on the container. Set it once, it applies everywhere
NPROC=4
.github/workflows/build-release.yml
+44
View File
@@ -0,0 +1,44 @@
name: Build and Release
on:
workflow_dispatch:
inputs:
version:
description: "webkit2gtk version to build in pkgver-pkgrel format (e.g. 2.46.5-2)"
required: true
type: string
jobs:
build:
runs-on: ubuntu-latest-64-cores
container:
image: archlinux:latest
permissions:
contents: write
steps:
- name: Checkout repository
uses: actions/checkout@v6.0.2
- name: Build webkit2gtk package
id: build
run: bash scripts/build-package.sh
- name: Create GitHub release and upload artifact
id: release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
bash scripts/create-release.sh \
"${{ inputs.version }}" \
"${{ steps.build.outputs.pkg_path }}"
- name: Update webkit2gtk-bin AUR package
env:
AUR_SSH_KEY: ${{ secrets.AUR_SSH_KEY }}
run: |
bash scripts/update-aur.sh \
"${{ inputs.version }}" \
"${{ steps.build.outputs.pkg_path }}" \
"${{ steps.release.outputs.asset_url }}"
.github/workflows/build.yml
-176
View File
@@ -1,176 +0,0 @@
name: Build and publish webkit2gtk
on:
workflow_dispatch:
inputs:
aur_version:
description: 'Full AUR version string to build (e.g. 2.46.3-1)'
required: true
type: string
jobs:
build-and-publish:
name: Build webkit2gtk ${{ inputs.aur_version }}
runs-on: ubuntu-latest-96-cores
container:
image: archlinux:latest
# Needed so makepkg can use FUSE/user namespaces inside the container
options: --privileged
permissions:
contents: write # create GitHub Releases and upload assets
env:
GITHUB_REPO: ${{ github.repository }}
AUR_PACKAGE_NAME: webkit2gtk-bin
AUR_MAINTAINER_NAME: ${{ secrets.AUR_MAINTAINER_NAME }}
AUR_MAINTAINER_EMAIL: ${{ secrets.AUR_MAINTAINER_EMAIL }}
steps:
- name: Checkout repository
uses: actions/checkout@v6.0.2
- name: Install build dependencies
run: |
pacman -Syu --noconfirm
pacman -S --noconfirm --needed \
base-devel \
git \
sudo \
curl \
jq \
openssh \
github-cli \
clang \
cmake \
gi-docgen \
glib2-devel \
gobject-introspection \
gperf \
gst-plugins-bad \
lld \
ninja \
python \
ruby \
ruby-stdlib \
systemd \
unifdef \
wayland-protocols \
at-spi2-core \
atk \
bubblewrap \
cairo \
enchant \
expat \
fontconfig \
freetype2 \
gdk-pixbuf2 \
glib2 \
glibc \
gst-plugins-bad-libs \
gst-plugins-base-libs \
gstreamer \
gtk3 \
harfbuzz \
harfbuzz-icu \
hyphen \
icu \
lcms2 \
libatomic \
libavif \
libdrm \
libegl \
libepoxy \
libgcrypt \
libgl \
libjpeg-turbo \
libjxl \
libmanette \
libpng \
libseccomp \
libsecret \
libsoup \
libsystemd \
libtasn1 \
libwebp \
libx11 \
libxml2 \
libxslt \
mesa \
openjpeg2 \
pango \
sqlite \
ttf-dejavu \
wayland \
woff2 \
xdg-dbus-proxy \
zlib
- name: Create builduser (makepkg refuses to run as root)
run: |
useradd -m -G wheel builduser
echo '%wheel ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
# Allow builduser to write to the workspace
chown -R builduser:builduser "$GITHUB_WORKSPACE"
git config --system --add safe.directory '*'
- name: Set up AUR SSH key
env:
AUR_SSH_KEY: ${{ secrets.AUR_SSH_KEY }}
run: |
SSH_DIR=/home/builduser/.ssh
mkdir -p "${SSH_DIR}"
printf '%s\n' "${AUR_SSH_KEY}" > "${SSH_DIR}/aur_id_rsa"
chown -R builduser:builduser "${SSH_DIR}"
chmod 700 "${SSH_DIR}"
chmod 600 "${SSH_DIR}/aur_id_rsa"
printf 'Host aur.archlinux.org\n User aur\n IdentityFile /home/builduser/.ssh/aur_id_rsa\n StrictHostKeyChecking no\n' \
> "${SSH_DIR}/config"
chmod 600 "${SSH_DIR}/config"
- name: Configure git identity for builduser
run: |
sudo -u builduser HOME=/home/builduser git config --global user.name "${AUR_MAINTAINER_NAME}"
sudo -u builduser HOME=/home/builduser git config --global user.email "${AUR_MAINTAINER_EMAIL}"
- name: Import WebKitGTK PGP signing keys
run: |
sudo -u builduser HOME=/home/builduser gpg \
--keyserver keyserver.ubuntu.com \
--recv-keys \
5AA3BC334FD7E3369E7C77B291C559DBE4C9123B \
013A0127AC9C65B34FFA62526C1009B693975393 || \
sudo -u builduser HOME=/home/builduser gpg \
--keyserver hkps://keys.openpgp.org \
--recv-keys \
5AA3BC334FD7E3369E7C77B291C559DBE4C9123B \
013A0127AC9C65B34FFA62526C1009B693975393
- name: Clone webkit2gtk from AUR
run: |
sudo -u builduser HOME=/home/builduser \
git clone https://aur.archlinux.org/webkit2gtk.git "${GITHUB_WORKSPACE}/webkit2gtk"
- name: Build webkit2gtk
env:
NPROC: 96
run: |
sudo -u builduser \
HOME=/home/builduser \
GITHUB_WORKSPACE="${GITHUB_WORKSPACE}" \
NPROC="${NPROC}" \
bash "${GITHUB_WORKSPACE}/scripts/build.sh"
- name: Publish to GitHub Releases and AUR
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
sudo -u builduser \
HOME=/home/builduser \
GITHUB_WORKSPACE="${GITHUB_WORKSPACE}" \
GITHUB_TOKEN="${GITHUB_TOKEN}" \
GITHUB_REPO="${GITHUB_REPO}" \
AUR_PACKAGE_NAME="${AUR_PACKAGE_NAME}" \
AUR_MAINTAINER_NAME="${AUR_MAINTAINER_NAME}" \
AUR_MAINTAINER_EMAIL="${AUR_MAINTAINER_EMAIL}" \
bash "${GITHUB_WORKSPACE}/scripts/publish.sh"
.github/workflows/check-version.yml
+32
View File
@@ -0,0 +1,32 @@
name: Version check
on:
schedule:
- cron: "0 0 * * *"
workflow_dispatch:
jobs:
check:
runs-on: ubuntu-latest
permissions:
contents: read
actions: write
steps:
- name: Checkout repository
uses: actions/checkout@v6.0.2
- name: Check AUR against release version
id: check
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: bash scripts/check-update.sh
- name: Trigger build-release workflow
if: steps.check.outputs.trigger_version != ''
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh workflow run build-release.yml \
--repo "${{ github.repository }}" \
--field version="${{ steps.check.outputs.trigger_version }}"
.github/workflows/check.yml
-66
View File
@@ -1,66 +0,0 @@
name: Check for webkit2gtk update
on:
# schedule:
# Run every hour
# - cron: '0 * * * *'
workflow_dispatch:
jobs:
check:
name: Poll AUR for new version
runs-on: ubuntu-latest
permissions:
contents: read
actions: write # required to trigger workflow_dispatch on build.yml
steps:
- name: Fetch latest AUR version
id: aur
run: |
response=$(curl -fsSL "https://aur.archlinux.org/rpc/v5/info/webkit2gtk")
aur_version=$(echo "${response}" | jq -r '.results[0].Version')
if [[ -z "${aur_version}" || "${aur_version}" == "null" ]]; then
echo "ERROR: Failed to parse version from AUR response: ${response}" >&2
exit 1
fi
echo "AUR version: ${aur_version}"
echo "version=${aur_version}" >> "$GITHUB_OUTPUT"
- name: Fetch last published version from GitHub Releases
id: last
env:
GH_TOKEN: ${{ github.token }}
run: |
# Get the tag of the latest release; strip the leading 'v'
tag=$(gh release list \
--repo "${{ github.repository }}" \
--limit 1 \
--json tagName \
--jq '.[0].tagName // ""')
last_version="${tag#v}"
echo "Last published version: ${last_version:-<none>}"
echo "version=${last_version}" >> "$GITHUB_OUTPUT"
- name: Decide whether to build
id: decision
run: |
aur="${{ steps.aur.outputs.version }}"
last="${{ steps.last.outputs.version }}"
if [[ "${aur}" == "${last}" ]]; then
echo "Already up to date (${aur}), nothing to do"
echo "should_build=false" >> "$GITHUB_OUTPUT"
else
echo "New version detected: ${aur} (was: ${last:-<none>})"
echo "should_build=true" >> "$GITHUB_OUTPUT"
fi
- name: Trigger build workflow
if: steps.decision.outputs.should_build == 'true'
env:
GH_TOKEN: ${{ github.token }}
run: |
gh workflow run build.yml \
--repo "${{ github.repository }}" \
--field aur_version="${{ steps.aur.outputs.version }}"
echo "Dispatched build.yml for version ${{ steps.aur.outputs.version }}"
AGENTS.md
-284
View File
@@ -1,284 +0,0 @@
# AGENTS.md — webkit2gtk-automator
This file provides guidance for agentic coding agents working in this repository.
---
## Project Overview
This project is a Bash/Docker automation daemon that:
1. Polls the AUR RPC API for new `webkit2gtk` releases
2. Builds the package using `makepkg` inside an Arch Linux container
3. Publishes the resulting `.pkg.tar.zst` artifact to GitHub Releases
4. Generates and pushes an updated `webkit2gtk-bin` PKGBUILD to the AUR
The entire codebase is Bash scripts orchestrated via Docker Compose. There is no application framework, no package manager (npm/pip/cargo), and no test suite.
---
## Repository Structure
```
webkit2gtk-automator/
├── .env.example # Template for required environment variables
├── .gitignore
├── Dockerfile # Arch Linux image with build dependencies
├── docker-compose.yml # Defines the "builder" service
├── README.md
└── scripts/
├── entrypoint.sh # Container entrypoint; polling loop
├── check-update.sh # AUR API poll; triggers build + publish if new version
├── build.sh # Runs makepkg; collects .pkg.tar.zst artifacts
└── publish.sh # Uploads to GitHub Releases; pushes PKGBUILD to AUR
```
Runtime-generated (gitignored):
- `state/last_version` — tracks last published version
- `state/artifacts/` — holds built `.pkg.tar.zst` files
- `webkit2gtk/` — AUR source package clone
- `webkit2gtk-bin/` — AUR binary package clone
---
## Environment Setup
Copy `.env.example` to `.env` and fill in all required values before starting:
```bash
cp .env.example .env
# Edit .env with your GITHUB_TOKEN, AUR SSH key path, GPG key, etc.
```
All scripts validate required variables at startup using the pattern:
```bash
: "${GITHUB_TOKEN:?GITHUB_TOKEN is not set}"
```
Missing variables cause an immediate exit with a descriptive error.
---
## Build / Run Commands
| Purpose | Command |
|---|---|
| Start the daemon (detached) | `docker compose up -d` |
| Start and rebuild the image | `docker compose up -d --build` |
| Watch live logs | `docker compose logs -f` |
| Stop the daemon | `docker compose down` |
| Force a rebuild on next poll | `rm state/last_version && docker compose restart` |
---
## Running a Single Script
There is no test runner. To manually invoke a single script inside the container:
```bash
# Run check-update.sh (polls AUR and triggers build+publish if needed)
docker compose run --rm builder bash -c "source /workspace/.env && /workspace/scripts/check-update.sh"
# Run build.sh directly
docker compose run --rm builder bash -c "source /workspace/.env && /workspace/scripts/build.sh"
# Run publish.sh directly
docker compose run --rm builder bash -c "source /workspace/.env && /workspace/scripts/publish.sh"
```
To test publish without recompiling, pre-place an artifact in `state/artifacts/`:
```bash
# build.sh detects existing artifact and skips makepkg
cp some-existing.pkg.tar.zst state/artifacts/
docker compose run --rm builder bash -c "source /workspace/.env && /workspace/scripts/publish.sh"
```
---
## No Test Suite
There are no unit tests, integration tests, or test commands. Manual invocation of
individual scripts (see above) is the primary validation mechanism.
---
## Code Style Guidelines
### Shebang and Strict Mode
Every script **must** begin with:
```bash
#!/usr/bin/env bash
set -euo pipefail
```
- `set -e` — exit immediately on any non-zero return code
- `set -u` — treat unset variables as errors
- `set -o pipefail` — propagate errors through pipelines
### Variable Naming
| Scope | Convention | Example |
|---|---|---|
| All variables (env or local) | `UPPER_SNAKE_CASE` | `PKG_VERSION`, `BUILD_DIR` |
| Functions | `snake_case` | `log`, `die`, `check_deps` |
| Script files | `kebab-case.sh` | `check-update.sh`, `build.sh` |
### Quoting
Always double-quote variable expansions. Use `${VAR}` brace syntax:
```bash
# Correct
cp "${SRC_FILE}" "${DEST_DIR}/"
echo "Version: ${PKG_VERSION}"
# Wrong — never do this
cp $SRC_FILE $DEST_DIR/
```
### Sourcing Files
Use `source` (not the POSIX `.` shorthand):
```bash
# Correct
source /workspace/.env
# Avoid
. /workspace/.env
```
To auto-export all variables from a sourced file:
```bash
set -a
source /workspace/.env
set +a
```
### Logging
Every script defines a `log()` function with a consistent timestamp prefix:
```bash
log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] [script-name] $*"; }
```
Use `log` for all informational output. Use `log "ERROR: ..." >&2` (or `die`) for errors.
### Arrays
Use Bash arrays when collecting multiple items:
```bash
packages=()
packages+=("${pkg_file}")
```
---
## Error Handling Conventions
### Required Variable Checks
Use Bash parameter expansion to validate required env vars:
```bash
: "${GITHUB_TOKEN:?GITHUB_TOKEN is not set}"
: "${AUR_SSH_KEY:?AUR_SSH_KEY is not set}"
```
### `die()` Helper
Define and use a `die()` function for fatal errors:
```bash
die() {
log "ERROR: $*" >&2
exit 1
}
# Usage
[[ -f "${pkg_file}" ]] || die "Expected artifact not found: ${pkg_file}"
```
### Explicit Guard Blocks
Prefer explicit `if/else` over bare command calls for critical steps:
```bash
if "${SCRIPT_DIR}/build.sh"; then
log "Build succeeded"
else
log "ERROR: Build failed, aborting"
exit 1
fi
```
### Null/Empty API Response Checks
Always validate outputs from `curl | jq` pipelines:
```bash
aur_version=$(curl -s "${AUR_API_URL}" | jq -r '.results[0].Version')
if [[ -z "${aur_version}" || "${aur_version}" == "null" ]]; then
log "ERROR: Failed to parse version from AUR response"
exit 1
fi
```
### Graceful No-Op
For idempotent operations (e.g., git commit), allow the no-op case:
```bash
git commit -m "Update to ${FULL_VERSION}" || {
log "Nothing to commit, already at ${FULL_VERSION}"
exit 0
}
```
---
## External Tool Dependencies
These CLI tools are invoked directly by the scripts. They must be present in the container:
| Tool | Purpose |
|---|---|
| `curl` | HTTP requests to AUR RPC API |
| `jq` | JSON parsing of AUR API responses |
| `makepkg` | Arch Linux package build tool |
| `gh` | GitHub CLI — creating releases and uploading assets |
| `git` | Cloning/pulling AUR repos, committing, pushing |
| `gpg` | Verifying PGP signatures on source tarballs |
| `sha256sum` | Computing checksums for the artifact |
| `bsdtar` | Extracting the `.pkg.tar.zst` in the generated PKGBUILD |
| `sudo` | Dropping privileges from root to `builduser` for `makepkg` |
| `ssh` | AUR authentication via SSH key |
All of these are installed in the `Dockerfile`. If adding a new dependency, add it there.
---
## Dockerfile and docker-compose.yml
- The base image is Arch Linux. Keep it updated with `pacman -Syu` in the `Dockerfile`.
- The container runs as root but drops to a `builduser` account for `makepkg` (which
refuses to run as root).
- Secrets (`.env`, SSH keys, GPG keys) are mounted at runtime via volume mounts defined
in `docker-compose.yml`. Never bake secrets into the image.
---
## ShellCheck
ShellCheck is the recommended linter for Bash scripts. It is not formally enforced (no
`.shellcheckrc` or CI step), but inline directives are already used in the codebase
(e.g., `# shellcheck source=/dev/null`). When editing scripts, run ShellCheck locally:
```bash
shellcheck scripts/*.sh
```
Fix all warnings before committing. Use inline directives sparingly and only with a
comment explaining why the suppression is necessary.
---
## Adding a New Script
1. Create the file as `scripts/kebab-case-name.sh`
2. Start with `#!/usr/bin/env bash` and `set -euo pipefail`
3. Define a `log()` function matching the pattern above
4. Validate all required env vars with `: "${VAR:?...}"`
5. Define a `die()` helper for fatal errors
6. Make it executable: `chmod +x scripts/kebab-case-name.sh`
7. If it needs to run inside the container, invoke it via `docker compose run --rm builder`
Dockerfile
-100
View File
@@ -1,100 +0,0 @@
FROM archlinux:latest
# System update & base tools
RUN pacman -Syu --noconfirm && \
pacman -S --noconfirm --needed \
base-devel \
git \
sudo \
curl \
jq \
openssh \
github-cli \
# webkit2gtk makedepends
clang \
cmake \
gi-docgen \
glib2-devel \
gobject-introspection \
gperf \
gst-plugins-bad \
lld \
ninja \
python \
ruby \
ruby-stdlib \
systemd \
unifdef \
wayland-protocols \
# webkit2gtk runtime depends
at-spi2-core \
atk \
bubblewrap \
cairo \
enchant \
expat \
fontconfig \
freetype2 \
gdk-pixbuf2 \
glib2 \
glibc \
gst-plugins-bad-libs \
gst-plugins-base-libs \
gstreamer \
gtk3 \
harfbuzz \
harfbuzz-icu \
hyphen \
icu \
lcms2 \
libatomic \
libavif \
libdrm \
libegl \
libepoxy \
libgcrypt \
libgl \
libjpeg-turbo \
libjxl \
libmanette \
libpng \
libseccomp \
libsecret \
libsoup \
libsystemd \
libtasn1 \
libwebp \
libx11 \
libxml2 \
libxslt \
mesa \
openjpeg2 \
pango \
sqlite \
ttf-dejavu \
wayland \
woff2 \
xdg-dbus-proxy \
zlib \
&& pacman -Scc --noconfirm
# Non-root build user (makepkg refuses to run as root)
RUN useradd -m -G wheel builduser && \
echo '%wheel ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
# SSH config for AUR
RUN mkdir -p /home/builduser/.ssh && \
printf 'Host aur.archlinux.org\n User aur\n IdentityFile /home/builduser/.ssh/aur_id_rsa\n StrictHostKeyChecking no\n' \
> /home/builduser/.ssh/config && \
chown -R builduser:builduser /home/builduser/.ssh && \
chmod 700 /home/builduser/.ssh && \
chmod 600 /home/builduser/.ssh/config
# Allow git to operate on the mounted workspace
RUN git config --system --add safe.directory '*'
WORKDIR /workspace
# The entrypoint runs as root, sets up the SSH key, then drops to builduser
# for the polling loop.
ENTRYPOINT ["/workspace/scripts/entrypoint.sh"]
README.md
+23 -70
View File
@@ -1,80 +1,33 @@
# webkit2gtk-automator
Automated builder and AUR publisher for [webkit2gtk](https://aur.archlinux.org/packages/webkit2gtk), running on a self-hosted server.
Automated builder and AUR publisher for [webkit2gtk](https://aur.archlinux.org/packages/webkit2gtk), running on GitHub Actions.
Every hour the container polls the AUR for a new webkit2gtk version. When an update is detected, it builds the package from source inside an isolated Arch Linux container and publishes the resulting binary as a [webkit2gtk-bin](https://aur.archlinux.org/packages/webkit2gtk-bin) AUR package, with the prebuilt artifact hosted on [GitHub Releases](https://github.com/Brodino96/webkit2gtk-automator/releases).
Every day a workflow checks the AUR for a new `webkit2gtk` version. When an update is detected, it triggers a build on a 64 cores runner, compiles the package from source inside an Arch Linux container, publishes the resulting binary as a GitHub Release, and updates the [webkit2gtk-bin](https://aur.archlinux.org/packages/webkit2gtk-bin) AUR package to point to the new artifact.
## How it works
```
docker compose up -d
check-version.yml (runs daily at midnight UTC)
└── container starts
every hour:
├── query AUR RPC API for webkit2gtk version
├── if unchanged → sleep
── if newer →
git pull webkit2gtk PKGBUILD
makepkg (all available cores)
upload .pkg.tar.zst to GitHub Releases
update webkit2gtk-bin PKGBUILD + .SRCINFO
git push to AUR
├── query latest GitHub Release tag
── if unchanged -> stop
└── if newer -> trigger build-release.yml with the new version
└── build-release.yml (ubuntu-latest-64-cores, archlinux container)
├── build-package.sh
│ ├── pacman -Syu, install base-devel, git, curl, jq, github-cli
│ ├── clone webkit2gtk from AUR
│ └── makepkg -s -> .pkg.tar.zst
├── create-release.sh
│ ├── gh release create vX.Y.Z
│ └── upload .pkg.tar.zst as release asset
└── update-aur.sh
├── clone webkit2gtk-bin AUR repo via SSH
├── patch pkgver, source, sha256sums in PKGBUILD
├── makepkg --printsrcinfo -> .SRCINFO
└── git push to AUR
```
## Setup
**1) Clone the repository**
```bash
git clone https://github.com/Brodino96/webkit2gtk-automator.git
cd webkit2gtk-automator
```
**2) Configure the environment**
```bash
cp .env.example .env
```
Edit `.env` and fill in:
| Variable | Description |
|---------------------------|-----------------------------------------------------------------------------------|
| `GITHUB_TOKEN` | Personal access token with **Contents: read/write** on this repo |
| `GITHUB_REPO` | `Brodino96/webkit2gtk-automator` |
| `AUR_SSH_KEY_PATH` | Absolute path to the SSH private key registered on your AUR account |
| `AUR_PACKAGE_NAME` | `webkit2gtk-bin` |
| `AUR_MAINTAINER_NAME` | Your name (written into the published PKGBUILD) |
| `AUR_MAINTAINER_EMAIL` | Your email (written into the published PKGBUILD) |
| `POLL_INTERVAL_SECONDS` | How often to check for updates, in seconds (default: `3600`) |
| `NPROC` | CPU cores for compilation, also caps the container's CPU quota (default: `4`) |
**3) Start the daemon**
```bash
docker compose up -d
```
**4) Optional - Watch the logs**
```bash
docker compose logs -f
```
## Useful commands
```bash
# Stop the daemon
docker compose down
# Rebuild the image after a Dockerfile change
docker compose up -d --build
# Force a rebuild on next poll (reset the tracked version)
rm state/last_version
docker compose restart
```
## Notes
- The build takes 13 hours depending on server hardware
- If an artifact for the current version already exists in `state/artifacts/`, the build step is skipped and the existing file is published directly (useful for testing)
- All logs go to stdout and are accessible via `docker compose logs`
- The `state/` directory is created at runtime and is not tracked by git
docker-compose.yml
-23
View File
@@ -1,23 +0,0 @@
services:
builder:
build:
context: .
dockerfile: Dockerfile
image: webkit2gtk-builder
container_name: webkit2gtk-builder
restart: unless-stopped
env_file:
- .env
# NPROC in .env controls both the number of compiler jobs (make -jN) and
# the CPU cap enforced by the kernel. Set it once, it applies everywhere
cpus: '${NPROC:-4}'
mem_limit: 12g
memswap_limit: 12g
volumes:
# Entire project mounted so the container can read/write state, artifacts,
# and the webkit2gtk / webkit2gtk-bin git repos
- .:/workspace
# AUR SSH private key (path set in .env via AUR_SSH_KEY_PATH)
- ${AUR_SSH_KEY_PATH}:/run/secrets/aur_id_rsa:ro
# No ports needed this is a pure background worker
# Logs are available via: docker compose logs -f
scripts/build-package.sh
+42
View File
@@ -0,0 +1,42 @@
#!/usr/bin/env bash
set -euo pipefail
# Setups Arch building environment, clones webkit2gtk from the AUR and builds it
# Outputs the path and filename of the built .pkg.tar.zst to GITHUB_OUTPUT
BUILD_DIR="/build/webkit2gtk"
echo "Initializing pacman keyring..."
pacman-key --init
pacman-key --populate archlinux
echo "Updating system..."
pacman -Syu --noconfirm
echo "Installing build dependencies..."
pacman -S --noconfirm base-devel git curl jq github-cli
echo "Creating builduser..."
if ! id builder &>/dev/null; then
useradd -m builder
fi
echo "builder ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
echo "Cloning webkit2gtk AUR repo..."
git clone https://aur.archlinux.org/webkit2gtk.git "$BUILD_DIR"
chown -R builder:builder "$BUILD_DIR"
echo "Building package..."
su builder -c "cd $BUILD_DIR && makepkg -s --noconfirm"
echo "Locating build package..."
PKG_PATH=$(find "$BUILD_DIR" -maxdepth 1 -name "*.pkg.tar.zst" | head -n 1)
if [ -z "$PKG_PATH" ]; then
echo "ERROR: No .pkg.tar.zst found after build" >&2
exit 1
fi
echo "Build package: $PKG_PATH"
echo "pkg_path=$PKG_PATH" >> "$GITHUB_OUTPUT"
echo "pkg_name=$(basename "$PKG_PATH")" >> "$GITHUB_OUTPUT"
scripts/build.sh
-85
View File
@@ -1,85 +0,0 @@
#!/usr/bin/env bash
# build.sh
# Runs as builduser (inside Docker or a GitHub Actions container job).
# Builds webkit2gtk from the AUR PKGBUILD and copies the resulting
# .pkg.tar.zst packages to <workspace>/state/artifacts/.
#
# Works in both environments:
# Docker / local: WORKSPACE=/workspace (default)
# GitHub Actions: WORKSPACE=$GITHUB_WORKSPACE (set by runner)
set -euo pipefail
WORKSPACE="${GITHUB_WORKSPACE:-/workspace}"
SRC_DIR="${WORKSPACE}/webkit2gtk"
ARTIFACTS_DIR="${WORKSPACE}/state/artifacts"
log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] [build] $*"
}
# Sanity checks
if [[ ! -f "${SRC_DIR}/PKGBUILD" ]]; then
log "ERROR: PKGBUILD not found at ${SRC_DIR}/PKGBUILD"
exit 1
fi
mkdir -p "${ARTIFACTS_DIR}"
# Skip rebuild if artifacts for this version already exist
pkgver=$(bash -c "source ${SRC_DIR}/PKGBUILD; echo \${pkgver}")
pkgrel=$(bash -c "source ${SRC_DIR}/PKGBUILD; echo \${pkgrel}")
existing=$(find "${ARTIFACTS_DIR}" -maxdepth 1 \
-name "webkit2gtk-${pkgver}-${pkgrel}-*.pkg.tar.zst" \
! -name 'webkit2gtk-docs-*' \
-print | head -n1)
if [[ -n "${existing}" ]]; then
log "Artifacts for ${pkgver}-${pkgrel} already exist, skipping build"
log "Using cached: $(basename "${existing}")"
exit 0
fi
# Clean any leftover build artifacts from a previous run
log "Cleaning previous build artifacts in ${SRC_DIR}"
# makepkg leaves behind src/, pkg/ and the .pkg.tar.zst files
cd "${SRC_DIR}"
rm -rf src/ pkg/
find . -maxdepth 1 -name '*.pkg.tar.zst' -delete
find . -maxdepth 1 -name '*.pkg.tar.zst.sig' -delete
# Build
# Use all available cores. MAKEFLAGS is respected by makepkg and passed
# through to cmake/ninja. NPROC can be overridden via the environment.
nproc="${NPROC:-$(nproc)}"
export MAKEFLAGS="-j${nproc}"
log "Building with ${nproc} cores"
log "Running makepkg in ${SRC_DIR}"
# --syncdeps : install missing makedepends automatically
# --noconfirm : do not ask for confirmations
# --clean : clean up src/ and pkg/ after a successful build
# --log : write build log to makepkg-<pkgname>.log
makepkg \
--syncdeps \
--noconfirm \
--log
# Collect artifacts
log "Collecting built packages"
packages=()
while IFS= read -r -d '' pkg; do
packages+=("${pkg}")
done < <(find "${SRC_DIR}" -maxdepth 1 -name '*.pkg.tar.zst' -print0)
if [[ ${#packages[@]} -eq 0 ]]; then
log "ERROR: No .pkg.tar.zst files found after build"
exit 1
fi
for pkg in "${packages[@]}"; do
log "Copying $(basename "${pkg}") to ${ARTIFACTS_DIR}/"
cp "${pkg}" "${ARTIFACTS_DIR}/"
done
log "Build complete, artifacts:"
ls -lh "${ARTIFACTS_DIR}"/*.pkg.tar.zst
scripts/check-update.sh
+22 -59
View File
@@ -1,75 +1,38 @@
#!/usr/bin/env bash
# check-update.sh
# Queries the AUR RPC API for the latest webkit2gtk version and compares it
# against the last published version on GitHub Releases.
#
# Outputs:
# aur_version=<string> — latest AUR version string
# should_build=true|false — whether a new build is needed
#
# When run inside a GitHub Actions step, GITHUB_OUTPUT is set and the outputs
# are written there automatically. When run locally, they are printed to stdout.
#
# Required env vars (only when comparing against GitHub Releases):
# GITHUB_TOKEN — a token with 'contents: read' on GITHUB_REPO
# GITHUB_REPO — owner/repo, e.g. Brodino96/webkit2gtk-automator
set -euo pipefail
log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] [check-update] $*"
}
# Fetches the latest webkit2gtk version from the AUR and compares with latest Github release
# Outputs the AUR version to GITHUB_OUTPUT if a build should be triggered, otherwiste ouputs an empty string
set_output() {
local key="$1"
local value="$2"
if [[ -n "${GITHUB_OUTPUT:-}" ]]; then
echo "${key}=${value}" >> "${GITHUB_OUTPUT}"
else
log "OUTPUT: ${key}=${value}"
fi
}
REPO="${GITHUB_REPOSITORY}"
# ---------------------------------------------------------------------------
# 1. Fetch latest AUR version
# ---------------------------------------------------------------------------
AUR_API_URL="https://aur.archlinux.org/rpc/v5/info/webkit2gtk"
echo "Fetching AUR version..."
AUR_VERSION=$(curl -s "https://aur.archlinux.org/rpc/v5/info/webkit2gtk" \
| jq -r ".results[0].Version" \
)
log "Querying AUR for webkit2gtk"
response=$(curl -fsSL "${AUR_API_URL}")
aur_version=$(echo "${response}" | jq -r '.results[0].Version')
if [[ -z "${aur_version}" || "${aur_version}" == "null" ]]; then
log "ERROR: Failed to parse version from AUR response: ${response}"
if [ -z "$AUR_VERSION" ] || [ "$AUR_VERSION" = "null" ]; then
echo "ERROR: Could not fetch AUR version" >&2
exit 1
fi
log "AUR version: ${aur_version}"
set_output "aur_version" "${aur_version}"
echo "AUR version: $AUR_VERSION"
# ---------------------------------------------------------------------------
# 2. Fetch last published version from GitHub Releases
# ---------------------------------------------------------------------------
: "${GITHUB_TOKEN:?GITHUB_TOKEN is not set}"
: "${GITHUB_REPO:?GITHUB_REPO is not set}"
log "Fetching latest GitHub Release tag from ${GITHUB_REPO}"
tag=$(gh release list \
--repo "${GITHUB_REPO}" \
echo "Fetching latest Github release..."
TAG=$(gh release list \
--repo "$REPO" \
--limit 1 \
--json tagName \
--jq '.[0].tagName // ""' 2>/dev/null || echo "")
--jq '.[0].tagName // ""'
)
RELEASE_VERSION="${TAG#v}"
last_version="${tag#v}"
log "Last published version: ${last_version:-<none>}"
echo "Release version: ${RELEASE_VERSION:-"(none)"}"
# ---------------------------------------------------------------------------
# 3. Compare
# ---------------------------------------------------------------------------
if [[ "${aur_version}" == "${last_version}" ]]; then
log "Already up to date (${aur_version}), nothing to do"
set_output "should_build" "false"
if [ -z "$RELEASE_VERSION" ] || [ "$AUR_VERSION" != "$RELEASE_VERSION" ]; then
echo "Version mismatch or no release found, build required"
echo "trigger_version=$AUR_VERSION" >> "$GITHUB_OUTPUT"
else
log "New version detected: ${aur_version} (was: ${last_version:-<none>})"
set_output "should_build" "true"
echo "Version match, no build required"
echo "trigger_version=" >> "$GITHUB_OUTPUT"
fi
scripts/create-release.sh
+36
View File
@@ -0,0 +1,36 @@
#!/usr/bin/env bash
set -euo pipefail
# Creates a Github release for the given version and uploads the built .pkg.tar.zst artifact
# Outputs asset download URL to GITHUB_OUTPUT
VERSION="${1:?Usage: create-release.sh <version> <pkg_path>}"
PKG_PATH="${2:?Usage: create-release.sh <version> <pkg_path>}"
REPO="${GITHUB_REPOSITORY}"
if [ ! -f "$PKG_PATH" ]; then
echo "ERROR: Package file not found at $PKG_PATH" >&2
exit 1
fi
echo "Creating Github release v${VERSION}..."
gh release create "v${VERSION}" \
--repo "$REPO" \
--title "v${VERSION}" \
--notes "Automated build of webkit2gtk v${VERSION} from AUR" \
"$PKG_PATH"
echo "Fetching asset URL..."
ASSET_URL=$(gh release view "v${VERSION}" \
--repo "$REPO" \
--json assets \
--jq '.assets[] | select(.name | endswith(".pkg.tar.zst")) | .url'
)
if [ -z "$ASSET_URL" ]; then
echo "ERROR: Could not retrieve asset URL after upload" >&2
exit 1
fi
echo "Asset URL: $ASSET_URL"
echo "asset_url=$ASSET_URL" >> "$GITHUB_OUTPUT"
scripts/entrypoint.sh
-70
View File
@@ -1,70 +0,0 @@
#!/usr/bin/env bash
# entrypoint.sh
# Container entry point. Runs as root, sets up the SSH key and git identity
# for builduser, then drops to builduser and starts the polling loop.
#
# The loop runs check-update.sh every POLL_INTERVAL_SECONDS (default: 3600).
# All output goes to stdout/stderr so 'docker compose logs -f' works naturally.
set -euo pipefail
# Load .env so all variables are available both here (root) and in child
# processes running as builduser. Docker's env_file only sets variables for
# the initial process; sudo drops them by default.
if [[ -f /workspace/.env ]]; then
set -a
# shellcheck source=/dev/null
source /workspace/.env
set +a
fi
POLL_INTERVAL_SECONDS="${POLL_INTERVAL_SECONDS:-3600}"
# Set up AUR SSH key
SSH_DIR=/home/builduser/.ssh
KEY_SRC=/run/secrets/aur_id_rsa
KEY_DST="${SSH_DIR}/aur_id_rsa"
if [[ -f "${KEY_SRC}" ]]; then
cp "${KEY_SRC}" "${KEY_DST}"
chown builduser:builduser "${KEY_DST}"
chmod 600 "${KEY_DST}"
echo "[entrypoint] AUR SSH key installed"
else
echo "[entrypoint] WARNING: AUR SSH key not found at ${KEY_SRC}, publishing to AUR will fail" >&2
fi
# Set git identity for builduser
sudo -u builduser HOME=/home/builduser git config --global user.name "${AUR_MAINTAINER_NAME:-webkit2gtk-automator}"
sudo -u builduser HOME=/home/builduser git config --global user.email "${AUR_MAINTAINER_EMAIL:-noreply@localhost}"
# Import WebKitGTK PGP signing keys into builduser's keyring
# makepkg verifies the source tarball signature against these keys.
# Try the bundled local keys first (no network needed), then fall back to keyservers.
echo "[entrypoint] Importing WebKitGTK PGP signing keys"
if ls /workspace/webkit2gtk/keys/pgp/*.asc &>/dev/null; then
sudo -u builduser HOME=/home/builduser gpg --import /workspace/webkit2gtk/keys/pgp/*.asc
echo "[entrypoint] PGP keys imported from local bundle"
else
sudo -u builduser HOME=/home/builduser gpg --keyserver keyserver.ubuntu.com --recv-keys \
5AA3BC334FD7E3369E7C77B291C559DBE4C9123B \
013A0127AC9C65B34FFA62526C1009B693975393 || \
sudo -u builduser HOME=/home/builduser gpg --keyserver hkps://keys.openpgp.org --recv-keys \
5AA3BC334FD7E3369E7C77B291C559DBE4C9123B \
013A0127AC9C65B34FFA62526C1009B693975393
echo "[entrypoint] PGP keys imported from keyserver"
fi
# Drop to builduser and start the polling loop
echo "[entrypoint] Starting polling loop, interval: ${POLL_INTERVAL_SECONDS}s"
exec sudo -u builduser --preserve-env HOME=/home/builduser bash -c '
set -euo pipefail
POLL_INTERVAL_SECONDS="'"${POLL_INTERVAL_SECONDS}"'"
NPROC="'"${NPROC:-}"'"
[[ -n "${NPROC}" ]] && export NPROC
while true; do
/workspace/scripts/check-update.sh
echo "[entrypoint] Sleeping for ${POLL_INTERVAL_SECONDS}s"
sleep "${POLL_INTERVAL_SECONDS}"
done
'
scripts/publish.sh
-242
View File
@@ -1,242 +0,0 @@
#!/usr/bin/env bash
# publish.sh
# Runs as builduser (inside Docker or a GitHub Actions container job).
#
# Steps:
# 1. Find the built webkit2gtk .pkg.tar.zst in state/artifacts/
# 2. Upload it to a GitHub Release (creates the release if needed)
# 3. Update webkit2gtk-bin/PKGBUILD with the new version, URL and sha256sum
# 4. Regenerate webkit2gtk-bin/.SRCINFO
# 5. Commit and push webkit2gtk-bin/ to the AUR
#
# Works in both environments:
# Docker / local: WORKSPACE=/workspace (default)
# GitHub Actions: WORKSPACE=$GITHUB_WORKSPACE (set by runner)
set -euo pipefail
WORKSPACE="${GITHUB_WORKSPACE:-/workspace}"
ARTIFACTS_DIR="${WORKSPACE}/state/artifacts"
BIN_PKG_DIR="${WORKSPACE}/webkit2gtk-bin"
SRC_PKGBUILD="${WORKSPACE}/webkit2gtk/PKGBUILD"
log() {
echo "[$(date '+%Y-%m-%d %H:%M:%S')] [publish] $*"
}
die() {
log "ERROR: $*" >&2
exit 1
}
# Validate required env vars
: "${GITHUB_TOKEN:?GITHUB_TOKEN is not set}"
: "${GITHUB_REPO:?GITHUB_REPO is not set}"
: "${AUR_PACKAGE_NAME:?AUR_PACKAGE_NAME is not set}"
: "${AUR_MAINTAINER_NAME:?AUR_MAINTAINER_NAME is not set}"
: "${AUR_MAINTAINER_EMAIL:?AUR_MAINTAINER_EMAIL is not set}"
# Authenticate gh CLI
# GITHUB_TOKEN is already in the environment and picked up by gh automatically
# Find the main webkit2gtk package only (exclude -docs and -debug variants)
log "Looking for built package in ${ARTIFACTS_DIR}"
pkgver=$(bash -c "source ${SRC_PKGBUILD}; echo \${pkgver}")
pkgrel=$(bash -c "source ${SRC_PKGBUILD}; echo \${pkgrel}")
full_version="${pkgver}-${pkgrel}"
log "Package version: ${full_version}"
pkg_file="${ARTIFACTS_DIR}/webkit2gtk-${pkgver}-${pkgrel}-x86_64.pkg.tar.zst"
[[ -f "${pkg_file}" ]] || die "Expected artifact not found: ${pkg_file}"
log "Found package: ${pkg_file}"
# Compute sha256sum of the artifact
sha256=$(sha256sum "${pkg_file}" | awk '{print $1}')
log "sha256sum: ${sha256}"
pkg_filename=$(basename "${pkg_file}")
# Upload to GitHub Releases
release_tag="v${full_version}"
release_title="webkit2gtk ${full_version}"
log "Creating/updating GitHub release ${release_tag}"
# Create the release if it doesn't exist
if gh release view "${release_tag}" --repo "${GITHUB_REPO}" &>/dev/null; then
log "Release ${release_tag} already exists, proceeding to upload asset"
else
log "Creating GitHub release ${release_tag}"
gh release create "${release_tag}" \
--repo "${GITHUB_REPO}" \
--title "${release_title}" \
--notes "Automated build of webkit2gtk ${full_version}"
fi
# Upload the package (--clobber overwrites an existing asset with the same name)
log "Uploading ${pkg_filename} to release ${release_tag}"
gh release upload "${release_tag}" \
--repo "${GITHUB_REPO}" \
--clobber \
"${pkg_file}"
# Build the public download URL
download_url="https://github.com/${GITHUB_REPO}/releases/download/${release_tag}/${pkg_filename}"
log "Download URL: ${download_url}"
# Ensure webkit2gtk-bin AUR clone exists
AUR_REMOTE="ssh://aur@aur.archlinux.org/${AUR_PACKAGE_NAME}.git"
if [[ ! -d "${BIN_PKG_DIR}/.git" ]]; then
log "Cloning ${AUR_PACKAGE_NAME} from AUR"
git clone "${AUR_REMOTE}" "${BIN_PKG_DIR}"
else
log "Pulling latest ${AUR_PACKAGE_NAME} from AUR"
git -C "${BIN_PKG_DIR}" pull --ff-only
fi
# Generate PKGBUILD
log "Generating PKGBUILD for ${AUR_PACKAGE_NAME}"
# Read the full depends array from the source PKGBUILD to keep them in sync
depends_block=$(bash -c "
source ${SRC_PKGBUILD}
for d in \"\${depends[@]}\"; do printf ' %s\n' \"\$d\"; done
")
provides_block=$(bash -c "
source ${SRC_PKGBUILD}
# package_webkit2gtk() sets provides; source the function then call it in a subshell
# Simpler: hardcode from .SRCINFO since provides is stable
echo ' libjavascriptcoregtk-4.0.so'
echo ' libwebkit2gtk-4.0.so'
echo ' webkit2gtk'
")
cat > "${BIN_PKG_DIR}/PKGBUILD" <<PKGBUILD
# Maintainer: ${AUR_MAINTAINER_NAME} <${AUR_MAINTAINER_EMAIL}>
# Automated binary repackaging of webkit2gtk built from AUR sources.
# Source: https://github.com/${GITHUB_REPO}
pkgname=${AUR_PACKAGE_NAME}
pkgver=${pkgver}
pkgrel=${pkgrel}
pkgdesc="Web content engine for GTK (prebuilt binary)"
url="https://webkitgtk.org"
arch=(x86_64)
license=(
'AFL-2.0 OR GPL-2.0-or-later'
Apache-2.0
'Apache-2.0 WITH LLVM-exception'
BSD-2-Clause
BSD-2-Clause-Views
BSD-3-Clause
BSD-Source-Code
BSL-1.0
bzip2-1.0.6
GPL-2.0-only
'GPL-3.0-only WITH Autoconf-exception-3.0'
'GPL-3.0-or-later WITH Bison-exception-2.2'
ICU
ISC
LGPL-2.1-only
LGPL-2.1-or-later
MIT
MPL-1.1
MPL-2.0
NCSA
'NCSA OR MIT'
OFL-1.1
SunPro
Unicode-TOU
)
depends=(
at-spi2-core
atk
bubblewrap
cairo
enchant
expat
fontconfig
freetype2
gdk-pixbuf2
glib2
glibc
gst-plugins-bad-libs
gst-plugins-base-libs
gstreamer
gtk3
harfbuzz
harfbuzz-icu
hyphen
icu
lcms2
libatomic
libavif
libdrm
libegl
libepoxy
libgcc
libgcrypt
libgl
libgles
libjpeg-turbo
libjxl
libmanette
libpng
libseccomp
libsecret
libsoup
libstdc++
libsystemd
libtasn1
libwebp
libx11
libxml2
libxslt
mesa
openjpeg2
pango
sqlite
ttf-font
wayland
woff2
xdg-dbus-proxy
zlib
)
provides=(
libjavascriptcoregtk-4.0.so
libwebkit2gtk-4.0.so
webkit2gtk
)
conflicts=(webkit2gtk)
source=("${pkg_filename}::${download_url}")
sha256sums=('${sha256}')
package() {
# The .pkg.tar.zst is a pre-built Arch package.
# bsdtar extracts it; we relocate its contents into \$pkgdir.
cd "\${srcdir}"
bsdtar -xf "${pkg_filename}" -C "\${pkgdir}"
# Remove the embedded .PKGINFO and .MTREE metadata files that
# bsdtar includes they are not part of the installed file tree.
rm -f "\${pkgdir}"/.PKGINFO "\${pkgdir}"/.MTREE "\${pkgdir}"/.BUILDINFO
}
PKGBUILD
log "PKGBUILD generated"
# Generate .SRCINFO
log "Generating .SRCINFO"
cd "${BIN_PKG_DIR}"
makepkg --printsrcinfo > .SRCINFO
log ".SRCINFO generated"
# Commit and push to AUR
log "Committing changes to AUR"
git -C "${BIN_PKG_DIR}" add PKGBUILD .SRCINFO
git -C "${BIN_PKG_DIR}" commit -m "Update to ${full_version}" || {
log "Nothing to commit, package already at ${full_version}"
exit 0
}
log "Pushing to AUR remote (${AUR_REMOTE})"
git -C "${BIN_PKG_DIR}" push origin master
log "Successfully published ${AUR_PACKAGE_NAME} ${full_version} to AUR"
scripts/update-aur.sh
+50
View File
@@ -0,0 +1,50 @@
#!/usr/bin/env bash
set -euo pipefail
VERSION="${1:?Usage: update-aur.sh <version> <pkg_path> <asset_url>}"
PKG_PATH="${2:?Usage: update-aur.sh <version> <pkg_path> <asset_url>}"
ASSET_URL="${3:?Usage: update-aur.sh <version> <pkg_path> <asset_url>}"
AUR_DIR="/build/webkit2gtk-bin"
# VERSION is in the format pkgver-pkgrel (e.g. 2.46.5-2)
PKGVER="${VERSION%-*}"
PKGREL="${VERSION##*-}"
echo "Configuring AUR SSH key..."
mkdir -p /root/.ssh
echo "${AUR_SSH_KEY:?AUR_SSH_KEY environment variable is not set}" > /root/.ssh/aur
chmod 600 /root/.ssh/aur
cat >> /root/.ssh/config <<EOF
IdentityFile /root/.ssh/aur
User aur
StrictHostKeyChecking accept-new
EOF
ssh-keyscan aur.archlinux.org >> root/.ssh/known_hosts
echo "Cloning webkit2gtk-bin AUR repo"
git clone ssh://aur@aur.archlinux.org/webkit2gtk-bin.git "$AUR_DIR"
echo "Hashing artifact..."
SHA256=$(sha256sum "$PKG_PATH" | awk '{print $1}' )
echo "sha256: $SHA256"
echo "Updating PKBUILD..."
cd "$AUR_DIR"
sed -i "s|^pkgver=.*|pkgver=${PKGVER}|" PKGBUILD
sed -i "s|^pkgrel=.*|pkgrel=${PKGREL}|" PKGBUILD
sed -i "s|^source=.*|source=(\"${ASSET_URL}\")|" PKGBUILD
sed -i "s|^sha256sums=.*|sha256sums=(\"${SHA256}\")|" PKGBUILD
echo "Regenerating .SRCINFO..."
chown -R builder:builder "$AUR_DIR"
su builder -c "cd $AUR_DIR && makepkg --printsrcinfo > .SRCINFO"
echo "Committing and pushing to AUR..."
git config user.name "Brodino"
git config user.email "brodino96@gmail.com"
git add PKGBUILD .SRCINFO
git commit -m "Update to v${VERSION}"
git push