From 41c036c2a6d08a529878a26464b61b39bd04d13e Mon Sep 17 00:00:00 2001 From: ytshih Date: Mon, 28 Jul 2025 00:23:26 +0800 Subject: [PATCH] Feat: add gpg key support --- action.yaml | 54 ++++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 45 insertions(+), 9 deletions(-) diff --git a/action.yaml b/action.yaml index 7b8988a..e07256c 100644 --- a/action.yaml +++ b/action.yaml @@ -8,6 +8,10 @@ inputs: description: "The context of the build environment" required: false default: . + gpg-password: + description: "Password of the gpg secret key to sign the package" + required: false + default: 'none' repo-name: description: "The repo name to be pushed to" required: false @@ -41,7 +45,12 @@ runs: - name: Build package run: | cd "${{ inputs.context }}" - makepkg -sc --needed --noconfirm + if [[ "${{ inputs.gpg-password }}" != 'none' ]]; then + echo "${{ inputs.gpg-password }}" | \ + makepkg -sc --needed --noconfirm --sign + else + makepkg -sc --needed --noconfirm + fi - name: Setup MinIO run: | @@ -52,19 +61,46 @@ runs: - name: Copy repo db from MinIO run: | mkdir repo - mcli cp "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.db" "repo/${{ inputs.repo-name }}.db.tar.zst" - mcli cp "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.files" "repo/${{ inputs.repo-name }}.files.tar.zst" + + mcli cp "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.db" \ + "repo/${{ inputs.repo-name }}.db.tar.zst" + mcli cp "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.files" \ + "repo/${{ inputs.repo-name }}.files.tar.zst" + echo "Copy ${{ inputs.repo-name }}.db and ${{ inputs.repo-name }}.files from MinIO" - name: Add pkgs to repo db run: | - repo-add "repo/${{ inputs.repo-name }}.db.tar.zst" *.pkg.tar.zst - mv *.pkg.tar.zst repo + if [[ "${{ inputs.gpg-password }}" != 'none' ]]; then + echo "${{ inputs.gpg-password }}" | \ + repo-add --verify --sign \ + "repo/${{ inputs.repo-name }}.db.tar.gz" *.pkg.tar.zst -- + mv *.pkg.tar.zst *.pkg.tar.zst.sig repo + else + repo-add "repo/${{ inputs.repo-name }}.db.tar.zst" *.pkg.tar.zst + mv *.pkg.tar.zst repo + fi echo "Add $(ls *.pkg.tar.zst) to repo" - name: Update repo to MinIO run: | - mcli mv repo/${{ inputs.repo-name }}.db.tar.zst "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.db" - mcli mv repo/${{ inputs.repo-name }}.files.tar.zst "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.files" - mcli mv repo/*.pkg.tar.zst "m/${{ inputs.minio-bucket }}" - echo "Update ${{ inputs.repo-name }}.db adn ${{ inputs.repo-name }}.files to MinIO" + mcli mv "repo/${{ inputs.repo-name }}.db.tar.zst" \ + "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.db" + if [[ -e "repo/${{ inputs.repo-name }}.db.tar.zst.sig" ]]; then + mcli mv "repo/${{ inputs.repo-name }}.db.tar.zst.sig" \ + "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.db.sig" + fi + + mcli mv "repo/${{ inputs.repo-name }}.files.tar.zst" \ + "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.files" + if [[ -e "repo/${{ inputs.repo-name }}.files.tar.zst.sig" ]]; then + mcli mv "repo/${{ inputs.repo-name }}.files.tar.zst.sig" \ + "m/${{ inputs.minio-bucket }}/${{ inputs.repo-name }}.files.sig" + fi + + find repo -name '*.pkg.tar.zst' | xargs -I% \ + mcli mv % "m/${{ inputs.minio-bucket }}" + find repo -name '*.pkg.tar.zst.sig' | xargs -I% \ + mcli mv % "m/${{ inputs.minio-bucket }}" + + echo "Update ${{ inputs.repo-name }}.db and ${{ inputs.repo-name }}.files to MinIO"