From c53aa59f5808423989206e36b3b0ecf024b4f7f7 Mon Sep 17 00:00:00 2001 From: "D. Can Celasun" Date: Fri, 30 May 2025 22:03:43 +0100 Subject: [PATCH] Add support for loading PGP keys Without this, the only way to build PKGBUILDs with signatures is to pass --skippgpcheck to makepkg. Also switched to a package with PGP keys to verify. --- .github/workflows/main.yml | 20 +++++++++++--------- .gitignore | 1 + README.md | 24 +++++++++++++----------- action.yml | 10 ++++++++++ entrypoint.sh | 16 ++++++++++++---- 5 files changed, 47 insertions(+), 24 deletions(-) create mode 100644 .gitignore diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 6806f63..e8a0033 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -26,21 +26,23 @@ jobs: - name: Get sample package run: | - mkdir visual-studio-code-bin - pushd visual-studio-code-bin - wget https://github.com/dcelasun/pkgbuilds/raw/ee68e4c19c40a0a36a50e289259fcfd94f43786d/visual-studio-code-bin/PKGBUILD - wget https://github.com/dcelasun/pkgbuilds/raw/ee68e4c19c40a0a36a50e289259fcfd94f43786d/visual-studio-code-bin/.SRCINFO - wget https://github.com/dcelasun/pkgbuilds/raw/ee68e4c19c40a0a36a50e289259fcfd94f43786d/visual-studio-code-bin/visual-studio-code-bin.install - wget https://github.com/dcelasun/pkgbuilds/raw/ee68e4c19c40a0a36a50e289259fcfd94f43786d/visual-studio-code-bin/visual-studio-code-bin.sh + # Spotify 1:1.2.63.394-1 + mkdir spotify + pushd spotify + wget https://github.com/christian-heusel/aur/raw/5032e51a0b493cb7149264ec27a761ac85c81933/spotify/PKGBUILD + wget https://github.com/christian-heusel/aur/raw/5032e51a0b493cb7149264ec27a761ac85c81933/spotify/.SRCINFO + wget https://github.com/christian-heusel/aur/raw/5032e51a0b493cb7149264ec27a761ac85c81933/spotify/LICENSE + wget https://github.com/christian-heusel/aur/raw/5032e51a0b493cb7149264ec27a761ac85c81933/spotify/spotify.protocol + wget https://github.com/christian-heusel/aur/raw/5032e51a0b493cb7149264ec27a761ac85c81933/spotify/spotify.sh popd - name: Running test uses: ./ with: - pkgver: '1.100.1' - pkgrel: 1 + pkgrel: 2 updpkgsums: true srcinfo: true - path: 'visual-studio-code-bin' + path: 'spotify' + pgpkeys: 'C85668DF69375001' - name: Show diff run: | diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..485dee6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.idea diff --git a/README.md b/README.md index adbb7e9..dfcb32f 100644 --- a/README.md +++ b/README.md @@ -21,17 +21,19 @@ Here's what this action can do: Following inputs can be used as `step.with` keys -| Name | Type | Default | Required | Description | -| -------------------------- | ------- | ------------------ | -------- | -------------------------------------------------------------------------------- | -| `path` | String | | `false` | Path where PKGBUILD is located. This path always located under $GITHUB_WORKSPACE | -| `pkgver` | String | | `false` | Update `pkgver` on your PKGBUILD | -| `pkgrel` | Integer | | `false` | Update `pkgrel` on your PKGBUILD | -| `updpkgsums` | Boolean | `false` | `false` | Update checksums on your PKGBUILD | -| `srcinfo` | Boolean | `false` | `false` | Generate new .SRCINFO | -| `namcap` | Boolean | `true` | `false` | Validate PKGBUILD | -| `flags` | String | `-cfs --noconfirm` | `false` | Flags after `makepkg` command. Leave this empty will disable this command. | -| `aur` | Boolean | `false` | `false` | Resolve dependencies using paru | -| `update_archlinux_keyring` | Boolean | `true` | `false` | Update the archlinux keyring | +| Name | Type | Default | Required | Description | +|----------------------------|---------|-------------------------------|----------|----------------------------------------------------------------------------------| +| `path` | String | | `false` | Path where PKGBUILD is located. This path always located under $GITHUB_WORKSPACE | +| `pkgver` | String | | `false` | Update `pkgver` on your PKGBUILD | +| `pkgrel` | Integer | | `false` | Update `pkgrel` on your PKGBUILD | +| `updpkgsums` | Boolean | `false` | `false` | Update checksums on your PKGBUILD | +| `srcinfo` | Boolean | `false` | `false` | Generate new .SRCINFO | +| `namcap` | Boolean | `true` | `false` | Validate PKGBUILD | +| `flags` | String | `-cfs --noconfirm` | `false` | Flags after `makepkg` command. Leave this empty will disable this command. | +| `aur` | Boolean | `false` | `false` | Resolve dependencies using paru | +| `update_archlinux_keyring` | Boolean | `true` | `false` | Update the archlinux keyring | +| `pgpkeys` | String | | `false` | Comma-separated PGP public keys to be loaded before calling makepkg. | +| `pgpkeyserver` | String | `hkps://keyserver.ubuntu.com` | `false` | PGP key server address. | ### Examples diff --git a/action.yml b/action.yml index c75a21f..2c164be 100644 --- a/action.yml +++ b/action.yml @@ -43,6 +43,14 @@ inputs: description: 'Update archlinux-keyring' default: 'true' required: false + pgpkeys: + description: 'Comma-separated pgp keys' + default: '' + required: false + pgpkeyserver: + description: 'PGP key server' + default: 'hkps://keyserver.ubuntu.com' + required: false runs: using: 'docker' @@ -57,3 +65,5 @@ runs: - ${{ inputs.namcap }} - ${{ inputs.aur }} - ${{ inputs.archlinux_keyring }} + - ${{ inputs.pgpkeys }} + - ${{ inputs.pgpkeyserver }} diff --git a/entrypoint.sh b/entrypoint.sh index 22da8c4..6a0e311 100755 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -9,6 +9,14 @@ cd $HOME mkdir gh-action cd gh-action +if [[ -n $INPUT_PGPKEYS ]]; then + echo "::group::Loading PGP keys" + for key in ${INPUT_PGPKEYS//,/$'\n'}; do + gpg --keyserver $INPUT_PGPKEYSERVER --recv-keys $key + done + echo "::endgroup::" +fi + # If there is a custom path, we need to copy the whole repository # because we run "git diff" at several stages and without the entire # tree the output will be incorrect. @@ -33,7 +41,7 @@ fi if [[ -n $INPUT_PKGVER ]]; then echo "::group::Updating pkgver on PKGBUILD" sed -i "s:^pkgver=.*$:pkgver=$INPUT_PKGVER:g" PKGBUILD - git diff PKGBUILD + git --no-pager diff PKGBUILD echo "::endgroup::" fi @@ -41,7 +49,7 @@ fi if [[ -n $INPUT_PKGREL ]]; then echo "::group::Updating pkgrel on PKGBUILD" sed -i "s:^pkgrel=.*$:pkgrel=$INPUT_PKGREL:g" PKGBUILD - git diff PKGBUILD + git --no-pager diff PKGBUILD echo "::endgroup::" fi @@ -49,7 +57,7 @@ fi if [[ $INPUT_UPDPKGSUMS == true ]]; then echo "::group::Updating checksums on PKGBUILD" updpkgsums - git diff PKGBUILD + git --no-pager diff PKGBUILD echo "::endgroup::" fi @@ -57,7 +65,7 @@ fi if [[ $INPUT_SRCINFO == true ]]; then echo "::group::Generating new .SRCINFO based on PKGBUILD" makepkg --printsrcinfo >.SRCINFO - git diff .SRCINFO + git --no-pager diff .SRCINFO echo "::endgroup::" fi