Build / publish APA #110
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build / publish APA | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'debian/changelog' | |
| workflow_dispatch: # allow manual triggering | |
| jobs: | |
| build-debs: | |
| runs-on: ${{ matrix.runner }} | |
| name: ${{ matrix.architecture }} | |
| strategy: | |
| matrix: | |
| include: | |
| - architecture: amd64 | |
| runner: ubuntu-latest | |
| - architecture: armhf | |
| runner: ubuntu-24.04-arm | |
| - architecture: arm64 | |
| runner: ubuntu-24.04-arm | |
| - architecture: riscv64 | |
| runner: ubuntu-latest | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Set up build environment | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y dpkg-dev debhelper | |
| - name: Build deb and source packages | |
| uses: jtdor/build-deb-action@v1 | |
| env: | |
| DEB_BUILD_OPTIONS: noautodbgsym | |
| with: | |
| host-arch: ${{ matrix.architecture }} | |
| buildpackage-opts: --build=${{ matrix.architecture == 'amd64' && 'full' || 'any' }} | |
| docker-image: debian:testing-20250407 | |
| - name: "Upload artifacts" | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: artifacts-${{ matrix.architecture }} | |
| path: debian/artifacts/ | |
| if-no-files-found: ignore | |
| merge: | |
| env: | |
| PRIMARY_KEY: ${{ secrets.GPG_KEY3 }} | |
| SECONDARY_KEY: ${{ secrets.GPG_KEY4 }} | |
| name: "Merge artifacts and publish" | |
| needs: build-debs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Download All Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: debian/artifacts/ | |
| pattern: artifacts-* | |
| merge-multiple: true | |
| - name: Set up build environment | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y reprepro | |
| - name: Import PRIMARY GPG key | |
| id: import_gpg_primary | |
| if: env.PRIMARY_KEY != '' | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ env.PRIMARY_KEY }} | |
| - name: Import SECONDARY GPG key | |
| id: import_gpg_secondary | |
| if: env.SECONDARY_KEY != '' | |
| uses: crazy-max/ghaction-import-gpg@v6 | |
| with: | |
| gpg_private_key: ${{ env.SECONDARY_KEY }} | |
| - name: Generate GPG_PARAMETERS array | |
| id: build_gpg_parameters | |
| env: | |
| FPR_PRIMARY: ${{ steps.import_gpg_primary.outputs.fingerprint }} | |
| FPR_SECONDARY: ${{ steps.import_gpg_secondary.outputs.fingerprint }} | |
| run: | | |
| GPG_PARAMETERS="--yes --armor" | |
| [ -n "$FPR_PRIMARY" ] && GPG_PARAMETERS+=" -u $FPR_PRIMARY" | |
| [ -n "$FPR_SECONDARY" ] && GPG_PARAMETERS+=" -u $FPR_SECONDARY" | |
| echo "GPG_PARAMETERS=$GPG_PARAMETERS" >> "$GITHUB_ENV" | |
| - name: Create distribution repository and commit to data branch | |
| run: | | |
| git checkout --orphan data | |
| git rm -rf --cached . | |
| git config --global user.name "github-actions" | |
| git config --global user.email "[email protected]" | |
| for file in debian/artifacts/*.changes; do reprepro -b debian/artifacts include current $file;done | |
| reprepro -b debian/artifacts export | |
| echo "Sign repo with multiple keys" | |
| find "debian/artifacts/dists" -type f -name Release | while read -r release_file; do | |
| local distro_path | |
| distro_path="$(dirname "$release_file")" | |
| echo "Signing release at: $distro_path" | |
| gpg ${{ env.GPG_PARAMETERS }} --clear-sign -o "$distro_path/InRelease" "$release_file" | |
| gpg ${{ env.GPG_PARAMETERS }} --detach-sign -o "$distro_path/Release.gpg" "$release_file" | |
| done | |
| git add debian/artifacts/{pool,dists} | |
| git diff --cached --quiet || git commit --allow-empty -m "Update published repository files" | |
| git push --force --set-upstream origin data | |
| - name: "publish repository to web server" | |
| uses: peter-evans/repository-dispatch@v3 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| event-type: "Generate directory" |