-
Notifications
You must be signed in to change notification settings - Fork 0
/
action.yaml
163 lines (159 loc) · 6.06 KB
/
action.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
---
name: "Aptly deb repo creator"
author: "Jinna Kiisuo <jinnak@nocturnal.fi>"
branding:
color: red
icon: aperture
description: |
Create APT compatible debian repositories into GitHub artifacts with Aptly.
inputs:
name:
description: |
"Short name of the project used as a slug to refer to your repo."
required: true
artifact_name:
description: |
"Name of the generated repo snapshot artifact. The default is {name}-{prefix}-repo-artifacts"
required: false
prefix:
description: |
Repo prefix in the published structure.
Relevant if you wish to separate say ubuntu & debian completely.
required: true
default: "."
repo_url:
description: |
Public facing URL where your repository snapshot will be published.
Cleanest if you don't include a final / in the URL, one will be added where required.
required: false
generate_repo_list:
description: |
If enabled and repo_url is also provided, a "$name.list" template will be created at the root of
your repository snapshot with example lines per distribution & category.
required: false
default: "true"
repos:
description: |
Repository definitions to create. Provided as a comma separated csv.
The architecture list should be quoted and comma separated. The quotes must be escaped.
Fields are in order:
distribution, category, architectures, import boolean, filesystem glob of debs.
The default thus creates a single distribution of:
"bookworm", category "stable" for amd64 of all debs in the current directory with no import.
required: true
default: bookworm,stable,false,\"amd64\",./*.deb
gpg_key_id:
description: |
ID of the GPG public key to use for signing.
Useful for definining a signing specific subkey.
Defaults to whatever GnuPG defaults to.
required: false
default: ""
gpg_private_key:
description: |
Armored gpg private key to sign the repo with.
If not provided, the repo will not be signed.
required: false
gpg_passphrase:
description: |
The passphrase of the provided GPG key.
required: false
gpg_export_name:
description: |
If signing is used the public key will be exported to the root of
the snapshot with this name. List examples will also refer to this name.
If customized, the suffix of the file should be either `.asc` or `.gpg`.
- `.asc` causes the export to be ASCII armored.
- `.gpg` does not use ASCII armoring, i.e. the key is exported "raw".
The default is to export as `$name.asc`
required: true
default: ""
import_gpg_key:
description: |
An additional GPG public key to import and trust.
Only useful if the repo definitions enable the import feature and
the mirror you're importing is not signed by the same private key.
required: false
GITHUB_TOKEN:
description: |
A GitHub token, available in the secrets.GITHUB_TOKEN working-directory variable.
default: ${{ github.token }}
runs:
using: composite
steps:
- name: Fix up PATH
shell: bash
run: |
mkdir "${HOME}/bin"
echo "${HOME}/bin" >> $GITHUB_PATH
echo "${{ github.action_path }}" >> $GITHUB_PATH
- name: Install Aptly
uses: myci-actions/add-deb-repo@11
with:
# TODO: Swap out ci prefix for release once Aptly 1.6.0 is published:
# https://github.com/aptly-dev/aptly/discussions/1345
repo: deb http://repo.aptly.info/ci noble main
repo-name: aptly
keys-asc: http://repo.aptly.info/pubkey.txt
install: aptly
- name: Install UBI
shell: bash
run: |
curl --silent --location \
https://raw.githubusercontent.com/houseabsolute/ubi/master/bootstrap/bootstrap-ubi.sh |
sh
- name: Install XSV
shell: bash
run: ubi -p BurntSushi/xsv -i "$HOME/bin/"
- name: Import GPG signing key
id: gpg_import
if: inputs.gpg_private_key != ''
uses: crazy-max/ghaction-import-gpg@v6
with:
gpg_private_key: "${{ inputs.gpg_private_key }}"
passphrase: "${{ inputs.gpg_passphrase }}"
fingerprint: "${{ inputs.gpg_key_id }}"
- name: Import extra GPG public key
if: inputs.import_gpg_key != ''
shell: bash
env:
KEY_ID: ${{ inputs.import_gpg_key }}
run: |
echo "$KEY_ID" | gpg --import
- name: Determine public key export type
id: gpg_export
if: inputs.gpg_private_key != ''
shell: bash
run: |
echo "filename=${{ inputs.gpg_export_name != '' && inputs.gpg_export_name || format('{0}.asc', inputs.name) }}" >> "$GITHUB_OUTPUT"
echo "armor=${{ endsWith(inputs.gpg_export_name, '.asc') && '--armor' || ( inputs.gpg_export_name == '' && '--armor' || '' ) }}" >> "$GITHUB_OUTPUT"
- name: Create repository
shell: bash
run: |
echo "${{ inputs.repos }}" | create-aptly-repos.sh "${{ inputs.name }}" "${{ inputs.prefix }}"
env:
GPG_KEY_ID: ${{ steps.gpg_import.outputs.fingerprint }}
GPG_EXPORT_NAME: ${{ steps.gpg_export.outputs.filename }}
REPO_URL: ${{ inputs.repo_url }}
GENERATE_REPO_LIST: ${{ inputs.generate_repo_list }}
- name: Export public key
if: inputs.gpg_private_key != ''
shell: bash
env:
GPG_EXPORT_NAME: ${{ steps.gpg_export.outputs.filename }}
ARMOR: ${{ steps.gpg_export.outputs.armor }}
run: gpg --export $ARMOR "${{ steps.gpg_import.outputs.fingerprint }}" > "$HOME/.aptly/public/$GPG_EXPORT_NAME"
- name: Include repo list example
if: ${{ inputs.repo_url != '' && inputs.generate_repo_list == 'true' }}
shell: bash
run: cp *.list ~/.aptly/public/
- name: Print repo tree
shell: bash
run: |
tree "$HOME/.aptly/public"
- name: Publish artifact
uses: actions/upload-artifact@v4
with:
name: ${{ inputs.artifact_name != '' && inputs.artifact_name || format('{0}-{1}-repo-artifacts', inputs.name, inputs.prefix) }}
path: ~/.aptly/public
if-no-files-found: error