Fix false-positive Preact detection (#50) #23
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| on: | |
| push: | |
| tags: | |
| - 'v*' | |
| permissions: | |
| contents: write | |
| jobs: | |
| release: | |
| name: Release | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-go@v6 | |
| with: | |
| go-version-file: go.mod | |
| cache: true | |
| - name: Run tests | |
| run: go test ./... | |
| - name: GoReleaser | |
| uses: goreleaser/goreleaser-action@v7 | |
| with: | |
| version: latest | |
| args: release --clean | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract version | |
| id: version | |
| run: echo "version=${GITHUB_REF_NAME#v}" >> "$GITHUB_OUTPUT" | |
| - name: Install apt repo tooling | |
| run: sudo apt-get update && sudo apt-get install -y apt-utils gnupg rclone | |
| - name: Import GPG signing key | |
| env: | |
| GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
| GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} | |
| run: | | |
| echo "$GPG_PRIVATE_KEY" | gpg --batch --import | |
| echo "${GPG_KEY_ID}:6:" | gpg --import-ownertrust | |
| - name: Configure rclone for R2 | |
| env: | |
| R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }} | |
| R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }} | |
| R2_ENDPOINT: ${{ secrets.R2_ENDPOINT }} | |
| run: | | |
| mkdir -p ~/.config/rclone | |
| cat > ~/.config/rclone/rclone.conf <<EOF | |
| [r2] | |
| type = s3 | |
| provider = Cloudflare | |
| access_key_id = ${R2_ACCESS_KEY_ID} | |
| secret_access_key = ${R2_SECRET_ACCESS_KEY} | |
| endpoint = ${R2_ENDPOINT} | |
| acl = private | |
| EOF | |
| - name: Build signed apt repository | |
| if: ${{ !contains(github.ref_name, '-') }} | |
| env: | |
| GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} | |
| run: | | |
| mkdir -p aptrepo/pool/main/q/quien | |
| # Preserve history: pull existing pool (ignore failure on first run) | |
| rclone copy r2:quien-apt/pool ./aptrepo/pool || true | |
| # Drop new .debs into the pool | |
| cp dist/*.deb ./aptrepo/pool/main/q/quien/ | |
| # Generate per-arch Packages files. Running apt-ftparchive from | |
| # inside aptrepo/ so the Filename: paths inside Packages are | |
| # relative to the repo root (pool/main/...), which is what apt | |
| # joins with the base URL. | |
| for arch in amd64 arm64; do | |
| mkdir -p "aptrepo/dists/stable/main/binary-$arch" | |
| ( cd aptrepo && apt-ftparchive --arch "$arch" packages pool ) \ | |
| > "aptrepo/dists/stable/main/binary-$arch/Packages" | |
| gzip -kf "aptrepo/dists/stable/main/binary-$arch/Packages" | |
| if ! [ -s "aptrepo/dists/stable/main/binary-$arch/Packages" ]; then | |
| echo "ERROR: Packages file for $arch is empty" >&2 | |
| exit 1 | |
| fi | |
| done | |
| cat > apt-release.conf <<'CONF' | |
| APT::FTPArchive::Release::Origin "quien"; | |
| APT::FTPArchive::Release::Label "quien"; | |
| APT::FTPArchive::Release::Suite "stable"; | |
| APT::FTPArchive::Release::Codename "stable"; | |
| APT::FTPArchive::Release::Architectures "amd64 arm64"; | |
| APT::FTPArchive::Release::Components "main"; | |
| APT::FTPArchive::Release::Description "quien apt repository"; | |
| CONF | |
| apt-ftparchive -c apt-release.conf release aptrepo/dists/stable > aptrepo/dists/stable/Release | |
| gpg --default-key "$GPG_KEY_ID" --batch --yes -abs \ | |
| -o aptrepo/dists/stable/Release.gpg aptrepo/dists/stable/Release | |
| gpg --default-key "$GPG_KEY_ID" --batch --yes --clearsign \ | |
| -o aptrepo/dists/stable/InRelease aptrepo/dists/stable/Release | |
| gpg --armor --export "$GPG_KEY_ID" > aptrepo/pubkey.gpg | |
| cat > aptrepo/install.sh <<'SH' | |
| #!/bin/sh | |
| set -eu | |
| KEYRING=/usr/share/keyrings/quien.gpg | |
| SOURCES=/etc/apt/sources.list.d/quien.list | |
| if [ "$(id -u)" -ne 0 ]; then | |
| echo "This script must be run as root (try: curl -fsSL https://apt.quien.dev/install.sh | sudo sh)" >&2 | |
| exit 1 | |
| fi | |
| echo "Installing quien apt repository..." | |
| curl -fsSL https://apt.quien.dev/pubkey.gpg | gpg --dearmor -o "$KEYRING" | |
| chmod 644 "$KEYRING" | |
| echo "deb [signed-by=$KEYRING] https://apt.quien.dev stable main" > "$SOURCES" | |
| chmod 644 "$SOURCES" | |
| apt-get update | |
| apt-get install -y quien | |
| echo "" | |
| echo "quien installed. Try: quien google.com" | |
| SH | |
| chmod +x aptrepo/install.sh | |
| - name: Sync apt repository to R2 | |
| run: rclone sync ./aptrepo r2:quien-apt | |
| - name: Render AUR PKGBUILDs | |
| if: ${{ !contains(github.ref_name, '-') }} | |
| run: | | |
| VERSION="${{ steps.version.outputs.version }}" | |
| SHA_SRC=$(curl -fsSL "https://github.com/${{ github.repository }}/archive/${{ github.ref_name }}.tar.gz" | sha256sum | awk '{print $1}') | |
| SHA_AMD64=$(sha256sum dist/quien_linux_amd64.tar.gz | awk '{print $1}') | |
| SHA_ARM64=$(sha256sum dist/quien_linux_arm64.tar.gz | awk '{print $1}') | |
| mkdir -p aur/quien aur/quien-bin | |
| sed -e "s|PKGVER|$VERSION|g" \ | |
| -e "s|SHA256SUM_SOURCE|$SHA_SRC|g" \ | |
| packaging/aur/quien/PKGBUILD.template > aur/quien/PKGBUILD | |
| sed -e "s|PKGVER|$VERSION|g" \ | |
| -e "s|SHA256SUM_BIN_AMD64|$SHA_AMD64|g" \ | |
| -e "s|SHA256SUM_BIN_ARM64|$SHA_ARM64|g" \ | |
| packaging/aur/quien-bin/PKGBUILD.template > aur/quien-bin/PKGBUILD | |
| - name: Publish quien to AUR | |
| if: ${{ !contains(github.ref_name, '-') }} | |
| uses: KSXGitHub/github-actions-deploy-aur@da03e160361ce01bf087e790b6ffd196d7dccff7 # v4.1.3 | |
| with: | |
| pkgname: quien | |
| pkgbuild: ./aur/quien/PKGBUILD | |
| commit_username: Ben Word | |
| commit_email: ben@benword.com | |
| ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }} | |
| commit_message: "Update to ${{ github.ref_name }}" | |
| ssh_keyscan_types: rsa,ecdsa,ed25519 | |
| - name: Publish quien-bin to AUR | |
| if: ${{ !contains(github.ref_name, '-') }} | |
| uses: KSXGitHub/github-actions-deploy-aur@da03e160361ce01bf087e790b6ffd196d7dccff7 # v4.1.3 | |
| with: | |
| pkgname: quien-bin | |
| pkgbuild: ./aur/quien-bin/PKGBUILD | |
| commit_username: Ben Word | |
| commit_email: ben@benword.com | |
| ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }} | |
| commit_message: "Update to ${{ github.ref_name }}" | |
| ssh_keyscan_types: rsa,ecdsa,ed25519 |