|
66 | 66 | if: env.SELF_HOSTED_RUNNERS == 'false' |
67 | 67 | run: rustup update stable |
68 | 68 |
|
| 69 | + # ============================== |
| 70 | + # Debian build dependencies |
| 71 | + # ============================== |
| 72 | + |
| 73 | + - name: Install Debian build dependencies |
| 74 | + if: endsWith(matrix.arch, '-deb') |
| 75 | + run: | |
| 76 | + sudo apt-get update |
| 77 | + sudo apt-get install -y libclang-dev cmake ${{ matrix.gcc_package }} |
| 78 | +
|
| 79 | + - name: Install Rust target for Debian builds |
| 80 | + if: endsWith(matrix.arch, '-deb') |
| 81 | + run: rustup target add ${{ matrix.rust_target }} |
| 82 | + |
| 83 | + - name: Install cargo-deb |
| 84 | + if: endsWith(matrix.arch, '-deb') |
| 85 | + run: cargo install cargo-deb |
| 86 | + |
69 | 87 | # ============================== |
70 | 88 | # Builds - Binaries |
71 | 89 | # ============================== |
@@ -94,6 +112,38 @@ jobs: |
94 | 112 | # Builds - Debian Packages |
95 | 113 | # ============================== |
96 | 114 |
|
| 115 | + - name: Build reproducible Debian package |
| 116 | + if: endsWith(matrix.arch, '-deb') |
| 117 | + run: | |
| 118 | + make deb-cargo RUST_TARGET=${{ matrix.rust_target }} PROFILE=${{ matrix.profile }} |
| 119 | +
|
| 120 | + - name: Find and prepare Debian package |
| 121 | + if: endsWith(matrix.arch, '-deb') |
| 122 | + run: | |
| 123 | + VERSION=${{ needs.extract-version.outputs.VERSION }} |
| 124 | + DEB_FILE=$(find target/${{ matrix.rust_target }}/debian -name "*.deb" | head -1) |
| 125 | + if [ -n "$DEB_FILE" ]; then |
| 126 | + # Create standardized filename to match existing pattern |
| 127 | + ARCH_SHORT=$(echo "${{ matrix.rust_target }}" | cut -d'-' -f1) |
| 128 | + NEW_NAME="lighthouse-${{ needs.extract-version.outputs.VERSION }}-${ARCH_SHORT}.deb" |
| 129 | + cp "$DEB_FILE" "$NEW_NAME" |
| 130 | + echo "DEB_PACKAGE=$NEW_NAME" >> $GITHUB_ENV |
| 131 | + |
| 132 | + # Generate checksums |
| 133 | + sha256sum "$NEW_NAME" > "$NEW_NAME.sha256" |
| 134 | + sha512sum "$NEW_NAME" > "$NEW_NAME.sha512" |
| 135 | + |
| 136 | + echo "Debian package built: $NEW_NAME" |
| 137 | + echo "Size: $(du -h "$NEW_NAME" | cut -f1)" |
| 138 | + else |
| 139 | + echo "❌ No .deb package found" |
| 140 | + exit 1 |
| 141 | + fi |
| 142 | +
|
| 143 | + # ============================== |
| 144 | + # Builds - Debian Packages |
| 145 | + # ============================== |
| 146 | + |
97 | 147 | - name: Build reproducible Debian package |
98 | 148 | if: endsWith(matrix.arch, '-deb') |
99 | 149 | run: | |
@@ -150,6 +200,20 @@ jobs: |
150 | 200 | # Debian Package Artifacts |
151 | 201 | # ============================== |
152 | 202 |
|
| 203 | + - name: Sign Debian package |
| 204 | + if: endsWith(matrix.arch, '-deb') |
| 205 | + env: |
| 206 | + GPG_SIGNING_KEY: ${{ secrets.GPG_SIGNING_KEY }} |
| 207 | + GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} |
| 208 | + run: | |
| 209 | + export GPG_TTY=$(tty) |
| 210 | + echo "$GPG_SIGNING_KEY" | gpg --batch --import |
| 211 | + echo "$GPG_PASSPHRASE" | gpg --passphrase-fd 0 --pinentry-mode loopback --batch -ab "$DEB_PACKAGE" |
| 212 | +
|
| 213 | + # ============================== |
| 214 | + # Debian Package Artifacts |
| 215 | + # ============================== |
| 216 | + |
153 | 217 | - name: Sign Debian package |
154 | 218 | if: endsWith(matrix.arch, '-deb') |
155 | 219 | env: |
|
0 commit comments