fix: replace goreleaser AUR integration with manual ssh-agent push #10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # ============================================================================== | ||
| # .github/workflows/release.yml — cpp-gen | ||
| # ============================================================================== | ||
| # Release pipeline. Triggered automatically when a tag in the format | ||
| # vX.Y.Z is pushed to the repository (e.g.: via `make release` or scripts/release.sh). | ||
| # | ||
| # Full flow: | ||
| # git commit → tag vX.Y.Z → this workflow | ||
| # ↓ | ||
| # goreleaser → binaries + archives + GitHub Release (always) | ||
| # ↓ | ||
| # Publish to AUR (only if AUR_KEY is set) | ||
| # | ||
| # ── AUR secret setup ────────────────────────────────────────────────────────── | ||
| # Store the SSH private key as base64 to avoid newline corruption from GitHub | ||
| # Actions secret expansion. Run once on your machine: | ||
| # | ||
| # Linux: base64 -w 0 ~/.ssh/aur > /tmp/aur_b64.txt | ||
| # macOS: base64 -i ~/.ssh/aur > /tmp/aur_b64.txt | ||
| # | ||
| # Then go to: Settings → Secrets and variables → Actions → AUR_KEY → Update | ||
| # and paste the single-line base64 output. | ||
| # ============================================================================== | ||
| name: Release | ||
| on: | ||
| push: | ||
| tags: | ||
| - "v[0-9]+.[0-9]+.[0-9]+" # v1.2.3 | ||
| - "v[0-9]+.[0-9]+.[0-9]+-*" # v1.2.3-beta.1 (pre-release) | ||
| permissions: | ||
| contents: write | ||
| packages: write | ||
| jobs: | ||
| # ── Release ────────────────────────────────────────────────────────────────── | ||
| release: | ||
| name: Release ${{ github.ref_name }} | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 | ||
| - name: Setup Go | ||
| uses: actions/setup-go@v5 | ||
| with: | ||
| go-version-file: go.mod | ||
| cache: true | ||
| - name: Verify dependencies | ||
| run: | | ||
| go mod verify | ||
| go mod tidy | ||
| git diff --exit-code go.mod go.sum | ||
| - name: Test | ||
| run: go test -race ./... | ||
| # ── Goreleaser (GitHub Release only, AUR handled separately below) ────── | ||
| - name: Run goreleaser | ||
| uses: goreleaser/goreleaser-action@v6 | ||
| with: | ||
| distribution: goreleaser | ||
| version: "~> v2" | ||
| args: release --clean --skip=aurs | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| # ── AUR publish ────────────────────────────────────────────────────────── | ||
| # Uses ssh-agent to load the key into memory, bypassing the OpenSSH | ||
| # file-loading path that causes "error in libcrypto" with go-git / git. | ||
| # The AUR_KEY secret must be base64-encoded (see header comment above). | ||
| - name: Decode AUR key | ||
| id: aur | ||
| env: | ||
| AUR_KEY_B64: ${{ secrets.AUR_KEY }} | ||
| run: | | ||
| if [ -z "$AUR_KEY_B64" ]; then | ||
| echo "has_key=false" >> "$GITHUB_OUTPUT" | ||
| echo "::warning title=AUR_KEY ausente::Publicação no AUR ignorada." | ||
| exit 0 | ||
| fi | ||
| mkdir -p ~/.ssh | ||
| echo "$AUR_KEY_B64" | base64 -d > ~/.ssh/aur_key | ||
| chmod 600 ~/.ssh/aur_key | ||
| if ! ssh-keygen -l -f ~/.ssh/aur_key > /dev/null 2>&1; then | ||
| echo "has_key=false" >> "$GITHUB_OUTPUT" | ||
| echo "::error title=AUR_KEY inválida::Chave não reconhecida. Confirme que o secret está em base64." | ||
| exit 0 | ||
| fi | ||
| echo "has_key=true" >> "$GITHUB_OUTPUT" | ||
| - name: Publish to AUR | ||
| if: steps.aur.outputs.has_key == 'true' | ||
| env: | ||
| GIT_AUTHOR_NAME: goreleaserbot | ||
| GIT_AUTHOR_EMAIL: bot@goreleaser.com | ||
| GIT_COMMITTER_NAME: goreleaserbot | ||
| GIT_COMMITTER_EMAIL: bot@goreleaser.com | ||
| run: | | ||
| # ── Load key into agent (avoids all file-based libcrypto issues) ──── | ||
| eval "$(ssh-agent -s)" | ||
| ssh-add ~/.ssh/aur_key | ||
| ssh-keyscan -H aur.archlinux.org >> ~/.ssh/known_hosts 2>/dev/null | ||
| # ── Version and checksums ──────────────────────────────────────────── | ||
| VERSION="${GITHUB_REF_NAME#v}" | ||
| SHA_X86_64=$(grep "linux_amd64.tar.gz" dist/checksums.txt | awk '{print $1}') | ||
| SHA_I686=$(grep "linux_386.tar.gz" dist/checksums.txt | awk '{print $1}') | ||
| if [ -z "$SHA_X86_64" ] || [ -z "$SHA_I686" ]; then | ||
| echo "::error::Checksums não encontrados em dist/checksums.txt" | ||
| exit 1 | ||
| fi | ||
| # ── Clone AUR repo ─────────────────────────────────────────────────── | ||
| git -c init.defaultBranch=master \ | ||
| clone ssh://aur@aur.archlinux.org/cpp-gen-bin.git /tmp/aur-cpp-gen-bin | ||
| # ── Generate PKGBUILD with real version and checksums ──────────────── | ||
| sed \ | ||
| -e "s/^pkgver=.*/pkgver=${VERSION}/" \ | ||
| -e "s/^pkgrel=.*/pkgrel=1/" \ | ||
| -e "s/sha256sums_x86_64=('SKIP')/sha256sums_x86_64=('${SHA_X86_64}')/" \ | ||
| -e "s/sha256sums_i686=('SKIP')/sha256sums_i686=('${SHA_I686}')/" \ | ||
| aur/PKGBUILD > /tmp/aur-cpp-gen-bin/PKGBUILD | ||
| # ── Generate .SRCINFO ──────────────────────────────────────────────── | ||
| cat > /tmp/aur-cpp-gen-bin/.SRCINFO << EOF | ||
| pkgbase = cpp-gen-bin | ||
| pkgdesc = Modern C++ project generator with CMake, package managers, IDE configurations and development tools | ||
| pkgver = ${VERSION} | ||
| pkgrel = 1 | ||
| url = https://github.com/matpdev/cpp-gen | ||
| arch = x86_64 | ||
| arch = i686 | ||
| license = MIT | ||
| provides = cpp-gen | ||
| conflicts = cpp-gen | ||
| options = !strip | ||
| source_x86_64 = cpp-gen-bin-${VERSION}-x86_64.tar.gz::https://github.com/matpdev/cpp-gen/releases/download/v${VERSION}/cpp-gen_${VERSION}_linux_amd64.tar.gz | ||
| sha256sums_x86_64 = ${SHA_X86_64} | ||
| source_i686 = cpp-gen-bin-${VERSION}-i686.tar.gz::https://github.com/matpdev/cpp-gen/releases/download/v${VERSION}/cpp-gen_${VERSION}_linux_386.tar.gz | ||
| sha256sums_i686 = ${SHA_I686} | ||
| pkgname = cpp-gen-bin | ||
| EOF | ||
| # ── Copy LICENSE ───────────────────────────────────────────────────── | ||
| cp aur/LICENSE /tmp/aur-cpp-gen-bin/LICENSE | ||
| # ── Commit and push (branch must be master for AUR) ────────────────── | ||
| cd /tmp/aur-cpp-gen-bin | ||
| git add PKGBUILD .SRCINFO LICENSE | ||
| git diff --staged --quiet && echo "Nothing to commit, skipping." && exit 0 | ||
| git commit -m "Update to v${VERSION}" | ||
| git push origin master | ||
| # ── Notify ─────────────────────────────────────────────────────────────────── | ||
| notify: | ||
| name: Notify | ||
| runs-on: ubuntu-latest | ||
| needs: release | ||
| if: always() | ||
| steps: | ||
| - name: Release succeeded | ||
| if: needs.release.result == 'success' | ||
| run: | | ||
| echo "::notice title=Release publicada::cpp-gen ${{ github.ref_name }} publicada com sucesso!" | ||
| echo "URL: https://github.com/${{ github.repository }}/releases/tag/${{ github.ref_name }}" | ||
| - name: Release failed | ||
| if: needs.release.result == 'failure' | ||
| run: | | ||
| echo "::error title=Falha na release::goreleaser falhou para ${{ github.ref_name }}." | ||
| exit 1 | ||
