linux_alpine/.gitea/workflows/release_arm64v8-edge.yml

name: "Release Alpine apk for ARM64v8 Edge"

on:
  push:
    branches:
      - release

jobs:
  compilation-arm64v8:
    runs-on: aarch-64-alpine-edge
    env:
      REPO_URL: "https://static.itmodulo.eu/dl/repo/alpine/edge/main/aarch64"
      REMOTE_SSH: "${{ secrets.SERVER_LOGIN_AND_ADDRESS }}"
      REMOTE_PORT: "${{ secrets.LOGIN_PORT }}"
      REMOTE_PATH: "${{ secrets.SERVER_REPO_PATH }}/edge/main/aarch64"
    steps:
      - name: Install base tools
        shell: sh
        run: |
          # faster mirror + essential build tools
          echo "https://alpine.sakamoto.pl/alpine/$(cat /etc/os-release | grep PRETT | cut -d ' ' -f 3 | cut -d '"' -f 1)/main" > /etc/apk/repositories
          echo "https://alpine.sakamoto.pl/alpine/$(cat /etc/os-release | grep PRETT | cut -d ' ' -f 3 | cut -d '"' -f 1)/community" >> /etc/apk/repositories
          echo "https://alpine.sakamoto.pl/alpine/$(cat /etc/os-release | grep PRETT | cut -d ' ' -f 3 | cut -d '"' -f 1)/testing" >> /etc/apk/repositories
          apk update && apk upgrade
          apk add bash git curl alpine-sdk abuild sudo shadow fuse sshfs nodejs wget

      - name: Set up environment and users
        run: |
          echo "user_allow_other" >> /etc/fuse.conf
          adduser runner -u 1003 -D -s /bin/bash -G wheel
          addgroup -g 1003 runner
          addgroup runner abuild
          addgroup runner runner
          chmod 660 /etc/sudoers
          echo "%wheel ALL=(ALL:ALL) NOPASSWD: ALL" >> /etc/sudoers
          chmod 440 /etc/sudoers
          mkdir -p /var/cache/distfiles
          chmod a+w /var/cache/distfiles
          chsh -s /bin/bash
          su - runner -c 'mkdir ~/.abuild'
          echo "setup done"

      - name: Set up keys
        run: |
          wget -q https://static.itmodulo.eu/dl/repo/public_keys/alpine/itmodulo%40disroot.org-65b4f779.rsa.pub -P /etc/apk/keys
          su - runner -c 'wget -q https://static.itmodulo.eu/dl/repo/public_keys/alpine/itmodulo%40disroot.org-65b4f779.rsa.pub -P ~/.abuild/'
          echo "${{ secrets.REPO_PRIVKEY }}" > /home/runner/.abuild/${{ secrets.REPO_PRIVKEY_FILENAME }} && chown runner:runner /home/runner/.abuild/${{ secrets.REPO_PRIVKEY_FILENAME }}
          su - runner -c "echo 'PACKAGER_PRIVKEY="/home/runner/.abuild/${{ secrets.REPO_PRIVKEY_FILENAME }}"' >> ~/.abuild/abuild.conf"
          echo "done"

      - name: Checkout sources
        uses: actions/checkout@v4

      - name: Fetch remote index and parse existing pkgs
        id: get_remote
        shell: bash
        run: |
          mkdir -p remote_index
          curl -sfL "${REPO_URL}/APKINDEX.tar.gz" -o remote_index/APKINDEX.tar.gz
          tar -xzf remote_index/APKINDEX.tar.gz -C remote_index
          # Extract P: and V: fields into a list of "name-version-pkgrel"
          awk '
            /^P:/  { pkg=$2 }
            /^V:/  { ver=$2 }
            /^PR:/ { pr=$2; print pkg "-" ver "-" pr }
          ' remote_index/APKINDEX > remote_index/list.txt
          echo "::set-output name=existing::$(sort remote_index/list.txt | paste -sd, -)"

      - name: Build only missing packages
        shell: bash
        run: |
          EXISTING="$(echo "${{ steps.get_remote.outputs.existing }}" | tr ',' '\n')"
          echo "$EXISTING"
          mkdir -p built newpkgs
          for d in edge/*; do
            cd "$d"
            # source the APKBUILD so we get PKGNAME, PKGVER, PKGREL
            . APKBUILD
            ident="${PKGNAME}-${PKGVER}-${PKGREL}"
            if echo "$EXISTING" | grep -qx "$ident"; then
              echo "Skipping $ident (already in repo)"
            else
              echo "Building $ident..."
              abuild -r -c
              # collect the resulting .apk
              mv /home/runner/packages/srcpkgs/aarch64/${PKGNAME}-*.apk ../../newpkgs/ || true
            fi
            cd - >/dev/null
          done

      - name: Sync new pkgs, clean old versions, rebuild & sign index
        shell: bash
        run: |
          # prepare SSH key for sshfs
          echo "${{ secrets.REPO_LOGIN }}" > /home/runner/id_ecdsa
          chmod 600 /home/runner/id_ecdsa
          mkdir -p /home/runner/remote
          sshfs -p "${REMOTE_PORT}" -o StrictHostKeyChecking=accept-new \
                -o IdentityFile=/home/runner/id_ecdsa \
                "${REMOTE_SSH}:${REMOTE_PATH}" /home/runner/remote

          cd /home/runner/remote

          # For each newly-built package, remove older versions
          for pkg in /home/runner/newpkgs/*.apk; do
            base=$(basename "$pkg" | sed -E 's/(-[0-9]+\.[0-9]+.*)//')
            rm -f ${base}-*.apk || true
          done

          # Copy over the truly new files
          cp /home/runner/newpkgs/*.apk .

          # Rebuild the index
          apk index -o APKINDEX.tar.gz *.apk

          # Sign it
          abuild-sign APKINDEX.tar.gz

          fusermount -u /home/runner/remote