diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3bb55498d..17a05f409 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -318,23 +318,38 @@ jobs: echo "${{ secrets.APK_SIGNING_KEY }}" > ~/.abuild/vikunja-apk.rsa echo "PACKAGER_PRIVKEY=$HOME/.abuild/vikunja-apk.rsa" > ~/.abuild/abuild.conf - - name: Debug mage-static binary - if: matrix.format == 'apk' - run: | - ls -la ./mage-static || true - file ./mage-static || true - readelf -l ./mage-static 2>/dev/null | grep -i interpreter || echo "no interpreter" - ldd ./mage-static 2>&1 || true - - name: Generate repo metadata + if: matrix.format != 'apk' env: - RELEASE_GPG_KEY: ${{ matrix.format != 'apk' && '7D061A4AA61436B40713D42EFF054DACD908493A' || '' }} - RELEASE_GPG_PASSPHRASE: ${{ matrix.format != 'apk' && secrets.RELEASE_GPG_PASSPHRASE || '' }} - APK_SIGNING_KEY_PATH: ${{ matrix.format == 'apk' && '~/.abuild/vikunja-apk.rsa' || '' }} + RELEASE_GPG_KEY: 7D061A4AA61436B40713D42EFF054DACD908493A + RELEASE_GPG_PASSPHRASE: ${{ secrets.RELEASE_GPG_PASSPHRASE }} run: | chmod +x ./mage-static ./mage-static ${{ matrix.mage_target }} + - name: Generate APK repo metadata + if: matrix.format == 'apk' + run: | + incoming=dist/repo-work/incoming + output_base=dist/repo-output/apk/$REPO_SUITE/main + signing_key=~/.abuild/vikunja-apk.rsa + for arch in x86_64 aarch64 armv7; do + repo_dir="$output_base/$arch" + mkdir -p "$repo_dir" + # Symlink matching packages + found=false + for pkg in "$incoming"/*-"$arch".apk; do + [ -f "$pkg" ] || continue + found=true + ln -sf "$(realpath "$pkg")" "$repo_dir/$(basename "$pkg")" + done + $found || continue + # Create index and sign + apk index --allow-untrusted -o "$repo_dir/APKINDEX.tar.gz" "$repo_dir"/*.apk + abuild-sign -k "$signing_key" "$repo_dir/APKINDEX.tar.gz" + done + echo "APK repo metadata generated in $output_base" + - name: Debug - repo output structure run: find dist/repo-output -type f 2>/dev/null || ls -laR dist/repo-output/ || true diff --git a/magefile.go b/magefile.go index d65c1194a..4b4f6366a 100644 --- a/magefile.go +++ b/magefile.go @@ -67,7 +67,6 @@ var ( "release:os-package": Release.OsPackage, "release:prepare-nfpm-config": Release.PrepareNFPMConfig, "release:repo-apt": Release.RepoApt, - "release:repo-apk": Release.RepoApk, "release:repo-rpm": Release.RepoRpm, "release:repo-pacman": Release.RepoPacman, "dev:make-migration": Dev.MakeMigration, @@ -1364,65 +1363,6 @@ func (Release) RepoRpm(ctx context.Context) error { return nil } -// RepoApk generates Alpine APK repository index for all .apk files in the work directory. -// Expects .apk files in /repo-work/incoming/ and outputs to /repo-output/apk//main/. -// Environment: APK_SIGNING_KEY_PATH must point to an RSA private key for abuild-sign. -// Environment: REPO_SUITE controls the target suite (default: "stable"). -func (Release) RepoApk(ctx context.Context) error { - mg.Deps(initVars) - - suite := repoSuite() - - incomingDir := filepath.Join(DIST, "repo-work", "incoming") - outputBase := filepath.Join(DIST, "repo-output", "apk", suite, "main") - signingKey := os.Getenv("APK_SIGNING_KEY_PATH") - - archMap := map[string]string{ - "x86_64": "x86_64", - "aarch64": "aarch64", - "armv7": "armv7", - } - - for pkgArch, repoArch := range archMap { - repoDir := filepath.Join(outputBase, repoArch) - if err := os.MkdirAll(repoDir, 0o755); err != nil { - return err - } - - pattern := filepath.Join(incomingDir, "*-"+pkgArch+".apk") - apks, _ := filepath.Glob(pattern) - if len(apks) == 0 { - continue - } - for _, apk := range apks { - abs, _ := filepath.Abs(apk) - dst := filepath.Join(repoDir, filepath.Base(apk)) - os.Remove(dst) - if err := os.Symlink(abs, dst); err != nil { - return err - } - } - - // Collect all .apk paths in repo dir for apk index - repoApks, _ := filepath.Glob(filepath.Join(repoDir, "*.apk")) - indexArgs := append([]string{"index", "--allow-untrusted", "-o", filepath.Join(repoDir, "APKINDEX.tar.gz")}, repoApks...) - if err := runAndStreamOutput(ctx, "apk", indexArgs...); err != nil { - return fmt.Errorf("apk index for %s: %w", repoArch, err) - } - - // Sign with abuild-sign - if err := runAndStreamOutput(ctx, "abuild-sign", - "-k", signingKey, - filepath.Join(repoDir, "APKINDEX.tar.gz"), - ); err != nil { - return fmt.Errorf("abuild-sign for %s: %w", repoArch, err) - } - } - - fmt.Println("APK repo metadata generated in", outputBase) - return nil -} - // RepoPacman generates Pacman repository database for all .archlinux files in the work directory. // Expects .archlinux files in /repo-work/incoming/ and outputs to /repo-output/pacman//. // Environment: RELEASE_GPG_KEY, RELEASE_GPG_PASSPHRASE must be set for signing.