fix(ci): inline APK repo generation to avoid glibc binary on Alpine
The mage-static binary is compiled with glibc which can't run on Alpine's musl. Instead of fighting compatibility, inline the APK repo generation as shell commands since the logic is simple.
This commit is contained in:
parent
1eafd31a2a
commit
a110642093
|
|
@ -318,23 +318,38 @@ jobs:
|
|||
echo "${{ secrets.APK_SIGNING_KEY }}" > ~/.abuild/vikunja-apk.rsa
|
||||
echo "PACKAGER_PRIVKEY=$HOME/.abuild/vikunja-apk.rsa" > ~/.abuild/abuild.conf
|
||||
|
||||
- name: Debug mage-static binary
|
||||
if: matrix.format == 'apk'
|
||||
run: |
|
||||
ls -la ./mage-static || true
|
||||
file ./mage-static || true
|
||||
readelf -l ./mage-static 2>/dev/null | grep -i interpreter || echo "no interpreter"
|
||||
ldd ./mage-static 2>&1 || true
|
||||
|
||||
- name: Generate repo metadata
|
||||
if: matrix.format != 'apk'
|
||||
env:
|
||||
RELEASE_GPG_KEY: ${{ matrix.format != 'apk' && '7D061A4AA61436B40713D42EFF054DACD908493A' || '' }}
|
||||
RELEASE_GPG_PASSPHRASE: ${{ matrix.format != 'apk' && secrets.RELEASE_GPG_PASSPHRASE || '' }}
|
||||
APK_SIGNING_KEY_PATH: ${{ matrix.format == 'apk' && '~/.abuild/vikunja-apk.rsa' || '' }}
|
||||
RELEASE_GPG_KEY: 7D061A4AA61436B40713D42EFF054DACD908493A
|
||||
RELEASE_GPG_PASSPHRASE: ${{ secrets.RELEASE_GPG_PASSPHRASE }}
|
||||
run: |
|
||||
chmod +x ./mage-static
|
||||
./mage-static ${{ matrix.mage_target }}
|
||||
|
||||
- name: Generate APK repo metadata
|
||||
if: matrix.format == 'apk'
|
||||
run: |
|
||||
incoming=dist/repo-work/incoming
|
||||
output_base=dist/repo-output/apk/$REPO_SUITE/main
|
||||
signing_key=~/.abuild/vikunja-apk.rsa
|
||||
for arch in x86_64 aarch64 armv7; do
|
||||
repo_dir="$output_base/$arch"
|
||||
mkdir -p "$repo_dir"
|
||||
# Symlink matching packages
|
||||
found=false
|
||||
for pkg in "$incoming"/*-"$arch".apk; do
|
||||
[ -f "$pkg" ] || continue
|
||||
found=true
|
||||
ln -sf "$(realpath "$pkg")" "$repo_dir/$(basename "$pkg")"
|
||||
done
|
||||
$found || continue
|
||||
# Create index and sign
|
||||
apk index --allow-untrusted -o "$repo_dir/APKINDEX.tar.gz" "$repo_dir"/*.apk
|
||||
abuild-sign -k "$signing_key" "$repo_dir/APKINDEX.tar.gz"
|
||||
done
|
||||
echo "APK repo metadata generated in $output_base"
|
||||
|
||||
- name: Debug - repo output structure
|
||||
run: find dist/repo-output -type f 2>/dev/null || ls -laR dist/repo-output/ || true
|
||||
|
||||
|
|
|
|||
60
magefile.go
60
magefile.go
|
|
@ -67,7 +67,6 @@ var (
|
|||
"release:os-package": Release.OsPackage,
|
||||
"release:prepare-nfpm-config": Release.PrepareNFPMConfig,
|
||||
"release:repo-apt": Release.RepoApt,
|
||||
"release:repo-apk": Release.RepoApk,
|
||||
"release:repo-rpm": Release.RepoRpm,
|
||||
"release:repo-pacman": Release.RepoPacman,
|
||||
"dev:make-migration": Dev.MakeMigration,
|
||||
|
|
@ -1364,65 +1363,6 @@ func (Release) RepoRpm(ctx context.Context) error {
|
|||
return nil
|
||||
}
|
||||
|
||||
// RepoApk generates Alpine APK repository index for all .apk files in the work directory.
|
||||
// Expects .apk files in <DIST>/repo-work/incoming/ and outputs to <DIST>/repo-output/apk/<suite>/main/.
|
||||
// Environment: APK_SIGNING_KEY_PATH must point to an RSA private key for abuild-sign.
|
||||
// Environment: REPO_SUITE controls the target suite (default: "stable").
|
||||
func (Release) RepoApk(ctx context.Context) error {
|
||||
mg.Deps(initVars)
|
||||
|
||||
suite := repoSuite()
|
||||
|
||||
incomingDir := filepath.Join(DIST, "repo-work", "incoming")
|
||||
outputBase := filepath.Join(DIST, "repo-output", "apk", suite, "main")
|
||||
signingKey := os.Getenv("APK_SIGNING_KEY_PATH")
|
||||
|
||||
archMap := map[string]string{
|
||||
"x86_64": "x86_64",
|
||||
"aarch64": "aarch64",
|
||||
"armv7": "armv7",
|
||||
}
|
||||
|
||||
for pkgArch, repoArch := range archMap {
|
||||
repoDir := filepath.Join(outputBase, repoArch)
|
||||
if err := os.MkdirAll(repoDir, 0o755); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
pattern := filepath.Join(incomingDir, "*-"+pkgArch+".apk")
|
||||
apks, _ := filepath.Glob(pattern)
|
||||
if len(apks) == 0 {
|
||||
continue
|
||||
}
|
||||
for _, apk := range apks {
|
||||
abs, _ := filepath.Abs(apk)
|
||||
dst := filepath.Join(repoDir, filepath.Base(apk))
|
||||
os.Remove(dst)
|
||||
if err := os.Symlink(abs, dst); err != nil {
|
||||
return err
|
||||
}
|
||||
}
|
||||
|
||||
// Collect all .apk paths in repo dir for apk index
|
||||
repoApks, _ := filepath.Glob(filepath.Join(repoDir, "*.apk"))
|
||||
indexArgs := append([]string{"index", "--allow-untrusted", "-o", filepath.Join(repoDir, "APKINDEX.tar.gz")}, repoApks...)
|
||||
if err := runAndStreamOutput(ctx, "apk", indexArgs...); err != nil {
|
||||
return fmt.Errorf("apk index for %s: %w", repoArch, err)
|
||||
}
|
||||
|
||||
// Sign with abuild-sign
|
||||
if err := runAndStreamOutput(ctx, "abuild-sign",
|
||||
"-k", signingKey,
|
||||
filepath.Join(repoDir, "APKINDEX.tar.gz"),
|
||||
); err != nil {
|
||||
return fmt.Errorf("abuild-sign for %s: %w", repoArch, err)
|
||||
}
|
||||
}
|
||||
|
||||
fmt.Println("APK repo metadata generated in", outputBase)
|
||||
return nil
|
||||
}
|
||||
|
||||
// RepoPacman generates Pacman repository database for all .archlinux files in the work directory.
|
||||
// Expects .archlinux files in <DIST>/repo-work/incoming/ and outputs to <DIST>/repo-output/pacman/<suite>/.
|
||||
// Environment: RELEASE_GPG_KEY, RELEASE_GPG_PASSPHRASE must be set for signing.
|
||||
|
|
|
|||
Loading…
Reference in New Issue