From b3619d4c403e7747ac882fde593af4f67bc8a8cd Mon Sep 17 00:00:00 2001 From: Markus Fritsche Date: Tue, 14 Apr 2026 19:39:04 +0000 Subject: [PATCH] ci: run makepkg from builder-writable /tmp path Co-Authored-By: Claude Opus 4.6 (1M context) --- .gitea/workflows/build.yml | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 9af0b110e..a4abbfef5 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -46,15 +46,20 @@ jobs: - name: makepkg run: | set -e - chown -R builder:builder arch/distcc-avahi - cd arch/distcc-avahi - sudo -u builder makepkg --nocheck --noconfirm --syncdeps --cleanbuild + # act's workspace lives under /root/.cache/act which the unprivileged + # 'builder' user can't write to. Copy the package source into a + # builder-owned /tmp dir. + rm -rf /tmp/build-distcc-avahi + cp -r arch/distcc-avahi /tmp/build-distcc-avahi + chown -R builder:builder /tmp/build-distcc-avahi + cd /tmp/build-distcc-avahi + sudo -u builder -H makepkg --nocheck --noconfirm --syncdeps --cleanbuild ls -la *.pkg.tar.zst - name: sign package run: | set -e - cd arch/distcc-avahi + cd /tmp/build-distcc-avahi for f in *.pkg.tar.zst; do gpg --batch --pinentry-mode loopback --passphrase-file /root/repo_pass \ --detach-sign --yes -u 92D5E96D8F63C75E4116AA1FF5C8C4603D0D250C "$f" @@ -70,8 +75,8 @@ jobs: curl -sSL https://packages.reauktion.de/arch/aarch64/marfrit.db.tar.gz -o marfrit.db.tar.gz || true curl -sSL https://packages.reauktion.de/arch/aarch64/marfrit.files.tar.gz -o marfrit.files.tar.gz || true # move freshly built package(s) in - mv "$GITHUB_WORKSPACE"/arch/distcc-avahi/*.pkg.tar.zst . - mv "$GITHUB_WORKSPACE"/arch/distcc-avahi/*.pkg.tar.zst.sig . + mv /tmp/build-distcc-avahi/*.pkg.tar.zst . + mv /tmp/build-distcc-avahi/*.pkg.tar.zst.sig . # regenerate the db, signing it with our key GPG_TTY= \ GNUPGHOME=/root/.gnupg \