ci: run makepkg from builder-writable /tmp path

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 19:39:04 +00:00
parent 2a72de0727
commit b3619d4c40
1 changed files with 11 additions and 6 deletions
@@ -46,15 +46,20 @@ jobs:
      - name: makepkg
        run: |
          set -e
-          chown -R builder:builder arch/distcc-avahi
-          cd arch/distcc-avahi
-          sudo -u builder makepkg --nocheck --noconfirm --syncdeps --cleanbuild
+          # act's workspace lives under /root/.cache/act which the unprivileged
+          # 'builder' user can't write to. Copy the package source into a
+          # builder-owned /tmp dir.
+          rm -rf /tmp/build-distcc-avahi
+          cp -r arch/distcc-avahi /tmp/build-distcc-avahi
+          chown -R builder:builder /tmp/build-distcc-avahi
+          cd /tmp/build-distcc-avahi
+          sudo -u builder -H makepkg --nocheck --noconfirm --syncdeps --cleanbuild
          ls -la *.pkg.tar.zst

      - name: sign package
        run: |
          set -e
-          cd arch/distcc-avahi
+          cd /tmp/build-distcc-avahi
          for f in *.pkg.tar.zst; do
            gpg --batch --pinentry-mode loopback --passphrase-file /root/repo_pass \
                --detach-sign --yes -u 92D5E96D8F63C75E4116AA1FF5C8C4603D0D250C "$f"
@@ -70,8 +75,8 @@ jobs:
          curl -sSL https://packages.reauktion.de/arch/aarch64/marfrit.db.tar.gz -o marfrit.db.tar.gz || true
          curl -sSL https://packages.reauktion.de/arch/aarch64/marfrit.files.tar.gz -o marfrit.files.tar.gz || true
          # move freshly built package(s) in
-          mv "$GITHUB_WORKSPACE"/arch/distcc-avahi/*.pkg.tar.zst .
-          mv "$GITHUB_WORKSPACE"/arch/distcc-avahi/*.pkg.tar.zst.sig .
+          mv /tmp/build-distcc-avahi/*.pkg.tar.zst .
+          mv /tmp/build-distcc-avahi/*.pkg.tar.zst.sig .
          # regenerate the db, signing it with our key
          GPG_TTY= \
          GNUPGHOME=/root/.gnupg \