ci: accept any pkg.tar.* extension, configure gpg for repo-add

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-14 19:42:19 +00:00
parent 0fda1c47ea
commit b9bfad146f
1 changed files with 19 additions and 7 deletions
@@ -54,13 +54,14 @@ jobs:
          chown -R builder:builder /tmp/build-distcc-avahi
          cd /tmp/build-distcc-avahi
          sudo -u builder -H makepkg --nocheck --noconfirm --syncdeps --cleanbuild
-          ls -la *.pkg.tar.zst
+          ls -la *.pkg.tar.* | grep -v "\.sig$"

      - name: sign package
        run: |
          set -e
          cd /tmp/build-distcc-avahi
-          for f in *.pkg.tar.zst; do
+          for f in *.pkg.tar.xz *.pkg.tar.zst *.pkg.tar.gz; do
+            [ -f "$f" ] || continue
            gpg --batch --pinentry-mode loopback --passphrase-file /root/repo_pass \
                --detach-sign --yes -u 92D5E96D8F63C75E4116AA1FF5C8C4603D0D250C "$f"
          done
@@ -75,13 +76,24 @@ jobs:
          curl -sSL https://packages.reauktion.de/arch/aarch64/marfrit.db.tar.gz -o marfrit.db.tar.gz || true
          curl -sSL https://packages.reauktion.de/arch/aarch64/marfrit.files.tar.gz -o marfrit.files.tar.gz || true
          # move freshly built package(s) in
-          mv /tmp/build-distcc-avahi/*.pkg.tar.zst .
-          mv /tmp/build-distcc-avahi/*.pkg.tar.zst.sig .
+          for ext in xz zst gz; do
+            ls /tmp/build-distcc-avahi/*.pkg.tar.$ext 2>/dev/null && \
+              mv /tmp/build-distcc-avahi/*.pkg.tar.$ext /tmp/build-distcc-avahi/*.pkg.tar.$ext.sig .
+          done || true
          # regenerate the db, signing it with our key
-          GPG_TTY= \
-          GNUPGHOME=/root/.gnupg \
+          export GPG_TTY=""
+          export GNUPGHOME=/root/.gnupg
+          # repo-add wants explicit passphrase; wrap via gpg-agent loopback
+          cat > /root/.gnupg/gpg.conf <<EOF
+pinentry-mode loopback
+passphrase-file /root/repo_pass
+EOF
+          cat > /root/.gnupg/gpg-agent.conf <<EOF
+allow-loopback-pinentry
+EOF
+          gpg-connect-agent reloadagent /bye
          repo-add --new --sign --key 92D5E96D8F63C75E4116AA1FF5C8C4603D0D250C \
-            --verify marfrit.db.tar.gz *.pkg.tar.zst
+            --verify marfrit.db.tar.gz *.pkg.tar.*
          # refresh "unversioned" symlinks expected by pacman
          ln -sf marfrit.db.tar.gz     marfrit.db
          ln -sf marfrit.files.tar.gz  marfrit.files