marfrit-packages/.gitea/workflows/build.yml

name: build and publish packages

# STUB — wired in a follow-up session. Current design sketch:
#
#   jobs:
#     arch-aarch64:
#       runs-on: [self-hosted, alarm, aarch64]
#       steps:
#         - uses: actions/checkout@v4
#         - name: makepkg
#           run: |
#             cd arch/distcc-avahi
#             makepkg --nocheck --noconfirm --syncdeps
#         - name: import signing key
#           env:
#             KEY: ${{ secrets.MARFRIT_REPO_PRIVATE_KEY }}
#             PASS: ${{ secrets.MARFRIT_REPO_PASSPHRASE }}
#           run: |
#             echo "$KEY" | gpg --import
#             echo "$PASS" > /tmp/pass
#         - name: sign package
#           run: |
#             gpg --batch --pinentry-mode loopback --passphrase-file /tmp/pass \
#                 --detach-sign --yes arch/distcc-avahi/*.pkg.tar.zst
#         - name: publish to packages.reauktion.de
#           env:
#             SSH_KEY: ${{ secrets.MARFRIT_REPO_DEPLOY_KEY }}
#           run: |
#             mkdir -p ~/.ssh && echo "$SSH_KEY" > ~/.ssh/id_ed25519
#             chmod 600 ~/.ssh/id_ed25519
#             scp arch/distcc-avahi/*.pkg.tar.zst{,.sig} \
#                 mfritsche@nc.reauktion.de:/srv/packages/arch/aarch64/
#             # Regenerate db remotely (on an aarch64 runner with pacman):
#             ssh mfritsche@nc.reauktion.de 'cd /srv/packages/arch/aarch64 && \
#                 repo-add --sign --key 92D5E96D8F63C75E4116AA1FF5C8C4603D0D250C \
#                 marfrit.db.tar.gz *.pkg.tar.zst'
#
# Runner requirements:
#   - feynman (CT115 on data) currently has the Actions runner for ARM
#     bare-metal builds. For ALARM packages we'd want either:
#       (a) a dedicated ALARM runner container, OR
#       (b) makechrootpkg inside feynman with an ALARM pacstrap.
#   - x86_64 Arch runner: can live on any nuccie.
#   - Debian runners: debootstrap bookworm/trixie for each arch.
on: workflow_dispatch
jobs:
  placeholder:
    runs-on: ubuntu-latest
    steps:
      - run: echo "build pipeline not yet wired — see file header"