Catcrafts/Crafter.Build
2
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions
Crafter.Build/.forgejo/workflows/ci.yaml
Jorijn van der Graaf f0b1fd899c
Some checks failed
CI / build-test-release (pull_request) Failing after 12m22s
Details
ci: pacman-key --init/--populate before keyring upgrade 
archlinux:latest slim image has no local pacman master key and an
unpopulated upstream keyring, so:
  - the archlinux-keyring upgrade fails with "no secret key available to
    sign with" because pacman can't sign the keyring it's rewriting
  - falling through to -Syu hits the original "unknown trust" errors on
    libseccomp and zip

Run pacman-key --init then --populate archlinux before any pacman -S.
This is the documented bootstrap for slim Arch CI containers.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-28 23:40:27 +02:00

112 lines
4.1 KiB
YAML
Raw Blame History

name: CI
on:
pull_request:
branches: [master]
push:
branches: [master]
workflow_dispatch:
jobs:
build-test-release:
runs-on: arch-latest
steps:
- name: Install build dependencies
run: |
# The slim archlinux:latest image arrives without a populated
# pacman keyring AND without a local pacman master key, so:
# 1. --init generates the local signing key (needed when pacman
# itself rewrites the keyring during package upgrades)
# 2. --populate archlinux imports the upstream master keys so
# currently-shipping signatures verify
# After that we can refresh archlinux-keyring to pick up keys for
# packagers added after the image's snapshot, then -Syu the rest.
pacman-key --init
pacman-key --populate archlinux
pacman -Sy --noconfirm --needed archlinux-keyring
pacman -Syu --noconfirm --needed \
base-devel git zip tar \
clang lld libc++ cmake \
mingw-w64-gcc \
wasi-libc wasi-libc++ wasi-libc++abi wasi-compiler-rt \
nodejs
# The container runs as root and the workspace may be owned by a
# different uid; tell git not to refuse operations on it.
git config --global --add safe.directory '*'
- name: Checkout
uses: actions/checkout@v4
with:
# Persist the auth token so the 'Update rolling latest tag' step
# below can push the tag back via the implicit GITHUB_TOKEN.
persist-credentials: true
- name: Cache glslang clone+build
uses: actions/cache@v4
with:
path: |
~/.cache/crafter.build/external
key: glslang-${{ runner.os }}-v1
- name: Bootstrap (build.sh)
run: ./build.sh
- name: Self-rebuild via crafter-build (Linux)
run: CRAFTER_BUILD_HOME=$PWD/share/crafter-build ./bin/crafter-build
- name: Run tests
run: CRAFTER_BUILD_HOME=$PWD/share/crafter-build ./bin/crafter-build test
- name: Cross-compile for Windows (mingw32)
run: CRAFTER_BUILD_HOME=$PWD/share/crafter-build ./bin/crafter-build --target=x86_64-w64-mingw32
- name: Package artifacts
run: |
set -eux
mkdir -p dist
# Linux: bin/, lib/, share/ at archive root
stage_lin=$(mktemp -d)
mkdir -p "$stage_lin/bin" "$stage_lin/lib"
cp bin/crafter-build "$stage_lin/bin/"
cp lib/libcrafter-build.a "$stage_lin/lib/"
cp -r share "$stage_lin/"
tar czf dist/crafter-build-linux-x86_64.tar.gz -C "$stage_lin" .
# Windows: bin/ contents (exe + auto-bundled mingw DLLs) and share/
stage_win=$(mktemp -d)
mkdir -p "$stage_win/bin"
cp bin/crafter.build-exe-x86_64-w64-mingw32-native/* "$stage_win/bin/"
cp -r share "$stage_win/"
(cd "$stage_win" && zip -r "$GITHUB_WORKSPACE/dist/crafter-build-windows-x86_64.zip" .)
ls -la dist/
- name: Upload workflow artifacts
uses: actions/upload-artifact@v4
with:
name: crafter-build
path: dist/
if-no-files-found: error
- name: Update rolling 'latest' tag
if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/master'
run: |
git config user.email "ci@catcrafts.net"
git config user.name "Crafter Build CI"
git tag -f latest
git push origin latest --force
- name: Publish rolling 'latest' release
if: (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.ref == 'refs/heads/master'
uses: https://code.forgejo.org/actions/forgejo-release@v2
with:
direction: upload
url: ${{ github.server_url }}
repo: ${{ github.repository }}
tag: latest
title: Latest main build
prerelease: true
override: true
release-dir: dist
token: ${{ secrets.GITHUB_TOKEN }}
Reference in a new issue View git blame Copy permalink