From 18f3e90d1e6c040c6afadf630bc459925b5f94a7 Mon Sep 17 00:00:00 2001
From: Carlos Galindo <arch@cgj.es>
Date: Wed, 10 Jun 2026 22:00:09 +0200
Subject: [PATCH] initial commit: build and publish actions for arch

---
 build-pkg/action.yml   | 40 ++++++++++++++++++++++++++++++++++++++++
 publish-pkg/action.yml | 38 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 78 insertions(+)
 create mode 100644 build-pkg/action.yml
 create mode 100644 publish-pkg/action.yml

diff --git a/build-pkg/action.yml b/build-pkg/action.yml
new file mode 100644
index 0000000..890781b
--- /dev/null
+++ b/build-pkg/action.yml
@@ -0,0 +1,40 @@
+name: 'Build ArchLinux package'
+author: 'Carlos Galindo'
+description: |
+  Builds an ArchLinux package in a container. Setups the container
+  with a build user, checks out the repository, imports required gpg
+  keys, builds and uploads the package as an artifact.
+
+inputs:
+  extra_pkgs:
+    description: "Additional packages to be installed"
+    default: ""
+  gpg_keys:
+    description: "GPG keys to import in order to check signatures"
+    default: ""
+
+runs:
+  using: 'composite'
+  steps:
+    - id: container_preparation
+      name: Install build tools
+      run: |
+        echo "##[group]Installing dependencies"
+        pacman -Sy --noconfirm --noprogressbar git sudo nodejs ${{ inputs.extra_pkgs }}
+        echo "##[endgroup]"
+        useradd --create-home --shell=/bin/false builder && usermod --lock builder
+        echo 'builder ALL = NOPASSWD: /usr/bin/pacman' >> /etc/sudoers
+    - uses: actions/checkout@v6
+    - id: makepkg
+      name: Build the package
+      run: |
+        chown -R builder:builder $FORGEJO_WORKSPACE
+        if [ ! -z "${{ inputs.gpg_keys }}" ]; then
+          sudo -u builder gpg --receive-keys ${{ inputs.gpg_keys }}
+        fi
+        sudo -u builder makepkg --dir $FORGEJO_WORKSPACE --syncdeps --noconfirm --noprogressbar
+    - uses: actions/upload-artifact@v3
+      with:
+        name: packages
+        path: '*.pkg.tar.zst'
+
diff --git a/publish-pkg/action.yml b/publish-pkg/action.yml
new file mode 100644
index 0000000..36d6486
--- /dev/null
+++ b/publish-pkg/action.yml
@@ -0,0 +1,38 @@
+name: 'Publish ArchLinux package'
+author: 'Carlos Galindo'
+description: |
+  Publishes an already-built package to Forgejo.
+
+inputs:
+  repo_name:
+    description: 'Name of the repository'
+    default: 'pkgs'
+  PKG_TOKEN:
+    description: 'Token with package:write permissions'
+    required: true
+
+runs:
+  using: 'composite'
+  steps:
+    - uses: actions/download-artifact@v3
+    - id: publish_package
+      name: Publish the package(s)
+      run: |
+        set -x
+        echo "::add-mask::${{ inputs.PKG_TOKEN }}"
+        ls packages | while read; do
+          echo "##[group]Uploading package $REPLY"
+          curl -X PUT $FORGEJO_SERVER_URL/api/packages/$FORGEJO_REPOSITORY_OWNER/arch/${{ inputs.repo_name }} \
+            -H "Authorization: token ${{ inputs.PKG_TOKEN }}" \
+            -H 'Content-Type: application/octet-stream' \
+            --data-binary "@packages/$REPLY" \
+            --fail-with-body --no-progress-meter
+          echo "##[endgroup]"
+          PKGNAME=$(echo $REPLY | rev | cut -d/ -f1 | cut -d- -f4- | rev)
+          REPO_NAME=$(echo $FORGEJO_REPOSITORY | rev | cut -d/ -f1 | rev)
+          echo "##[group]Linking $PKGNAME to $REPO_NAME"
+          curl -X POST $FORGEJO_API_URL/packages/$FORGEJO_REPOSITORY_OWNER/arch/$PKGNAME/-/link/$REPO_NAME \
+            -H "Authorization: token ${{ inputs.PKG_TOKEN }}" \
+            --no-progress-meter
+          echo "##[endgroup]"
+        done