name: 'Build ArchLinux package'
author: 'Carlos Galindo'
description: |
  Builds an ArchLinux package in a container. Setups the container
  with a build user, checks out the repository, imports required gpg
  keys, builds and uploads the package as an artifact.

inputs:
  extra_pkgs:
    description: "Additional packages to be installed"
    default: ""
  gpg_keys:
    description: "GPG keys to import in order to check signatures"
    default: ""

runs:
  using: 'composite'
  steps:
    - id: container_preparation
      name: Install build tools
      run: |
        echo "##[group]Installing dependencies"
        pacman -Sy --noconfirm --noprogressbar git sudo nodejs ${{ inputs.extra_pkgs }}
        echo "##[endgroup]"
        useradd --create-home --shell=/bin/false builder && usermod --lock builder
        echo 'builder ALL = NOPASSWD: /usr/bin/pacman' >> /etc/sudoers
    - uses: actions/checkout@v6
    - id: makepkg
      name: Build the package
      run: |
        chown -R builder:builder $FORGEJO_WORKSPACE
        if [ ! -z "${{ inputs.gpg_keys }}" ]; then
          sudo -u builder gpg --receive-keys ${{ inputs.gpg_keys }}
        fi
        sudo -u builder makepkg --dir $FORGEJO_WORKSPACE --syncdeps --noconfirm --noprogressbar
    - uses: actions/upload-artifact@v3
      with:
        name: packages
        path: '*.pkg.tar.zst'