codex-desktop-linux/.github/workflows/ci.yml at main · distsystem/codex-desktop-linux · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
name: CI

# Soft-fork CI in rebase mode. Our main is force-pushed only after this CI
# is green, so main is always last-known-good — no separate tag is needed.
# The deliverable is the pacman package; nix is just a local dev path here, so
# CI focuses on the PKGBUILD. The patch gate is built into the PKGBUILD itself
# (check() runs validate-patch-report.js), so every makepkg — CI here, plus
# AUR users — automatically validates required-upstream patches against the
# pinned versioned zip.
on:
  pull_request:
  push:
    branches: [main]
  workflow_dispatch:

permissions:
  contents: read

jobs:
  verify-pkgbuild-on-arch:
    name: Verify PKGBUILD on Arch (makepkg)
    runs-on: ubuntu-latest
    timeout-minutes: 60
    steps:
      - uses: actions/checkout@v4

      - name: Stage PKGBUILD and rewrite source to the current checkout
        run: |
          set -euo pipefail
          mkdir -p /tmp/pkgbuild
          cp packaging/linux/PKGBUILD            /tmp/pkgbuild/PKGBUILD
          cp packaging/linux/codex-desktop-linux.install /tmp/pkgbuild/codex-desktop-linux.install
          # CI validates the current commit, not whatever main points at on
          # origin (we are validating *before* push). Rewrite the git source
          # to clone the mounted checkout instead.
          sed -i 's|git+https://github.com/distsystem/codex-desktop-linux\.git#branch=main|git+file:///repo|' /tmp/pkgbuild/PKGBUILD

      - name: makepkg in Arch container (build + check + package)
        run: |
          docker run --rm \
            -v "$PWD:/repo:ro" \
            -v "/tmp/pkgbuild:/build" \
            -w /build \
            archlinux:base-devel \
            bash -c '
              set -euo pipefail
              pacman -Syu --noconfirm --needed git 7zip nodejs npm rust curl unzip sudo
              useradd -m builder
              chown -R builder:builder /build
              runuser -u builder -- bash -c "cd /build && PKGDEST=/build makepkg -f --nodeps --skipinteg"
              pkg=$(find /build -maxdepth 1 -name "codex-desktop-linux-*.pkg.tar.zst" -print -quit)
              test -n "$pkg" || { echo "no package produced"; exit 1; }
              echo "Built: $pkg"
              contents=$(pacman -Qlp "$pkg")
              for path in /opt/codex-desktop/start.sh /usr/bin/codex-desktop /usr/share/applications/codex-desktop.desktop; do
                  echo "$contents" | grep -qFx "codex-desktop-linux $path" || { echo "missing $path"; exit 1; }
              done
              echo "Package layout OK."
            '