chrony-build/.gitea/workflows/build-debian.yml

name: Build Chrony from Mirror

on:
  push:
    tags:
      - 'v*'
  workflow_dispatch:
    inputs:
      tag:
        description: 'The "v" tag to build (e.g., v4.7)'
        required: true
        type: string

jobs:
  build-and-upload-deb:
    runs-on: ubuntu-latest
    container:
      image: git.dws.rip/dws/chrony-builder:latest
    steps:
      - name: Get Build Version
        run: |
          if [[ "${{ gitea.event_name }}" == "push" ]]; then
            TRIGGER_TAG="${{ gitea.ref_name }}"
          elif [[ "${{ gitea.event_name }}" == "workflow_dispatch" ]]; then
            TRIGGER_TAG="${{ inputs.tag }}"
          fi
          UPSTREAM_TAG=$(echo $TRIGGER_TAG | sed 's/^v//')
          echo "Builder Tag: $TRIGGER_TAG"
          echo "Upstream Tag: $UPSTREAM_TAG"
          echo "UPSTREAM_TAG=${UPSTREAM_TAG}" >> $GITEA_ENV
        shell: bash # Explicitly use bash
      - name: Clone Chrony Source Code
        run: |
          # git is already installed in our container!
          git clone https://git.dws.rip/dws/chrony.git
          cd chrony-mirror
          echo "Checking out upstream tag: ${{ env.UPSTREAM_TAG }}"
          git checkout ${{ env.UPSTREAM_TAG }}
        shell: bash
      - name: Import GPG Key
        run: |
          apt-get update
          apt-get install -y gpg gpg-agent
        shell: bash
      - name: Import GExample GPG
        uses: https://github.com/crazy-max/ghaction-import-gpg@v6
        with:
          gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
          passphrase: ${{ secrets.GPG_PASSPHRASE }}
          git_user_signingkey: true
          git_committer_name: "DWS Packages"
          git_committer_email: "packages@dws.rip"

      - name: Build the SIGNED .deb Package
        run: |
          cd chrony-mirror
          # dpkg-buildpackage is already installed!
          dpkg-buildpackage --unsigned-source -b
        shell: bash
      - name: Upload to Gitea Debian Registry
        run: |
          OWNER=dws
          DEBIAN_DIST=noble
          DEBIAN_COMP=main
          # curl is already installed!
          CHANGES_FILE=$(find . -maxdepth 1 -name "*.changes" | head -n 1)
          if [ -z "$CHANGES_FILE" ]; then
            echo "Error: No .changes file found."
            exit 1
          fi

          echo "Uploading $CHANGES_FILE..."
          curl -L --fail \
            -X POST "https://git.dws.rip/api/packages/${OWNER}/debian/upload/${DEBIAN_DIST}/${DEBIAN_COMP}" \
            -H "Authorization: token ${{ secrets.GITEA_TOKEN }}" \
            -F "file=@${CHANGES_FILE}"
        shell: bash