ci: add AUR publishing workflow for fcitx5 and ibus packages#23
Open
thienandangthanh wants to merge 4 commits into
Open
ci: add AUR publishing workflow for fcitx5 and ibus packages#23thienandangthanh wants to merge 4 commits into
thienandangthanh wants to merge 4 commits into
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (1)
✅ Files skipped from review due to trivial changes (1)
📝 WalkthroughWalkthroughAdded two Arch Linux AUR PKGBUILD templates and a GitHub Actions Changes
Sequence Diagram(s)sequenceDiagram
participant Maintainer
participant GitHub as GitHub (Release & Actions)
participant Action as aur-publish Job
participant AUR
Maintainer->>GitHub: push tag vX.Y.Z (create release + artifacts)
GitHub->>Action: trigger aur-publish job (matrix: fcitx5-vnkey-bin, ibus-vnkey-bin)
Action->>GitHub: fetch SHA256SUMS.txt for release
Action->>Action: extract checksum for each artifact
Action->>Action: copy `.github/aur/<pkg>/PKGBUILD` into working PKGBUILD
Action->>Action: replace PLACEHOLDER_VER and PLACEHOLDER_SHA256
Action->>AUR: deploy updated PKGBUILD via SSH (commit)
AUR-->>Action: acknowledge commit
Action-->>GitHub: job complete
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 3✅ Passed checks (3 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (2)
.github/aur/fcitx5-vnkey-bin/PKGBUILD (1)
10-10: Consider using more specific license identifier.Same as the ibus variant - the repository uses
GPL-3.0-or-later.💡 Suggested change
-license=('GPL') +license=('GPL-3.0-or-later')🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/aur/fcitx5-vnkey-bin/PKGBUILD at line 10, Update the license identifier in the PKGBUILD by replacing the generic license value currently set in the license variable (license=('GPL')) with the more specific SPDX identifier used by the repo (GPL-3.0-or-later) so the package metadata matches the project's declared license..github/aur/ibus-vnkey-bin/PKGBUILD (1)
10-10: Consider using more specific license identifier.The repository uses
GPL-3.0-or-later. AUR supports SPDX identifiers, solicense=('GPL-3.0-or-later')would be more precise.💡 Suggested change
-license=('GPL') +license=('GPL-3.0-or-later')🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/aur/ibus-vnkey-bin/PKGBUILD at line 10, Change the generic SPDX license identifier in the PKGBUILD from license=('GPL') to the specific one used by the repo: license=('GPL-3.0-or-later'); update the license line in the PKGBUILD so tools and AUR receive the precise SPDX identifier.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/aur/fcitx5-vnkey-bin/PKGBUILD:
- Line 12: The optdepends entry currently lists "fcitx-qt5: To run the fcitx
unikey macro editor" which is incorrect for this package; update or remove the
optdepends: either remove the entire optdepends entry if VnKey has no Qt
configuration UI, or replace "fcitx-qt5" with the Fcitx5 package "fcitx5-qt" and
change the description to reference VnKey (e.g. "fcitx5-qt: optional Qt
integration for VnKey") so the optdepends key and its description accurately
reflect the correct package and project name.
In @.github/workflows/build.yml:
- Around line 561-570: The meta step extracts PKGVER/ARTIFACT_FILE and computes
SHA256 but does not validate it; add a check after computing SHA256 (in the step
with id "meta" using variables PKGVER, ARTIFACT_FILE, SHA256) that verifies
SHA256 is non-empty and matches expected hex length (64 chars for sha256) and if
invalid prints a clear error to stderr, fails the job (exit 1) and does not
write an empty sha256 to GITHUB_OUTPUT; ensure the check occurs immediately
after SHA256 assignment and before the echo "sha256=..." line so the workflow
aborts on missing or malformed checksum.
---
Nitpick comments:
In @.github/aur/fcitx5-vnkey-bin/PKGBUILD:
- Line 10: Update the license identifier in the PKGBUILD by replacing the
generic license value currently set in the license variable (license=('GPL'))
with the more specific SPDX identifier used by the repo (GPL-3.0-or-later) so
the package metadata matches the project's declared license.
In @.github/aur/ibus-vnkey-bin/PKGBUILD:
- Line 10: Change the generic SPDX license identifier in the PKGBUILD from
license=('GPL') to the specific one used by the repo:
license=('GPL-3.0-or-later'); update the license line in the PKGBUILD so tools
and AUR receive the precise SPDX identifier.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: 181825a2-3b68-427b-b7f4-980db2c91964
📒 Files selected for processing (4)
.github/aur/fcitx5-vnkey-bin/PKGBUILD.github/aur/ibus-vnkey-bin/PKGBUILD.github/workflows/build.ymlREADME.md
Add automated AUR publishing via GitHub Actions on release tags: - Create PKGBUILD templates for fcitx5-vnkey-bin and ibus-vnkey-bin - Add aur-publish job that extracts version and SHA256 from releases - Use github-actions-deploy-aur to push updates to AUR repositories - Support both fcitx5 and ibus variants via matrix strategy This enables automatic AUR package updates whenever a new release is tagged. Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
thienandangthanh
force-pushed
the
ci/add-aur-publishing
branch
from
e06a469 to
70e7169
Compare
There was a problem hiding this comment.
♻️ Duplicate comments (1)
.github/workflows/build.yml (1)
561-574:⚠️ Potential issue | 🟠 MajorHarden checksum extraction to exact-match and 64-hex validation.
Current logic only checks non-empty output. It can still pass malformed values or unintended matches, then publish a broken
sha256sumsinto AUR.🔧 Proposed fix
- name: Extract pkgver and SHA256 from release id: meta run: | PKGVER="${GITHUB_REF_NAME#v}" ARTIFACT_FILE="${{ matrix.artifact_prefix }}-v${PKGVER}-1-x86_64.pkg.tar.zst" SHA256=$(curl -fsSL \ "https://github.com/marixdev/vnkey/releases/download/v${PKGVER}/SHA256SUMS.txt" \ - | grep "${ARTIFACT_FILE}" | awk '{print $1}') - if [ -z "$SHA256" ]; then - echo "::error::Failed to extract SHA256 for ${ARTIFACT_FILE}" + | awk -v file="${ARTIFACT_FILE}" '$2 == file { print $1; exit }') + if ! [[ "$SHA256" =~ ^[A-Fa-f0-9]{64}$ ]]; then + echo "::error::Invalid SHA256 extracted for ${ARTIFACT_FILE}: '${SHA256}'" >&2 exit 1 fi echo "pkgver=$PKGVER" >> "$GITHUB_OUTPUT" echo "sha256=$SHA256" >> "$GITHUB_OUTPUT"🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/build.yml around lines 561 - 574, The SHA256 extraction step currently trusts any non-empty grep/awk output; update the logic around variables PKGVER, ARTIFACT_FILE and SHA256 to (1) perform an exact filename match (so the grep/selection only matches the full ARTIFACT_FILE entry, not substrings) and (2) validate that the captured SHA256 is a 64-hex string (using a regex test) before writing pkgver and sha256 to GITHUB_OUTPUT; if the match or validation fails, emit an error and exit non‑zero to prevent publishing bad sha256sums.
🧹 Nitpick comments (1)
.github/workflows/build.yml (1)
567-568: Avoid hardcoded repository in release URL.Use
${{ github.repository }}so this workflow keeps working on forks/renames without edits.♻️ Proposed tweak
- SHA256=$(curl -fsSL \ - "https://github.com/marixdev/vnkey/releases/download/v${PKGVER}/SHA256SUMS.txt" \ + SHA256=$(curl -fsSL \ + "https://github.com/${{ github.repository }}/releases/download/v${PKGVER}/SHA256SUMS.txt" \ | awk -v file="${ARTIFACT_FILE}" '$2 == file { print $1; exit }')🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/build.yml around lines 567 - 568, The release download URL is hardcoded to "marixdev/vnkey" which breaks on forks/renames; update the workflow string that constructs the SHA256SUMS.txt URL (the line referencing "https://github.com/marixdev/vnkey/releases/download/v${PKGVER}/SHA256SUMS.txt") to use the GitHub Actions repository variable ${{ github.repository }} instead of the literal repo name so the workflow will work for forks and renamed repos while keeping the existing PKGVER and ARTIFACT_FILE variables intact.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In @.github/workflows/build.yml:
- Around line 561-574: The SHA256 extraction step currently trusts any non-empty
grep/awk output; update the logic around variables PKGVER, ARTIFACT_FILE and
SHA256 to (1) perform an exact filename match (so the grep/selection only
matches the full ARTIFACT_FILE entry, not substrings) and (2) validate that the
captured SHA256 is a 64-hex string (using a regex test) before writing pkgver
and sha256 to GITHUB_OUTPUT; if the match or validation fails, emit an error and
exit non‑zero to prevent publishing bad sha256sums.
---
Nitpick comments:
In @.github/workflows/build.yml:
- Around line 567-568: The release download URL is hardcoded to "marixdev/vnkey"
which breaks on forks/renames; update the workflow string that constructs the
SHA256SUMS.txt URL (the line referencing
"https://github.com/marixdev/vnkey/releases/download/v${PKGVER}/SHA256SUMS.txt")
to use the GitHub Actions repository variable ${{ github.repository }} instead
of the literal repo name so the workflow will work for forks and renamed repos
while keeping the existing PKGVER and ARTIFACT_FILE variables intact.
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro
Run ID: e4688403-905c-4876-9fe7-b946b0077ee3
📒 Files selected for processing (3)
.github/aur/fcitx5-vnkey-bin/PKGBUILD.github/aur/ibus-vnkey-bin/PKGBUILD.github/workflows/build.yml
✅ Files skipped from review due to trivial changes (2)
- .github/aur/fcitx5-vnkey-bin/PKGBUILD
- .github/aur/ibus-vnkey-bin/PKGBUILD
Replace manual package installation with paru/yay commands for fcitx5-vnkey-bin and ibus-vnkey-bin packages. This simplifies the installation process for Arch users by leveraging AUR helpers instead of requiring manual package downloads.
This allows fetching SHA256SUMS.txt from both upstream and fork. Reference: https://docs.github.com/en/actions/reference/workflows-and-actions/variables#:~:text=GITHUB%5FREPOSITORY
Note: only update for aur-publish job
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Mô tả
PR này thêm tính năng tự động phát hành (publish) các gói cài đặt cho Arch Linux lên AUR (Arch User Repository) và cập nhật tài liệu hướng dẫn cài đặt tương ứng.
Chi tiết các thay đổi:
fcitx5-vnkey-binvàibus-vnkey-binlên AUR mỗi khi có release mới (kích hoạt khi có tagv*).PKGBUILDchuẩn cho cả hai biến thể Fcitx5 và IBus.README.md, thay đổi hướng dẫn cài đặt thủ công bằngpacman -Usang sử dụng các AUR helper phổ biến (paru/yay), giúp đơn giản hóa quá trình cài đặt cho người dùng Arch Linux.Để workflow hoạt động như mong đợi, cần phải thêm 3 Repository secrets sau tại trang
Settings -> Secrets and variables -> Actions -> New repository secret:AUR_USERNAMEAUR_EMAILAUR_SSH_PRIVATE_KEYLoại thay đổi
Nền tảng ảnh hưởng
Kiểm tra
cargo testpass trongvnkey-engineIssue liên quan
Nguồn tham khảo
Summary by CodeRabbit
Chores
Documentation