From 5d8863e4d972eaca55b9ac9309841be9685876b5 Mon Sep 17 00:00:00 2001
From: Dominic <git@msrd0.de>
Date: Tue, 14 Jan 2025 13:15:34 +0100
Subject: [PATCH] initial commit

[skip ci]
---
 .forgejo/workflows/alpine.yml |  36 +++++++++++
 build.sh                      | 113 ++++++++++++++++++++++++++++++++++
 2 files changed, 149 insertions(+)
 create mode 100644 .forgejo/workflows/alpine.yml
 create mode 100755 build.sh

diff --git a/.forgejo/workflows/alpine.yml b/.forgejo/workflows/alpine.yml
new file mode 100644
index 0000000..1bf0dd5
--- /dev/null
+++ b/.forgejo/workflows/alpine.yml
@@ -0,0 +1,36 @@
+name: Alpine
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+  workflow_dispatch:
+
+jobs:
+  abuild:
+    strategy:
+      fail-fast: false
+      matrix:
+        arch:
+          - "aarch64"
+        pkg:
+          # https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/77851
+          - path: testing/lsd
+            branch: master
+            repo: https://gitlab.alpinelinux.org/alpine/aports
+          
+          # https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/77918
+          - path: testing/hickory-dns
+            branch: hickory-dns
+            repo: https://gitlab.alpinelinux.org/msrd0/aports
+    
+    steps:
+      - name: Build Alpine Package ${{matrix.pkg.path}}
+        uses: docker://ghcr.io/msrd0/abuild-aarch64:3.21
+        with:
+          entrypoint: ./build.sh
+          args: |
+            "${{github.event.repository.html_url}}"
+            "${{matrix.pkg.path}}"
+            "${{}}"
diff --git a/build.sh b/build.sh
new file mode 100755
index 0000000..1aada26
--- /dev/null
+++ b/build.sh
@@ -0,0 +1,113 @@
+ #!/bin/busybox ash
+set -eo pipefail
+
+alpine_branch="$(cat /etc/alpine-release | sed -E 's,^([0-9]+)\.([0-9]+)\..*,v\1.\2,')"
+arch="${CARCH:-aarch64}"
+
+# Usage: $0 <packager> <path> <branch> [<git>]
+# This file will build a package _if_ it is not yet uploaded, and upload it
+packager="$1"
+path="$2"
+branch="$3"
+git="$4"
+
+# Let's use some common names, we're in our own docker container anyways
+sudo mkdir -p /alpine
+sudo chown -R ${USER:-1000} /alpine
+dir="/alpine/src"
+repo="/alpine/repo"
+mkdir -p "$repo"
+
+# forgejo will re-sign the package anyways, so we just create a throwaway key here
+echo | abuild-keygen -a -i -b 4096
+echo "REPODEST=\"$repo\"" >>~/.abuild/abuild.conf
+echo "PACKAGER=\"$packager\"" >>~/.abuild/abuild.conf
+
+# initialise abuild repos
+abuild-apk update
+if [ -n "$CBUILDROOT" ]; then
+	abuild-apk update --root "$CBUILDROOT" --arch "$CTARGET"
+fi
+
+# this script needs jq
+abuild-apk add jq
+
+set -x
+
+# so we need to download the relevant files for `abuild up2date`
+api="https://msrd0.dev/api/v1/packages/alpine"
+repo_api="https://msrd0.dev/api/packages/alpine"
+repo_dest="$repo/$(dirname "$path")/$arch"
+mkdir -p "$repo_dest"
+# definitely the best way to get the filename for the key (:
+tmpfile=$(mktemp -u)
+keyfile=$(wget -SO "$tmpfile" "$repo_api/key" 2>&1 \
+	| grep 'Content-Disposition: attachment' \
+	| awk '{print $3}' \
+	| sed -e 's,filename=",,' -e 's,";,,' \
+	|| true)
+# if we couldn't download the keyfile, the repository might not yet exist
+if [ -n "$keyfile" ]
+then
+	sudo mv "$tmpfile" "/etc/apk/keys/$keyfile"
+fi
+dl_pkg() {
+	local pkg ver dest dl_url
+	pkg="$1"
+	shift
+	ver="$1"
+	shift
+	while [ "$#" -gt 0 ]
+	do
+		if [ "$(apk version -t "$ver" "$1")" == "<" ]
+		then
+			ver="$1"
+		fi
+		shift
+	done
+	for file in $(wget -qO- "$api/alpine/$pkg/$ver/files")
+	do
+		# so ... apparently noarch packages get "reassigned" to the target architecture
+		# this means we can rely on $CARCH to download the package
+		dl_url="$repo_api/alpine/$alpine_branch/alpine/$file"
+		echo "Trying to download existing package $dl_url ..."
+		wget -O "$dest/$file" "$dl_url" \
+			|| echo "Failed to download $dl_url" >&2
+	done
+}
+wget -qO- "$api" \
+	|| (echo "[]"; echo "Failed to download $api" >&2) \
+	| jq -rc 'group_by(.name) | .[] | [.[0].name] + [.[] | .version]' \
+	| sed -e 's,\[,,' -e 's/,/ /g' -e 's,\],,' \
+	| while read line
+	  do
+		dl_pkg $line
+	  done
+apk index --no-warnings --quiet \
+	--output "$repo_dest/APKINDEX.tar.gz" \
+	--rewrite-arch "$arch" \
+	"$repo_dest"/*.apk \
+	&& abuild-sign -q "$repo_dest/APKINDEX.tar.gz" \
+	|| echo "Failed to create APKINDEX.tar.gz" >&2
+
+# let's not waste more CPU cycles than necessary
+abuild-apk add lld
+echo "export LDFLAGS=\"\$LDFLAGS -fuse-ld=lld\"" >>~/.abuild/abuild.conf
+echo "export RUSTFLAGS=\"-C link-arg=-fuse-ld=lld\"" >>~/.abuild/abuild.conf
+echo "export CARGO_NET_GIT_FETCH_WITH_CLI=true" >>~/.abuild/abuild.conf
+
+# grab the path from the repository
+git clone --depth 1 --sparse --branch "$branch" -- "$git" "$dir"
+cd "$dir"
+git sparse-checkout add "$path"
+export APKBUILD="$path/APKBUILD"
+
+# make sure that all checksums match, regardless if we build the package or not
+abuild verify
+
+# if not up to date, build and upload
+if ! abuild up2date
+then
+	abuild -r
+	# TODO upload
+fi