Skip to content
update-pacman

Prevent pacman from being upgraded #9

Sign in to view logs

Prevent pacman from being upgraded

Prevent pacman from being upgraded #9

Workflow file for this run

.github/workflows/update-pacman.yml at 60cb253
name: update-pacman
on:
push:
branches:
- patched-pacman-gpgme
env:
GIT_CONFIG_PARAMETERS: "'user.name=Git for Windows Build Agent' '[email protected]' 'windows.sdk64.path=${{ github.workspace }}' 'windows.sdk32.path=' 'http.sslbackend=schannel' 'core.autocrlf=false' 'checkout.workers=16'"
HOME: "${{ github.workspace }}\\home\\git-ci"
MSYSTEM: MSYS
jobs:
update-pacman:
if: github.repository_owner == 'git-for-windows'
# We can get away with using x86_64 runners because `pacman.exe` is actually an x86_64 program
runs-on: windows-latest
permissions:
contents: write
steps:
- name: clone git-sdk-arm64
uses: actions/checkout@v4
with:
persist-credentials: true
token: ${{ secrets.PUSH_TOKEN }}
- name: use git-sdk-arm64's Bash and Git for Windows' git.exe
run: "usr\\bin\\bash.exe -lc 'cygpath -aw /usr/bin >>$GITHUB_PATH && cygpath -aw /c/Program\\ Files/Git/cmd/ >>$GITHUB_PATH'"
- name: Run tmate
shell: bash
run: |
# install tmate
pacman -Sy --noconfirm tmate openssh &&
# restrict SSH access to the "actor", i.e. the GitHub user who triggered this workflow
# this requires calling `ssh -i <private-key> [...]` later on
mkdir -p ~/.ssh &&
curl -H 'Authorization: token ${{ github.token }}' \
https://api.github.com/users/${{github.actor}}/keys |
jq -r '.[].key' >~/.ssh/authorized_keys &&
# Generate an SSH key (needed for tmate)
echo -e 'y\n' | ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa &&
# Start tmate session
export CHERE_INVOKING=1 &&
tmate -S /tmp/tmate.sock -a ~/.ssh/authorized_keys new-session -d &&
tmate -S /tmp/tmate.sock wait tmate-ready &&
tmate -S /tmp/tmate.sock display -p '#{tmate_ssh}'
- name: download Pacman package
id: download
shell: bash
env:
GH_TOKEN: ${{ github.token }}
run: |
# Only do this unless `pacman` is already prevented from being upgraded
grep '^ *IgnorePkg *= *pacman' etc/pacman.conf && exit 0
sha="$(gh api repos/msys2/MSYS2-packages/pulls/4583 \
--jq '.head.sha')" &&
check_run_url="$(gh api repos/msys2/MSYS2-packages/commits/$sha/check-runs \
--jq '.check_runs[] | select(.name=="MSYS") | .url')" &&
workflow_job_url="$(gh api "${check_run_url#https://api.github.com/}" --jq '.details_url')" &&
workflow_run_url="${workflow_job_url%/job/*}" &&
artifacts_url="$(gh api "repos/${workflow_run_url#https://github.com/}" --jq '.artifacts_url')" &&
zip_url="$(gh api "${artifacts_url#https://api.github.com/}" --jq '.artifacts[].archive_download_url')" &&
curl -H "Authorization: token ${{secrets.GITHUB_TOKEN}}" -#sLo /tmp/MSYS2-packages.zip "$zip_url" &&
unzip /tmp/MSYS2-packages.zip &&
echo "result=$(echo pacman-*.pkg.tar*)" >>$GITHUB_OUTPUT
- name: install and commit ${{ steps.download.outputs.result }}
if: steps.download.outputs.result != ''
shell: bash
run: |
# Give the `/etc/profile.d/` scripts a chance to set things up
bash -lc 'uname -a' &&
pacman -U --noconfirm '${{ steps.download.outputs.result }}' &&
git add -A &&
git commit -m 'Install ${{ steps.download.outputs.result }}' &&
sed -i 's/^# *\(IgnorePkg *=\).*/\1 pacman/' etc/pacman.conf &&
git commit -m 'Prevent `pacman` from being upgraded' \
-m 'It has been overridden with a version that does not deadlock on Windows/ARM64' \
etc/pacman.conf &&
git push origin HEAD
- name: wait for tmate to be done
if: always()
shell: bash
run: |
PATH=$HOME/bin:$PATH
while test -e /tmp/tmate.sock
do
tmate -S /tmp/tmate.sock display -p '#{tmate_ssh}'
sleep 5
done