8 files changed, 114 insertions, 26 deletions

diff --git a/.gitignore b/.gitignore
index 5dc9beb..463c332 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,4 @@
 .dist
+gpgpasswd
+private.asc
+id_ed25519
diff --git a/Jenkinsfile b/Jenkinsfile
new file mode 100644
index 0000000..6904634
--- /dev/null
+++ b/Jenkinsfile
@@ -0,0 +1,34 @@
+pipeline {
+    agent { docker { image 'archlinux:latest' } }
+    triggers { cron('H H */7 * *') }
+
+    environment {
+        SECRET_SSH = credentials('adonis-ssh-key')
+        SECRET_GPG = credentials('toufy-gpg-key')
+        SECRET_GPG_PASS = credentials('toufy-gpg-passwd')
+    }
+
+    stages {
+        stage('checkout repo') {
+            steps {
+                checkout scm
+            }
+        }
+
+        stage('build') {
+            steps {
+                sh '''
+                set -euo pipefail
+                chmod 700 ./taur.sh
+                ./taur.sh
+                '''
+            }
+        }
+    }
+
+    post {
+        always {
+            echo 'pipeline finished'
+        }
+    }
+}
diff --git a/builder.sh b/builder.sh
new file mode 100755
index 0000000..23de1be
--- /dev/null
+++ b/builder.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -e
+source ./env.sh
+
+mkdir -p $SSHHOME $GNUPGHOME
+chmod -R 755 $SSHHOME
+chmod -R 700 $GNUPGHOME
+
+cp "$SSHPRIVKEY" $SSHHOME
+chmod 600 $SSHHOME/id_ed25519
+echo $TARGET | xargs ssh-keyscan >$SSHHOME/known_hosts
+
+echo "allow-loopback-pinentry" >>$GNUPGHOME/gpg-agent.conf
+gpg-connect-agent reloadagent /bye
+gpg --batch --yes --pinentry-mode loopback --passphrase-file "$GPGPASSWD" --import "$GPGKEY"
diff --git a/env.sh b/env.sh
new file mode 100755
index 0000000..6f7f148
--- /dev/null
+++ b/env.sh
@@ -0,0 +1,24 @@
+BUILD_DIR=$(pwd)/.dist/build
+SRC_DIR=$(pwd)/.dist/src
+GPGPASSWD=$(pwd)/gpgpasswd
+GPGPRIVKEY=$(pwd)/private.asc
+SSHPRIVKEY=$(pwd)/id_ed25519
+TARGET=adonis.toufy.me
+REMOTE=root@$TARGET:/var/www/aur.toufy.me/builds
+SSHPRIVKEY_TEXT=$SECRET_SSH
+GPGRIVKEY_TEXT=$SECRET_GPG
+GPGPASSWD_TEXT=$SECRET_GPG_PASS
+
+export GNUPGHOME=~/.gnupg
+export SSHHOME=~/.ssh
+export LONGKEY=4A0E47583568E4B11B5C2559BBA33017E29E74FB
+export TARGET
+export REMOTE
+export BUILD_DIR
+export SRC_DIR
+export GPGPASSWD
+export GPGPRIVKEY
+export SSHPRIVKEY
+export SSHPRIVKEY_TEXT
+export GPGRIVKEY_TEXT
+export GPGPASSWD_TEXT
diff --git a/pkgbuilds.json b/pkgbuilds.json
index 2f16e59..ea74d62 100644
--- a/pkgbuilds.json
+++ b/pkgbuilds.json
@@ -4,21 +4,24 @@
 		"pkgs": [
 			{
 				"name": "librewolf-bin",
-				"nick": ["librewolf-bin"]
+				"nick": ["librewolf-bin"],
+				"deps": ["git"]
 			},
 			{
 				"name": "ungoogled-chromium-bin",
-				"nick": ["ungoogled-chromium-bin"]
+				"nick": ["ungoogled-chromium-bin"],
+				"deps": []
 			},
 			{
 				"name": "adwaita-qt-git",
-				"nick": ["adwaita-qt5-git", "adwaita-qt6-git"]
+				"nick": ["adwaita-qt5-git", "adwaita-qt6-git"],
+				"deps": ["cmake", "git", "qt5-x11extras", "qt6-base"]
 			},
 			{
 				"name": "ventoy-bin",
-				"nick": ["ventoy-bin"]
+				"nick": ["ventoy-bin"],
+				"deps": ["non", "test5", "test4"]
 			}
-		],
-		"rm": []
+		]
 	}
 ]
diff --git a/build.sh b/pkgbuilds.sh
index d111ea3..c686b38 100755
--- a/build.sh
+++ b/pkgbuilds.sh
@@ -1,30 +1,12 @@
 #!/usr/bin/env bash
 
 set -e
-
-BUILD_DIR=$(pwd)/.dist/build
-SRC_DIR=$(pwd)/.dist/src
-LONGKEY="4A0E47583568E4B11B5C2559BBA33017E29E74FB"
-export GNUPGHOME=~/.gnupg
+source ./env.sh
 
 mkdir -p "$BUILD_DIR" "$SRC_DIR"
 
-mkdir -p $GNUPGHOME
-chmod -R 700 $GNUPGHOME
-echo "allow-loopback-pinentry" >>$GNUPGHOME/gpg-agent.conf
-gpg-connect-agent reloadagent /bye
-gpg --batch --yes --pinentry-mode loopback --passphrase-file ~/gpgpasswd --import ~/private.asc
-
-rsync -az root@toufy.me:/var/www/aur.toufy.me/builds/ "$BUILD_DIR/"
-
 jq -c '.[]' pkgbuilds.json | while IFS= read -r src; do
     base=$(jq -r '.base' <<<"$src")
-    jq -r '.rm[]' <<<"$src" | while IFS= read -r rmv; do
-        find "$BUILD_DIR" -name "$rmv*.pkg.tar.zst" -exec \
-            repo-remove -Rsvk $LONGKEY \
-            "$BUILD_DIR"/taur.db.tar.zst "$rmv" \;
-
-    done
     jq -c '.pkgs[]' <<<"$src" | while IFS= read -r pkg; do
         name=$(jq -r '.name' <<<"$pkg")
         git clone "$base/$name" "$SRC_DIR"/"$name" &&
@@ -44,4 +26,4 @@ jq -c '.[]' pkgbuilds.json | while IFS= read -r src; do
     done
 done
 
-rsync -az --delete "$BUILD_DIR/" root@toufy.me:/var/www/aur.toufy.me/builds/
+rsync -az --delete "$BUILD_DIR/" "$REMOTE/"
diff --git a/root.sh b/root.sh
new file mode 100755
index 0000000..0fe7be6
--- /dev/null
+++ b/root.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+set -e
+source ./env.sh
+
+pacman-key --init
+pacman -Syu --noconfirm --needed base-devel git jq openssh rsync
+readarray -t deps < <(jq -r '.[] .pkgs[] .deps[]' pkgbuilds.json | sort -u)
+pacman -Sy --needed --noconfirm "${deps[@]}"
+
+sed -i -E 's/(^OPTIONS=\([^)]*)\b(debug)\b/\1!\2/' /etc/makepkg.conf
+
+echo "$GPGRIVKEY_TEXT" >"$GPGPRIVKEY"
+echo "$GPGPASSWD_TEXT" >"$GPGPASSWD"
+echo "$SSHPRIVKEY_TEXT" | tr -d "\r" >"$SSHPRIVKEY"
+
+useradd -m builder
+chown -R builder: .
diff --git a/taur.sh b/taur.sh
new file mode 100755
index 0000000..734f535
--- /dev/null
+++ b/taur.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+set -e
+source ./env.sh
+
+./root.sh
+su builder -c "./builder.sh"
+su builder -c "./pkgbuilds.sh"