From d9478c8f0c16d7ce4678a4675b721f9ed36a3f5e Mon Sep 17 00:00:00 2001
From: toufic ar <contact@toufy.me>
Date: Thu, 16 Apr 2026 10:15:03 +0300
Subject: add jenkins pipeline

---
 .gitignore     |  3 +++
 Jenkinsfile    | 34 ++++++++++++++++++++++++++++++++++
 build.sh       | 47 -----------------------------------------------
 builder.sh     | 16 ++++++++++++++++
 env.sh         | 24 ++++++++++++++++++++++++
 pkgbuilds.json | 15 +++++++++------
 pkgbuilds.sh   | 29 +++++++++++++++++++++++++++++
 root.sh        | 18 ++++++++++++++++++
 taur.sh        |  8 ++++++++
 9 files changed, 141 insertions(+), 53 deletions(-)
 create mode 100644 Jenkinsfile
 delete mode 100755 build.sh
 create mode 100755 builder.sh
 create mode 100755 env.sh
 create mode 100755 pkgbuilds.sh
 create mode 100755 root.sh
 create mode 100755 taur.sh

diff --git a/.gitignore b/.gitignore
index 5dc9beb..463c332 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,4 @@
 .dist
+gpgpasswd
+private.asc
+id_ed25519
diff --git a/Jenkinsfile b/Jenkinsfile
new file mode 100644
index 0000000..6904634
--- /dev/null
+++ b/Jenkinsfile
@@ -0,0 +1,34 @@
+pipeline {
+    agent { docker { image 'archlinux:latest' } }
+    triggers { cron('H H */7 * *') }
+
+    environment {
+        SECRET_SSH = credentials('adonis-ssh-key')
+        SECRET_GPG = credentials('toufy-gpg-key')
+        SECRET_GPG_PASS = credentials('toufy-gpg-passwd')
+    }
+
+    stages {
+        stage('checkout repo') {
+            steps {
+                checkout scm
+            }
+        }
+
+        stage('build') {
+            steps {
+                sh '''
+                set -euo pipefail
+                chmod 700 ./taur.sh
+                ./taur.sh
+                '''
+            }
+        }
+    }
+
+    post {
+        always {
+            echo 'pipeline finished'
+        }
+    }
+}
diff --git a/build.sh b/build.sh
deleted file mode 100755
index d111ea3..0000000
--- a/build.sh
+++ /dev/null
@@ -1,47 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-
-BUILD_DIR=$(pwd)/.dist/build
-SRC_DIR=$(pwd)/.dist/src
-LONGKEY="4A0E47583568E4B11B5C2559BBA33017E29E74FB"
-export GNUPGHOME=~/.gnupg
-
-mkdir -p "$BUILD_DIR" "$SRC_DIR"
-
-mkdir -p $GNUPGHOME
-chmod -R 700 $GNUPGHOME
-echo "allow-loopback-pinentry" >>$GNUPGHOME/gpg-agent.conf
-gpg-connect-agent reloadagent /bye
-gpg --batch --yes --pinentry-mode loopback --passphrase-file ~/gpgpasswd --import ~/private.asc
-
-rsync -az root@toufy.me:/var/www/aur.toufy.me/builds/ "$BUILD_DIR/"
-
-jq -c '.[]' pkgbuilds.json | while IFS= read -r src; do
-    base=$(jq -r '.base' <<<"$src")
-    jq -r '.rm[]' <<<"$src" | while IFS= read -r rmv; do
-        find "$BUILD_DIR" -name "$rmv*.pkg.tar.zst" -exec \
-            repo-remove -Rsvk $LONGKEY \
-            "$BUILD_DIR"/taur.db.tar.zst "$rmv" \;
-
-    done
-    jq -c '.pkgs[]' <<<"$src" | while IFS= read -r pkg; do
-        name=$(jq -r '.name' <<<"$pkg")
-        git clone "$base/$name" "$SRC_DIR"/"$name" &&
-            cd "$SRC_DIR/$name" &&
-            makepkg -cCd --noconfirm --skippgpcheck --sign \
-                --key $LONGKEY
-
-        jq -r '.nick[]' <<<"$pkg" | while IFS= read -r nick; do
-            repo-add -Rpsvk $LONGKEY \
-                "$BUILD_DIR"/taur.db.tar.zst \
-                "$SRC_DIR"/"$name"/"$nick"*.pkg.tar.zst &&
-                cp -rfv \
-                    "$SRC_DIR"/"$name"/"$nick"*.pkg.tar.zst "$SRC_DIR"/"$name"/"$nick"*.pkg.tar.zst.sig \
-                    "$BUILD_DIR"
-        done
-
-    done
-done
-
-rsync -az --delete "$BUILD_DIR/" root@toufy.me:/var/www/aur.toufy.me/builds/
diff --git a/builder.sh b/builder.sh
new file mode 100755
index 0000000..23de1be
--- /dev/null
+++ b/builder.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+set -e
+source ./env.sh
+
+mkdir -p $SSHHOME $GNUPGHOME
+chmod -R 755 $SSHHOME
+chmod -R 700 $GNUPGHOME
+
+cp "$SSHPRIVKEY" $SSHHOME
+chmod 600 $SSHHOME/id_ed25519
+echo $TARGET | xargs ssh-keyscan >$SSHHOME/known_hosts
+
+echo "allow-loopback-pinentry" >>$GNUPGHOME/gpg-agent.conf
+gpg-connect-agent reloadagent /bye
+gpg --batch --yes --pinentry-mode loopback --passphrase-file "$GPGPASSWD" --import "$GPGKEY"
diff --git a/env.sh b/env.sh
new file mode 100755
index 0000000..6f7f148
--- /dev/null
+++ b/env.sh
@@ -0,0 +1,24 @@
+BUILD_DIR=$(pwd)/.dist/build
+SRC_DIR=$(pwd)/.dist/src
+GPGPASSWD=$(pwd)/gpgpasswd
+GPGPRIVKEY=$(pwd)/private.asc
+SSHPRIVKEY=$(pwd)/id_ed25519
+TARGET=adonis.toufy.me
+REMOTE=root@$TARGET:/var/www/aur.toufy.me/builds
+SSHPRIVKEY_TEXT=$SECRET_SSH
+GPGRIVKEY_TEXT=$SECRET_GPG
+GPGPASSWD_TEXT=$SECRET_GPG_PASS
+
+export GNUPGHOME=~/.gnupg
+export SSHHOME=~/.ssh
+export LONGKEY=4A0E47583568E4B11B5C2559BBA33017E29E74FB
+export TARGET
+export REMOTE
+export BUILD_DIR
+export SRC_DIR
+export GPGPASSWD
+export GPGPRIVKEY
+export SSHPRIVKEY
+export SSHPRIVKEY_TEXT
+export GPGRIVKEY_TEXT
+export GPGPASSWD_TEXT
diff --git a/pkgbuilds.json b/pkgbuilds.json
index 2f16e59..ea74d62 100644
--- a/pkgbuilds.json
+++ b/pkgbuilds.json
@@ -4,21 +4,24 @@
 		"pkgs": [
 			{
 				"name": "librewolf-bin",
-				"nick": ["librewolf-bin"]
+				"nick": ["librewolf-bin"],
+				"deps": ["git"]
 			},
 			{
 				"name": "ungoogled-chromium-bin",
-				"nick": ["ungoogled-chromium-bin"]
+				"nick": ["ungoogled-chromium-bin"],
+				"deps": []
 			},
 			{
 				"name": "adwaita-qt-git",
-				"nick": ["adwaita-qt5-git", "adwaita-qt6-git"]
+				"nick": ["adwaita-qt5-git", "adwaita-qt6-git"],
+				"deps": ["cmake", "git", "qt5-x11extras", "qt6-base"]
 			},
 			{
 				"name": "ventoy-bin",
-				"nick": ["ventoy-bin"]
+				"nick": ["ventoy-bin"],
+				"deps": ["non", "test5", "test4"]
 			}
-		],
-		"rm": []
+		]
 	}
 ]
diff --git a/pkgbuilds.sh b/pkgbuilds.sh
new file mode 100755
index 0000000..c686b38
--- /dev/null
+++ b/pkgbuilds.sh
@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+
+set -e
+source ./env.sh
+
+mkdir -p "$BUILD_DIR" "$SRC_DIR"
+
+jq -c '.[]' pkgbuilds.json | while IFS= read -r src; do
+    base=$(jq -r '.base' <<<"$src")
+    jq -c '.pkgs[]' <<<"$src" | while IFS= read -r pkg; do
+        name=$(jq -r '.name' <<<"$pkg")
+        git clone "$base/$name" "$SRC_DIR"/"$name" &&
+            cd "$SRC_DIR/$name" &&
+            makepkg -cCd --noconfirm --skippgpcheck --sign \
+                --key $LONGKEY
+
+        jq -r '.nick[]' <<<"$pkg" | while IFS= read -r nick; do
+            repo-add -Rpsvk $LONGKEY \
+                "$BUILD_DIR"/taur.db.tar.zst \
+                "$SRC_DIR"/"$name"/"$nick"*.pkg.tar.zst &&
+                cp -rfv \
+                    "$SRC_DIR"/"$name"/"$nick"*.pkg.tar.zst "$SRC_DIR"/"$name"/"$nick"*.pkg.tar.zst.sig \
+                    "$BUILD_DIR"
+        done
+
+    done
+done
+
+rsync -az --delete "$BUILD_DIR/" "$REMOTE/"
diff --git a/root.sh b/root.sh
new file mode 100755
index 0000000..0fe7be6
--- /dev/null
+++ b/root.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+set -e
+source ./env.sh
+
+pacman-key --init
+pacman -Syu --noconfirm --needed base-devel git jq openssh rsync
+readarray -t deps < <(jq -r '.[] .pkgs[] .deps[]' pkgbuilds.json | sort -u)
+pacman -Sy --needed --noconfirm "${deps[@]}"
+
+sed -i -E 's/(^OPTIONS=\([^)]*)\b(debug)\b/\1!\2/' /etc/makepkg.conf
+
+echo "$GPGRIVKEY_TEXT" >"$GPGPRIVKEY"
+echo "$GPGPASSWD_TEXT" >"$GPGPASSWD"
+echo "$SSHPRIVKEY_TEXT" | tr -d "\r" >"$SSHPRIVKEY"
+
+useradd -m builder
+chown -R builder: .
diff --git a/taur.sh b/taur.sh
new file mode 100755
index 0000000..734f535
--- /dev/null
+++ b/taur.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+set -e
+source ./env.sh
+
+./root.sh
+su builder -c "./builder.sh"
+su builder -c "./pkgbuilds.sh"
-- 
cgit v1.2.3