4.6 KiB
id, title, status, assignee, created_date, updated_date, labels, dependencies, references, documentation, priority
| id | title | status | assignee | created_date | updated_date | labels | dependencies | references | documentation | priority | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| TASK-165 | Automate AUR publish on tagged releases | Done |
|
2026-03-14 15:55 | 2026-03-14 18:40 |
|
|
|
|
medium |
Description
Extend the tagged release workflow so a successful GitHub release automatically updates the subminer-bin AUR package over SSH. Keep the PKGBUILD source-of-truth in this repo so release automation is reviewable and testable instead of depending on an external maintainer checkout.
Acceptance Criteria
- #1 Repo-tracked AUR packaging source exists for
subminer-binand matches the current release artifact layout. - #2 The release workflow clones
ssh://aur@aur.archlinux.org/subminer-bin.gitwith a dedicated secret-backed SSH key only after release artifacts are ready. - #3 The workflow updates
pkgver, regeneratessha256sumsfrom the built release artifacts, regenerates.SRCINFO, and pushes only when packaging files changed. - #4 Regression coverage fails if the AUR publish job, secret contract, or update steps are removed from the release workflow.
- #5 Release docs mention the required
AUR_SSH_PRIVATE_KEYsetup and the new tagged-release side effect.
Implementation Plan
- Record the approved design and implementation plan for direct AUR publishing from the release workflow.
- Add failing release workflow regression tests covering the new AUR publish job, SSH secret, and PKGBUILD/.SRCINFO regeneration steps.
- Reintroduce repo-tracked
packaging/aur/subminer-binsource files as the maintained AUR template. - Add a small helper script that updates
pkgver, computes checksums from release artifacts, and regenerates.SRCINFOdeterministically. - Extend
.github/workflows/release.ymlwith an AUR publish job that clones the AUR repo over SSH, runs the helper, commits only when needed, and pushes toaur. - Update release docs for the new secret/setup requirements and tagged-release behavior.
- Run targeted workflow tests plus the SubMiner verification lane needed for workflow/docs changes, then update this task with results.
Implementation Notes
Added repo-tracked AUR packaging source under packaging/aur/subminer-bin/ plus scripts/update-aur-package.sh to stamp pkgver, compute SHA-256 sums from release assets, and regenerate .SRCINFO with makepkg --printsrcinfo.
Extended .github/workflows/release.yml with a terminal aur-publish job that runs after release, validates AUR_SSH_PRIVATE_KEY, installs makepkg, configures SSH/known_hosts, clones ssh://aur@aur.archlinux.org/subminer-bin.git, downloads the just-published SubMiner-<version>.AppImage, subminer, and subminer-assets.tar.gz assets, updates packaging metadata, and pushes only when PKGBUILD or .SRCINFO changed.
Updated src/release-workflow.test.ts with regression assertions for the AUR publish contract and updated docs/RELEASING.md with the new secret/setup requirement.
Verification run:
bun test src/release-workflow.test.ts src/ci-workflow.test.tsbash -n scripts/update-aur-package.sh && bash -n packaging/aur/subminer-bin/PKGBUILDcd packaging/aur/subminer-bin && makepkg --printsrcinfo > .SRCINFO- updater smoke via temp package dir with fake assets and
v9.9.9 bun run typecheckbun run test:fastbun run test:envgit submodule update --init --recursive(required because the worktree lacked release submodules)bun run buildbun run test:smoke:dist
Docs update required: yes, completed in docs/RELEASING.md.
Changelog fragment required: no; internal release automation only.
Final Summary
Tagged releases now attempt a direct AUR sync for subminer-bin using a dedicated SSH private key stored in AUR_SSH_PRIVATE_KEY. The release workflow clones the AUR repo after GitHub Release publication, rewrites PKGBUILD and .SRCINFO from the published release assets, and skips empty pushes. Repo-owned packaging source and workflow regression coverage were added so the automation remains reviewable and testable.