- Change tag trigger from v* to v*.*.* to prevent recursive CI runs
- Upload u2204 deb to same release tag (not creating -u2204 suffix)
- Rename u2204 deb filename to include u2204 for differentiation
Runners may have broken apt state from partial upgrades (e.g., openssh-client
version mismatch). Adding apt-get -f install before build deps ensures CI
works regardless of runner package state.
CI workflow (ci.yml):
- Proper YAML structure for all steps
- curl+tar checkout (act runners lack git)
- GITEATOKEN authentication for private repo access
- build-essential/gcc added to all jobs
- dpkg-buildpackage -d flag (skip apt dep check)
Build scripts:
- build-alpine.sh: Copy APKBUILD to /home/builduser before abuild
- build-arch.sh: Use REPO_DIR variable instead of $(pwd) in su commands
Debian: Add -d flag to dpkg-buildpackage (skip dep check,
rustup installed Rust not apt)
RPM/Arch: Fix missing run: | YAML syntax in dependency steps
Alpine: Fix abuild working directory - use /home/builduser
explicitly instead of $(pwd) which referenced act cache path
Rust compilation requires a C compiler (cc) for linking.
Act runner containers do not have gcc installed by default.
Added build-essential (Ubuntu), gcc (Fedora/Alpine/Arch)
to dependency installation steps before Rust compilation.
Act runner containers do not have git installed.
Using curl+tar to download repo archive instead.
GITEATOKEN secret already verified working independently.
Gitea secrets are case-sensitive. The encrypted secret in DB is
named GITEATOKEN (uppercase). Workflow was using giteatoken (lowercase)
which caused decryption failures in Gitea runner.
Also unblocked stuck action_run #166 in database (status=1 queued).
Gitea logs show: "decrypt secret giteatoken: failed to decrypt by secret,
the key might be incorrect" - secrets must be encrypted with Gitea
SECRET_KEY, not plaintext in DB.
Solution: Use SSH git clone for checkout which requires no secrets.
Runners are already registered with Gitea and have SSH access.
Gitea archive API returns 404 for private repos. Switched to SSH-based
git clone which uses runner SSH keys for authentication.
- Replace curl+tar archive download with git clone over SSH
- Add ssh-keyscan for host key verification
- Alpine job installs openssh-client and git
- All other runners have git/ssh pre-installed
The act runner images do not include git. Previous attempt used git clone
which failed with "git: command not found".
- Replace all git clone with curl downloading Gitea archive tarball
- Use tar to extract the archive into the working directory
- No dependency on git for checkout step
The Gitea runner uses act which does not auto-checkout when using
shell commands instead of JS actions. The previous git fetch/checkout
failed silently because there was no .git directory.
- Replace all checkout steps with git clone into current directory
- Add safe.directory config to avoid git ownership errors
- Use GITEA_TOKEN for authenticated clone if available
YAML 1.1 reserves "on" as a boolean keyword (meaning True).
Without quotes, Gitea Actions could not parse workflow triggers,
resulting in no jobs being scheduled. This quotes the key as "on":
to ensure it is parsed as a string event trigger key.
Gitea runners do not have Node.js installed, which is required
for all JavaScript-based GitHub Actions including actions/checkout.
- Replace all actions/checkout@v4 with manual git fetch/checkout
- All checkout logic now uses shell commands only
- No JavaScript-based actions remain in the workflow
- Remove dtolnay/rust-toolchain (JS action) → use rustup via curl
- Remove Swatinem/rust-cache (JS action) → no replacement, builds from scratch
- All jobs now install Rust toolchain via shell commands
- Alpine job installs rustup directly with musl target support
- Ensures compatibility with Gitea Actions runners
