Root causes of ALL Alpine build failures:
1. ci.yml: Verify Alpine package step was TRUNCATED at line 339 -
missing closing quote, then clause, fi, and entire upload step.
This caused YAML parse failure every run.
2. build-alpine.sh: Copy path was /home/builduser/packages/home/x86_64/
but abuild outputs to /home/builduser/packages/builduser/x86_64/.
The find fallback caught stale packages from previous builds.
Fixes:
- Complete the Verify Alpine package step with proper if/fi
- Add Upload to Gitea Release step for Alpine (was completely missing)
- Fix abuild output path in build-alpine.sh
- Revert build-alpine.sh to original (no cleanup lines)
- Remove CI Alpine cleanup step entirely
- Keep version verification and exact version upload in CI
- The original build worked fine without cleanup; stale packages
are caught by version verification
- Remove mkdir -p /home/builduser/packages/home/x86_64/ that was creating
root-owned directories that abuild (running as builduser) couldnt write to
- Keep targeted rm -f of stale .apk files only
- abuild creates its own output directories with correct ownership
- Alpine: clean entire /home/builduser/packages/ before abuild (not just releases/)
- Alpine: add version verification step to CI (like RPM already has)
- Alpine: upload uses exact version match instead of head -1
- Debian: add u2404 suffix to build-deb output filename
- Remove duplicate 1.1.12 entry from debian/changelog
- Add /releases/ to .gitignore to prevent tracking build artifacts
- Remove old 1.0.0 .deb files from git tracking
- Add stale .apk cleanup to build-alpine.sh (matching build-arch.sh)
- Add cleanup step to CI Alpine workflow to remove stale packages
Fixes Alpine package version mismatch caused by old artifacts in releases/
- Insert 'Clean previous build artifacts' step (cargo clean + rm old .deb)
before Build Debian package in both build-deb and build-deb-u2204 jobs.
- Bump version to 1.1.7 to ensure a clean build from scratch.
- Update debian/changelog with 1.1.7-1 entry.
Requiring default-features=false on reqwest prevents native-tls/openssl-sys
from being pulled in as transitive dependencies, which broke static linking
on Alpine musl target. Also reverts invalid openssl-static package from CI.
- Cargo.toml: add default-features = false to reqwest dependency
- ci.yml: revert non-existent openssl-static package
The Alpine build job links against musl which requires static OpenSSL
libraries. Adding openssl-static package to resolve -lssl and -lcrypto
linker errors.
- Change tag trigger from v* to v*.*.* to prevent recursive CI runs
- Upload u2204 deb to same release tag (not creating -u2204 suffix)
- Rename u2204 deb filename to include u2204 for differentiation
Runners may have broken apt state from partial upgrades (e.g., openssh-client
version mismatch). Adding apt-get -f install before build deps ensures CI
works regardless of runner package state.
CI workflow (ci.yml):
- Proper YAML structure for all steps
- curl+tar checkout (act runners lack git)
- GITEATOKEN authentication for private repo access
- build-essential/gcc added to all jobs
- dpkg-buildpackage -d flag (skip apt dep check)
Build scripts:
- build-alpine.sh: Copy APKBUILD to /home/builduser before abuild
- build-arch.sh: Use REPO_DIR variable instead of $(pwd) in su commands
Debian: Add -d flag to dpkg-buildpackage (skip dep check,
rustup installed Rust not apt)
RPM/Arch: Fix missing run: | YAML syntax in dependency steps
Alpine: Fix abuild working directory - use /home/builduser
explicitly instead of $(pwd) which referenced act cache path
Rust compilation requires a C compiler (cc) for linking.
Act runner containers do not have gcc installed by default.
Added build-essential (Ubuntu), gcc (Fedora/Alpine/Arch)
to dependency installation steps before Rust compilation.
Act runner containers do not have git installed.
Using curl+tar to download repo archive instead.
GITEATOKEN secret already verified working independently.
Gitea secrets are case-sensitive. The encrypted secret in DB is
named GITEATOKEN (uppercase). Workflow was using giteatoken (lowercase)
which caused decryption failures in Gitea runner.
Also unblocked stuck action_run #166 in database (status=1 queued).
Gitea logs show: "decrypt secret giteatoken: failed to decrypt by secret,
the key might be incorrect" - secrets must be encrypted with Gitea
SECRET_KEY, not plaintext in DB.
Solution: Use SSH git clone for checkout which requires no secrets.
Runners are already registered with Gitea and have SSH access.
Gitea archive API returns 404 for private repos. Switched to SSH-based
git clone which uses runner SSH keys for authentication.
- Replace curl+tar archive download with git clone over SSH
- Add ssh-keyscan for host key verification
- Alpine job installs openssh-client and git
- All other runners have git/ssh pre-installed
The act runner images do not include git. Previous attempt used git clone
which failed with "git: command not found".
- Replace all git clone with curl downloading Gitea archive tarball
- Use tar to extract the archive into the working directory
- No dependency on git for checkout step
The Gitea runner uses act which does not auto-checkout when using
shell commands instead of JS actions. The previous git fetch/checkout
failed silently because there was no .git directory.
- Replace all checkout steps with git clone into current directory
- Add safe.directory config to avoid git ownership errors
- Use GITEA_TOKEN for authenticated clone if available
YAML 1.1 reserves "on" as a boolean keyword (meaning True).
Without quotes, Gitea Actions could not parse workflow triggers,
resulting in no jobs being scheduled. This quotes the key as "on":
to ensure it is parsed as a string event trigger key.
Gitea runners do not have Node.js installed, which is required
for all JavaScript-based GitHub Actions including actions/checkout.
- Replace all actions/checkout@v4 with manual git fetch/checkout
- All checkout logic now uses shell commands only
- No JavaScript-based actions remain in the workflow
- Remove dtolnay/rust-toolchain (JS action) → use rustup via curl
- Remove Swatinem/rust-cache (JS action) → no replacement, builds from scratch
- All jobs now install Rust toolchain via shell commands
- Alpine job installs rustup directly with musl target support
- Ensures compatibility with Gitea Actions runners
