From dbd7f00274ef393d5e21d48f3786882215240839 Mon Sep 17 00:00:00 2001
From: Janez T <hey@dz0ny.dev>
Date: Thu, 9 Jan 2025 16:51:57 +0100
Subject: [PATCH] feat: enhance Arch repository creation in release workflow
 with improved signing and verification

---
 .github/workflows/release.yml | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 609e454..d7b4b47 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -63,10 +63,23 @@ jobs:
 
       - name: Create Arch repository
         run: |
-          sudo apt -y -q install pacman-package-manager
+          sudo add-apt-repository --yes ppa:michel-slm/kernel-utils
+          sudo apt-get -qq --yes install pacman-package-manager libarchive-tools
           mkdir -p apt/arch/
-          mv dist/*.pkg.tar.zst apt/arch/
-          repo-add apt/arch/paretosecurity.db.tar.zst apt/arch/*pkg.tar.zst || true
+          for file in dist/*.pkg.tar.zst ; do \
+            arch=$(basename $file .pkg.tar.zst | sed 's/.*-//') ; \
+            echo "Processing arch $arch..." && \
+            mkdir -p apt/aur/stable/$arch && \
+            cp dist/*-$arch.pkg.tar.zst apt/aur/stable/$arch && \
+            repo-add \
+              --verify \
+              --sign \
+              --new \
+              --remove \
+              --prevent-downgrade \
+              apt/aur/stable/$arch/manala.db.tar.gz apt/aur/stable/$arch/*-$arch.pkg.tar.zst && \
+            gpg --detach-sign --no-armor --batch --yes apt/aur/stable/$arch/*-$arch.pkg.tar.zst ; \
+          done
 
       - name: Host repository for testing
         uses: Eun/http-server-action@f71cec1321f665652a46c40b6852f8e5a68bfcd4 # v1