pc-heini/o3de-flatpak
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5ae57f3bbf56b64c5362d2ace99f4cd76f058bce
o3de-flatpak/.gitea/workflows/build-flatpak.yml
T
pc-heini 5ae57f3bbf CI: build without flatpak-builder to avoid bwrap/privileged requirement 
flatpak-builder sandboxes each build command in bubblewrap, which needs
user namespaces / a privileged job container that Gitea act_runner does
not grant by default (bwrap: Creating new namespace failed).

Replace it with scripts/make-flatpak.sh, which uses flatpak
build-init/build-finish/build-export plus plain-shell extraction and the
get_python.sh bake. None of these use bwrap, so an unprivileged container
works. The flatpak-builder manifest stays as a documented alternative.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-15 10:04:32 +02:00

147 lines
6.0 KiB
YAML
Raw Blame History

name: Build and Publish O3DE Flatpak
on:
schedule:
- cron: '0 2 * * *' # daily at 02:00 - checks for a new O3DE release
workflow_dispatch:
inputs:
force:
description: 'Rebuild even if this version was already published'
type: boolean
default: false
permissions:
contents: write
jobs:
build:
# Adjust the label to match your registered act_runner. The runner needs a
# lot of free disk (O3DE is ~15-18 GB installed; the build needs ~2-3x that)
# and the container must be privileged so Flatpak's sandbox (bubblewrap) works.
runs-on: ubuntu-latest
container:
image: ubuntu:24.04
options: --privileged
steps:
- name: Install build dependencies
run: |
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
ca-certificates curl git jq xz-utils zstd binutils \
flatpak
# Done as a plain git clone instead of actions/checkout@v4: the bare
# ubuntu image has no Node.js, so JavaScript actions fail with exit 127.
- name: Checkout
env:
TOKEN: ${{ secrets.PUBLISH_TOKEN != '' && secrets.PUBLISH_TOKEN || secrets.GITHUB_TOKEN }}
run: |
AUTH_URL="$(echo "${GITHUB_SERVER_URL}" | sed "s#://#://${GITHUB_ACTOR}:${TOKEN}@#")/${GITHUB_REPOSITORY}.git"
git init -q
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git remote add origin "$AUTH_URL"
git fetch -q --depth 1 origin "${GITHUB_SHA:-$GITHUB_REF_NAME}"
git checkout -q FETCH_HEAD
- name: Resolve latest O3DE version
id: ver
run: |
chmod +x scripts/*.sh
eval "$(scripts/get-latest-version.sh)"
{
echo "version=$version"
echo "deb_url=$deb_url"
echo "deb_file=$deb_file"
echo "sha256=$sha256"
} >> "$GITHUB_OUTPUT"
echo "Latest O3DE: $version ($deb_file)"
- name: Decide whether to build
id: check
run: |
git config --global --add safe.directory "$GITHUB_WORKSPACE"
if [ "${{ inputs.force }}" = "true" ]; then
echo "build=true" >> "$GITHUB_OUTPUT"
echo "Force build requested."
elif git ls-remote --tags origin "refs/tags/v${{ steps.ver.outputs.version }}" | grep -q .; then
echo "build=false" >> "$GITHUB_OUTPUT"
echo "v${{ steps.ver.outputs.version }} already published - nothing to do."
else
echo "build=true" >> "$GITHUB_OUTPUT"
echo "New version v${{ steps.ver.outputs.version }} - building."
fi
- name: Install Flatpak runtime and SDK
if: steps.check.outputs.build == 'true'
run: |
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
flatpak install -y flathub org.freedesktop.Platform//24.08 org.freedesktop.Sdk//24.08
- name: Download O3DE .deb
if: steps.check.outputs.build == 'true'
run: |
curl -fL --retry 3 -o o3de.deb "${{ steps.ver.outputs.deb_url }}"
if [ -n "${{ steps.ver.outputs.sha256 }}" ]; then
echo "${{ steps.ver.outputs.sha256 }} o3de.deb" | sha256sum -c -
else
echo "::warning::No published checksum; skipping verification."
fi
- name: Stamp version into AppStream metadata
if: steps.check.outputs.build == 'true'
run: |
sed -i -E \
"s#<release version=\"[^\"]*\" date=\"[^\"]*\">#<release version=\"${{ steps.ver.outputs.version }}\" date=\"$(date +%F)\">#" \
org.o3de.O3DE.metainfo.xml
- name: Build Flatpak into OSTree repo
if: steps.check.outputs.build == 'true'
run: |
# Bwrap-free build (no flatpak-builder) so no privileged container is needed.
chmod +x scripts/make-flatpak.sh
scripts/make-flatpak.sh
# Free disk before publishing (the repo/ snapshot is all we still need).
rm -rf build-dir o3de.deb data
- name: Generate .flatpakrepo
if: steps.check.outputs.build == 'true'
run: |
BASE="${{ github.server_url }}/${{ github.repository }}/raw/branch/pages"
cat > repo/o3de.flatpakrepo <<EOF
[Flatpak Repo]
Title=O3DE (unofficial Flatpak)
Url=$BASE
Homepage=https://o3de.org/
Comment=Unofficial O3DE engine repackaged as a Flatpak
Description=Install the Open 3D Engine on any Linux distribution via Flatpak.
EOF
- name: Publish OSTree repo to the 'pages' branch
if: steps.check.outputs.build == 'true'
env:
# Prefer a personal access token (PUBLISH_TOKEN secret) with repo write
# access; fall back to the auto-provided Actions token.
TOKEN: ${{ secrets.PUBLISH_TOKEN != '' && secrets.PUBLISH_TOKEN || secrets.GITHUB_TOKEN }}
run: |
AUTH_URL="$(echo "${{ github.server_url }}" | sed "s#://#://${{ github.actor }}:${TOKEN}@#")/${{ github.repository }}.git"
rm -rf publish && mkdir publish && cd publish
git init -q -b pages
git config user.name "Gitea Actions"
git config user.email "actions@pc-heini.de"
cp -a ../repo/. .
touch .nojekyll
git add -A
git commit -q -m "O3DE Flatpak v${{ steps.ver.outputs.version }}"
# Force-push a single snapshot so the pages branch never accumulates history.
git push -f "$AUTH_URL" pages
cd ..
- name: Tag the published version
if: steps.check.outputs.build == 'true'
env:
TOKEN: ${{ secrets.PUBLISH_TOKEN != '' && secrets.PUBLISH_TOKEN || secrets.GITHUB_TOKEN }}
run: |
AUTH_URL="$(echo "${{ github.server_url }}" | sed "s#://#://${{ github.actor }}:${TOKEN}@#")/${{ github.repository }}.git"
git tag "v${{ steps.ver.outputs.version }}"
git push "$AUTH_URL" "v${{ steps.ver.outputs.version }}"
Reference in New Issue View Git Blame Copy Permalink