From 18d7e453cf6fdb47c2ce756ddb51cbc60ddff287 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= <mail@3v1n0.net>
Date: Sat, 14 Dec 2024 12:57:06 +0100
Subject: [PATCH 1/2] gh-actions/build-debian: Support running a workflow
 script at build-source phase

When building some packages we may need to prepare the build environment
before preparing the source package, for examples in some cases we may
need to enable git access (to compute the package version or similar) or
we may need to install tools that are used during debian source building
that are not provided in the archive (such as rust crates, hello
cargo-vendor-filterer!!).

So instead of polluting this generic action with package-specific
requirements, let's just make it support running a script that can
do more advanced configurations in the docker instance that is used
only during the source-preparation phase.
---
 .github/workflows/test-build-deb.yaml     |  6 ++++++
 gh-actions/common/build-debian/action.yml | 16 ++++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/.github/workflows/test-build-deb.yaml b/.github/workflows/test-build-deb.yaml
index d827612..0d0eb47 100644
--- a/.github/workflows/test-build-deb.yaml
+++ b/.github/workflows/test-build-deb.yaml
@@ -88,6 +88,12 @@ jobs:
           docker-image: ubuntu:devel
           lintian: --fail-on error
           extra-source-build-deps: ''
+          extra-source-build-script: |
+            echo '$HOME' is "${HOME}"
+            echo "::group::Get some system information"
+            uname -a
+            cat /etc/os-release
+            echo "::endgroup::"
 
   lintian-to-md:
     name: Test lintian results parser to markdown
diff --git a/gh-actions/common/build-debian/action.yml b/gh-actions/common/build-debian/action.yml
index e0801f3..11a9f76 100644
--- a/gh-actions/common/build-debian/action.yml
+++ b/gh-actions/common/build-debian/action.yml
@@ -17,6 +17,13 @@ inputs:
     required: false
     # FIXME: this should default to '', but we don't want to break job depending on us for now
     default: 'ca-certificates git'
+  extra-source-build-script:
+    description: |
+      A script to run to prepare the source build machine.
+      This happens after the dependencies have been installed, but before
+      running `dpkg-buildpackage -S`.
+    required: false
+    default: ''
   lintian:
     required: false
     description: Arguments to pass to lintian, if any. Set to `skip` to skip the lintian check.
@@ -149,6 +156,15 @@ runs:
             git config --system url."https://api:${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/"
           fi
 
+          if [ -n "${{ inputs.extra-source-build-script != '' && 'true' || '' }}" ]; then
+            echo "::group::Run source build script"
+            (
+              set -eux
+              ${{ inputs.extra-source-build-script }}
+            )
+            echo "::endgroup::"
+          fi
+
           echo "::group::Build debian source package"
           dpkg-buildpackage -D -S --sanitize-env
           echo "::endgroup::"

From 26328413e89791829916d13eeb797b8ab261f14c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marco=20Trevisan=20=28Trevi=C3=B1o=29?= <mail@3v1n0.net>
Date: Tue, 17 Dec 2024 22:00:09 +0100
Subject: [PATCH 2/2] gh-actions/build-debian: Install git dependency only if
 GITHUB_TOKEN is defined

It's the only reason why we need it so far, so if a project really
requires it, it should add it to the extra source build dependencies
---
 gh-actions/common/build-debian/action.yml | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/gh-actions/common/build-debian/action.yml b/gh-actions/common/build-debian/action.yml
index 11a9f76..cdcebd4 100644
--- a/gh-actions/common/build-debian/action.yml
+++ b/gh-actions/common/build-debian/action.yml
@@ -16,7 +16,7 @@ inputs:
     description: A list of extra build dependencies required during source build.
     required: false
     # FIXME: this should default to '', but we don't want to break job depending on us for now
-    default: 'ca-certificates git'
+    default: 'ca-certificates'
   extra-source-build-script:
     description: |
       A script to run to prepare the source build machine.
@@ -140,9 +140,17 @@ runs:
 
           echo "::group::Install build dependencies"
           apt build-dep .
+
+          GITHUB_TOKEN="${{ inputs.token }}"
+
           if [ -n "${{ inputs.extra-source-build-deps }}" ]; then
             # Install extra packages for build-deps, to allow downloading vendored sources
             deps=(${{ inputs.extra-source-build-deps }})
+
+            if [ -n "${GITHUB_TOKEN}" ]; then
+              deps+=(git)
+            fi
+
             apt install ${deps[@]}
           fi
           echo "::endgroup::"
@@ -151,7 +159,6 @@ runs:
             git config --system --add safe.directory "${{ github.workspace }}"
           fi
 
-          GITHUB_TOKEN="${{ inputs.token }}"
           if [ -n "${GITHUB_TOKEN}" ]; then
             git config --system url."https://api:${GITHUB_TOKEN}@github.com/".insteadOf "https://github.com/"
           fi