ci(snap): build snaps natively instead of on launchpad

Replace `snapcraft remote-build` (Launchpad) with a local `action-build`
on native amd64 + arm64 GitHub-hosted runners, publishing each arch with
`action-publish`. remote-build force-pushes Gitea's full history to a
fresh Launchpad repo every run and races Launchpad's ref indexing within
a fixed retry window, which is unreliable at Gitea's repo size; Canonical
also does not support remote-build in CI.

Drops the LAUNCHPAD_CREDENTIALS secret; publishing keeps using the
existing SNAPCRAFT_STORE_CREDENTIALS. Adds a concurrency group matching
release-nightly.yml so a burst of pushes collapses to the latest commit.

Assisted-by: Claude:Opus-4.8
This commit is contained in:
silverwind
2026-07-02 16:01:30 +02:00
parent c6184ed184
commit 461f40605d

View File

@@ -6,46 +6,34 @@ on:
- main
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
build-and-publish:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
runner: [ubuntu-24.04, ubuntu-24.04-arm]
runs-on: ${{ matrix.runner }}
steps:
- uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7
with:
fetch-depth: 0
- name: Install snapcraft
run: sudo snap install snapcraft --classic
- name: Build snap
id: build
uses: snapcore/action-build@3bdaa03e1ba6bf59a65f84a751d943d549a54e79 # v1.3.0
- name: Remote build
# remote-build runs on Launchpad and authenticates via a credentials file,
# not the Snap Store credentials used by upload
shell: bash
env:
LAUNCHPAD_CREDENTIALS: ${{ secrets.LAUNCHPAD_CREDENTIALS }}
run: |
set -euo pipefail
install -d -m 700 "$HOME/.local/share/snapcraft"
printf '%s' "$LAUNCHPAD_CREDENTIALS" > "$HOME/.local/share/snapcraft/launchpad-credentials"
chmod 600 "$HOME/.local/share/snapcraft/launchpad-credentials"
snapcraft remote-build \
--launchpad-accept-public-upload \
--build-for=amd64,arm64
- name: List built snaps
run: find . -maxdepth 1 -type f -name '*.snap' -print
- name: Upload and release snapcraft nightly build
- name: Upload and release nightly build to latest/edge
uses: snapcore/action-publish@214b86e5ca036ead1668c79afb81e550e6c54d40 # v1.2.0
env:
SNAPCRAFT_STORE_CREDENTIALS: ${{ secrets.SNAPCRAFT_STORE_CREDENTIALS }}
run: |
set -euo pipefail
for snap in ./*.snap; do
echo "Uploading $snap to edge"
snapcraft upload --release="latest/edge" "$snap"
done
with:
snap: ${{ steps.build.outputs.snap }}
release: latest/edge