pipeline:
  build:
    image: archlinux:base-devel
    pull: true
    volumes:
      - /mnt/archlinux/nyyu:/repo
    commands:
      - cp -f conf/{makepkg,pacman}.conf /etc/
      - cat conf/pacman-conf.d-noextract.conf >> /etc/pacman.conf
      - sed -i 's/# REPOSITORIES/[nyyu]\nServer = https:\\/\\/archlinux.nyyu.dev\\/nyyu\nSigLevel = Never/' /etc/pacman.conf
      - sed -i 's/#PACKAGER=".*"/PACKAGER="nyyu <mail@nyyu.dev>"/' /etc/makepkg.conf
      - pacman-key --init
      - pacman -Syu git jq pacman-contrib pandoc-bin --noconfirm
      - useradd build -m
      - "echo 'build ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers"
      - chown -R build:build .
      - sudo -u build --preserve-env=PGP_KEY,PGP_PWD,PGP_ID sh -c 'mkdir ~/.gnupg && echo -e "default-cache-ttl 3600\nallow-preset-passphrase" > ~/.gnupg/gpg-agent.conf && echo "$PGP_KEY" | gpg --import --no-tty --batch --yes && echo "$PGP_PWD" | /usr/lib/gnupg/gpg-preset-passphrase --preset $PGP_ID'
      - sudo -u build --preserve-env=CI_REPO_REMOTE,CI_COMMIT_BRANCH,CI_PREV_COMMIT_SHA,GIT_PASSWORD sh -c './build.sh'
    secrets: [pgp_id, pgp_key, pgp_pwd, git_password]
    when:
      branch: master
      event:
        - push
        - cron
        - tag
        - manual