feat(packaging): add Arch Linux AUR package with automated publishing workflow

.github/workflows/aur-publish.yml

@@ -0,0 +1,101 @@
+name: Publish to AUR - pictopy-bin
+
+on:
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+permissions: 
+  contents: write
+
+jobs:
+  update_version:
+    runs-on: ubuntu-latest
+    outputs:
+      need_update: ${{ steps.check_version.outputs.need_update }}
+      latest_version: ${{ steps.check_version.outputs.latest_version }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Git
+        run: |
+          git config --global user.name "${GITHUB_ACTOR}"
+          git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com"
+
+      - name: Check if update is needed
+        id: check_version
+        run: |
+          cd publishing
+
+          LATEST_VERSION=$(curl -fsSL https://api.github.com/repos/AOSSIE-Org/PictoPy/releases/latest \
+            | grep -oP '(?<="tag_name": "v)[^"]+')
+          echo "Latest version: $LATEST_VERSION"
+
+          CURRENT_VERSION=$(grep -oP '(?<=pkgver=)[0-9.]+' PKGBUILD)
+          echo "Current version: $CURRENT_VERSION"
+
+          if [ "$LATEST_VERSION" != "$CURRENT_VERSION" ]; then
+            echo "need_update=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "need_update=false" >> "$GITHUB_OUTPUT"
+          fi
+
+          echo "latest_version=$LATEST_VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: Compute sha256 of new deb
+        if: steps.check_version.outputs.need_update == 'true'
+        id: sha
+        run: |
+          VERSION=${{ steps.check_version.outputs.latest_version }}
+          DEB_URL="https://github.com/AOSSIE-Org/PictoPy/releases/download/v${VERSION}/PictoPy_${VERSION}_amd64.deb"
+          SHA=$(curl -fsSL "$DEB_URL" | sha256sum | cut -d' ' -f1)
+          echo "sha=$SHA" >> "$GITHUB_OUTPUT"
+
+      - name: Update PKGBUILD
+        if: steps.check_version.outputs.need_update == 'true'
+        run: |
+          VERSION=${{ steps.check_version.outputs.latest_version }}
+          SHA=${{ steps.sha.outputs.sha }}
+
+          cd publishing
+          sed -i "s/^pkgver=.*/pkgver=$VERSION/" PKGBUILD
+          sed -i "s/^pkgrel=.*/pkgrel=1/" PKGBUILD
+          sed -i "s/sha256sums=.*/sha256sums=('$SHA')/" PKGBUILD
+
+          git add PKGBUILD
+          git commit -m "upgpkg: pictopy-bin $VERSION"
+          git push
+
+      - name: Upload artifacts for publish job
+        if: steps.check_version.outputs.need_update == 'true'
+        uses: actions/upload-artifact@v4
+        with:
+          name: PKGBUILD
+          path: |
+            publishing/PKGBUILD
+            publishing/pictopy-bin.install
+
+  publish_aur:
+    runs-on: ubuntu-latest
+    needs: update_version
+    if: needs.update_version.outputs.need_update == 'true'
+
+    steps:
+      - name: Download artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: PKGBUILD
+
+      - name: Publish to AUR
+        uses: KSXGitHub/github-actions-deploy-aur@v4.1.3
+        with:
+          pkgname: pictopy-bin
+          pkgbuild: ./PKGBUILD
+          commit_username: ${{ secrets.AUR_USERNAME }}
+          commit_email: ${{ secrets.AUR_EMAIL }}
+          ssh_private_key: ${{ secrets.AUR_SSH_PRIVATE_KEY }}
+          commit_message: v${{ needs.update_version.outputs.latest_version }}
+          ssh_keyscan_types: rsa,ecdsa,ed25519
+          updpkgsums: false
+          allow_empty_commits: false

.github/workflows/build-and-release.yml

@@ -357,9 +357,9 @@ jobs:
 
       - uses: tauri-apps/tauri-action@v0
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY}}
-          TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
+           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+           TAURI_SIGNING_PRIVATE_KEY: ${{ secrets.TAURI_PRIVATE_KEY}}
+           TAURI_SIGNING_PRIVATE_KEY_PASSWORD: ${{ secrets.TAURI_KEY_PASSWORD }}
         with:
           projectPath: ./frontend
           tagName: ${{ github.event.release.tag_name || github.event.inputs.tag }}

frontend/src-tauri/tauri.conf.json

@@ -59,7 +59,11 @@
     ],
     "security": {
       "assetProtocol": {
-        "scope": ["**"],
+        "scope": [
+        "$HOME/.local/share/PictoPy/thumbnails/**",
+        "**",
+        "$HOME/Library/Application Support/PictoPy/thumbnails/**"
+      ],
         "enable": true
       },
       "csp": "default-src 'self'; img-src 'self' data: asset: http://asset.localhost; media-src 'self' blob: data:; connect-src 'self' ipc: http://ipc.localhost http://localhost:52123 ws://localhost:52123 http://localhost:52124 ws://localhost:52124"

publishing/PKGBUILD

@@ -0,0 +1,19 @@
+pkgbase=pictopy
+pkgname=pictopy-bin
+pkgver=1.0.0
+pkgrel=1
+pkgdesc="A desktop image gallery with a privacy-first approach. It detects objects and clusters faces."
+arch=('x86_64')
+url="https://github.com/AOSSIE-Org/PictoPy"
+license=('GPL-3.0-only')
+depends=('gtk3' 'python' 'hicolor-icon-theme')
+makedepends=('binutils')
+install=pictopy-bin.install
+source=("${pkgname}-${pkgver}.deb::https://github.com/AOSSIE-Org/PictoPy/releases/download/v${pkgver}/PictoPy_${pkgver}_amd64.deb")
+sha256sums=('SKIP')
+
+package() {
+    cd "$srcdir"
+    ar x "${pkgname}-${pkgver}.deb"
+    tar xf data.tar.* -C "$pkgdir"
+}

publishing/pictopy-bin.install

@@ -0,0 +1,6 @@
+post_remove() {
+    for home_dir in /home/*; do
+        rm -rf "${home_dir}/.local/share/picto_py"
+        rm -rf "${home_dir}/.cache/picto_py"
+    done
+}