Update AUR deployment and CI workflows

.github/actions/deploy-aur/action.yml

@@ -0,0 +1,118 @@
+name: 'Deploy AUR Package'
+description: >
+  Publishes a PKGBUILD to AUR. Tries KSXGitHub/github-actions-deploy-aur first,
+  falls back to a manual clone-and-push with .SRCINFO regeneration via Docker.
+
+inputs:
+  pkgname:
+    description: 'AUR package name'
+    required: true
+  pkgbuild:
+    description: 'Path to the PKGBUILD file'
+    required: true
+  ssh_private_key:
+    description: 'SSH private key with AUR access'
+    required: true
+  commit_username:
+    description: 'Git commit username'
+    required: true
+  commit_email:
+    description: 'Git commit email'
+    required: true
+  commit_message:
+    description: 'Git commit message'
+    required: true
+  force_push:
+    description: 'Force push to AUR'
+    required: false
+    default: 'false'
+  regenerate_srcinfo:
+    description: 'Regenerate .SRCINFO via Docker in the manual fallback (needed for -git packages)'
+    required: false
+    default: 'false'
+  updpkgsums:
+    description: 'Run updpkgsums after copying PKGBUILD (requires pacman-contrib in the Action environment)'
+    required: false
+    default: 'false'
+
+runs:
+  using: composite
+  steps:
+    - name: Deploy via AUR Action (primary)
+      id: aur_action
+      continue-on-error: true
+      uses: KSXGitHub/github-actions-deploy-aur@v4.1.3
+      with:
+        pkgname: ${{ inputs.pkgname }}
+        pkgbuild: ${{ inputs.pkgbuild }}
+        commit_username: ${{ inputs.commit_username }}
+        commit_email: ${{ inputs.commit_email }}
+        ssh_private_key: ${{ inputs.ssh_private_key }}
+        commit_message: ${{ inputs.commit_message }}
+        force_push: ${{ inputs.force_push }}
+        ssh_keyscan_types: rsa,ecdsa,ed25519
+        updpkgsums: ${{ inputs.updpkgsums }}
+
+    - name: Setup SSH key for fallback
+      if: steps.aur_action.outcome == 'failure'
+      shell: bash
+      run: |
+        mkdir -p ~/.ssh
+        echo "${{ inputs.ssh_private_key }}" > ~/.ssh/aur_key
+        chmod 600 ~/.ssh/aur_key
+        cat >> ~/.ssh/config << 'EOF'
+        Host aur.archlinux.org
+          IdentityFile ~/.ssh/aur_key
+          User aur
+          StrictHostKeyChecking no
+        EOF
+
+    - name: Deploy via manual push (fallback)
+      id: aur_manual
+      continue-on-error: true
+      if: steps.aur_action.outcome == 'failure'
+      shell: bash
+      run: |
+        set -euo pipefail
+        echo "::warning::AUR Action failed, falling back to manual push"
+
+        PKGBUILD_DIR="$(dirname "${{ inputs.pkgbuild }}")"
+
+        cd /tmp
+        rm -rf aur-deploy
+        mkdir aur-deploy
+        cd aur-deploy
+        git clone ssh://aur@aur.archlinux.org/${{ inputs.pkgname }}.git .
+        git checkout -B master origin/master
+
+        cp "$GITHUB_WORKSPACE/${{ inputs.pkgbuild }}" ./PKGBUILD
+
+        if [[ "${{ inputs.regenerate_srcinfo }}" == "true" ]]; then
+          docker run --rm -v "$(pwd)":/pkg archlinux:latest \
+            bash -c "useradd -m builder \
+              && cp /pkg/PKGBUILD /home/builder/ \
+              && su builder -c 'cd /home/builder && makepkg --printsrcinfo >> /pkg/.SRCINFO'"
+        fi
+
+        git config user.name "${{ inputs.commit_username }}"
+        git config user.email "${{ inputs.commit_email }}"
+
+        git add PKGBUILD
+        if [[ "${{ inputs.regenerate_srcinfo }}" == "true" ]]; then
+          git add .SRCINFO
+        fi
+
+        git commit -m "${{ inputs.commit_message }}" || true
+
+        if [[ "${{ inputs.force_push }}" == "true" ]]; then
+          git push origin master --force
+        else
+          git push origin master
+        fi
+
+    - name: Verify deployment succeeded
+      if: steps.aur_action.outcome == 'failure' && steps.aur_manual.outcome == 'failure'
+      shell: bash
+      run: |
+        echo "::error::Both deployment paths failed for ${{ inputs.pkgname }}"
+        exit 1

.github/actions/determine-version/action.yml

@@ -1,6 +1,18 @@
 name: Determine Version
 description: Extract and validate a semantic version from Directory.Build.props and optionally validate against a branch or tag name
 
+inputs:
+  file-name:
+    description: The filename where the dotnet msbuild command can extract the version. Provide the full path from repo root!
+    required: false
+    default: 'Directory.Build.props'
+
+  property:
+    description: The property where the dotnet msbuild command must look for the verison
+    required: false
+    default: 'BaseVersion'
+
+
 outputs:
   version:
     description: Extracted semantic version without leading v
@@ -19,22 +31,22 @@ runs:
       run: |
         set -euo pipefail
 
-        FILE="Directory.Build.props"
+        FILE="${{ inputs.file-name }}"
 
         if [[ ! -f "$FILE" ]]; then
           echo "::error::$FILE not found"
           exit 1
         fi
 
-        VERSION="$(dotnet msbuild "$FILE" -nologo -getProperty:BaseVersion | tr -d '\r')"
+        VERSION="$(dotnet msbuild "$FILE" -nologo -getProperty:${{ inputs.property }} | tr -d '\r')"
 
         if [[ -z "$VERSION" ]]; then
-          echo "::error::BaseVersion not found in $FILE"
+          echo "::error::${{ inputs.property }} not found in $FILE"
           exit 1
         fi
 
         if ! [[ "$VERSION" =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
-          echo "::error::Invalid BaseVersion: $VERSION"
+          echo "::error::Invalid Property ${{ inputs.property }}: $VERSION"
           exit 1
         fi
 

.github/actions/dotnet-setup/action.yml

@@ -3,16 +3,6 @@ description: >
   Checks out the repository, auto-detects the TargetFramework from
   Directory.Build.props, sets up the .NET SDK, and restores the NuGet cache.
 
-inputs:
-  fetch-depth:
-    description: 'Number of commits to fetch (0 = full history, 1 = shallow)'
-    required: false
-    default: '1'
-  token:
-    description: 'GitHub token used for checkout'
-    required: false
-    default: ${{ github.token }}
-
 outputs:
   dotnet-version:
     description: 'Resolved .NET version string, e.g. "10.0.x"'
@@ -21,12 +11,6 @@ outputs:
 runs:
   using: composite
   steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-      with:
-        fetch-depth: ${{ inputs.fetch-depth }}
-        token: ${{ inputs.token }}
-
     - name: Detect TargetFramework from Directory.Build.props
       id: detect-tfm
       shell: bash
@@ -46,12 +30,12 @@ runs:
         echo "::notice::Resolved .NET version: ${TFM}.x"
 
     - name: Setup .NET SDK
-      uses: actions/setup-dotnet@v4
+      uses: actions/setup-dotnet@v5
       with:
         dotnet-version: ${{ steps.detect-tfm.outputs.version }}
 
     - name: Restore NuGet cache
-      uses: actions/cache@v4
+      uses: actions/cache@v5
       with:
         path: ~/.nuget/packages
         key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj', '**/Directory.Packages.props', '**/Directory.Build.props') }}

.github/workflows/auto-tag.yml

@@ -2,17 +2,16 @@ name: Auto-Tag on Release Merge
 
 on:
   pull_request:
-    types: [ closed ]
+    types: [closed]
     branches:
       - master
-      - main
 
 permissions:
   contents: write
   pull-requests: write
 
 concurrency:
-  group: auto-tag-${{ github.ref }}
+  group: auto-tag-${{ github.event.pull_request.base.ref }}
   cancel-in-progress: false
 
 jobs:
@@ -23,34 +22,21 @@ jobs:
     timeout-minutes: 10
 
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
+      - name: Checkout merge commit
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
+          ref: ${{ github.event.pull_request.merge_commit_sha }}
           token: ${{ secrets.PAT_TOKEN }}
 
       - name: Extract and validate version
         id: version
         uses: ./.github/actions/determine-version
-
-      - name: Check if tag already exists
-        id: check
-        run: |
-          set -euo pipefail
-          if git rev-parse "refs/tags/${{ steps.version.outputs.tag }}" >/dev/null 2>&1; then
-            echo "exists=true"  >> "$GITHUB_OUTPUT"
-            echo "::warning::Tag ${{ steps.version.outputs.tag }} already exists, skipping."
-          else
-            echo "exists=false" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Create and push tag
-        if: steps.check.outputs.exists == 'false'
-        run: |
-          set -euo pipefail
-          git config user.name  "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
-          git tag -a "${{ steps.version.outputs.tag }}" \
-            -m "Release ${{ steps.version.outputs.version }}"
-          git push origin "${{ steps.version.outputs.tag }}"
-          echo "::notice::Tag ${{ steps.version.outputs.tag }} pushed successfully."
+
+      - name: Create Tag Action
+        id: create_tag_action
+        uses: rickstaa/action-create-tag@v1
+        with: 
+          commit_sha: ${{ github.event.pull_request.merge_commit_sha }}
+          github_token: ${{ secrets.PAT_TOKEN }}
+          tag: ${{ steps.version.outputs.tag }}

.github/workflows/build-and-package.yml

@@ -21,7 +21,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 30
     strategy:
-      fail-fast: false   # One failing target must not kill the others
+      fail-fast: true   # One failing target must kill the others
       matrix:
         include:
           - target: linux-x64
@@ -33,7 +33,7 @@ jobs:
 
     steps:
       - name: Checkout Repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Setup .NET environment
         uses: ./.github/actions/dotnet-setup
@@ -88,30 +88,30 @@ jobs:
 
       - name: Upload AppImage
         if: matrix.target == 'linux-x64'
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: ${{ steps.appimage.outputs.appimage-name }}
           path: ${{ steps.appimage.outputs.appimage-name }}
           if-no-files-found: error
 
       - name: Upload .desktop file
         if: matrix.target == 'linux-x64'
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: io.github.frequency403.openssh_gui.desktop
           path: AppDir/usr/share/applications/io.github.frequency403.openssh_gui.desktop
           if-no-files-found: error
 
       - name: Upload app icon
         if: matrix.target == 'linux-x64'
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: appicon
           path: AppDir/appicon.png
           if-no-files-found: error
 
       - name: Upload platform binary
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v7
         with:
           name: ${{ steps.rename.outputs.ASSET_NAME }}
           path: ./publish/${{ steps.rename.outputs.ASSET_NAME }}