I wanted a private private arch repository My thinking was:
Easy.
Mostly reliable build triggers
Arch uses makepkg
makepkg doesn't run as root,
so sudo -u nobody makepkg --needed --noconfirm
but makepkg needs pacman to resolve dependencies,
so first echo 'nobody ALL=(ALL) NOPASSWD: /bin/pacman' >> /etc/sudoers
also as nobody you don't have write permissions for the mounted /workspace,
copy to/from /tmp
Remember to pull in your repo.db.tar,
update with repo-add
and push both the new database files and packages to hosting
and firgure out a way to clean up old packages
Arch with base and base-devel installed is 1.6GB,
even with GCP's network and caching,
it is still a pain to download it onto build workers