build-and-deploy: use a home directory with a shorter path

The path `${{ github.workspace }}/home` was apparently almost too long
already, with the repository name `git-for-windows-automation` repeated
_twice_ in it, and when we started using self-hosted runners whose agent
directory is called `C:\actions-runner` (as opposed to GitHub hosted
runners that have it in `D:\a`), it tipped the balance.

This matters because we want to use GNU Privacy Guard, which insists on
the full path of the `gpg-agent` socket to fit inside
`sockaddr_un.sun_path` (which only 108 bytes long). The symptom we see
is that importing GPG keys fails with a lapidary "gpg: can't connect to
the agent: IPC connect call failed".

The secret is lifted only when debugging a big further, e.g. by adding
a `gpg-agent.conf` in `$HOME/.gnupg/` with contents like this one:

	debug-level guru
	debug-all
	log-file /tmp/gpg-agent.debug.log

Then, that log file will contain some hints like this one:

	2023-01-02 20:46:25 gpg-agent[1018] listening on socket '/c/actions-runner/_work/git-for-windows-automation/git-for-windows-automation/home//.gnupg/S.gpg-agent'
	2023-01-02 20:46:25 gpg-agent[1018] socket name '/c/actions-runner/_work/git-for-windows-automation/git-for-windows-automation/home//.gnupg/S.gpg-agent.extra' is too long

A similar issue was reported at
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847206, but sadly the
suggested command `gpgconf --create-socketdir` fails, not only because
`/run/user/<uid>` does not exist, but even when that directory is
created, the command falls prey to the vast differences between Windows'
and Unix' permission model, and it thinks that the directory's
permissions are too lax and refuses to do its job.

So let's do the next best thing and use a home directory that is not
inside a deep path, but instead directly inside the runner's temporary
path.

Signed-off-by: Johannes Schindelin <[email protected]>

Author: dscho

.github/workflows/build-and-deploy.yml

@@ -31,7 +31,6 @@ env:
   REF: "${{ github.event.inputs.ref }}"
   ARCHITECTURE: "${{ github.event.inputs.architecture }}"
   GPG_OPTIONS: "--batch --yes --no-tty --list-options no-show-photos --verify-options no-show-photos --pinentry-mode loopback"
-  HOME: "${{ github.workspace }}\\home"
   ACTOR: "${{ github.event.inputs.actor || github.triggering_actor }}"
   CREATE_CHECK_RUN: true
 
@@ -117,6 +116,8 @@ jobs:
         run: |
           USER_NAME="${{ steps.actor.outputs.name }}" &&
           USER_EMAIL="${{ steps.actor.outputs.email }}" &&
+          HOME="${{ runner.temp }}\\home" &&
+          echo "HOME=$HOME" >>$GITHUB_ENV &&
           mkdir -p "$HOME" &&
           git config --global user.name "$USER_NAME" &&
           git config --global user.email "$USER_EMAIL" &&
@@ -204,7 +205,7 @@ jobs:
         shell: bash
         run: |
           echo '${{secrets.PRIVGPGKEY}}' | tr % '\n' | gpg $GPG_OPTIONS --import &&
-          mkdir -p home &&
+          mkdir -p "$HOME" &&
           git config --global gpg.program "/usr/src/build-extra/gnupg-with-gpgkey.sh" &&
           info="$(gpg --list-keys --with-colons "${GPGKEY%% *}" | cut -d : -f 1,10 | sed -n '/^uid/{s|uid:||p;q}')" &&
           git config --global user.name "${info% <*}" &&
@@ -220,9 +221,9 @@ jobs:
           CODESIGN_PASS: ${{secrets.CODESIGN_PASS}}
         shell: bash
         run: |
-          mkdir -p home/.sig &&
-          echo "$CODESIGN_P12" | tr % '\n' | base64 -d >home/.sig/codesign.p12 &&
-          echo "$CODESIGN_PASS" >home/.sig/codesign.pass
+          mkdir -p "$HOME"/.sig &&
+          echo "$CODESIGN_P12" | tr % '\n' | base64 -d >"$HOME"/.sig/codesign.p12 &&
+          echo "$CODESIGN_PASS" >"$HOME"/.sig/codesign.pass
           git config --global alias.signtool '!sh "/usr/src/build-extra/signtool.sh"'
           echo "SIGNTOOL=git signtool" >>$GITHUB_ENV
 
@@ -302,7 +303,7 @@ jobs:
       - name: Clean up temporary files
         if: always()
         shell: bash
-        run: rm -rf home
+        run: rm -rf "$HOME"
 
       - name: mark check run as completed
         if: env.CREATE_CHECK_RUN != 'false' && always()