Hey Christian ;)
I took over the package blink1. It is not a -git package so it should have a stable checksum, in my opinion. But since the project it builds uses a submodule, the package uses source=("git+https:/…) and SKIP for the checksum. This way prepare() can do a submodule init and submodule update.
This is described in the package guidelines[0], you resolve the tag to the git commit it points at and pin that. So the package still does have SKIP in the checksum array but you get similar stability guarantees since you pinned the exact commit you packaged. If you need an example you can look at the PKGBUILD for pawxel[1].
Is there a better way to deal with submodules?
See Dougs answer for the other tip regarding submodules and the source array!
Or would it be better to download the released binary for the correct architecture and install that? As I currently understand it this would only be acceptable for a -bin package, wouldn't it? (I found no clear guidance when to use that prefix, e.g. zoom)
This is then a different package, so its blink1-bin instead of blink1 since generaylly if you download a binary (for software where the source is availiable) the -bin suffix should be used as per the AUR submission guidelines![2]
This is my first AUR and I'd like to do it properly.
Two other small points regarding the PKGBUILD on a quick glance would be: - there is a duplicate source array - you miss the Maintainer: comment (also see [2] for that) Cheers, Christian / gromit [0] https://wiki.archlinux.org/title/Arch_package_guidelines#Package_sources [1] https://aur.archlinux.org/cgit/aur.git/tree/PKGBUILD?h=pawxel [2] https://wiki.archlinux.org/title/AUR_submission_guidelines#Rules_of_submissi...