forgejo/.drone.yml
zeripath 35735bbef9
Upgrade to golang-jwt 3.2.2 (#16590)
* Upgrade to golang-jwt 3.2.2

Upgrade to the latest version of golang-jwt

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Forcibly replace the 3.2.1 version of golang-jwt/jwt and increase minimum Go version

Using go.mod we can forcibly replace the 3.2.1 version used by goth to 3.2.2.

Further given golang-jwt/jwts stated policy of only supporting supported go versions
we should just raise our minimal version of go to 1.16 for 1.16 as by time of release
1.15 will be out of support.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update minimal go required

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update config.yaml

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-08-03 14:32:01 -04:00

1127 lines
22 KiB
YAML

---
kind: pipeline
name: compliance
platform:
os: linux
arch: amd64
trigger:
event:
- push
- tag
- pull_request
steps:
- name: deps-frontend
pull: always
image: node:14
commands:
- make node_modules
- name: lint-frontend
image: node:14
commands:
- make lint-frontend
depends_on: [deps-frontend]
- name: lint-backend
pull: always
image: gitea/test_env:linux-amd64 # https://gitea.com/gitea/test-env
commands:
- make lint-backend
environment:
GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
GOSUMDB: sum.golang.org
TAGS: bindata sqlite sqlite_unlock_notify
- name: lint-backend-windows
pull: always
image: gitea/test_env:linux-amd64 # https://gitea.com/gitea/test-env
commands:
- make golangci-lint vet
environment:
GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
GOSUMDB: sum.golang.org
TAGS: bindata sqlite sqlite_unlock_notify
GOOS: windows
GOARCH: amd64
- name: lint-backend-gogit
pull: always
image: gitea/test_env:linux-amd64 # https://gitea.com/gitea/test-env
commands:
- make lint-backend
environment:
GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
GOSUMDB: sum.golang.org
TAGS: bindata gogit sqlite sqlite_unlock_notify
- name: checks-frontend
image: node:14
commands:
- make checks-frontend
depends_on: [deps-frontend]
- name: checks-backend
pull: always
image: golang:1.16
commands:
- make checks-backend
depends_on: [lint-backend]
- name: test-frontend
image: node:14
commands:
- make test-frontend
depends_on: [lint-frontend]
- name: build-frontend
image: node:14
commands:
- make frontend
depends_on: [test-frontend]
- name: build-backend-no-gcc
pull: always
image: golang:1.16 # this step is kept as the lowest version of golang that we support
environment:
GO111MODULE: on
GOPROXY: off
commands:
- go build -mod=vendor -o gitea_no_gcc # test if build succeeds without the sqlite tag
depends_on: [checks-backend]
- name: build-backend-arm64
image: golang:1.16
environment:
GO111MODULE: on
GOPROXY: off
GOOS: linux
GOARCH: arm64
TAGS: bindata gogit
commands:
- make backend # test cross compile
- rm ./gitea # clean
depends_on: [checks-backend]
- name: build-backend-windows
image: golang:1.16
environment:
GO111MODULE: on
GOPROXY: off
GOOS: windows
GOARCH: amd64
TAGS: bindata gogit
commands:
- go build -mod=vendor -o gitea_windows
depends_on: [checks-backend]
- name: build-backend-386
image: golang:1.16
environment:
GO111MODULE: on
GOPROXY: off
GOOS: linux
GOARCH: 386
commands:
- go build -mod=vendor -o gitea_linux_386 # test if compatible with 32 bit
depends_on: [checks-backend]
---
kind: pipeline
name: testing-amd64
platform:
os: linux
arch: amd64
depends_on:
- compliance
trigger:
event:
- push
- tag
- pull_request
services:
- name: mysql
image: mysql:5.7
environment:
MYSQL_ALLOW_EMPTY_PASSWORD: yes
MYSQL_DATABASE: test
- name: mysql8
image: mysql:8
environment:
MYSQL_ALLOW_EMPTY_PASSWORD: yes
MYSQL_DATABASE: testgitea
- name: mssql
image: mcr.microsoft.com/mssql/server:latest
environment:
ACCEPT_EULA: Y
MSSQL_PID: Standard
SA_PASSWORD: MwantsaSecurePassword1
- name: ldap
image: gitea/test-openldap:latest
- name: elasticsearch
environment:
discovery.type: single-node
image: elasticsearch:7.5.0
- name: minio
image: minio/minio:RELEASE.2021-03-12T00-00-47Z
commands:
- minio server /data
environment:
MINIO_ACCESS_KEY: 123456
MINIO_SECRET_KEY: 12345678
steps:
- name: fetch-tags
image: docker:git
commands:
- git fetch --tags --force
when:
event:
exclude:
- pull_request
- name: build
pull: always
image: golang:1.16
commands:
- make backend
environment:
GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
GOSUMDB: sum.golang.org
TAGS: bindata sqlite sqlite_unlock_notify
- name: tag-pre-condition
pull: always
image: drone/git
commands:
- git update-ref refs/heads/tag_test ${DRONE_COMMIT_SHA}
- name: unit-test
image: golang:1.16
commands:
- make unit-test-coverage test-check
environment:
GOPROXY: off
TAGS: bindata sqlite sqlite_unlock_notify
GITHUB_READ_TOKEN:
from_secret: github_read_token
- name: unit-test-race
image: golang:1.16
commands:
- make test-backend
environment:
GOPROXY: off
TAGS: sqlite sqlite_unlock_notify
RACE_ENABLED: true
GITHUB_READ_TOKEN:
from_secret: github_read_token
- name: unit-test-gogit
pull: always
image: golang:1.16
commands:
- make unit-test-coverage test-check
environment:
GOPROXY: off
TAGS: bindata gogit sqlite sqlite_unlock_notify
GITHUB_READ_TOKEN:
from_secret: github_read_token
- name: test-mysql
image: gitea/test_env:linux-amd64 # https://gitea.com/gitea/test-env
commands:
- make test-mysql-migration integration-test-coverage
environment:
GOPROXY: off
TAGS: bindata
TEST_LDAP: 1
USE_REPO_TEST_DIR: 1
TEST_INDEXER_CODE_ES_URL: "http://elastic:changeme@elasticsearch:9200"
depends_on:
- build
- name: test-mysql8
image: gitea/test_env:linux-amd64 # https://gitea.com/gitea/test-env
commands:
- timeout -s ABRT 40m make test-mysql8-migration test-mysql8
environment:
GOPROXY: off
TAGS: bindata
TEST_LDAP: 1
USE_REPO_TEST_DIR: 1
depends_on:
- build
- name: test-mssql
image: gitea/test_env:linux-amd64 # https://gitea.com/gitea/test-env
commands:
- make test-mssql-migration test-mssql
environment:
GOPROXY: off
TAGS: bindata
TEST_LDAP: 1
USE_REPO_TEST_DIR: 1
depends_on:
- build
- name: generate-coverage
image: golang:1.16
commands:
- make coverage
environment:
GOPROXY: off
TAGS: bindata
depends_on:
- unit-test
- test-mysql
when:
branch:
- main
event:
- push
- pull_request
- name: coverage-codecov
pull: always
image: plugins/codecov
settings:
files:
- coverage.all
token:
from_secret: codecov_token
depends_on:
- generate-coverage
when:
branch:
- main
event:
- push
- pull_request
---
kind: pipeline
name: testing-arm64
platform:
os: linux
arch: arm64
depends_on:
- compliance
trigger:
event:
- push
- tag
- pull_request
services:
- name: pgsql
pull: default
image: postgres:10
environment:
POSTGRES_DB: test
POSTGRES_PASSWORD: postgres
- name: ldap
pull: default
image: gitea/test-openldap:latest
steps:
- name: fetch-tags
image: docker:git
commands:
- git fetch --tags --force
when:
event:
exclude:
- pull_request
- name: build
pull: always
image: golang:1.16
commands:
- make backend
environment:
GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
GOSUMDB: sum.golang.org
TAGS: bindata gogit sqlite sqlite_unlock_notify
- name: test-sqlite
image: gitea/test_env:linux-arm64 # https://gitea.com/gitea/test-env
commands:
- timeout -s ABRT 40m make test-sqlite-migration test-sqlite
environment:
GOPROXY: off
TAGS: bindata gogit sqlite sqlite_unlock_notify
TEST_TAGS: gogit sqlite sqlite_unlock_notify
USE_REPO_TEST_DIR: 1
depends_on:
- build
- name: test-pgsql
image: gitea/test_env:linux-arm64 # https://gitea.com/gitea/test-env
commands:
- timeout -s ABRT 40m make test-pgsql-migration test-pgsql
environment:
GOPROXY: off
TAGS: bindata gogit
TEST_TAGS: gogit
TEST_LDAP: 1
USE_REPO_TEST_DIR: 1
depends_on:
- build
---
kind: pipeline
name: update_translations
platform:
os: linux
arch: arm64
trigger:
branch:
- main
event:
- cron
cron:
- update_translations
steps:
- name: download
pull: always
image: jonasfranz/crowdin
settings:
download: true
export_dir: options/locale/
ignore_branch: true
project_identifier: gitea
environment:
CROWDIN_KEY:
from_secret: crowdin_key
- name: update
pull: default
image: alpine:3.13
commands:
- ./build/update-locales.sh
- name: push
pull: always
image: appleboy/drone-git-push
settings:
author_email: "teabot@gitea.io"
author_name: GiteaBot
branch: main
commit: true
commit_message: "[skip ci] Updated translations via Crowdin"
remote: "git@github.com:go-gitea/gitea.git"
environment:
GIT_PUSH_SSH_KEY:
from_secret: git_push_ssh_key
- name: upload_translations
pull: always
image: jonasfranz/crowdin
settings:
files:
locale_en-US.ini: options/locale/locale_en-US.ini
ignore_branch: true
project_identifier: gitea
environment:
CROWDIN_KEY:
from_secret: crowdin_key
---
kind: pipeline
name: update_gitignore_and_licenses
platform:
os: linux
arch: arm64
trigger:
branch:
- main
event:
- cron
cron:
- update_gitignore_and_licenses
steps:
- name: download
image: golang:1.16
commands:
- timeout -s ABRT 40m make generate-license generate-gitignore
- name: push
pull: always
image: appleboy/drone-git-push
settings:
author_email: "teabot@gitea.io"
author_name: GiteaBot
branch: main
commit: true
commit_message: "[skip ci] Updated licenses and gitignores "
remote: "git@github.com:go-gitea/gitea.git"
environment:
GIT_PUSH_SSH_KEY:
from_secret: git_push_ssh_key
---
kind: pipeline
name: release-latest
platform:
os: linux
arch: amd64
workspace:
base: /source
path: /
trigger:
branch:
- main
- "release/*"
event:
- push
depends_on:
- testing-amd64
- testing-arm64
steps:
- name: fetch-tags
image: docker:git
commands:
- git fetch --tags --force
- name: static
pull: always
image: techknowlogick/xgo:go-1.16.x
commands:
- curl -sL https://deb.nodesource.com/setup_14.x | bash - && apt-get install -y nodejs
- export PATH=$PATH:$GOPATH/bin
- make release
environment:
GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
TAGS: bindata sqlite sqlite_unlock_notify
- name: gpg-sign
pull: always
image: plugins/gpgsign:1
settings:
detach_sign: true
excludes:
- "dist/release/*.sha256"
files:
- "dist/release/*"
environment:
GPGSIGN_KEY:
from_secret: gpgsign_key
GPGSIGN_PASSPHRASE:
from_secret: gpgsign_passphrase
- name: release-branch
pull: always
image: plugins/s3:1
settings:
acl: public-read
bucket: gitea-artifacts
endpoint: https://storage.gitea.io
path_style: true
source: "dist/release/*"
strip_prefix: dist/release/
target: "/gitea/${DRONE_BRANCH##release/v}"
environment:
AWS_ACCESS_KEY_ID:
from_secret: aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: aws_secret_access_key
when:
branch:
- "release/*"
event:
- push
- name: release-main
image: plugins/s3:1
settings:
acl: public-read
bucket: gitea-artifacts
endpoint: https://storage.gitea.io
path_style: true
source: "dist/release/*"
strip_prefix: dist/release/
target: /gitea/main
environment:
AWS_ACCESS_KEY_ID:
from_secret: aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: aws_secret_access_key
when:
branch:
- main
event:
- push
---
kind: pipeline
name: release-version
platform:
os: linux
arch: amd64
workspace:
base: /source
path: /
trigger:
event:
- tag
depends_on:
- testing-arm64
- testing-amd64
steps:
- name: fetch-tags
pull: default
image: docker:git
commands:
- git fetch --tags --force
- name: static
pull: always
image: techknowlogick/xgo:go-1.16.x
commands:
- curl -sL https://deb.nodesource.com/setup_14.x | bash - && apt-get install -y nodejs
- export PATH=$PATH:$GOPATH/bin
- make release
environment:
GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
TAGS: bindata sqlite sqlite_unlock_notify
- name: gpg-sign
pull: always
image: plugins/gpgsign:1
settings:
detach_sign: true
excludes:
- "dist/release/*.sha256"
files:
- "dist/release/*"
environment:
GPGSIGN_KEY:
from_secret: gpgsign_key
GPGSIGN_PASSPHRASE:
from_secret: gpgsign_passphrase
- name: release-tag
pull: always
image: plugins/s3:1
settings:
acl: public-read
bucket: gitea-artifacts
endpoint: https://storage.gitea.io
path_style: true
source: "dist/release/*"
strip_prefix: dist/release/
target: "/gitea/${DRONE_TAG##v}"
environment:
AWS_ACCESS_KEY_ID:
from_secret: aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: aws_secret_access_key
- name: github
pull: always
image: plugins/github-release:1
settings:
files:
- "dist/release/*"
environment:
GITHUB_TOKEN:
from_secret: github_token
---
kind: pipeline
name: docs
platform:
os: linux
arch: arm64
depends_on:
- compliance
trigger:
event:
- push
- tag
- pull_request
steps:
- name: build-docs
pull: always
image: plugins/hugo:latest
commands:
- apk add --no-cache make bash curl
- cd docs
- make trans-copy clean build
- name: publish-docs
pull: always
image: techknowlogick/drone-netlify:latest
settings:
path: docs/public/
site_id: d2260bae-7861-4c02-8646-8f6440b12672
environment:
NETLIFY_TOKEN:
from_secret: netlify_token
when:
branch:
- main
event:
- push
---
kind: pipeline
name: docker-linux-amd64-release-version
platform:
os: linux
arch: amd64
depends_on:
- testing-amd64
- testing-arm64
trigger:
ref:
- "refs/tags/**"
event:
exclude:
- cron
steps:
- name: fetch-tags
image: docker:git
commands:
- git fetch --tags --force
- name: publish
pull: always
image: techknowlogick/drone-docker:latest
settings:
auto_tag: true
auto_tag_suffix: linux-amd64
repo: gitea/gitea
build_args:
- GOPROXY=off
password:
from_secret: docker_password
username:
from_secret: docker_username
when:
event:
exclude:
- pull_request
- name: publish-rootless
image: techknowlogick/drone-docker:latest
settings:
dockerfile: Dockerfile.rootless
auto_tag: true
auto_tag_suffix: linux-amd64-rootless
repo: gitea/gitea
build_args:
- GOPROXY=off
password:
from_secret: docker_password
username:
from_secret: docker_username
environment:
PLUGIN_MIRROR:
from_secret: plugin_mirror
when:
event:
exclude:
- pull_request
---
kind: pipeline
name: docker-linux-amd64-release
platform:
os: linux
arch: amd64
depends_on:
- testing-amd64
- testing-arm64
trigger:
ref:
- refs/heads/main
event:
exclude:
- cron
steps:
- name: fetch-tags
image: docker:git
commands:
- git fetch --tags --force
- name: publish
pull: always
image: techknowlogick/drone-docker:latest
settings:
auto_tag: false
tags: dev-linux-amd64
repo: gitea/gitea
build_args:
- GOPROXY=off
password:
from_secret: docker_password
username:
from_secret: docker_username
when:
event:
exclude:
- pull_request
- name: publish-rootless
image: techknowlogick/drone-docker:latest
settings:
dockerfile: Dockerfile.rootless
auto_tag: false
tags: dev-linux-amd64-rootless
repo: gitea/gitea
build_args:
- GOPROXY=off
password:
from_secret: docker_password
username:
from_secret: docker_username
environment:
PLUGIN_MIRROR:
from_secret: plugin_mirror
when:
event:
exclude:
- pull_request
---
kind: pipeline
name: docker-linux-arm64-dry-run
platform:
os: linux
arch: arm64
depends_on:
- compliance
trigger:
ref:
- "refs/pull/**"
steps:
- name: dryrun
pull: always
image: techknowlogick/drone-docker:latest
settings:
dry_run: true
repo: gitea/gitea
tags: linux-arm64
build_args:
- GOPROXY=off
environment:
PLUGIN_MIRROR:
from_secret: plugin_mirror
when:
event:
- pull_request
---
kind: pipeline
name: docker-linux-arm64-release-version
platform:
os: linux
arch: arm64
depends_on:
- testing-amd64
- testing-arm64
trigger:
ref:
- "refs/tags/**"
event:
exclude:
- cron
steps:
- name: fetch-tags
image: docker:git
commands:
- git fetch --tags --force
- name: publish
pull: always
image: techknowlogick/drone-docker:latest
settings:
auto_tag: true
auto_tag_suffix: linux-arm64
repo: gitea/gitea
build_args:
- GOPROXY=off
password:
from_secret: docker_password
username:
from_secret: docker_username
environment:
PLUGIN_MIRROR:
from_secret: plugin_mirror
when:
event:
exclude:
- pull_request
- name: publish-rootless
image: techknowlogick/drone-docker:latest
settings:
dockerfile: Dockerfile.rootless
auto_tag: true
auto_tag_suffix: linux-arm64-rootless
repo: gitea/gitea
build_args:
- GOPROXY=off
password:
from_secret: docker_password
username:
from_secret: docker_username
environment:
PLUGIN_MIRROR:
from_secret: plugin_mirror
when:
event:
exclude:
- pull_request
---
kind: pipeline
name: docker-linux-arm64-release
platform:
os: linux
arch: arm64
depends_on:
- testing-amd64
- testing-arm64
trigger:
ref:
- refs/heads/main
event:
exclude:
- cron
steps:
- name: fetch-tags
image: docker:git
commands:
- git fetch --tags --force
- name: publish
pull: always
image: techknowlogick/drone-docker:latest
settings:
auto_tag: false
tags: dev-linux-arm64
repo: gitea/gitea
build_args:
- GOPROXY=off
password:
from_secret: docker_password
username:
from_secret: docker_username
environment:
PLUGIN_MIRROR:
from_secret: plugin_mirror
when:
event:
exclude:
- pull_request
- name: publish-rootless
image: techknowlogick/drone-docker:latest
settings:
dockerfile: Dockerfile.rootless
auto_tag: false
tags: dev-linux-arm64-rootless
repo: gitea/gitea
build_args:
- GOPROXY=off
password:
from_secret: docker_password
username:
from_secret: docker_username
environment:
PLUGIN_MIRROR:
from_secret: plugin_mirror
when:
event:
exclude:
- pull_request
---
kind: pipeline
name: docker-manifest-version
platform:
os: linux
arch: amd64
steps:
- name: manifest-rootless
pull: always
image: plugins/manifest
settings:
auto_tag: true
ignore_missing: true
spec: docker/manifest.rootless.tmpl
password:
from_secret: docker_password
username:
from_secret: docker_username
- name: manifest
image: plugins/manifest
settings:
auto_tag: true
ignore_missing: true
spec: docker/manifest.tmpl
password:
from_secret: docker_password
username:
from_secret: docker_username
trigger:
ref:
- "refs/tags/**"
event:
exclude:
- cron
depends_on:
- docker-linux-amd64-release-version
- docker-linux-arm64-release-version
---
kind: pipeline
name: docker-manifest
platform:
os: linux
arch: amd64
steps:
- name: manifest-rootless
pull: always
image: plugins/manifest
settings:
auto_tag: false
ignore_missing: true
spec: docker/manifest.rootless.tmpl
password:
from_secret: docker_password
username:
from_secret: docker_username
- name: manifest
image: plugins/manifest
settings:
auto_tag: false
ignore_missing: true
spec: docker/manifest.tmpl
password:
from_secret: docker_password
username:
from_secret: docker_username
trigger:
ref:
- refs/heads/main
event:
exclude:
- cron
depends_on:
- docker-linux-amd64-release
- docker-linux-arm64-release
---
kind: pipeline
name: notifications
platform:
os: linux
arch: arm64
clone:
disable: true
trigger:
branch:
- main
- "release/*"
event:
- push
- tag
status:
- success
- failure
depends_on:
- testing-amd64
- testing-arm64
- release-version
- release-latest
- docker-linux-amd64-release
- docker-linux-arm64-release
- docker-linux-amd64-release-version
- docker-linux-arm64-release-version
- docker-manifest
- docker-manifest-version
- docs
steps:
- name: discord
pull: always
image: appleboy/drone-discord:1.2.4
settings:
message: "{{#success build.status}} ✅ Build #{{build.number}} of `{{repo.name}}` succeeded.\n\n📝 Commit by {{commit.author}} on `{{commit.branch}}`:\n``` {{commit.message}} ```\n\n🌐 {{ build.link }} {{else}} ❌ Build #{{build.number}} of `{{repo.name}}` failed.\n\n📝 Commit by {{commit.author}} on `{{commit.branch}}`:\n``` {{commit.message}} ```\n\n🌐 {{ build.link }} {{/success}}\n"
webhook_id:
from_secret: discord_webhook_id
webhook_token:
from_secret: discord_webhook_token