mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-18 15:08:20 +00:00
9ff06baeef
Refs: https://codeberg.org/forgejo/website/pulls/230 (cherry picked from commit87d56bf6c7
) [CI] Forgejo Actions based release process (squash) base64 -w0 to avoid wrapping when the doer name is long as it creates a broken config.json (cherry picked from commit9efdc27e49
) [CI] Forgejo Actions based release process (squash) generate .xz files and sources Generate .xz files Check .sha256 Generate the source tarbal (cherry picked from commit7afec520c4
) [CI] Forgejo Actions based release process (squash) release notes (cherry picked from commitd8f4f4807b
) [CI] Forgejo Actions based release process (squash) publish and sign release (cherry picked from commita52778c747
) (cherry picked from commitcf2ec62740
) [CI] Forgejo Actions based release process (squash) version use Actions environment variables in Makefile (#25319) (#25318) uses Actions variable to determine the version. But Forgejo builds happen in a container where they are not available. Do not use them. Also verify the version of the binary is as expected for sanity check. (cherry picked from commit6decf111a1
) (cherry picked from commit206d0b3886
) [CI] read STORED_VERSION_FILE if available (cherry picked from commitaf74085ebf
) [CI] backward compatible executable compilation Add a new static-executable target to use in Dockerfiles and restore the $(EXECUTABLE) target to what it was before to for backward compatibility. The release process now builds static executables instead of dynamically linked ones which makes them more portable. It changes the requirements at compile time and is not backward compatible. In particular it may break packaging that rely on the target that currently creates a dynamically linked executable. (cherry picked from commit84d02a174a
) (cherry picked from commit854be47328
) [CI] Forgejo Actions based release process (squash) doc / ca / verbosity - Document workflow - Increase verbosity if VERBOSE=true - Download the Certificate Authority if behind the VPN (cherry picked from commit168d5d5869
) (cherry picked from commit8756c9a72a
) (cherry picked from commit2dad7ef20f
) [CI] Forgejo Actions based release process (squash) add assets sources-tarbal Refs: https://codeberg.org/forgejo/forgejo/issues/1115 (cherry picked from commit5531d01f19
) [CI] Forgejo Actions based release process (squash) add assets sources-tarbal bindata.go is a file, not a directory Refs: https://codeberg.org/forgejo/forgejo/issues/1115 (cherry picked from commitbd88a44778
) (cherry picked from commitb408085138
) [CI] Forgejo Actions based release process (squash) public/assets moved (cherry picked from commitd8c921d5a6
)
187 lines
6.9 KiB
YAML
187 lines
6.9 KiB
YAML
name: Build release
|
|
|
|
on:
|
|
push:
|
|
tags: 'v*'
|
|
|
|
jobs:
|
|
release:
|
|
runs-on: self-hosted
|
|
# root is used for testing, allow it
|
|
if: secrets.ROLE == 'forgejo-integration' || github.repository_owner == 'root'
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
- name: Increase the verbosity when there are no secrets
|
|
id: verbose
|
|
run: |
|
|
if test -z "${{ secrets.TOKEN }}"; then
|
|
value=true
|
|
else
|
|
value=false
|
|
fi
|
|
echo "value=$value" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Sanitize the name of the repository
|
|
id: repository
|
|
run: |
|
|
set -x # comment out
|
|
repository="${{ github.repository }}"
|
|
echo "value=${repository##*/}" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: When in a test environment, create a token
|
|
id: token
|
|
if: ${{ secrets.TOKEN == '' }}
|
|
run: |
|
|
apt-get -qq install -y jq
|
|
url="${{ env.GITHUB_SERVER_URL }}"
|
|
hostport=${url##http*://}
|
|
hostport=${hostport%%/}
|
|
doer=root
|
|
api=http://$doer:admin1234@$hostport/api/v1/users/$doer/tokens
|
|
curl -sS -X DELETE $api/release
|
|
token=$(curl -sS -X POST -H 'Content-Type: application/json' --data-raw '{"name": "release", "scopes": ["all"]}' $api | jq --raw-output .sha1)
|
|
echo "value=${token}" >> "$GITHUB_OUTPUT"
|
|
|
|
- uses: https://code.forgejo.org/actions/setup-go@v4
|
|
with:
|
|
go-version: ">=1.20"
|
|
check-latest: true
|
|
|
|
- name: Create the version from ref_name
|
|
id: tag-version
|
|
run: |
|
|
version="${{ github.ref_name }}"
|
|
version=${version##*v}
|
|
echo "value=$version" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Create the release notes
|
|
id: release-notes
|
|
run: |
|
|
cat >> "$GITHUB_OUTPUT" <<EOF
|
|
value<<ENDVAR
|
|
See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#${{ steps.tag-version.outputs.value }}
|
|
ENDVAR
|
|
EOF
|
|
|
|
- name: Build sources
|
|
run: |
|
|
set -x
|
|
apt-get -qq install -y make
|
|
version=${{ steps.tag-version.outputs.value }}
|
|
#
|
|
# Make sure all files are owned by the current user.
|
|
# When run as root `npx webpack` will assume the identity
|
|
# of the owner of the current working directory and may
|
|
# fail to create files if some sub-directories are not owned
|
|
# by the same user.
|
|
#
|
|
# Binaries:
|
|
# Node: 18.17.0 - /usr/local/node-v18.17.0-linux-x64/bin/node
|
|
# npm: 9.6.7 - /usr/local/node-v18.17.0-linux-x64/bin/npm
|
|
# Packages:
|
|
# add-asset-webpack-plugin: 2.0.1 => 2.0.1
|
|
# css-loader: 6.8.1 => 6.8.1
|
|
# esbuild-loader: 3.0.1 => 3.0.1
|
|
# license-checker-webpack-plugin: 0.2.1 => 0.2.1
|
|
# monaco-editor-webpack-plugin: 7.0.1 => 7.0.1
|
|
# vue-loader: 17.2.2 => 17.2.2
|
|
# webpack: 5.87.0 => 5.87.0
|
|
# webpack-cli: 5.1.4 => 5.1.4
|
|
#
|
|
chown -R $(id -u) .
|
|
make VERSION=$version TAGS=bindata sources-tarbal
|
|
mv dist/release release
|
|
|
|
(
|
|
tmp=$(mktemp -d)
|
|
tar --directory $tmp -zxvf release/*$version*.tar.gz
|
|
cd $tmp/*
|
|
#
|
|
# Verify `make frontend` files are available
|
|
#
|
|
test -d public/assets/css
|
|
test -d public/assets/fonts
|
|
test -d public/assets/js
|
|
#
|
|
# Verify `make generate` files are available
|
|
#
|
|
test -f modules/public/bindata.go
|
|
#
|
|
# Sanity check to verify that the source tarbal knows the
|
|
# version and is able to rebuild itself from it.
|
|
#
|
|
# When in sources the version is determined with git.
|
|
# When in the tarbal the version is determined from a VERSION file.
|
|
#
|
|
make sources-tarbal
|
|
tarbal=$(echo dist/release/*$version*.tar.gz)
|
|
if ! test -f $tarbal ; then
|
|
echo $tarbal does not exist
|
|
find dist release
|
|
exit 1
|
|
fi
|
|
)
|
|
|
|
- name: build container & release (when TOKEN secret is not set)
|
|
if: ${{ secrets.TOKEN == '' }}
|
|
uses: ./.forgejo/actions/build-release
|
|
with:
|
|
forgejo: "${{ env.GITHUB_SERVER_URL }}"
|
|
owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
|
|
repository: "${{ steps.repository.outputs.value }}"
|
|
doer: root
|
|
tag-version: "${{ steps.tag-version.outputs.value }}"
|
|
token: ${{ steps.token.outputs.value }}
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v6
|
|
release-notes: "${{ steps.release-notes.outputs.value }}"
|
|
binary-name: forgejo
|
|
binary-path: /app/gitea/gitea
|
|
verbose: ${{ steps.verbose.outputs.value }}
|
|
|
|
- name: build rootless container (when TOKEN secret is not set)
|
|
if: ${{ secrets.TOKEN == '' }}
|
|
uses: ./.forgejo/actions/build-release
|
|
with:
|
|
forgejo: "${{ env.GITHUB_SERVER_URL }}"
|
|
owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
|
|
repository: "${{ steps.repository.outputs.value }}"
|
|
doer: root
|
|
tag-version: "${{ steps.tag-version.outputs.value }}"
|
|
token: ${{ steps.token.outputs.value }}
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v6
|
|
suffix: -rootless
|
|
dockerfile: Dockerfile.rootless
|
|
verbose: ${{ steps.verbose.outputs.value }}
|
|
|
|
- name: build container & release (when TOKEN secret is set)
|
|
if: ${{ secrets.TOKEN != '' }}
|
|
uses: ./.forgejo/actions/build-release
|
|
with:
|
|
forgejo: "${{ env.GITHUB_SERVER_URL }}"
|
|
owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
|
|
repository: "${{ steps.repository.outputs.value }}"
|
|
doer: "${{ secrets.DOER }}"
|
|
tag-version: "${{ steps.tag-version.outputs.value }}"
|
|
token: "${{ secrets.TOKEN }}"
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v6
|
|
release-notes: "${{ steps.release-notes.outputs.value }}"
|
|
binary-name: forgejo
|
|
binary-path: /app/gitea/gitea
|
|
verbose: ${{ steps.verbose.outputs.value }}
|
|
|
|
- name: build rootless container (when TOKEN secret is set)
|
|
if: ${{ secrets.TOKEN != '' }}
|
|
uses: ./.forgejo/actions/build-release
|
|
with:
|
|
forgejo: "${{ env.GITHUB_SERVER_URL }}"
|
|
owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
|
|
repository: "${{ steps.repository.outputs.value }}"
|
|
doer: "${{ secrets.DOER }}"
|
|
tag-version: "${{ steps.tag-version.outputs.value }}"
|
|
token: "${{ secrets.TOKEN }}"
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v6
|
|
suffix: -rootless
|
|
dockerfile: Dockerfile.rootless
|
|
verbose: ${{ steps.verbose.outputs.value }}
|