forgejo/.forgejo/actions/build-release/action.yml
Earl Warren 346c418b4a
[CI] Forgejo Actions based release process
Refs: https://codeberg.org/forgejo/website/pulls/230
(cherry picked from commit 87d56bf6c7)

[CI] Forgejo Actions based release process (squash)

base64 -w0 to avoid wrapping when the doer name is long as it creates
a broken config.json

(cherry picked from commit 9efdc27e49)

[CI] Forgejo Actions based release process (squash) generate .xz files and sources

Generate .xz files
Check .sha256
Generate the source tarbal

(cherry picked from commit 7afec520c4)

[CI] Forgejo Actions based release process (squash) release notes

(cherry picked from commit d8f4f4807b)

[CI] Forgejo Actions based release process (squash) publish and sign release

(cherry picked from commit a52778c747)
(cherry picked from commit cf2ec62740)

[CI] Forgejo Actions based release process (squash) version

use Actions environment variables in Makefile (#25319) (#25318)

uses Actions variable to determine the version. But Forgejo builds
happen in a container where they are not available. Do not use them.

Also verify the version of the binary is as expected for sanity check.

(cherry picked from commit 6decf111a1)
(cherry picked from commit 206d0b3886)

[CI] read STORED_VERSION_FILE if available

(cherry picked from commit af74085ebf)

[CI] backward compatible executable compilation

Add a new static-executable target to use in Dockerfiles and restore
the $(EXECUTABLE) target to what it was before to for backward
compatibility.

The release process now builds static executables instead of
dynamically linked ones which makes them more portable. It changes the
requirements at compile time and is not backward compatible. In
particular it may break packaging that rely on the target that
currently creates a dynamically linked executable.

(cherry picked from commit 84d02a174a)
(cherry picked from commit 854be47328)

[CI] Forgejo Actions based release process (squash) doc / ca / verbosity

- Document workflow
- Increase verbosity if VERBOSE=true
- Download the Certificate Authority if behind the VPN

(cherry picked from commit 168d5d5869)
(cherry picked from commit 8756c9a72a)
(cherry picked from commit 2dad7ef20f)

[CI] Forgejo Actions based release process (squash) add assets sources-tarbal

Refs: https://codeberg.org/forgejo/forgejo/issues/1115
(cherry picked from commit 5531d01f19)

[CI] Forgejo Actions based release process (squash) add assets sources-tarbal

bindata.go is a file, not a directory

Refs: https://codeberg.org/forgejo/forgejo/issues/1115
(cherry picked from commit bd88a44778)
(cherry picked from commit b408085138)

[CI] Forgejo Actions based release process (squash) public/assets moved

(cherry picked from commit d8c921d5a6)
(cherry picked from commit f29e50b1a09b1a22fc2dbdb77e9a1def1196175b)

[CI] Fix release notes link

- Use substitution to replace all dots with dashes.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1163

(cherry picked from commit 96783728f53a072915cace392aa269adfe9a5c73)
(cherry picked from commit c8d8bf8996)

[CI] pin go v1.20 for testing

Refs: https://codeberg.org/forgejo/forgejo/issues/1228
(cherry picked from commit fd4b5a013e)
(cherry picked from commit 00bb15f57f)

Conflicts:
	Dockerfile
	Dockerfile.rootless
	see https://codeberg.org/forgejo/forgejo/pulls/1303
(cherry picked from commit 6e2be54a6d)
2023-08-29 08:24:31 +02:00

155 lines
5.5 KiB
YAML

name: 'Build release'
author: 'Forgejo authors'
description: |
Build release
inputs:
forgejo:
description: 'URL of the Forgejo instance where the release is uploaded'
required: true
owner:
description: 'User or organization where the release is uploaded, relative to the Forgejo instance'
required: true
repository:
description: 'Repository where the release is uploaded, relative to the owner'
required: true
doer:
description: 'Name of the user authoring the release'
required: true
tag-version:
description: 'Version of the release derived from the tag withint the leading v'
required: true
suffix:
description: 'Suffix to add to the image tag'
token:
description: 'token'
required: true
dockerfile:
description: 'path to the dockerfile'
default: 'Dockerfile'
platforms:
description: 'Coma separated list of platforms'
default: 'linux/amd64,linux/arm64'
release-notes:
description: 'Full text of the release notes'
default: 'Release notes placeholder'
binary-name:
description: 'Name of the binary'
binary-path:
description: 'Path of the binary within the container to extract into binary-name'
verbose:
description: 'Increase the verbosity level'
default: 'false'
runs:
using: "composite"
steps:
- run: echo "${{ github.action_path }}" >> $GITHUB_PATH
shell: bash
- name: Install dependencies
run: |
apt-get install -y -qq xz-utils
- name: set -x if verbose is required
id: verbose
run: |
if ${{ inputs.verbose }} ; then
echo "shell=set -x" >> "$GITHUB_OUTPUT"
fi
- name: Create the insecure and buildx-config variables for the container registry
id: registry
run: |
${{ steps.verbose.outputs.shell }}
url="${{ inputs.forgejo }}"
hostport=${url##http*://}
hostport=${hostport%%/}
echo "host-port=${hostport}" >> "$GITHUB_OUTPUT"
if ! [[ $url =~ ^http:// ]] ; then
exit 0
fi
cat >> "$GITHUB_OUTPUT" <<EOF
insecure=true
buildx-config<<ENDVAR
[registry."${hostport}"]
http = true
ENDVAR
EOF
- name: Allow docker pull/push to forgejo
if: ${{ steps.registry.outputs.insecure }}
run: |-
mkdir -p /etc/docker
cat > /etc/docker/daemon.json <<EOF
{
"insecure-registries" : ["${{ steps.registry.outputs.host-port }}"],
"bip": "172.26.0.1/16"
}
EOF
- name: Install docker
run: |
echo deb http://deb.debian.org/debian bullseye-backports main | tee /etc/apt/sources.list.d/backports.list && apt-get -qq update
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qq -y -t bullseye-backports docker.io
- uses: https://github.com/docker/setup-buildx-action@v2
with:
config-inline: |
${{ steps.registry.outputs.buildx-config }}
- name: Login to the container registry
run: |
BASE64_AUTH=`echo -n "${{ inputs.doer }}:${{ inputs.token }}" | base64 -w0`
mkdir -p ~/.docker
echo "{\"auths\": {\"$CI_REGISTRY\": {\"auth\": \"$BASE64_AUTH\"}}}" > ~/.docker/config.json
env:
CI_REGISTRY: "${{ steps.registry.outputs.host-port }}"
- name: Build the container image for each architecture
uses: https://github.com/docker/build-push-action@v4
# workaround until https://github.com/docker/build-push-action/commit/d8823bfaed2a82c6f5d4799a2f8e86173c461aba is in @v4 or @v5 is released
env:
ACTIONS_RUNTIME_TOKEN: ''
with:
context: .
push: true
file: ${{ inputs.dockerfile }}
platforms: ${{ inputs.platforms }}
tags: ${{ steps.registry.outputs.host-port }}/${{ inputs.owner }}/${{ inputs.repository }}:${{ inputs.tag-version }}${{ inputs.suffix }}
- name: Extract the binary from the container images into the release directory
if: inputs.binary-name != ''
run: |
${{ steps.verbose.outputs.shell }}
mkdir -p release
cd release
for platform in $(echo ${{ inputs.platforms }} | tr ',' ' '); do
arch=$(echo $platform | sed -e 's|linux/||g' -e 's|arm/v6|arm-6|g')
docker create --platform $platform --name forgejo-$arch ${{ steps.registry.outputs.host-port }}/${{ inputs.owner }}/${{ inputs.repository }}:${{ inputs.tag-version }}${{ inputs.suffix }}
binary="${{ inputs.binary-name }}-${{ inputs.tag-version }}-linux"
docker cp forgejo-$arch:${{ inputs.binary-path }} $binary-$arch
chmod +x $binary-$arch
# the displayed version has a + instead of the first -, deal with it
pattern=$(echo "${{ inputs.tag-version }}" | tr - .)
if ! ./$binary-$arch --version | grep "$pattern" ; then
echo "ERROR: expected version pattern $pattern not found in the output of $binary-$arch --version"
./$binary-$arch --version
exit 1
fi
xz --keep -9 $binary-$arch
shasum -a 256 $binary-$arch > $binary-$arch.sha256
shasum -a 256 $binary-$arch.xz > $binary-$arch.xz.sha256
docker rm forgejo-$arch
done
- name: publish release
if: inputs.binary-name != ''
uses: https://code.forgejo.org/actions/forgejo-release@v1
with:
direction: upload
release-dir: release
release-notes: "${{ inputs.release-notes }}"
token: ${{ inputs.token }}
verbose: ${{ steps.verbose.outputs.value }}