diff options
| author | Daniel Baumann <daniel@debian.org> | 2024-10-20 22:50:50 +0200 |
|---|---|---|
| committer | Daniel Baumann <daniel@debian.org> | 2024-10-20 22:50:50 +0200 |
| commit | 9fa26b7837ed8e6679b7e6115425cab6ecbc9a8a (patch) | |
| tree | c5b6f218ae267153042529217fdabeac4849ca1e /.forgejo | |
| parent | Initial commit. (diff) | |
| download | forgejo-runner-debian.tar.xz forgejo-runner-debian.zip | |
Adding upstream version 3.5.1.HEADupstream/3.5.1upstreamdebian
Signed-off-by: Daniel Baumann <daniel@debian.org>
Diffstat (limited to '.forgejo')
| -rwxr-xr-x | .forgejo/cascading-pr-setup-forgejo | 16 | ||||
| -rw-r--r-- | .forgejo/labelscompare.py | 24 | ||||
| -rw-r--r-- | .forgejo/testdata/ipv6.yml | 11 | ||||
| -rw-r--r-- | .forgejo/workflows/build-release-integration.yml | 90 | ||||
| -rw-r--r-- | .forgejo/workflows/build-release.yml | 103 | ||||
| -rw-r--r-- | .forgejo/workflows/cascade-setup-forgejo.yml | 25 | ||||
| -rw-r--r-- | .forgejo/workflows/example-docker-compose.yml | 70 | ||||
| -rw-r--r-- | .forgejo/workflows/publish-release.yml | 42 | ||||
| -rw-r--r-- | .forgejo/workflows/test.yml | 108 |
9 files changed, 489 insertions, 0 deletions
diff --git a/.forgejo/cascading-pr-setup-forgejo b/.forgejo/cascading-pr-setup-forgejo new file mode 100755 index 0000000..06472a7 --- /dev/null +++ b/.forgejo/cascading-pr-setup-forgejo @@ -0,0 +1,16 @@ +#!/bin/bash + +set -ex + +setup_forgejo=$1 +setup_forgejo_pr=$2 +runner=$3 +runner_pr=$4 + +url=$(jq --raw-output .head.repo.html_url < $runner_pr) +test "$url" != null +branch=$(jq --raw-output .head.ref < $runner_pr) +test "$branch" != null +cd $setup_forgejo +./utils/upgrade-runner.sh $url @$branch +date > last-upgrade diff --git a/.forgejo/labelscompare.py b/.forgejo/labelscompare.py new file mode 100644 index 0000000..2274d38 --- /dev/null +++ b/.forgejo/labelscompare.py @@ -0,0 +1,24 @@ +import json + +expectedLabels = { + "maintainer": "contact@forgejo.org", + "org.opencontainers.image.authors": "Forgejo", + "org.opencontainers.image.url": "https://forgejo.org", + "org.opencontainers.image.documentation": "https://forgejo.org/docs/latest/admin/actions/#forgejo-runner", + "org.opencontainers.image.source": "https://code.forgejo.org/forgejo/runner", + "org.opencontainers.image.version": "1.2.3", + "org.opencontainers.image.vendor": "Forgejo", + "org.opencontainers.image.licenses": "MIT", + "org.opencontainers.image.title": "Forgejo Runner", + "org.opencontainers.image.description": "A runner for Forgejo Actions.", +} +inspect = None +with open("./labels.json", "r") as f: + inspect = json.load(f) + +assert inspect +labels = inspect[0]["Config"]["Labels"] + +for k, v in expectedLabels.items(): + assert k in labels, f"'{k}' is missing from labels" + assert labels[k] == v, f"expected {v} in key {k}, found {labels[k]}" diff --git a/.forgejo/testdata/ipv6.yml b/.forgejo/testdata/ipv6.yml new file mode 100644 index 0000000..e0f7588 --- /dev/null +++ b/.forgejo/testdata/ipv6.yml @@ -0,0 +1,11 @@ +--- +on: push +jobs: + ipv6: + runs-on: docker + container: + image: code.forgejo.org/oci/debian:bookworm + steps: + - run: | + apt update -qq ; apt --quiet install -qq --yes iputils-ping + ping -c 1 -6 ::1 diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml new file mode 100644 index 0000000..7f92218 --- /dev/null +++ b/.forgejo/workflows/build-release-integration.yml @@ -0,0 +1,90 @@ +name: Integration tests for the release process + +on: + push: + paths: + - go.mod + - Dockerfile + - .forgejo/workflows/build-release.yml + - .forgejo/workflows/build-release-integration.yml + pull_request: + paths: + - go.mod + - Dockerfile + - .forgejo/workflows/build-release.yml + - .forgejo/workflows/build-release-integration.yml + +jobs: + release-simulation: + runs-on: self-hosted + if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-release' + steps: + - uses: actions/checkout@v3 + + - id: forgejo + uses: https://code.forgejo.org/actions/setup-forgejo@v1 + with: + user: root + password: admin1234 + image-version: 1.20 + lxc-ip-prefix: 10.0.9 + + - name: publish + run: | + set -x + + version=1.2.3 + cat > /etc/docker/daemon.json <<EOF + { + "insecure-registries" : ["${{ steps.forgejo.outputs.host-port }}"] + } + EOF + systemctl restart docker + + dir=$(mktemp -d) + trap "rm -fr $dir" EXIT + + url=http://root:admin1234@${{ steps.forgejo.outputs.host-port }} + export FORGEJO_RUNNER_LOGS="${{ steps.forgejo.outputs.runner-logs }}" + + # + # Create a new project with the runner and the release workflow only + # + rsync -a --exclude .git ./ $dir/ + rm $(find $dir/.forgejo/workflows/*.yml | grep -v build-release.yml) + forgejo-test-helper.sh push $dir $url root runner + sha=$(forgejo-test-helper.sh branch_tip $url root/runner main) + + # + # Push a tag to trigger the release workflow and wait for it to complete + # + forgejo-curl.sh api_json --data-raw '{"tag_name": "v'$version'", "target": "'$sha'"}' $url/api/v1/repos/root/runner/tags + LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/runner $sha + + # + # uncomment to see the logs even when everything is reported to be working ok + # + #cat $FORGEJO_RUNNER_LOGS + + # + # Minimal sanity checks. e2e test is for the setup-forgejo action + # + for arch in amd64 arm64 ; do + binary=forgejo-runner-$version-linux-$arch + for suffix in '' '.xz' ; do + curl --fail -L -sS $url/root/runner/releases/download/v$version/$binary$suffix > $binary$suffix + if test "$suffix" = .xz ; then + unxz --keep $binary$suffix + fi + chmod +x $binary + ./$binary --version | grep $version + curl --fail -L -sS $url/root/runner/releases/download/v$version/$binary$suffix.sha256 > $binary$suffix.sha256 + shasum -a 256 --check $binary$suffix.sha256 + rm $binary$suffix + done + done + + docker pull ${{ steps.forgejo.outputs.host-port }}/root/runner:$version + + docker inspect ${{ steps.forgejo.outputs.host-port}}/root/runner:$version > labels.json + python3 .forgejo/labelscompare.py diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml new file mode 100644 index 0000000..4e66a0a --- /dev/null +++ b/.forgejo/workflows/build-release.yml @@ -0,0 +1,103 @@ +# SPDX-License-Identifier: MIT +# +# https://code.forgejo.org/forgejo/runner +# +# Build the runner binaries and OCI images +# +# ROLE: forgejo-integration +# DOER: release-team +# TOKEN: <generated from codeberg.org/release-team> +# +name: Build release + +on: + push: + tags: 'v*' + +jobs: + release: + runs-on: self-hosted + # root is used for testing, allow it + if: secrets.ROLE == 'forgejo-integration' || github.repository_owner == 'root' + steps: + - uses: actions/checkout@v3 + + - name: Increase the verbosity when there are no secrets + id: verbose + run: | + if test -z "${{ secrets.TOKEN }}"; then + value=true + else + value=false + fi + echo "value=$value" >> "$GITHUB_OUTPUT" + + - name: Sanitize the name of the repository + id: repository + run: | + echo "value=${GITHUB_REPOSITORY##*/}" >> "$GITHUB_OUTPUT" + + - name: create test TOKEN + id: token + if: ${{ secrets.TOKEN == '' }} + run: | + apt-get -qq install -y jq + url="${{ env.GITHUB_SERVER_URL }}" + hostport=${url##http*://} + hostport=${hostport%%/} + doer=root + api=http://$doer:admin1234@$hostport/api/v1/users/$doer/tokens + curl -sS -X DELETE $api/release + token=$(curl -sS -X POST -H 'Content-Type: application/json' --data-raw '{"name": "release", "scopes": ["all"]}' $api | jq --raw-output .sha1) + echo "value=${token}" >> "$GITHUB_OUTPUT" + + - name: version from ref_name + id: tag-version + run: | + version=${GITHUB_REF_NAME##*v} + echo "value=$version" >> "$GITHUB_OUTPUT" + + - name: release notes + id: release-notes + run: | + anchor=${{ steps.tag-version.outputs.value }} + anchor=${anchor//./-} + cat >> "$GITHUB_OUTPUT" <<EOF + value<<ENDVAR + See https://code.forgejo.org/forgejo/runner/src/branch/main/RELEASE-NOTES.md#$anchor + ENDVAR + EOF + + - name: build without TOKEN + if: ${{ secrets.TOKEN == '' }} + uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5 + with: + forgejo: "${{ env.GITHUB_SERVER_URL }}" + owner: "${{ env.GITHUB_REPOSITORY_OWNER }}" + repository: "${{ steps.repository.outputs.value }}" + doer: root + sha: "${{ github.sha }}" + release-version: "${{ steps.tag-version.outputs.value }}" + token: ${{ steps.token.outputs.value }} + platforms: linux/amd64,linux/arm64 + release-notes: "${{ steps.release-notes.outputs.value }}" + binary-name: forgejo-runner + binary-path: /bin/forgejo-runner + verbose: ${{ steps.verbose.outputs.value }} + + - name: build with TOKEN + if: ${{ secrets.TOKEN != '' }} + uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5 + with: + forgejo: "${{ env.GITHUB_SERVER_URL }}" + owner: "${{ env.GITHUB_REPOSITORY_OWNER }}" + repository: "${{ steps.repository.outputs.value }}" + doer: "${{ secrets.DOER }}" + sha: "${{ github.sha }}" + release-version: "${{ steps.tag-version.outputs.value }}" + token: "${{ secrets.TOKEN }}" + platforms: linux/amd64,linux/arm64 + release-notes: "${{ steps.release-notes.outputs.value }}" + binary-name: forgejo-runner + binary-path: /bin/forgejo-runner + verbose: ${{ steps.verbose.outputs.value }} diff --git a/.forgejo/workflows/cascade-setup-forgejo.yml b/.forgejo/workflows/cascade-setup-forgejo.yml new file mode 100644 index 0000000..6d94f01 --- /dev/null +++ b/.forgejo/workflows/cascade-setup-forgejo.yml @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: MIT +on: + pull_request_target: + types: + - opened + - synchronize + - closed +jobs: + cascade: + runs-on: docker + if: vars.CASCADE != 'no' + steps: + - uses: actions/cascading-pr@v1 + with: + origin-url: ${{ env.GITHUB_SERVER_URL }} + origin-repo: forgejo/runner + origin-token: ${{ secrets.CASCADING_PR_ORIGIN }} + origin-pr: ${{ github.event.pull_request.number }} + destination-url: ${{ env.GITHUB_SERVER_URL }} + destination-repo: actions/setup-forgejo + destination-fork-repo: cascading-pr/setup-forgejo + destination-branch: main + destination-token: ${{ secrets.CASCADING_PR_DESTINATION }} + close-merge: true + update: .forgejo/cascading-pr-setup-forgejo diff --git a/.forgejo/workflows/example-docker-compose.yml b/.forgejo/workflows/example-docker-compose.yml new file mode 100644 index 0000000..4e2f547 --- /dev/null +++ b/.forgejo/workflows/example-docker-compose.yml @@ -0,0 +1,70 @@ +# SPDX-License-Identifier: MIT +on: + push: + branches: + - 'main' + pull_request: + +jobs: + example-docker-compose: + runs-on: self-hosted + steps: + - uses: actions/checkout@v4 + + - name: Install docker + run: | + apt-get update -qq + export DEBIAN_FRONTEND=noninteractive + apt-get install -qq -y ca-certificates curl gnupg + install -m 0755 -d /etc/apt/keyrings + curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg + echo "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null + apt-get update -qq + apt-get install -qq -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin=2.20.2-1~debian.11~bullseye + docker version + # + # docker compose is prone to non backward compatible changes, pin it + # + apt-get install -qq -y docker-compose-plugin=2.20.2-1~debian.11~bullseye + docker compose version + + - name: run the example + run: | + set -x + cd examples/docker-compose + secret=$(openssl rand -hex 20) + sed -i -e "s/{SHARED_SECRET}/$secret/" compose-forgejo-and-runner.yml + cli="docker compose --progress quiet -f compose-forgejo-and-runner.yml" + # + # Launch Forgejo & the runner + # + $cli up -d + for delay in $(seq 60) ; do test -f /srv/runner-data/.runner && break ; sleep 30 ; done + test -f /srv/runner-data/.runner + # + # Run the demo workflow + # + cli="$cli -f compose-demo-workflow.yml" + $cli up -d demo-workflow + # + # Wait for the demo workflow to complete + # + success='DEMO WORKFLOW SUCCESS' + failure='DEMO WORKFLOW FAILURE' + for delay in $(seq 60) ; do + $cli logs demo-workflow > /tmp/out + grep --quiet "$success" /tmp/out && break + grep --quiet "$failure" /tmp/out && break + $cli ps --all + $cli logs --tail=20 runner-daemon demo-workflow + sleep 30 + done + grep --quiet "$success" /tmp/out + $cli logs runner-daemon > /tmp/runner.log + grep --quiet 'Start image=code.forgejo.org/oci/node:20-bookworm' /tmp/runner.log + + - name: full docker compose logs + if: always() + run: | + cd examples/docker-compose + docker compose -f compose-forgejo-and-runner.yml -f compose-demo-workflow.yml logs diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml new file mode 100644 index 0000000..c888be2 --- /dev/null +++ b/.forgejo/workflows/publish-release.yml @@ -0,0 +1,42 @@ +# SPDX-License-Identifier: MIT +# +# https://forgejo.octopuce.forgejo.org/forgejo-release/runner +# +# Copies & sign a release from code.forgejo.org/forgejo-integration/runner to code.forgejo.org/forgejo/runner +# +# ROLE: forgejo-release +# FORGEJO: https://code.forgejo.org +# FROM_OWNER: forgejo-integration +# TO_OWNER: forgejo +# DOER: release-team +# TOKEN: <generated from codeberg.org/release-team> +# GPG_PRIVATE_KEY: <XYZ> +# GPG_PASSPHRASE: <ABC> +# +name: pubish + +on: + push: + tags: 'v*' + +jobs: + publish: + runs-on: self-hosted + if: secrets.DOER != '' && secrets.FORGEJO != '' && secrets.TO_OWNER != '' && secrets.FROM_OWNER != '' && secrets.TOKEN != '' + steps: + - uses: actions/checkout@v3 + + - name: copy & sign + uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v1 + with: + forgejo: ${{ secrets.FORGEJO }} + from-owner: ${{ secrets.FROM_OWNER }} + to-owner: ${{ secrets.TO_OWNER }} + repo: "runner" + ref-name: ${{ github.ref_name }} + container-suffixes: " " + doer: ${{ secrets.DOER }} + token: ${{ secrets.TOKEN }} + gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} + verbose: ${{ secrets.VERBOSE }} diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml new file mode 100644 index 0000000..677ab68 --- /dev/null +++ b/.forgejo/workflows/test.yml @@ -0,0 +1,108 @@ +name: checks +on: + push: + branches: + - 'main' + pull_request: + +env: + FORGEJO_HOST_PORT: 'forgejo:3000' + FORGEJO_ADMIN_USER: 'root' + FORGEJO_ADMIN_PASSWORD: 'admin1234' + FORGEJO_RUNNER_SECRET: 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA' + FORGEJO_SCRIPT: | + /bin/s6-svscan /etc/s6 & sleep 10 ; su -c "forgejo admin user create --admin --username $FORGEJO_ADMIN_USER --password $FORGEJO_ADMIN_PASSWORD --email root@example.com" git && su -c "forgejo forgejo-cli actions register --labels docker --name therunner --secret $FORGEJO_RUNNER_SECRET" git && sleep infinity + GOPROXY: https://goproxy.io,direct + +jobs: + build-and-tests: + name: build and test + if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release' + runs-on: docker + + services: + forgejo: + image: codeberg.org/forgejo/forgejo:1.21 + env: + FORGEJO__security__INSTALL_LOCK: "true" + FORGEJO__log__LEVEL: "debug" + FORGEJO__actions__ENABLED: "true" + FORGEJO_ADMIN_USER: ${{ env.FORGEJO_ADMIN_USER }} + FORGEJO_ADMIN_PASSWORD: ${{ env.FORGEJO_ADMIN_PASSWORD }} + FORGEJO_RUNNER_SECRET: ${{ env.FORGEJO_RUNNER_SECRET }} + cmd: + - 'bash' + - '-c' + - ${{ env.FORGEJO_SCRIPT }} + + steps: + - uses: actions/setup-go@v3 + with: + go-version: '1.21' + + - uses: actions/checkout@v4 + + - run: make vet + + - run: make build + + - uses: https://code.forgejo.org/actions/upload-artifact@v3 + with: + name: forgejo-runner + path: forgejo-runner + + - name: check the forgejo server is responding + run: | + apt-get update -qq + apt-get install -y -qq jq curl + test $FORGEJO_ADMIN_USER = $(curl -sS http://$FORGEJO_ADMIN_USER:$FORGEJO_ADMIN_PASSWORD@$FORGEJO_HOST_PORT/api/v1/user | jq --raw-output .login) + + - run: make FORGEJO_URL=http://$FORGEJO_HOST_PORT test + + runner-exec-tests: + needs: [build-and-tests] + name: runner exec tests + if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release' + runs-on: self-hosted + + steps: + + - uses: actions/checkout@v4 + + - uses: https://code.forgejo.org/actions/download-artifact@v3 + with: + name: forgejo-runner + + - name: install docker + run: | + mkdir /etc/docker + cat > /etc/docker/daemon.json <<EOF + { + "ipv6": true, + "experimental": true, + "ip6tables": true, + "fixed-cidr-v6": "fd05:d0ca:1::/64", + "default-address-pools": [ + { + "base": "172.19.0.0/16", + "size": 24 + }, + { + "base": "fd05:d0ca:2::/104", + "size": 112 + } + ] + } + EOF + apt --quiet install --yes -qq docker.io + + - name: forgejo-runner exec --enable-ipv6 + run: | + set -x + chmod +x forgejo-runner + ./forgejo-runner exec --enable-ipv6 --workflows .forgejo/testdata/ipv6.yml + if ./forgejo-runner exec --workflows .forgejo/testdata/ipv6.yml >& /tmp/out ; then + cat /tmp/out + echo "IPv6 not enabled, should fail" + exit 1 + fi |