summaryrefslogtreecommitdiffstats
path: root/.forgejo/workflows/build-release.yml
diff options
context:
space:
mode:
Diffstat (limited to '.forgejo/workflows/build-release.yml')
-rw-r--r--.forgejo/workflows/build-release.yml231
1 files changed, 231 insertions, 0 deletions
diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
new file mode 100644
index 0000000..bc74de8
--- /dev/null
+++ b/.forgejo/workflows/build-release.yml
@@ -0,0 +1,231 @@
+#
+# See also https://forgejo.org/docs/next/contributor/release/#stable-release-process
+#
+# https://codeberg.org/forgejo-integration/forgejo
+#
+# Builds a release from a codeberg.org/forgejo-integration tag
+#
+# vars.ROLE: forgejo-integration
+#
+# secrets.DOER: forgejo-experimental-ci
+# secrets.TOKEN: <generated from codeberg.org/forgejo-experimental-ci> scope read:user, write:repository, write:package
+#
+# secrets.CASCADE_ORIGIN_TOKEN: <generated from codeberg.org/forgejo-experimental-ci> scope read:user, write:repository, write:issue
+# secrets.CASCADE_DESTINATION_TOKEN: <generated from code.forgejo.org/forgejo-ci> scope read:user, write:repository, write:issue
+# vars.CASCADE_DESTINATION_DOER: forgejo-ci
+#
+on:
+ push:
+ tags: 'v[0-9]+.[0-9]+.*'
+ branches:
+ - 'forgejo'
+ - 'v*/forgejo'
+
+jobs:
+ release:
+ runs-on: self-hosted
+ # root is used for testing, allow it
+ if: vars.ROLE == 'forgejo-integration' || github.repository_owner == 'root'
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ fetch-depth: 0
+
+ - name: Sanitize the name of the repository
+ id: repository
+ run: |
+ repository="${{ github.repository }}"
+ echo "value=${repository##*/}" >> "$GITHUB_OUTPUT"
+
+ - uses: https://code.forgejo.org/actions/setup-node@v4
+ with:
+ node-version: 20
+
+ - uses: https://code.forgejo.org/actions/setup-go@v4
+ with:
+ go-version-file: "go.mod"
+
+ - name: version from ref
+ id: release-info
+ shell: bash
+ run: |
+ set -x
+ ref="${{ github.ref }}"
+ if [[ $ref =~ ^refs/heads/ ]] ; then
+ if test "$ref" = "refs/heads/forgejo" ; then
+ version=$(git tag -l --sort=version:refname --merged | grep -v -e '-test$' | tail -1 | sed -E -e 's/^(v[0-9]+\.[0-9]+).*/\1/')-test
+ else
+ version=${ref#refs/heads/}
+ version=${version%/forgejo}-test
+ fi
+ override=true
+ fi
+ if [[ $ref =~ ^refs/tags/ ]] ; then
+ version=${ref#refs/tags/}
+ override=false
+ fi
+ if test -z "$version" ; then
+ echo failed to figure out the release version from the reference=$ref
+ exit 1
+ fi
+ version=${version#v}
+ git describe --exclude '*-test' --tags --always
+ echo "sha=${{ github.sha }}" >> "$GITHUB_OUTPUT"
+ echo "version=$version" >> "$GITHUB_OUTPUT"
+ echo "override=$override" >> "$GITHUB_OUTPUT"
+
+ - name: release notes
+ id: release-notes
+ run: |
+ anchor=${{ steps.release-info.outputs.version }}
+ anchor=${anchor//./-}
+ cat >> "$GITHUB_OUTPUT" <<EOF
+ value<<ENDVAR
+ See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#$anchor
+ ENDVAR
+ EOF
+
+ - name: cache node_modules
+ id: node
+ uses: https://code.forgejo.org/actions/cache@v4
+ with:
+ path: |
+ node_modules
+ key: node-${{ steps.release-info.outputs.version }}
+
+ - name: skip if node cache hit
+ if: steps.node.outputs.cache-hit != 'true'
+ run: echo no hit
+
+ - name: Build sources
+ run: |
+ set -x
+ apt-get -qq install -y make
+ version=${{ steps.release-info.outputs.version }}
+ #
+ # Make sure all files are owned by the current user.
+ # When run as root `npx webpack` will assume the identity
+ # of the owner of the current working directory and may
+ # fail to create files if some sub-directories are not owned
+ # by the same user.
+ #
+ # Binaries:
+ # Node: 18.17.0 - /usr/local/node-v18.17.0-linux-x64/bin/node
+ # npm: 9.6.7 - /usr/local/node-v18.17.0-linux-x64/bin/npm
+ # Packages:
+ # add-asset-webpack-plugin: 2.0.1 => 2.0.1
+ # css-loader: 6.8.1 => 6.8.1
+ # esbuild-loader: 3.0.1 => 3.0.1
+ # license-checker-webpack-plugin: 0.2.1 => 0.2.1
+ # monaco-editor-webpack-plugin: 7.0.1 => 7.0.1
+ # vue-loader: 17.2.2 => 17.2.2
+ # webpack: 5.87.0 => 5.87.0
+ # webpack-cli: 5.1.4 => 5.1.4
+ #
+ chown -R $(id -u) .
+ make VERSION=$version TAGS=bindata sources-tarbal
+ mv dist/release release
+
+ (
+ tmp=$(mktemp -d)
+ tar --directory $tmp -zxvf release/*$version*.tar.gz
+ cd $tmp/*
+ #
+ # Verify `make frontend` files are available
+ #
+ test -d public/assets/css
+ test -d public/assets/fonts
+ test -d public/assets/js
+ #
+ # Verify `make generate` files are available
+ #
+ test -f modules/public/bindata.go
+ #
+ # Sanity check to verify that the source tarbal knows the
+ # version and is able to rebuild itself from it.
+ #
+ # When in sources the version is determined with git.
+ # When in the tarbal the version is determined from a VERSION file.
+ #
+ make sources-tarbal
+ tarbal=$(echo dist/release/*$version*.tar.gz)
+ if ! test -f $tarbal ; then
+ echo $tarbal does not exist
+ find dist release
+ exit 1
+ fi
+ )
+
+ - name: build container & release
+ if: ${{ secrets.TOKEN != '' }}
+ uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5.1.1
+ with:
+ forgejo: "${{ env.GITHUB_SERVER_URL }}"
+ owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
+ repository: "${{ steps.repository.outputs.value }}"
+ doer: "${{ secrets.DOER }}"
+ release-version: "${{ steps.release-info.outputs.version }}"
+ sha: "${{ steps.release-info.outputs.sha }}"
+ token: "${{ secrets.TOKEN }}"
+ platforms: linux/amd64,linux/arm64,linux/arm/v6
+ release-notes: "${{ steps.release-notes.outputs.value }}"
+ binary-name: forgejo
+ binary-path: /app/gitea/gitea
+ override: "${{ steps.release-info.outputs.override }}"
+ verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}"
+ verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }}
+
+ - name: build rootless container
+ if: ${{ secrets.TOKEN != '' }}
+ uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5.1.1
+ with:
+ forgejo: "${{ env.GITHUB_SERVER_URL }}"
+ owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
+ repository: "${{ steps.repository.outputs.value }}"
+ doer: "${{ secrets.DOER }}"
+ release-version: "${{ steps.release-info.outputs.version }}"
+ sha: "${{ steps.release-info.outputs.sha }}"
+ token: "${{ secrets.TOKEN }}"
+ platforms: linux/amd64,linux/arm64,linux/arm/v6
+ suffix: -rootless
+ dockerfile: Dockerfile.rootless
+ override: "${{ steps.release-info.outputs.override }}"
+ verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}"
+ verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }}
+
+ - name: end-to-end tests
+ if: ${{ secrets.TOKEN != '' && vars.ROLE == 'forgejo-integration' && vars.SKIP_END_TO_END != 'true' }}
+ uses: https://code.forgejo.org/actions/cascading-pr@v2
+ with:
+ origin-url: ${{ env.GITHUB_SERVER_URL }}
+ origin-repo: ${{ github.repository }}
+ origin-token: ${{ secrets.CASCADE_ORIGIN_TOKEN }}
+ origin-ref: refs/heads/forgejo
+ destination-url: https://code.forgejo.org
+ destination-fork-repo: ${{ vars.CASCADE_DESTINATION_DOER }}/end-to-end
+ destination-repo: forgejo/end-to-end
+ destination-branch: main
+ destination-token: ${{ secrets.CASCADE_DESTINATION_TOKEN }}
+ update: .forgejo/cascading-release-end-to-end
+
+ - name: copy to experimental
+ if: vars.ROLE == 'forgejo-integration' && secrets.TOKEN != ''
+ run: |
+ if test "${{ vars.VERBOSE }}" = true ; then
+ set -x
+ fi
+ tag=v${{ steps.release-info.outputs.version }}
+ url=https://any:${{ secrets.TOKEN }}@codeberg.org
+ if test "${{ steps.release-info.outputs.override }}" = "true" ; then
+ curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/releases/tags/$tag > /dev/null
+ curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/tags/$tag > /dev/null
+ fi
+ # actions/checkout@v3 sets http.https://codeberg.org/.extraheader with the automatic token.
+ # Get rid of it so it does not prevent using the token that has write permissions
+ git config --local --unset http.https://codeberg.org/.extraheader
+ if test -f .git/shallow ; then
+ echo "unexptected .git/shallow file is present"
+ echo "it suggests a checkout --depth X was used which may prevent pushing the commit"
+ echo "it happens when actions/checkout is called without depth: 0"
+ fi
+ git push $url/forgejo-experimental/forgejo ${{ steps.release-info.outputs.sha }}:refs/tags/$tag