1 files changed, 88 insertions, 0 deletions

diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
new file mode 100644
index 0000000..5de8785
--- /dev/null
+++ b/.forgejo/workflows/publish-release.yml
@@ -0,0 +1,88 @@
+# SPDX-License-Identifier: MIT
+#
+# See also https://forgejo.org/docs/next/contributor/release/#stable-release-process
+#
+# https://codeberg.org/forgejo-experimental/forgejo
+#
+#  Copies a release from codeberg.org/forgejo-integration to codeberg.org/forgejo-experimental
+#
+#  vars.ROLE: forgejo-experimental
+#  vars.FORGEJO: https://codeberg.org
+#  vars.FROM_OWNER: forgejo-integration
+#  vars.TO_OWNER: forgejo-experimental
+#  vars.REPO: forgejo
+#  vars.DOER: forgejo-experimental-ci
+#  secrets.TOKEN: <generated from codeberg.org/forgejo-experimental-ci>
+#
+# http://private.forgejo.org/forgejo/forgejo
+#
+#  Copies & sign a release from codeberg.org/forgejo-integration to codeberg.org/forgejo
+#
+#  vars.ROLE: forgejo-release
+#  vars.FORGEJO: https://codeberg.org
+#  vars.FROM_OWNER: forgejo-integration
+#  vars.TO_OWNER: forgejo
+#  vars.REPO: forgejo
+#  vars.DOER: release-team
+#  secrets.TOKEN: <generated from codeberg.org/release-team>
+#  secrets.GPG_PRIVATE_KEY: <XYZ>
+#  secrets.GPG_PASSPHRASE: <ABC>
+#
+name: Pubish release
+
+on:
+  push:
+    tags: 'v*'
+
+jobs:
+  publish:
+    runs-on: self-hosted
+    if: vars.DOER != '' && vars.FORGEJO != '' && vars.TO_OWNER != '' && vars.FROM_OWNER != '' && secrets.TOKEN != ''
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: copy & sign
+        uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5
+        with:
+          from-forgejo: ${{ vars.FORGEJO }}
+          to-forgejo: ${{ vars.FORGEJO }}
+          from-owner: ${{ vars.FROM_OWNER }}
+          to-owner: ${{ vars.TO_OWNER }}
+          repo: ${{ vars.REPO }}
+          release-notes: "See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#{ANCHOR}"
+          ref-name: ${{ github.ref_name }}
+          sha: ${{ github.sha }}
+          from-token: ${{ secrets.TOKEN }}
+          to-doer: ${{ vars.DOER }}
+          to-token: ${{ secrets.TOKEN }}
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          verbose: ${{ vars.VERBOSE }}
+
+      - name: upgrade v*.next.forgejo.org
+        run: |
+          export DEBIAN_FRONTEND=noninteractive
+          apt-get update -qq
+          apt-get -q install -y -qq curl
+          version="${{ github.ref_name }}"
+          version=${version##*v}
+          major=$(echo $version | sed -E -e 's/^([0-9]+).*/\1/')
+          # https://forgejo.org/docs/next/developer/infrastructure
+          curl -o /dev/null -sS https://v$major.next.forgejo.org/.well-known/wakeup-on-logs/forgejo-v$major
+
+      - name: set up go for the DNS update below
+        if: vars.ROLE == 'forgejo-experimental' && secrets.OVH_APP_KEY != ''
+        uses: https://code.forgejo.org/actions/setup-go@v4
+        with:
+          go-version-file: "go.mod"
+      - name: update the _release.experimental DNS record
+        if: vars.ROLE == 'forgejo-experimental' && secrets.OVH_APP_KEY != ''
+        uses: https://code.forgejo.org/actions/ovh-dns-update@v1
+        with:
+          subdomain: _release.experimental
+          domain: forgejo.com # there is a CNAME from .org to .com (for security reasons)
+          record-id: 5283602601
+          value: v=${{ github.ref_name }}
+          ovh-app-key: ${{ secrets.OVH_APP_KEY }}
+          ovh-app-secret: ${{ secrets.OVH_APP_SECRET }}
+          ovh-consumer-key: ${{ secrets.OVH_CON_KEY }}