diff options
Diffstat (limited to '')
-rw-r--r-- | .forgejo/workflows/backport.yml | 59 | ||||
-rw-r--r-- | .forgejo/workflows/build-release-integration.yml | 135 | ||||
-rw-r--r-- | .forgejo/workflows/build-release.yml | 231 | ||||
-rw-r--r-- | .forgejo/workflows/cascade-setup-end-to-end.yml | 74 | ||||
-rw-r--r-- | .forgejo/workflows/e2e.yml | 37 | ||||
-rw-r--r-- | .forgejo/workflows/forgejo-integration-cleanup.yml | 39 | ||||
-rw-r--r-- | .forgejo/workflows/mirror.yml | 27 | ||||
-rw-r--r-- | .forgejo/workflows/publish-release.yml | 88 | ||||
-rw-r--r-- | .forgejo/workflows/release-notes-assistant-milestones.yml | 33 | ||||
-rw-r--r-- | .forgejo/workflows/release-notes-assistant.yml | 39 | ||||
-rw-r--r-- | .forgejo/workflows/renovate.yml | 69 | ||||
-rw-r--r-- | .forgejo/workflows/testing.yml | 337 |
12 files changed, 1168 insertions, 0 deletions
diff --git a/.forgejo/workflows/backport.yml b/.forgejo/workflows/backport.yml new file mode 100644 index 0000000..32a93ed --- /dev/null +++ b/.forgejo/workflows/backport.yml @@ -0,0 +1,59 @@ +# Copyright 2024 The Forgejo Authors +# SPDX-License-Identifier: MIT +# +# To modify this workflow: +# +# - change pull_request_target: to pull_request: +# so that it runs from a pull request instead of the default branch +# +# - push it to the wip-ci-backport branch on the forgejo repository +# otherwise it will not have access to the secrets required to push +# the PR +# +# - open a pull request targetting wip-ci-backport that includes a change +# that can be backported without conflict in v1.21 and set the +# `backport/v1.21` label. +# +# - once it works, open a pull request for the sake of keeping track +# of the change even if the PR won't run it because it will use +# whatever is in the default branch instead +# +# - after it is merged, double check it works by setting a +# `backport/v1.21` label on a merged pull request that can be backported +# without conflict. +# +on: + pull_request_target: + types: + - closed + - labeled + +jobs: + backporting: + if: > + !startsWith(vars.ROLE, 'forgejo-') && ( + github.event.pull_request.merged + && + contains(toJSON(github.event.pull_request.labels), 'backport/v') + ) + runs-on: docker + container: + image: 'code.forgejo.org/oci/node:20-bookworm' + steps: + - name: event info + run: | + cat <<'EOF' + ${{ toJSON(github) }} + EOF + - uses: https://code.forgejo.org/actions/git-backporting@v4.8.0 + with: + target-branch-pattern: "^backport/(?<target>(v.*))$" + strategy: ort + strategy-option: find-renames + cherry-pick-options: -x + auth: ${{ secrets.BACKPORT_TOKEN }} + pull-request: ${{ github.event.pull_request.url }} + auto-no-squash: true + enable-err-notification: true + git-user: forgejo-backport-action + git-email: forgejo-backport-action@noreply.codeberg.org diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml new file mode 100644 index 0000000..f5f0d19 --- /dev/null +++ b/.forgejo/workflows/build-release-integration.yml @@ -0,0 +1,135 @@ +name: Integration tests for the release process + +on: + push: + paths: + - Makefile + - Dockerfile + - Dockerfile.rootless + - docker/** + - .forgejo/workflows/build-release.yml + - .forgejo/workflows/build-release-integration.yml + branches-ignore: + - renovate/** + pull_request: + paths: + - Makefile + - Dockerfile + - Dockerfile.rootless + - docker/** + - .forgejo/workflows/build-release.yml + - .forgejo/workflows/build-release-integration.yml + +jobs: + release-simulation: + if: ${{ !startsWith(vars.ROLE, 'forgejo-') }} + runs-on: self-hosted + steps: + - uses: actions/checkout@v4 + + - id: forgejo + uses: https://code.forgejo.org/actions/setup-forgejo@v1 + with: + user: root + password: admin1234 + image-version: 1.21 + lxc-ip-prefix: 10.0.9 + + - name: publish the forgejo release + shell: bash + run: | + set -x + + cat > /etc/docker/daemon.json <<EOF + { + "insecure-registries" : ["${{ steps.forgejo.outputs.host-port }}"] + } + EOF + systemctl restart docker + + apt-get install -qq -y xz-utils + + dir=$(mktemp -d) + trap "rm -fr $dir" EXIT + + url=http://root:admin1234@${{ steps.forgejo.outputs.host-port }} + export FORGEJO_RUNNER_LOGS="${{ steps.forgejo.outputs.runner-logs }}" + + function sanity_check() { + local url=$1 version=$2 + # + # Minimal sanity checks. Since the binary + # is a script shell it does not test the sanity of the cross + # build, only the sanity of the naming of the binaries. + # + for arch in amd64 arm64 arm-6 ; do + local binary=forgejo-$version-linux-$arch + for suffix in '' '.xz' ; do + curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$binary$suffix > $binary$suffix + if test "$suffix" = .xz ; then + unxz --keep $binary$suffix + fi + chmod +x $binary + ./$binary --version | grep $version + curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$binary$suffix.sha256 > $binary$suffix.sha256 + shasum -a 256 --check $binary$suffix.sha256 + rm $binary$suffix + done + done + + local sources=forgejo-src-$version.tar.gz + curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$sources > $sources + curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$sources.sha256 > $sources.sha256 + shasum -a 256 --check $sources.sha256 + + docker pull ${{ steps.forgejo.outputs.host-port }}/root/forgejo:$version + docker pull ${{ steps.forgejo.outputs.host-port }}/root/forgejo:$version-rootless + } + + # + # Create a new project with a fake forgejo and the release workflow only + # + cp -a .forgejo/testdata/build-release/* $dir + mkdir -p $dir/.forgejo/workflows + cp .forgejo/workflows/build-release.yml $dir/.forgejo/workflows + cp $dir/Dockerfile $dir/Dockerfile.rootless + + forgejo-test-helper.sh push $dir $url root forgejo + + forgejo-curl.sh api_json -X PUT --data-raw '{"data":"${{ steps.forgejo.outputs.token }}"}' $url/api/v1/repos/root/forgejo/actions/secrets/TOKEN + forgejo-curl.sh api_json -X PUT --data-raw '{"data":"root"}' $url/api/v1/repos/root/forgejo/actions/secrets/DOER + forgejo-curl.sh api_json -X PUT --data-raw '{"data":"true"}' $url/api/v1/repos/root/forgejo/actions/secrets/VERBOSE + + # + # Push a tag to trigger the release workflow and wait for it to complete + # + version=1.2.3 + sha=$(forgejo-test-helper.sh branch_tip $url root/forgejo main) + forgejo-curl.sh api_json --data-raw '{"tag_name": "v'$version'", "target": "'$sha'"}' $url/api/v1/repos/root/forgejo/tags + LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/forgejo $sha + sanity_check $url $version + + # + # Push a commit to a branch that triggers the build of a test release + # + version=1.2-test + ( + git clone $url/root/forgejo /tmp/forgejo + cd /tmp/forgejo + date > DATE + git config user.email root@example.com + git config user.name username + git add . + git commit -m 'update' + git push $url/root/forgejo main:forgejo + ) + sha=$(forgejo-test-helper.sh branch_tip $url root/forgejo forgejo) + LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/forgejo $sha + sanity_check $url $version + + - name: full logs + if: always() + run: | + sed -e 's/^/[RUNNER LOGS] /' ${{ steps.forgejo.outputs.runner-logs }} + docker logs forgejo | sed -e 's/^/[FORGEJO LOGS]/' + sleep 5 # hack to avoid mixing outputs in Forgejo v1.21 diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml new file mode 100644 index 0000000..a132242 --- /dev/null +++ b/.forgejo/workflows/build-release.yml @@ -0,0 +1,231 @@ +# +# See also https://forgejo.org/docs/next/contributor/release/#stable-release-process +# +# https://codeberg.org/forgejo-integration/forgejo +# +# Builds a release from a codeberg.org/forgejo-integration tag +# +# vars.ROLE: forgejo-integration +# +# secrets.DOER: forgejo-experimental-ci +# secrets.TOKEN: <generated from codeberg.org/forgejo-experimental-ci> scope read:user, write:repository, write:package +# +# secrets.CASCADE_ORIGIN_TOKEN: <generated from codeberg.org/forgejo-experimental-ci> scope read:user, write:repository, write:issue +# secrets.CASCADE_DESTINATION_TOKEN: <generated from code.forgejo.org/forgejo-ci> scope read:user, write:repository, write:issue +# vars.CASCADE_DESTINATION_DOER: forgejo-ci +# +on: + push: + tags: 'v[0-9]+.[0-9]+.*' + branches: + - 'forgejo' + - 'v*/forgejo' + +jobs: + release: + runs-on: self-hosted + # root is used for testing, allow it + if: vars.ROLE == 'forgejo-integration' || github.repository_owner == 'root' + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Sanitize the name of the repository + id: repository + run: | + repository="${{ github.repository }}" + echo "value=${repository##*/}" >> "$GITHUB_OUTPUT" + + - uses: https://code.forgejo.org/actions/setup-node@v4 + with: + node-version: 20 + + - uses: https://code.forgejo.org/actions/setup-go@v4 + with: + go-version-file: "go.mod" + + - name: version from ref + id: release-info + shell: bash + run: | + set -x + ref="${{ github.ref }}" + if [[ $ref =~ ^refs/heads/ ]] ; then + if test "$ref" = "refs/heads/forgejo" ; then + version=$(git tag -l --sort=version:refname --merged | grep -v -e '-test$' | tail -1 | sed -E -e 's/^(v[0-9]+\.[0-9]+).*/\1/')-test + else + version=${ref#refs/heads/} + version=${version%/forgejo}-test + fi + override=true + fi + if [[ $ref =~ ^refs/tags/ ]] ; then + version=${ref#refs/tags/} + override=false + fi + if test -z "$version" ; then + echo failed to figure out the release version from the reference=$ref + exit 1 + fi + version=${version#v} + git describe --exclude '*-test' --tags --always + echo "sha=${{ github.sha }}" >> "$GITHUB_OUTPUT" + echo "version=$version" >> "$GITHUB_OUTPUT" + echo "override=$override" >> "$GITHUB_OUTPUT" + + - name: release notes + id: release-notes + run: | + anchor=${{ steps.release-info.outputs.version }} + anchor=${anchor//./-} + cat >> "$GITHUB_OUTPUT" <<EOF + value<<ENDVAR + See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#$anchor + ENDVAR + EOF + + - name: cache node_modules + id: node + uses: https://code.forgejo.org/actions/cache@v4 + with: + path: | + node_modules + key: node-${{ steps.release-info.outputs.version }} + + - name: skip if node cache hit + if: steps.node.outputs.cache-hit != 'true' + run: echo no hit + + - name: Build sources + run: | + set -x + apt-get -qq install -y make + version=${{ steps.release-info.outputs.version }} + # + # Make sure all files are owned by the current user. + # When run as root `npx webpack` will assume the identity + # of the owner of the current working directory and may + # fail to create files if some sub-directories are not owned + # by the same user. + # + # Binaries: + # Node: 18.17.0 - /usr/local/node-v18.17.0-linux-x64/bin/node + # npm: 9.6.7 - /usr/local/node-v18.17.0-linux-x64/bin/npm + # Packages: + # add-asset-webpack-plugin: 2.0.1 => 2.0.1 + # css-loader: 6.8.1 => 6.8.1 + # esbuild-loader: 3.0.1 => 3.0.1 + # license-checker-webpack-plugin: 0.2.1 => 0.2.1 + # monaco-editor-webpack-plugin: 7.0.1 => 7.0.1 + # vue-loader: 17.2.2 => 17.2.2 + # webpack: 5.87.0 => 5.87.0 + # webpack-cli: 5.1.4 => 5.1.4 + # + chown -R $(id -u) . + make VERSION=$version TAGS=bindata sources-tarbal + mv dist/release release + + ( + tmp=$(mktemp -d) + tar --directory $tmp -zxvf release/*$version*.tar.gz + cd $tmp/* + # + # Verify `make frontend` files are available + # + test -d public/assets/css + test -d public/assets/fonts + test -d public/assets/js + # + # Verify `make generate` files are available + # + test -f modules/public/bindata.go + # + # Sanity check to verify that the source tarbal knows the + # version and is able to rebuild itself from it. + # + # When in sources the version is determined with git. + # When in the tarbal the version is determined from a VERSION file. + # + make sources-tarbal + tarbal=$(echo dist/release/*$version*.tar.gz) + if ! test -f $tarbal ; then + echo $tarbal does not exist + find dist release + exit 1 + fi + ) + + - name: build container & release + if: ${{ secrets.TOKEN != '' }} + uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5.1.1 + with: + forgejo: "${{ env.GITHUB_SERVER_URL }}" + owner: "${{ env.GITHUB_REPOSITORY_OWNER }}" + repository: "${{ steps.repository.outputs.value }}" + doer: "${{ secrets.DOER }}" + release-version: "${{ steps.release-info.outputs.version }}" + sha: "${{ steps.release-info.outputs.sha }}" + token: "${{ secrets.TOKEN }}" + platforms: linux/amd64,linux/arm64,linux/arm/v6 + release-notes: "${{ steps.release-notes.outputs.value }}" + binary-name: forgejo + binary-path: /app/gitea/forgejo-cli + override: "${{ steps.release-info.outputs.override }}" + verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}" + verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }} + + - name: build rootless container + if: ${{ secrets.TOKEN != '' }} + uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5.1.1 + with: + forgejo: "${{ env.GITHUB_SERVER_URL }}" + owner: "${{ env.GITHUB_REPOSITORY_OWNER }}" + repository: "${{ steps.repository.outputs.value }}" + doer: "${{ secrets.DOER }}" + release-version: "${{ steps.release-info.outputs.version }}" + sha: "${{ steps.release-info.outputs.sha }}" + token: "${{ secrets.TOKEN }}" + platforms: linux/amd64,linux/arm64,linux/arm/v6 + suffix: -rootless + dockerfile: Dockerfile.rootless + override: "${{ steps.release-info.outputs.override }}" + verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}" + verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }} + + - name: end-to-end tests + if: ${{ secrets.TOKEN != '' && vars.ROLE == 'forgejo-integration' }} + uses: https://code.forgejo.org/actions/cascading-pr@v2 + with: + origin-url: ${{ env.GITHUB_SERVER_URL }} + origin-repo: ${{ github.repository }} + origin-token: ${{ secrets.CASCADE_ORIGIN_TOKEN }} + origin-ref: refs/heads/forgejo + destination-url: https://code.forgejo.org + destination-fork-repo: ${{ vars.CASCADE_DESTINATION_DOER }}/end-to-end + destination-repo: forgejo/end-to-end + destination-branch: main + destination-token: ${{ secrets.CASCADE_DESTINATION_TOKEN }} + update: .forgejo/cascading-release-end-to-end + + - name: copy to experimental + if: vars.ROLE == 'forgejo-integration' && secrets.TOKEN != '' + run: | + if test "${{ vars.VERBOSE }}" = true ; then + set -x + fi + tag=v${{ steps.release-info.outputs.version }} + url=https://any:${{ secrets.TOKEN }}@codeberg.org + if test "${{ steps.release-info.outputs.override }}" = "true" ; then + curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/releases/tags/$tag > /dev/null + curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/tags/$tag > /dev/null + fi + # actions/checkout@v3 sets http.https://codeberg.org/.extraheader with the automatic token. + # Get rid of it so it does not prevent using the token that has write permissions + git config --local --unset http.https://codeberg.org/.extraheader + if test -f .git/shallow ; then + echo "unexptected .git/shallow file is present" + echo "it suggests a checkout --depth X was used which may prevent pushing the commit" + echo "it happens when actions/checkout is called without depth: 0" + fi + git push $url/forgejo-experimental/forgejo ${{ steps.release-info.outputs.sha }}:refs/tags/$tag diff --git a/.forgejo/workflows/cascade-setup-end-to-end.yml b/.forgejo/workflows/cascade-setup-end-to-end.yml new file mode 100644 index 0000000..404bbe8 --- /dev/null +++ b/.forgejo/workflows/cascade-setup-end-to-end.yml @@ -0,0 +1,74 @@ +# Copyright 2024 The Forgejo Authors +# SPDX-License-Identifier: MIT +# +# To modify this workflow: +# +# - push it to the wip-ci-end-to-end branch on the forgejo repository +# otherwise it will not have access to the secrets required to push +# the cascading PR +# +# - once it works, open a pull request for the sake of keeping track +# of the change even if the PR won't run it because it will use +# whatever is in the default branch instead +# +# - after it is merged, double check it works by setting the +# run-end-to-end-test on a pull request (any pull request will doe +# +on: + push: + branches: + - 'wip-ci-end-to-end' + pull_request_target: + types: + - labeled + +jobs: + info: + if: ${{ !startsWith(vars.ROLE, 'forgejo-') }} + runs-on: docker + container: + image: code.forgejo.org/oci/node:20-bookworm + steps: + - name: event + run: | + echo github.event.pull_request.head.repo.fork = ${{ github.event.pull_request.head.repo.fork }} + echo github.event.action = ${{ github.event.action }} + echo github.event.pull_request.merged = ${{ github.event.pull_request.merged }} + echo github.event.pull_request.labels.*.name + cat <<'EOF' + ${{ toJSON(github.event.pull_request.labels.*.name) }} + EOF + cat <<'EOF' + ${{ toJSON(github.event) }} + EOF + + cascade: + if: > + !startsWith(vars.ROLE, 'forgejo-') && ( + github.event_name == 'push' || + ( + github.event.action == 'label_updated' && contains(github.event.pull_request.labels.*.name, 'run-end-to-end-tests') + ) + ) + runs-on: docker + container: + image: code.forgejo.org/oci/node:20-bookworm + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: '0' + show-progress: 'false' + - uses: actions/cascading-pr@v2 + with: + origin-url: ${{ env.GITHUB_SERVER_URL }} + origin-repo: ${{ github.repository }} + origin-token: ${{ secrets.END_TO_END_CASCADING_PR_ORIGIN }} + origin-pr: ${{ github.event.pull_request.number }} + origin-ref: ${{ github.event_name == 'push' && github.event.ref || '' }} + destination-url: https://code.forgejo.org + destination-fork-repo: cascading-pr/end-to-end + destination-repo: forgejo/end-to-end + destination-branch: main + destination-token: ${{ secrets.END_TO_END_CASCADING_PR_DESTINATION }} + close-merge: true + update: .forgejo/cascading-pr-end-to-end diff --git a/.forgejo/workflows/e2e.yml b/.forgejo/workflows/e2e.yml new file mode 100644 index 0000000..9f2fbb0 --- /dev/null +++ b/.forgejo/workflows/e2e.yml @@ -0,0 +1,37 @@ +name: e2e + +on: + pull_request: + paths: + - Makefile + - playwright.config.js + - .forgejo/workflows/e2e.yml + - tests/e2e/** + - web_src/js/** + - web_src/css/form.css + - templates/webhook/shared-settings.tmpl + - templates/org/team/new.tmpl + +jobs: + test-e2e: + if: ${{ !startsWith(vars.ROLE, 'forgejo-') }} + runs-on: docker + container: + image: 'code.forgejo.org/oci/playwright:latest' + steps: + - uses: https://code.forgejo.org/actions/checkout@v4 + - uses: https://code.forgejo.org/actions/setup-go@v4 + with: + go-version-file: "go.mod" + - run: | + git config --add safe.directory '*' + chown -R forgejo:forgejo . + - run: | + su forgejo -c 'make deps-frontend frontend deps-backend' + - run: | + su forgejo -c 'make backend' + - run: | + su forgejo -c 'make generate test-e2e-sqlite' + timeout-minutes: 40 + env: + USE_REPO_TEST_DIR: 1 diff --git a/.forgejo/workflows/forgejo-integration-cleanup.yml b/.forgejo/workflows/forgejo-integration-cleanup.yml new file mode 100644 index 0000000..049679a --- /dev/null +++ b/.forgejo/workflows/forgejo-integration-cleanup.yml @@ -0,0 +1,39 @@ +on: + workflow_dispatch: + + schedule: + - cron: '@daily' + +jobs: + integration-cleanup: + if: vars.ROLE == 'forgejo-integration' + runs-on: docker + container: + image: 'code.forgejo.org/oci/node:20-bookworm' + steps: + + - name: apt install curl jq + run: | + export DEBIAN_FRONTEND=noninteractive + apt-get update -qq + apt-get -q install -qq -y curl jq + + - name: remove old releases and tags + run: | + url=https://any:${{ secrets.TOKEN }}@codeberg.org + curl -sS "$url/api/v1/repos/forgejo-integration/forgejo/releases" | jq -r '.[] | "\(.published_at) \(.tag_name)"' | sort | while read published_at version ; do + if echo $version | grep -e '-test$' >/dev/null; then + old="18 months" + else + old="1 day" + fi + too_old=$(env -i date --date="- $old" +%F) + too_old_seconds=$(env -i date --date="- $old" +%s) + published_at_seconds=$(env -i date --date="$published_at" +%s) + if test $published_at_seconds -le $too_old_seconds ; then + echo "$version was published more than $old ago ($published_at <= $too_old) and will be removed" + curl -X DELETE -sS "$url/api/v1/repos/forgejo-integration/forgejo/releases/tags/$version" + else + echo "$version was published less than $old ago" + fi + done diff --git a/.forgejo/workflows/mirror.yml b/.forgejo/workflows/mirror.yml new file mode 100644 index 0000000..fd22211 --- /dev/null +++ b/.forgejo/workflows/mirror.yml @@ -0,0 +1,27 @@ +name: mirror + +on: + workflow_dispatch: + + schedule: + - cron: '@daily' + +jobs: + mirror: + if: ${{ secrets.MIRROR_TOKEN != '' }} + runs-on: docker + container: + image: 'code.forgejo.org/oci/node:20-bookworm' + steps: + - name: git push {v*/,}forgejo + run: | + git init --bare . + git remote add origin ${{ env.GITHUB_SERVER_URL }}/${{ env.GITHUB_REPOSITORY }} + git fetch origin refs/heads/forgejo:refs/mirror/forgejo + git ls-remote origin refs/heads/v*/forgejo | while read sha full_ref ; do + ref=${full_ref#refs/heads/} + echo git fetch origin $full_ref:refs/mirror/$ref + git fetch origin $full_ref:refs/mirror/$ref + done + echo git push --force https://${{ vars.MIRROR_DESTINATION }} refs/mirror/*:refs/heads/* + git push --force https://any:${{ secrets.MIRROR_TOKEN }}@${{ vars.MIRROR_DESTINATION }} refs/mirror/*:refs/heads/* diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml new file mode 100644 index 0000000..5de8785 --- /dev/null +++ b/.forgejo/workflows/publish-release.yml @@ -0,0 +1,88 @@ +# SPDX-License-Identifier: MIT +# +# See also https://forgejo.org/docs/next/contributor/release/#stable-release-process +# +# https://codeberg.org/forgejo-experimental/forgejo +# +# Copies a release from codeberg.org/forgejo-integration to codeberg.org/forgejo-experimental +# +# vars.ROLE: forgejo-experimental +# vars.FORGEJO: https://codeberg.org +# vars.FROM_OWNER: forgejo-integration +# vars.TO_OWNER: forgejo-experimental +# vars.REPO: forgejo +# vars.DOER: forgejo-experimental-ci +# secrets.TOKEN: <generated from codeberg.org/forgejo-experimental-ci> +# +# http://private.forgejo.org/forgejo/forgejo +# +# Copies & sign a release from codeberg.org/forgejo-integration to codeberg.org/forgejo +# +# vars.ROLE: forgejo-release +# vars.FORGEJO: https://codeberg.org +# vars.FROM_OWNER: forgejo-integration +# vars.TO_OWNER: forgejo +# vars.REPO: forgejo +# vars.DOER: release-team +# secrets.TOKEN: <generated from codeberg.org/release-team> +# secrets.GPG_PRIVATE_KEY: <XYZ> +# secrets.GPG_PASSPHRASE: <ABC> +# +name: Pubish release + +on: + push: + tags: 'v*' + +jobs: + publish: + runs-on: self-hosted + if: vars.DOER != '' && vars.FORGEJO != '' && vars.TO_OWNER != '' && vars.FROM_OWNER != '' && secrets.TOKEN != '' + steps: + - uses: actions/checkout@v4 + + - name: copy & sign + uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5 + with: + from-forgejo: ${{ vars.FORGEJO }} + to-forgejo: ${{ vars.FORGEJO }} + from-owner: ${{ vars.FROM_OWNER }} + to-owner: ${{ vars.TO_OWNER }} + repo: ${{ vars.REPO }} + release-notes: "See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#{ANCHOR}" + ref-name: ${{ github.ref_name }} + sha: ${{ github.sha }} + from-token: ${{ secrets.TOKEN }} + to-doer: ${{ vars.DOER }} + to-token: ${{ secrets.TOKEN }} + gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} + verbose: ${{ vars.VERBOSE }} + + - name: upgrade v*.next.forgejo.org + run: | + export DEBIAN_FRONTEND=noninteractive + apt-get update -qq + apt-get -q install -y -qq curl + version="${{ github.ref_name }}" + version=${version##*v} + major=$(echo $version | sed -E -e 's/^([0-9]+).*/\1/') + # https://forgejo.org/docs/next/developer/infrastructure + curl -o /dev/null -sS https://v$major.next.forgejo.org/.well-known/wakeup-on-logs/forgejo-v$major + + - name: set up go for the DNS update below + if: vars.ROLE == 'forgejo-experimental' && secrets.OVH_APP_KEY != '' + uses: https://code.forgejo.org/actions/setup-go@v4 + with: + go-version-file: "go.mod" + - name: update the _release.experimental DNS record + if: vars.ROLE == 'forgejo-experimental' && secrets.OVH_APP_KEY != '' + uses: https://code.forgejo.org/actions/ovh-dns-update@v1 + with: + subdomain: _release.experimental + domain: forgejo.com # there is a CNAME from .org to .com (for security reasons) + record-id: 5283602601 + value: v=${{ github.ref_name }} + ovh-app-key: ${{ secrets.OVH_APP_KEY }} + ovh-app-secret: ${{ secrets.OVH_APP_SECRET }} + ovh-consumer-key: ${{ secrets.OVH_CON_KEY }} diff --git a/.forgejo/workflows/release-notes-assistant-milestones.yml b/.forgejo/workflows/release-notes-assistant-milestones.yml new file mode 100644 index 0000000..dfe9a33 --- /dev/null +++ b/.forgejo/workflows/release-notes-assistant-milestones.yml @@ -0,0 +1,33 @@ +on: + workflow_dispatch: + + schedule: + - cron: '@daily' + +jobs: + release-notes: + if: ${{ !startsWith(vars.ROLE, 'forgejo-') + runs-on: docker + container: + image: 'code.forgejo.org/oci/node:20-bookworm' + steps: + - uses: https://code.forgejo.org/actions/checkout@v4 + + - uses: https://code.forgejo.org/actions/setup-go@v4 + with: + go-version-file: "go.mod" + cache: false + + - name: apt install jq + run: | + export DEBIAN_FRONTEND=noninteractive + apt-get update -qq + apt-get -q install -y -qq jq + + - name: update open milestones + run: | + set -x + curl -sS $GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/milestones?state=open | jq -r '.[] | .title' | while read forgejo version ; do + milestone="$forgejo $version" + go run code.forgejo.org/forgejo/release-notes-assistant@v1.1.1 --config .release-notes-assistant.yaml --storage milestone --storage-location "$milestone" --forgejo-url $GITHUB_SERVER_URL --repository $GITHUB_REPOSITORY --token ${{ secrets.RELEASE_NOTES_ASSISTANT_TOKEN }} release $version + done diff --git a/.forgejo/workflows/release-notes-assistant.yml b/.forgejo/workflows/release-notes-assistant.yml new file mode 100644 index 0000000..3fed2d0 --- /dev/null +++ b/.forgejo/workflows/release-notes-assistant.yml @@ -0,0 +1,39 @@ +on: + pull_request_target: + types: + - edited + - synchronize + - labeled + +jobs: + release-notes: + if: ${{ !startsWith(vars.ROLE, 'forgejo-') && contains(github.event.pull_request.labels.*.name, 'worth a release-note') }} + runs-on: docker + container: + image: 'code.forgejo.org/oci/node:20-bookworm' + steps: + - uses: https://code.forgejo.org/actions/checkout@v4 + + - name: event + run: | + cat <<'EOF' + ${{ toJSON(github.event.pull_request.labels.*.name) }} + EOF + cat <<'EOF' + ${{ toJSON(github.event) }} + EOF + + - uses: https://code.forgejo.org/actions/setup-go@v4 + with: + go-version-file: "go.mod" + cache: false + + - name: apt install jq + run: | + export DEBIAN_FRONTEND=noninteractive + apt-get update -qq + apt-get -q install -y -qq jq + + - name: release-notes-assistant preview + run: | + go run code.forgejo.org/forgejo/release-notes-assistant@v1.1.1 --config .release-notes-assistant.yaml --storage pr --storage-location ${{ github.event.pull_request.number }} --forgejo-url $GITHUB_SERVER_URL --repository $GITHUB_REPOSITORY --token ${{ secrets.RELEASE_NOTES_ASSISTANT_TOKEN }} preview ${{ github.event.pull_request.number }} diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml new file mode 100644 index 0000000..400cd45 --- /dev/null +++ b/.forgejo/workflows/renovate.yml @@ -0,0 +1,69 @@ +# +# Runs every 2 hours, but Renovate is limited to create new PR before 4am. +# See renovate.json for more settings. +# Automerge is enabled for Renovate PR's but need to be approved before. +# +name: renovate + +on: + push: + branches: + - 'renovate/**' # self-test updates + schedule: + - cron: '0 0/2 * * *' + workflow_dispatch: + +env: + RENOVATE_DRY_RUN: ${{ (github.event_name != 'schedule' && github.ref_name != github.event.repository.default_branch) && 'full' || '' }} + RENOVATE_REPOSITORIES: ${{ github.repository }} + +jobs: + renovate: + if: ${{ secrets.RENOVATE_TOKEN != '' }} + + runs-on: docker + container: + image: code.forgejo.org/forgejo-contrib/renovate:38.93.2 + + steps: + - name: Load renovate repo cache + uses: https://code.forgejo.org/actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + with: + path: | + .tmp/cache/renovate/repository + .tmp/cache/renovate/renovate-cache-sqlite + .tmp/osv + key: repo-cache-${{ github.run_id }} + restore-keys: | + repo-cache- + + - name: Run renovate + run: renovate + env: + GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }} + LOG_LEVEL: debug + RENOVATE_BASE_DIR: ${{ github.workspace }}/.tmp + RENOVATE_ENDPOINT: ${{ github.server_url }} + RENOVATE_PLATFORM: gitea + RENOVATE_REPOSITORY_CACHE: 'enabled' + RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }} + RENOVATE_GIT_AUTHOR: 'Renovate Bot <forgejo-renovate-action@forgejo.org>' + + RENOVATE_X_SQLITE_PACKAGE_CACHE: true + + GIT_AUTHOR_NAME: 'Renovate Bot' + GIT_AUTHOR_EMAIL: 'forgejo-renovate-action@forgejo.org' + GIT_COMMITTER_NAME: 'Renovate Bot' + GIT_COMMITTER_EMAIL: 'forgejo-renovate-action@forgejo.org' + + OSV_OFFLINE_ROOT_DIR: ${{ github.workspace }}/.tmp/osv + + - name: Save renovate repo cache + if: always() && env.RENOVATE_DRY_RUN != 'full' + uses: https://code.forgejo.org/actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + with: + path: | + .tmp/cache/renovate/repository + .tmp/cache/renovate/renovate-cache-sqlite + .tmp/osv + key: repo-cache-${{ github.run_id }} diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml new file mode 100644 index 0000000..563ff3b --- /dev/null +++ b/.forgejo/workflows/testing.yml @@ -0,0 +1,337 @@ +name: testing + +on: + pull_request: + push: + branches: + - 'forgejo*' + - 'v*/forgejo*' + +jobs: + backend-checks: + if: ${{ !startsWith(vars.ROLE, 'forgejo-') }} + runs-on: docker + container: + image: 'code.forgejo.org/oci/node:20-bookworm' + steps: + - name: event info + run: | + cat <<'EOF' + ${{ toJSON(github) }} + EOF + - uses: https://code.forgejo.org/actions/checkout@v4 + - uses: https://code.forgejo.org/actions/setup-go@v4 + with: + go-version-file: "go.mod" + - run: make deps-backend deps-tools + - run: make --always-make -j$(nproc) lint-backend tidy-check swagger-check fmt-check swagger-validate # ensure the "go-licenses" make target runs + - run: | + make backend + env: + TAGS: bindata + - uses: actions/cache@v4 + with: + path: '/workspace/forgejo/forgejo/gitea' + key: backend-build-${{ github.sha }} + frontend-checks: + if: ${{ !startsWith(vars.ROLE, 'forgejo-') }} + runs-on: docker + container: + image: 'code.forgejo.org/oci/node:20-bookworm' + steps: + - uses: https://code.forgejo.org/actions/checkout@v4 + - run: make deps-frontend + - run: make lint-frontend + - run: make checks-frontend + - run: make test-frontend-coverage + - run: make frontend + test-unit: + if: ${{ !startsWith(vars.ROLE, 'forgejo-') }} + runs-on: docker + needs: [backend-checks, frontend-checks] + container: + image: 'code.forgejo.org/oci/node:20-bookworm' + services: + elasticsearch: + image: docker.io/bitnami/elasticsearch:7 + env: + discovery.type: single-node + ES_JAVA_OPTS: "-Xms512m -Xmx512m" + minio: + image: docker.io/bitnami/minio:2024.8.17 + options: >- + --hostname gitea.minio + env: + MINIO_DOMAIN: minio + MINIO_ROOT_USER: 123456 + MINIO_ROOT_PASSWORD: 12345678 + steps: + - uses: https://code.forgejo.org/actions/checkout@v4 + - uses: https://code.forgejo.org/actions/setup-go@v4 + with: + go-version-file: "go.mod" + - run: | + git config --add safe.directory '*' + adduser --quiet --comment forgejo --disabled-password forgejo + chown -R forgejo:forgejo . + - name: install git >= 2.42 + run: | + export DEBIAN_FRONTEND=noninteractive + echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list + apt-get update -qq + apt-get -q install -qq -y git + rm /etc/apt/sources.list.d/testing.list + apt-get update -qq + - name: test release-notes-assistant.sh + run: | + apt-get -q install -qq -y jq + ./release-notes-assistant.sh test_main + - run: | + su forgejo -c 'make deps-backend' + - uses: actions/cache/restore@v4 + id: cache-backend + with: + path: '/workspace/forgejo/forgejo/gitea' + key: backend-build-${{ github.sha }} + - if: steps.cache-backend.outputs.cache-hit != 'true' + run: | + su forgejo -c 'make backend' + env: + TAGS: bindata + - run: | + su forgejo -c 'make test-backend test-check' + timeout-minutes: 50 + env: + RACE_ENABLED: 'true' + TAGS: bindata + TEST_ELASTICSEARCH_URL: http://elasticsearch:9200 + test-remote-cacher: + if: ${{ !startsWith(vars.ROLE, 'forgejo-') }} + runs-on: docker + needs: [backend-checks, frontend-checks] + container: + image: 'code.forgejo.org/oci/node:20-bookworm' + strategy: + matrix: + cacher: + # redis + - image: docker.io/bitnami/redis:7.2 + port: 6379 + # redict + - image: registry.redict.io/redict:7.3.0-scratch + port: 6379 + # valkey + - image: docker.io/bitnami/valkey:7.2 + port: 6379 + # garnet + - image: ghcr.io/microsoft/garnet-alpine:1.0.14 + port: 6379 + services: + cacher: + image: ${{ matrix.cacher.image }} + options: ${{ matrix.cacher.options }} + steps: + - uses: https://code.forgejo.org/actions/checkout@v4 + - uses: https://code.forgejo.org/actions/setup-go@v4 + with: + go-version-file: "go.mod" + - run: | + git config --add safe.directory '*' + adduser --quiet --comment forgejo --disabled-password forgejo + chown -R forgejo:forgejo . + - name: install git >= 2.42 + run: | + export DEBIAN_FRONTEND=noninteractive + echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list + apt-get update -qq + apt-get -q install -qq -y git + rm /etc/apt/sources.list.d/testing.list + apt-get update -qq + - run: | + su forgejo -c 'make deps-backend' + - uses: actions/cache/restore@v4 + id: cache-backend + with: + path: '/workspace/forgejo/forgejo/gitea' + key: backend-build-${{ github.sha }} + - if: steps.cache-backend.outputs.cache-hit != 'true' + run: | + su forgejo -c 'make backend' + env: + TAGS: bindata + - run: | + su forgejo -c 'make test-remote-cacher test-check' + timeout-minutes: 50 + env: + RACE_ENABLED: 'true' + TAGS: bindata + TEST_REDIS_SERVER: cacher:${{ matrix.cacher.port }} + test-mysql: + if: ${{ !startsWith(vars.ROLE, 'forgejo-') }} + runs-on: docker + needs: [backend-checks, frontend-checks] + container: + image: 'code.forgejo.org/oci/node:20-bookworm' + services: + mysql: + image: 'docker.io/bitnami/mysql:8.4' + env: + ALLOW_EMPTY_PASSWORD: yes + MYSQL_DATABASE: testgitea + # + # See also https://codeberg.org/forgejo/forgejo/issues/976 + # + MYSQL_EXTRA_FLAGS: --innodb-adaptive-flushing=OFF --innodb-buffer-pool-size=4G --innodb-log-buffer-size=128M --innodb-flush-log-at-trx-commit=0 --innodb-flush-log-at-timeout=30 --innodb-flush-method=nosync --innodb-fsync-threshold=1000000000 + steps: + - uses: https://code.forgejo.org/actions/checkout@v4 + - uses: https://code.forgejo.org/actions/setup-go@v4 + with: + go-version-file: "go.mod" + - name: install dependencies & git >= 2.42 + run: | + export DEBIAN_FRONTEND=noninteractive + echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list + apt-get update -qq + apt-get install --no-install-recommends -qq -y git git-lfs + rm /etc/apt/sources.list.d/testing.list + apt-get update -qq + - name: setup user and permissions + run: | + git config --add safe.directory '*' + adduser --quiet --comment forgejo --disabled-password forgejo + chown -R forgejo:forgejo . + - run: | + su forgejo -c 'make deps-backend' + - uses: actions/cache/restore@v4 + id: cache-backend + with: + path: '/workspace/forgejo/forgejo/gitea' + key: backend-build-${{ github.sha }} + - if: steps.cache-backend.outputs.cache-hit != 'true' + run: | + su forgejo -c 'make backend' + env: + TAGS: bindata + - run: | + su forgejo -c 'make test-mysql-migration test-mysql' + timeout-minutes: 50 + env: + USE_REPO_TEST_DIR: 1 + test-pgsql: + if: ${{ !startsWith(vars.ROLE, 'forgejo-') }} + runs-on: docker + needs: [backend-checks, frontend-checks] + container: + image: 'code.forgejo.org/oci/node:20-bookworm' + services: + minio: + image: docker.io/bitnami/minio:2024.8.17 + env: + MINIO_ROOT_USER: 123456 + MINIO_ROOT_PASSWORD: 12345678 + ldap: + image: docker.io/gitea/test-openldap:latest + pgsql: + image: 'code.forgejo.org/oci/postgres:15' + env: + POSTGRES_DB: test + POSTGRES_PASSWORD: postgres + steps: + - uses: https://code.forgejo.org/actions/checkout@v4 + - uses: https://code.forgejo.org/actions/setup-go@v4 + with: + go-version-file: "go.mod" + - name: install dependencies & git >= 2.42 + run: | + export DEBIAN_FRONTEND=noninteractive + echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list + apt-get update -qq + apt-get install --no-install-recommends -qq -y git git-lfs + rm /etc/apt/sources.list.d/testing.list + apt-get update -qq + - name: setup user and permissions + run: | + git config --add safe.directory '*' + adduser --quiet --comment forgejo --disabled-password forgejo + chown -R forgejo:forgejo . + - run: | + su forgejo -c 'make deps-backend' + - uses: actions/cache/restore@v4 + id: cache-backend + with: + path: '/workspace/forgejo/forgejo/gitea' + key: backend-build-${{ github.sha }} + - if: steps.cache-backend.outputs.cache-hit != 'true' + run: | + su forgejo -c 'make backend' + env: + TAGS: bindata + - run: | + su forgejo -c 'make test-pgsql-migration test-pgsql' + timeout-minutes: 50 + env: + RACE_ENABLED: true + USE_REPO_TEST_DIR: 1 + TEST_LDAP: 1 + test-sqlite: + if: ${{ !startsWith(vars.ROLE, 'forgejo-') }} + runs-on: docker + needs: [backend-checks, frontend-checks] + container: + image: 'code.forgejo.org/oci/node:20-bookworm' + steps: + - uses: https://code.forgejo.org/actions/checkout@v4 + - uses: https://code.forgejo.org/actions/setup-go@v4 + with: + go-version-file: "go.mod" + - name: install dependencies & git >= 2.42 + run: | + export DEBIAN_FRONTEND=noninteractive + echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list + apt-get update -qq + apt-get install --no-install-recommends -qq -y git git-lfs + rm /etc/apt/sources.list.d/testing.list + apt-get update -qq + - name: setup user and permissions + run: | + git config --add safe.directory '*' + adduser --quiet --comment forgejo --disabled-password forgejo + chown -R forgejo:forgejo . + - run: | + su forgejo -c 'make deps-backend' + - uses: actions/cache/restore@v4 + id: cache-backend + with: + path: '/workspace/forgejo/forgejo/gitea' + key: backend-build-${{ github.sha }} + - if: steps.cache-backend.outputs.cache-hit != 'true' + run: | + su forgejo -c 'make backend' + env: + TAGS: bindata sqlite sqlite_unlock_notify + - run: | + su forgejo -c 'make test-sqlite-migration test-sqlite' + timeout-minutes: 50 + env: + TAGS: sqlite sqlite_unlock_notify + RACE_ENABLED: true + TEST_TAGS: sqlite sqlite_unlock_notify + USE_REPO_TEST_DIR: 1 + security-check: + if: ${{ !startsWith(vars.ROLE, 'forgejo-') }} + runs-on: docker + needs: + - test-sqlite + - test-pgsql + - test-mysql + - test-remote-cacher + - test-unit + container: + image: 'code.forgejo.org/oci/node:20-bookworm' + steps: + - uses: https://code.forgejo.org/actions/checkout@v4 + - uses: https://code.forgejo.org/actions/setup-go@v4 + with: + go-version-file: "go.mod" + - run: make deps-backend deps-tools + - run: make security-check |