summaryrefslogtreecommitdiffstats
path: root/.forgejo/workflows
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--.forgejo/workflows/backport.yml59
-rw-r--r--.forgejo/workflows/build-release-integration.yml135
-rw-r--r--.forgejo/workflows/build-release.yml231
-rw-r--r--.forgejo/workflows/cascade-setup-end-to-end.yml74
-rw-r--r--.forgejo/workflows/e2e.yml37
-rw-r--r--.forgejo/workflows/forgejo-integration-cleanup.yml39
-rw-r--r--.forgejo/workflows/milestone.yml24
-rw-r--r--.forgejo/workflows/mirror.yml27
-rw-r--r--.forgejo/workflows/publish-release.yml86
-rw-r--r--.forgejo/workflows/release-notes-assistant-milestones.yml33
-rw-r--r--.forgejo/workflows/release-notes-assistant.yml39
-rw-r--r--.forgejo/workflows/renovate.yml71
-rw-r--r--.forgejo/workflows/testing.yml337
13 files changed, 1192 insertions, 0 deletions
diff --git a/.forgejo/workflows/backport.yml b/.forgejo/workflows/backport.yml
new file mode 100644
index 0000000..fca01a1
--- /dev/null
+++ b/.forgejo/workflows/backport.yml
@@ -0,0 +1,59 @@
+# Copyright 2024 The Forgejo Authors
+# SPDX-License-Identifier: MIT
+#
+# To modify this workflow:
+#
+# - change pull_request_target: to pull_request:
+# so that it runs from a pull request instead of the default branch
+#
+# - push it to the wip-ci-backport branch on the forgejo repository
+# otherwise it will not have access to the secrets required to push
+# the PR
+#
+# - open a pull request targetting wip-ci-backport that includes a change
+# that can be backported without conflict in v1.21 and set the
+# `backport/v1.21` label.
+#
+# - once it works, open a pull request for the sake of keeping track
+# of the change even if the PR won't run it because it will use
+# whatever is in the default branch instead
+#
+# - after it is merged, double check it works by setting a
+# `backport/v1.21` label on a merged pull request that can be backported
+# without conflict.
+#
+on:
+ pull_request_target:
+ types:
+ - closed
+ - labeled
+
+jobs:
+ backporting:
+ if: >
+ ( vars.ROLE == 'forgejo-coding' ) && (
+ github.event.pull_request.merged
+ &&
+ contains(toJSON(github.event.pull_request.labels), 'backport/v')
+ )
+ runs-on: docker
+ container:
+ image: 'code.forgejo.org/oci/node:20-bookworm'
+ steps:
+ - name: event info
+ run: |
+ cat <<'EOF'
+ ${{ toJSON(github) }}
+ EOF
+ - uses: https://code.forgejo.org/actions/git-backporting@v4.8.0
+ with:
+ target-branch-pattern: "^backport/(?<target>(v.*))$"
+ strategy: ort
+ strategy-option: find-renames
+ cherry-pick-options: -x
+ auth: ${{ secrets.BACKPORT_TOKEN }}
+ pull-request: ${{ github.event.pull_request.url }}
+ auto-no-squash: true
+ enable-err-notification: true
+ git-user: forgejo-backport-action
+ git-email: forgejo-backport-action@noreply.codeberg.org
diff --git a/.forgejo/workflows/build-release-integration.yml b/.forgejo/workflows/build-release-integration.yml
new file mode 100644
index 0000000..d10f40f
--- /dev/null
+++ b/.forgejo/workflows/build-release-integration.yml
@@ -0,0 +1,135 @@
+name: Integration tests for the release process
+
+on:
+ push:
+ paths:
+ - Makefile
+ - Dockerfile
+ - Dockerfile.rootless
+ - docker/**
+ - .forgejo/workflows/build-release.yml
+ - .forgejo/workflows/build-release-integration.yml
+ branches-ignore:
+ - renovate/**
+ pull_request:
+ paths:
+ - Makefile
+ - Dockerfile
+ - Dockerfile.rootless
+ - docker/**
+ - .forgejo/workflows/build-release.yml
+ - .forgejo/workflows/build-release-integration.yml
+
+jobs:
+ release-simulation:
+ if: vars.ROLE == 'forgejo-coding'
+ runs-on: self-hosted
+ steps:
+ - uses: actions/checkout@v4
+
+ - id: forgejo
+ uses: https://code.forgejo.org/actions/setup-forgejo@v1
+ with:
+ user: root
+ password: admin1234
+ image-version: 1.21
+ lxc-ip-prefix: 10.0.9
+
+ - name: publish the forgejo release
+ shell: bash
+ run: |
+ set -x
+
+ cat > /etc/docker/daemon.json <<EOF
+ {
+ "insecure-registries" : ["${{ steps.forgejo.outputs.host-port }}"]
+ }
+ EOF
+ systemctl restart docker
+
+ apt-get install -qq -y xz-utils
+
+ dir=$(mktemp -d)
+ trap "rm -fr $dir" EXIT
+
+ url=http://root:admin1234@${{ steps.forgejo.outputs.host-port }}
+ export FORGEJO_RUNNER_LOGS="${{ steps.forgejo.outputs.runner-logs }}"
+
+ function sanity_check() {
+ local url=$1 version=$2
+ #
+ # Minimal sanity checks. Since the binary
+ # is a script shell it does not test the sanity of the cross
+ # build, only the sanity of the naming of the binaries.
+ #
+ for arch in amd64 arm64 arm-6 ; do
+ local binary=forgejo-$version-linux-$arch
+ for suffix in '' '.xz' ; do
+ curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$binary$suffix > $binary$suffix
+ if test "$suffix" = .xz ; then
+ unxz --keep $binary$suffix
+ fi
+ chmod +x $binary
+ ./$binary --version | grep $version
+ curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$binary$suffix.sha256 > $binary$suffix.sha256
+ shasum -a 256 --check $binary$suffix.sha256
+ rm $binary$suffix
+ done
+ done
+
+ local sources=forgejo-src-$version.tar.gz
+ curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$sources > $sources
+ curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$sources.sha256 > $sources.sha256
+ shasum -a 256 --check $sources.sha256
+
+ docker pull ${{ steps.forgejo.outputs.host-port }}/root/forgejo:$version
+ docker pull ${{ steps.forgejo.outputs.host-port }}/root/forgejo:$version-rootless
+ }
+
+ #
+ # Create a new project with a fake forgejo and the release workflow only
+ #
+ cp -a .forgejo/testdata/build-release/* $dir
+ mkdir -p $dir/.forgejo/workflows
+ cp .forgejo/workflows/build-release.yml $dir/.forgejo/workflows
+ cp $dir/Dockerfile $dir/Dockerfile.rootless
+
+ forgejo-test-helper.sh push $dir $url root forgejo
+
+ forgejo-curl.sh api_json -X PUT --data-raw '{"data":"${{ steps.forgejo.outputs.token }}"}' $url/api/v1/repos/root/forgejo/actions/secrets/TOKEN
+ forgejo-curl.sh api_json -X PUT --data-raw '{"data":"root"}' $url/api/v1/repos/root/forgejo/actions/secrets/DOER
+ forgejo-curl.sh api_json -X PUT --data-raw '{"data":"true"}' $url/api/v1/repos/root/forgejo/actions/secrets/VERBOSE
+
+ #
+ # Push a tag to trigger the release workflow and wait for it to complete
+ #
+ version=1.2.3
+ sha=$(forgejo-test-helper.sh branch_tip $url root/forgejo main)
+ forgejo-curl.sh api_json --data-raw '{"tag_name": "v'$version'", "target": "'$sha'"}' $url/api/v1/repos/root/forgejo/tags
+ LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/forgejo $sha
+ sanity_check $url $version
+
+ #
+ # Push a commit to a branch that triggers the build of a test release
+ #
+ version=1.2-test
+ (
+ git clone $url/root/forgejo /tmp/forgejo
+ cd /tmp/forgejo
+ date > DATE
+ git config user.email root@example.com
+ git config user.name username
+ git add .
+ git commit -m 'update'
+ git push $url/root/forgejo main:forgejo
+ )
+ sha=$(forgejo-test-helper.sh branch_tip $url root/forgejo forgejo)
+ LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/forgejo $sha
+ sanity_check $url $version
+
+ - name: full logs
+ if: always()
+ run: |
+ sed -e 's/^/[RUNNER LOGS] /' ${{ steps.forgejo.outputs.runner-logs }}
+ docker logs forgejo | sed -e 's/^/[FORGEJO LOGS]/'
+ sleep 5 # hack to avoid mixing outputs in Forgejo v1.21
diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml
new file mode 100644
index 0000000..bc74de8
--- /dev/null
+++ b/.forgejo/workflows/build-release.yml
@@ -0,0 +1,231 @@
+#
+# See also https://forgejo.org/docs/next/contributor/release/#stable-release-process
+#
+# https://codeberg.org/forgejo-integration/forgejo
+#
+# Builds a release from a codeberg.org/forgejo-integration tag
+#
+# vars.ROLE: forgejo-integration
+#
+# secrets.DOER: forgejo-experimental-ci
+# secrets.TOKEN: <generated from codeberg.org/forgejo-experimental-ci> scope read:user, write:repository, write:package
+#
+# secrets.CASCADE_ORIGIN_TOKEN: <generated from codeberg.org/forgejo-experimental-ci> scope read:user, write:repository, write:issue
+# secrets.CASCADE_DESTINATION_TOKEN: <generated from code.forgejo.org/forgejo-ci> scope read:user, write:repository, write:issue
+# vars.CASCADE_DESTINATION_DOER: forgejo-ci
+#
+on:
+ push:
+ tags: 'v[0-9]+.[0-9]+.*'
+ branches:
+ - 'forgejo'
+ - 'v*/forgejo'
+
+jobs:
+ release:
+ runs-on: self-hosted
+ # root is used for testing, allow it
+ if: vars.ROLE == 'forgejo-integration' || github.repository_owner == 'root'
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ fetch-depth: 0
+
+ - name: Sanitize the name of the repository
+ id: repository
+ run: |
+ repository="${{ github.repository }}"
+ echo "value=${repository##*/}" >> "$GITHUB_OUTPUT"
+
+ - uses: https://code.forgejo.org/actions/setup-node@v4
+ with:
+ node-version: 20
+
+ - uses: https://code.forgejo.org/actions/setup-go@v4
+ with:
+ go-version-file: "go.mod"
+
+ - name: version from ref
+ id: release-info
+ shell: bash
+ run: |
+ set -x
+ ref="${{ github.ref }}"
+ if [[ $ref =~ ^refs/heads/ ]] ; then
+ if test "$ref" = "refs/heads/forgejo" ; then
+ version=$(git tag -l --sort=version:refname --merged | grep -v -e '-test$' | tail -1 | sed -E -e 's/^(v[0-9]+\.[0-9]+).*/\1/')-test
+ else
+ version=${ref#refs/heads/}
+ version=${version%/forgejo}-test
+ fi
+ override=true
+ fi
+ if [[ $ref =~ ^refs/tags/ ]] ; then
+ version=${ref#refs/tags/}
+ override=false
+ fi
+ if test -z "$version" ; then
+ echo failed to figure out the release version from the reference=$ref
+ exit 1
+ fi
+ version=${version#v}
+ git describe --exclude '*-test' --tags --always
+ echo "sha=${{ github.sha }}" >> "$GITHUB_OUTPUT"
+ echo "version=$version" >> "$GITHUB_OUTPUT"
+ echo "override=$override" >> "$GITHUB_OUTPUT"
+
+ - name: release notes
+ id: release-notes
+ run: |
+ anchor=${{ steps.release-info.outputs.version }}
+ anchor=${anchor//./-}
+ cat >> "$GITHUB_OUTPUT" <<EOF
+ value<<ENDVAR
+ See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#$anchor
+ ENDVAR
+ EOF
+
+ - name: cache node_modules
+ id: node
+ uses: https://code.forgejo.org/actions/cache@v4
+ with:
+ path: |
+ node_modules
+ key: node-${{ steps.release-info.outputs.version }}
+
+ - name: skip if node cache hit
+ if: steps.node.outputs.cache-hit != 'true'
+ run: echo no hit
+
+ - name: Build sources
+ run: |
+ set -x
+ apt-get -qq install -y make
+ version=${{ steps.release-info.outputs.version }}
+ #
+ # Make sure all files are owned by the current user.
+ # When run as root `npx webpack` will assume the identity
+ # of the owner of the current working directory and may
+ # fail to create files if some sub-directories are not owned
+ # by the same user.
+ #
+ # Binaries:
+ # Node: 18.17.0 - /usr/local/node-v18.17.0-linux-x64/bin/node
+ # npm: 9.6.7 - /usr/local/node-v18.17.0-linux-x64/bin/npm
+ # Packages:
+ # add-asset-webpack-plugin: 2.0.1 => 2.0.1
+ # css-loader: 6.8.1 => 6.8.1
+ # esbuild-loader: 3.0.1 => 3.0.1
+ # license-checker-webpack-plugin: 0.2.1 => 0.2.1
+ # monaco-editor-webpack-plugin: 7.0.1 => 7.0.1
+ # vue-loader: 17.2.2 => 17.2.2
+ # webpack: 5.87.0 => 5.87.0
+ # webpack-cli: 5.1.4 => 5.1.4
+ #
+ chown -R $(id -u) .
+ make VERSION=$version TAGS=bindata sources-tarbal
+ mv dist/release release
+
+ (
+ tmp=$(mktemp -d)
+ tar --directory $tmp -zxvf release/*$version*.tar.gz
+ cd $tmp/*
+ #
+ # Verify `make frontend` files are available
+ #
+ test -d public/assets/css
+ test -d public/assets/fonts
+ test -d public/assets/js
+ #
+ # Verify `make generate` files are available
+ #
+ test -f modules/public/bindata.go
+ #
+ # Sanity check to verify that the source tarbal knows the
+ # version and is able to rebuild itself from it.
+ #
+ # When in sources the version is determined with git.
+ # When in the tarbal the version is determined from a VERSION file.
+ #
+ make sources-tarbal
+ tarbal=$(echo dist/release/*$version*.tar.gz)
+ if ! test -f $tarbal ; then
+ echo $tarbal does not exist
+ find dist release
+ exit 1
+ fi
+ )
+
+ - name: build container & release
+ if: ${{ secrets.TOKEN != '' }}
+ uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5.1.1
+ with:
+ forgejo: "${{ env.GITHUB_SERVER_URL }}"
+ owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
+ repository: "${{ steps.repository.outputs.value }}"
+ doer: "${{ secrets.DOER }}"
+ release-version: "${{ steps.release-info.outputs.version }}"
+ sha: "${{ steps.release-info.outputs.sha }}"
+ token: "${{ secrets.TOKEN }}"
+ platforms: linux/amd64,linux/arm64,linux/arm/v6
+ release-notes: "${{ steps.release-notes.outputs.value }}"
+ binary-name: forgejo
+ binary-path: /app/gitea/gitea
+ override: "${{ steps.release-info.outputs.override }}"
+ verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}"
+ verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }}
+
+ - name: build rootless container
+ if: ${{ secrets.TOKEN != '' }}
+ uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5.1.1
+ with:
+ forgejo: "${{ env.GITHUB_SERVER_URL }}"
+ owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
+ repository: "${{ steps.repository.outputs.value }}"
+ doer: "${{ secrets.DOER }}"
+ release-version: "${{ steps.release-info.outputs.version }}"
+ sha: "${{ steps.release-info.outputs.sha }}"
+ token: "${{ secrets.TOKEN }}"
+ platforms: linux/amd64,linux/arm64,linux/arm/v6
+ suffix: -rootless
+ dockerfile: Dockerfile.rootless
+ override: "${{ steps.release-info.outputs.override }}"
+ verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}"
+ verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }}
+
+ - name: end-to-end tests
+ if: ${{ secrets.TOKEN != '' && vars.ROLE == 'forgejo-integration' && vars.SKIP_END_TO_END != 'true' }}
+ uses: https://code.forgejo.org/actions/cascading-pr@v2
+ with:
+ origin-url: ${{ env.GITHUB_SERVER_URL }}
+ origin-repo: ${{ github.repository }}
+ origin-token: ${{ secrets.CASCADE_ORIGIN_TOKEN }}
+ origin-ref: refs/heads/forgejo
+ destination-url: https://code.forgejo.org
+ destination-fork-repo: ${{ vars.CASCADE_DESTINATION_DOER }}/end-to-end
+ destination-repo: forgejo/end-to-end
+ destination-branch: main
+ destination-token: ${{ secrets.CASCADE_DESTINATION_TOKEN }}
+ update: .forgejo/cascading-release-end-to-end
+
+ - name: copy to experimental
+ if: vars.ROLE == 'forgejo-integration' && secrets.TOKEN != ''
+ run: |
+ if test "${{ vars.VERBOSE }}" = true ; then
+ set -x
+ fi
+ tag=v${{ steps.release-info.outputs.version }}
+ url=https://any:${{ secrets.TOKEN }}@codeberg.org
+ if test "${{ steps.release-info.outputs.override }}" = "true" ; then
+ curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/releases/tags/$tag > /dev/null
+ curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/tags/$tag > /dev/null
+ fi
+ # actions/checkout@v3 sets http.https://codeberg.org/.extraheader with the automatic token.
+ # Get rid of it so it does not prevent using the token that has write permissions
+ git config --local --unset http.https://codeberg.org/.extraheader
+ if test -f .git/shallow ; then
+ echo "unexptected .git/shallow file is present"
+ echo "it suggests a checkout --depth X was used which may prevent pushing the commit"
+ echo "it happens when actions/checkout is called without depth: 0"
+ fi
+ git push $url/forgejo-experimental/forgejo ${{ steps.release-info.outputs.sha }}:refs/tags/$tag
diff --git a/.forgejo/workflows/cascade-setup-end-to-end.yml b/.forgejo/workflows/cascade-setup-end-to-end.yml
new file mode 100644
index 0000000..f6f9498
--- /dev/null
+++ b/.forgejo/workflows/cascade-setup-end-to-end.yml
@@ -0,0 +1,74 @@
+# Copyright 2024 The Forgejo Authors
+# SPDX-License-Identifier: MIT
+#
+# To modify this workflow:
+#
+# - push it to the wip-ci-end-to-end branch on the forgejo repository
+# otherwise it will not have access to the secrets required to push
+# the cascading PR
+#
+# - once it works, open a pull request for the sake of keeping track
+# of the change even if the PR won't run it because it will use
+# whatever is in the default branch instead
+#
+# - after it is merged, double check it works by setting the
+# run-end-to-end-test on a pull request (any pull request will doe
+#
+on:
+ push:
+ branches:
+ - 'wip-ci-end-to-end'
+ pull_request_target:
+ types:
+ - labeled
+
+jobs:
+ info:
+ if: vars.ROLE == 'forgejo-coding'
+ runs-on: docker
+ container:
+ image: code.forgejo.org/oci/node:20-bookworm
+ steps:
+ - name: event
+ run: |
+ echo github.event.pull_request.head.repo.fork = ${{ github.event.pull_request.head.repo.fork }}
+ echo github.event.action = ${{ github.event.action }}
+ echo github.event.pull_request.merged = ${{ github.event.pull_request.merged }}
+ echo github.event.pull_request.labels.*.name
+ cat <<'EOF'
+ ${{ toJSON(github.event.pull_request.labels.*.name) }}
+ EOF
+ cat <<'EOF'
+ ${{ toJSON(github.event) }}
+ EOF
+
+ cascade:
+ if: >
+ vars.ROLE == 'forgejo-coding' && (
+ github.event_name == 'push' ||
+ (
+ github.event.action == 'label_updated' && contains(github.event.pull_request.labels.*.name, 'run-end-to-end-tests')
+ )
+ )
+ runs-on: docker
+ container:
+ image: code.forgejo.org/oci/node:20-bookworm
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ fetch-depth: '0'
+ show-progress: 'false'
+ - uses: actions/cascading-pr@v2
+ with:
+ origin-url: ${{ env.GITHUB_SERVER_URL }}
+ origin-repo: ${{ github.repository }}
+ origin-token: ${{ secrets.END_TO_END_CASCADING_PR_ORIGIN }}
+ origin-pr: ${{ github.event.pull_request.number }}
+ origin-ref: ${{ github.event_name == 'push' && github.event.ref || '' }}
+ destination-url: https://code.forgejo.org
+ destination-fork-repo: cascading-pr/end-to-end
+ destination-repo: forgejo/end-to-end
+ destination-branch: main
+ destination-token: ${{ secrets.END_TO_END_CASCADING_PR_DESTINATION }}
+ close-merge: true
+ update: .forgejo/cascading-pr-end-to-end
diff --git a/.forgejo/workflows/e2e.yml b/.forgejo/workflows/e2e.yml
new file mode 100644
index 0000000..5e6348f
--- /dev/null
+++ b/.forgejo/workflows/e2e.yml
@@ -0,0 +1,37 @@
+name: e2e
+
+on:
+ pull_request:
+ paths:
+ - Makefile
+ - playwright.config.js
+ - .forgejo/workflows/e2e.yml
+ - tests/e2e/**
+ - web_src/js/**
+ - web_src/css/form.css
+ - templates/webhook/shared-settings.tmpl
+ - templates/org/team/new.tmpl
+
+jobs:
+ test-e2e:
+ if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
+ runs-on: docker
+ container:
+ image: 'code.forgejo.org/oci/playwright:latest'
+ steps:
+ - uses: https://code.forgejo.org/actions/checkout@v4
+ - uses: https://code.forgejo.org/actions/setup-go@v4
+ with:
+ go-version-file: "go.mod"
+ - run: |
+ git config --add safe.directory '*'
+ chown -R forgejo:forgejo .
+ - run: |
+ su forgejo -c 'make deps-frontend frontend deps-backend'
+ - run: |
+ su forgejo -c 'make backend'
+ - run: |
+ su forgejo -c 'make generate test-e2e-sqlite'
+ timeout-minutes: 40
+ env:
+ USE_REPO_TEST_DIR: 1
diff --git a/.forgejo/workflows/forgejo-integration-cleanup.yml b/.forgejo/workflows/forgejo-integration-cleanup.yml
new file mode 100644
index 0000000..049679a
--- /dev/null
+++ b/.forgejo/workflows/forgejo-integration-cleanup.yml
@@ -0,0 +1,39 @@
+on:
+ workflow_dispatch:
+
+ schedule:
+ - cron: '@daily'
+
+jobs:
+ integration-cleanup:
+ if: vars.ROLE == 'forgejo-integration'
+ runs-on: docker
+ container:
+ image: 'code.forgejo.org/oci/node:20-bookworm'
+ steps:
+
+ - name: apt install curl jq
+ run: |
+ export DEBIAN_FRONTEND=noninteractive
+ apt-get update -qq
+ apt-get -q install -qq -y curl jq
+
+ - name: remove old releases and tags
+ run: |
+ url=https://any:${{ secrets.TOKEN }}@codeberg.org
+ curl -sS "$url/api/v1/repos/forgejo-integration/forgejo/releases" | jq -r '.[] | "\(.published_at) \(.tag_name)"' | sort | while read published_at version ; do
+ if echo $version | grep -e '-test$' >/dev/null; then
+ old="18 months"
+ else
+ old="1 day"
+ fi
+ too_old=$(env -i date --date="- $old" +%F)
+ too_old_seconds=$(env -i date --date="- $old" +%s)
+ published_at_seconds=$(env -i date --date="$published_at" +%s)
+ if test $published_at_seconds -le $too_old_seconds ; then
+ echo "$version was published more than $old ago ($published_at <= $too_old) and will be removed"
+ curl -X DELETE -sS "$url/api/v1/repos/forgejo-integration/forgejo/releases/tags/$version"
+ else
+ echo "$version was published less than $old ago"
+ fi
+ done
diff --git a/.forgejo/workflows/milestone.yml b/.forgejo/workflows/milestone.yml
new file mode 100644
index 0000000..56bd7ba
--- /dev/null
+++ b/.forgejo/workflows/milestone.yml
@@ -0,0 +1,24 @@
+# Copyright 2024 The Forgejo Authors
+# SPDX-License-Identifier: MIT
+#
+name: milestone
+
+on:
+ pull_request_target:
+ types:
+ - closed
+
+jobs:
+ set:
+ if: vars.ROLE == 'forgejo-coding' && github.event.pull_request.merged
+ runs-on: docker
+ container:
+ image: 'code.forgejo.org/oci/ci:1'
+ steps:
+ - uses: https://code.forgejo.org/forgejo/set-milestone@v1.0.0
+ with:
+ forgejo: https://codeberg.org
+ repository: forgejo/forgejo
+ token: ${{ secrets.SET_MILESTONE_TOKEN }}
+ pr-number: ${{ github.event.pull_request.number }}
+ verbose: ${{ vars.SET_MILESTONE_VERBOSE }}
diff --git a/.forgejo/workflows/mirror.yml b/.forgejo/workflows/mirror.yml
new file mode 100644
index 0000000..fd22211
--- /dev/null
+++ b/.forgejo/workflows/mirror.yml
@@ -0,0 +1,27 @@
+name: mirror
+
+on:
+ workflow_dispatch:
+
+ schedule:
+ - cron: '@daily'
+
+jobs:
+ mirror:
+ if: ${{ secrets.MIRROR_TOKEN != '' }}
+ runs-on: docker
+ container:
+ image: 'code.forgejo.org/oci/node:20-bookworm'
+ steps:
+ - name: git push {v*/,}forgejo
+ run: |
+ git init --bare .
+ git remote add origin ${{ env.GITHUB_SERVER_URL }}/${{ env.GITHUB_REPOSITORY }}
+ git fetch origin refs/heads/forgejo:refs/mirror/forgejo
+ git ls-remote origin refs/heads/v*/forgejo | while read sha full_ref ; do
+ ref=${full_ref#refs/heads/}
+ echo git fetch origin $full_ref:refs/mirror/$ref
+ git fetch origin $full_ref:refs/mirror/$ref
+ done
+ echo git push --force https://${{ vars.MIRROR_DESTINATION }} refs/mirror/*:refs/heads/*
+ git push --force https://any:${{ secrets.MIRROR_TOKEN }}@${{ vars.MIRROR_DESTINATION }} refs/mirror/*:refs/heads/*
diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
new file mode 100644
index 0000000..137af41
--- /dev/null
+++ b/.forgejo/workflows/publish-release.yml
@@ -0,0 +1,86 @@
+# SPDX-License-Identifier: MIT
+#
+# See also https://forgejo.org/docs/next/contributor/release/#stable-release-process
+#
+# https://codeberg.org/forgejo-experimental/forgejo
+#
+# Copies a release from codeberg.org/forgejo-integration to codeberg.org/forgejo-experimental
+#
+# vars.ROLE: forgejo-experimental
+# vars.FORGEJO: https://codeberg.org
+# vars.FROM_OWNER: forgejo-integration
+# vars.TO_OWNER: forgejo-experimental
+# vars.REPO: forgejo
+# vars.DOER: forgejo-experimental-ci
+# secrets.TOKEN: <generated from codeberg.org/forgejo-experimental-ci>
+#
+# http://private.forgejo.org/forgejo/forgejo
+#
+# Copies & sign a release from codeberg.org/forgejo-integration to codeberg.org/forgejo
+#
+# vars.ROLE: forgejo-release
+# vars.FORGEJO: https://codeberg.org
+# vars.FROM_OWNER: forgejo-integration
+# vars.TO_OWNER: forgejo
+# vars.REPO: forgejo
+# vars.DOER: release-team
+# secrets.TOKEN: <generated from codeberg.org/release-team>
+# secrets.GPG_PRIVATE_KEY: <XYZ>
+# secrets.GPG_PASSPHRASE: <ABC>
+#
+name: Pubish release
+
+on:
+ push:
+ tags: 'v*'
+
+jobs:
+ publish:
+ runs-on: self-hosted
+ if: vars.DOER != '' && vars.FORGEJO != '' && vars.TO_OWNER != '' && vars.FROM_OWNER != '' && secrets.TOKEN != ''
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: copy & sign
+ uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5
+ with:
+ from-forgejo: ${{ vars.FORGEJO }}
+ to-forgejo: ${{ vars.FORGEJO }}
+ from-owner: ${{ vars.FROM_OWNER }}
+ to-owner: ${{ vars.TO_OWNER }}
+ repo: ${{ vars.REPO }}
+ release-notes: "See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#{ANCHOR}"
+ ref-name: ${{ github.ref_name }}
+ sha: ${{ github.sha }}
+ from-token: ${{ secrets.TOKEN }}
+ to-doer: ${{ vars.DOER }}
+ to-token: ${{ secrets.TOKEN }}
+ gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+ gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
+ verbose: ${{ vars.VERBOSE }}
+
+ - name: get trigger mirror issue
+ id: mirror
+ uses: https://code.forgejo.org/infrastructure/issue-action/get@v1.1.0
+ with:
+ forgejo: https://code.forgejo.org
+ repository: forgejo/forgejo
+ labels: mirror-trigger
+
+ - name: trigger the mirror
+ uses: https://code.forgejo.org/infrastructure/issue-action/set@v1.1.0
+ with:
+ forgejo: https://code.forgejo.org
+ repository: forgejo/forgejo
+ token: ${{ secrets.LABEL_ISSUE_FORGEJO_MIRROR_TOKEN }}
+ numbers: ${{ steps.mirror.outputs.numbers }}
+ label-wait-if-exists: 3600
+ label: trigger
+
+ - name: upgrade v*.next.forgejo.org
+ uses: https://code.forgejo.org/infrastructure/next-digest@v1.1.0
+ with:
+ url: https://placeholder:${{ secrets.TOKEN_NEXT_DIGEST }}@code.forgejo.org/infrastructure/next-digest
+ ref_name: '${{ github.ref_name }}'
+ image: 'codeberg.org/forgejo-experimental/forgejo'
+ tag_suffix: '-rootless'
diff --git a/.forgejo/workflows/release-notes-assistant-milestones.yml b/.forgejo/workflows/release-notes-assistant-milestones.yml
new file mode 100644
index 0000000..c0bfa1e
--- /dev/null
+++ b/.forgejo/workflows/release-notes-assistant-milestones.yml
@@ -0,0 +1,33 @@
+on:
+ workflow_dispatch:
+
+ schedule:
+ - cron: '@daily'
+
+jobs:
+ release-notes:
+ if: vars.ROLE == 'forgejo-coding'
+ runs-on: docker
+ container:
+ image: 'code.forgejo.org/oci/node:20-bookworm'
+ steps:
+ - uses: https://code.forgejo.org/actions/checkout@v4
+
+ - uses: https://code.forgejo.org/actions/setup-go@v4
+ with:
+ go-version-file: "go.mod"
+ cache: false
+
+ - name: apt install jq
+ run: |
+ export DEBIAN_FRONTEND=noninteractive
+ apt-get update -qq
+ apt-get -q install -y -qq jq
+
+ - name: update open milestones
+ run: |
+ set -x
+ curl -sS $GITHUB_SERVER_URL/api/v1/repos/$GITHUB_REPOSITORY/milestones?state=open | jq -r '.[] | .title' | while read forgejo version ; do
+ milestone="$forgejo $version"
+ go run code.forgejo.org/forgejo/release-notes-assistant@v1.1.1 --config .release-notes-assistant.yaml --storage milestone --storage-location "$milestone" --forgejo-url $GITHUB_SERVER_URL --repository $GITHUB_REPOSITORY --token ${{ secrets.RELEASE_NOTES_ASSISTANT_TOKEN }} release $version
+ done
diff --git a/.forgejo/workflows/release-notes-assistant.yml b/.forgejo/workflows/release-notes-assistant.yml
new file mode 100644
index 0000000..7c5ea51
--- /dev/null
+++ b/.forgejo/workflows/release-notes-assistant.yml
@@ -0,0 +1,39 @@
+on:
+ pull_request_target:
+ types:
+ - edited
+ - synchronize
+ - labeled
+
+jobs:
+ release-notes:
+ if: ( vars.ROLE == 'forgejo-coding' ) && contains(github.event.pull_request.labels.*.name, 'worth a release-note')
+ runs-on: docker
+ container:
+ image: 'code.forgejo.org/oci/node:20-bookworm'
+ steps:
+ - uses: https://code.forgejo.org/actions/checkout@v4
+
+ - name: event
+ run: |
+ cat <<'EOF'
+ ${{ toJSON(github.event.pull_request.labels.*.name) }}
+ EOF
+ cat <<'EOF'
+ ${{ toJSON(github.event) }}
+ EOF
+
+ - uses: https://code.forgejo.org/actions/setup-go@v4
+ with:
+ go-version-file: "go.mod"
+ cache: false
+
+ - name: apt install jq
+ run: |
+ export DEBIAN_FRONTEND=noninteractive
+ apt-get update -qq
+ apt-get -q install -y -qq jq
+
+ - name: release-notes-assistant preview
+ run: |
+ go run code.forgejo.org/forgejo/release-notes-assistant@v1.1.1 --config .release-notes-assistant.yaml --storage pr --storage-location ${{ github.event.pull_request.number }} --forgejo-url $GITHUB_SERVER_URL --repository $GITHUB_REPOSITORY --token ${{ secrets.RELEASE_NOTES_ASSISTANT_TOKEN }} preview ${{ github.event.pull_request.number }}
diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml
new file mode 100644
index 0000000..dc69e17
--- /dev/null
+++ b/.forgejo/workflows/renovate.yml
@@ -0,0 +1,71 @@
+#
+# Runs every 2 hours, but Renovate is limited to create new PR before 4am.
+# See renovate.json for more settings.
+# Automerge is enabled for Renovate PR's but need to be approved before.
+#
+name: renovate
+
+on:
+ push:
+ branches:
+ - renovate/** # self-test updates
+ paths:
+ - .forgejo/workflows/renovate.yml
+ schedule:
+ - cron: '0 0/2 * * *'
+ workflow_dispatch:
+
+env:
+ RENOVATE_DRY_RUN: ${{ (github.event_name != 'schedule' && github.ref_name != github.event.repository.default_branch) && 'full' || '' }}
+ RENOVATE_REPOSITORIES: ${{ github.repository }}
+
+jobs:
+ renovate:
+ if: vars.ROLE == 'forgejo-coding' && secrets.RENOVATE_TOKEN != ''
+
+ runs-on: docker
+ container:
+ image: code.forgejo.org/forgejo-contrib/renovate:38.93.2
+
+ steps:
+ - name: Load renovate repo cache
+ uses: https://code.forgejo.org/actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+ with:
+ path: |
+ .tmp/cache/renovate/repository
+ .tmp/cache/renovate/renovate-cache-sqlite
+ .tmp/osv
+ key: repo-cache-${{ github.run_id }}
+ restore-keys: |
+ repo-cache-
+
+ - name: Run renovate
+ run: renovate
+ env:
+ GITHUB_COM_TOKEN: ${{ secrets.RENOVATE_GITHUB_COM_TOKEN }}
+ LOG_LEVEL: debug
+ RENOVATE_BASE_DIR: ${{ github.workspace }}/.tmp
+ RENOVATE_ENDPOINT: ${{ github.server_url }}
+ RENOVATE_PLATFORM: gitea
+ RENOVATE_REPOSITORY_CACHE: 'enabled'
+ RENOVATE_TOKEN: ${{ secrets.RENOVATE_TOKEN }}
+ RENOVATE_GIT_AUTHOR: 'Renovate Bot <forgejo-renovate-action@forgejo.org>'
+
+ RENOVATE_X_SQLITE_PACKAGE_CACHE: true
+
+ GIT_AUTHOR_NAME: 'Renovate Bot'
+ GIT_AUTHOR_EMAIL: 'forgejo-renovate-action@forgejo.org'
+ GIT_COMMITTER_NAME: 'Renovate Bot'
+ GIT_COMMITTER_EMAIL: 'forgejo-renovate-action@forgejo.org'
+
+ OSV_OFFLINE_ROOT_DIR: ${{ github.workspace }}/.tmp/osv
+
+ - name: Save renovate repo cache
+ if: always() && env.RENOVATE_DRY_RUN != 'full'
+ uses: https://code.forgejo.org/actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+ with:
+ path: |
+ .tmp/cache/renovate/repository
+ .tmp/cache/renovate/renovate-cache-sqlite
+ .tmp/osv
+ key: repo-cache-${{ github.run_id }}
diff --git a/.forgejo/workflows/testing.yml b/.forgejo/workflows/testing.yml
new file mode 100644
index 0000000..5ddad29
--- /dev/null
+++ b/.forgejo/workflows/testing.yml
@@ -0,0 +1,337 @@
+name: testing
+
+on:
+ pull_request:
+ push:
+ branches:
+ - 'forgejo*'
+ - 'v*/forgejo*'
+
+jobs:
+ backend-checks:
+ if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
+ runs-on: docker
+ container:
+ image: 'code.forgejo.org/oci/node:20-bookworm'
+ steps:
+ - name: event info
+ run: |
+ cat <<'EOF'
+ ${{ toJSON(github) }}
+ EOF
+ - uses: https://code.forgejo.org/actions/checkout@v4
+ - uses: https://code.forgejo.org/actions/setup-go@v4
+ with:
+ go-version-file: "go.mod"
+ - run: make deps-backend deps-tools
+ - run: make --always-make -j$(nproc) lint-backend tidy-check swagger-check fmt-check swagger-validate # ensure the "go-licenses" make target runs
+ - run: |
+ make backend
+ env:
+ TAGS: bindata
+ - uses: actions/cache@v4
+ with:
+ path: '/workspace/forgejo/forgejo/gitea'
+ key: backend-build-${{ github.sha }}
+ frontend-checks:
+ if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
+ runs-on: docker
+ container:
+ image: 'code.forgejo.org/oci/node:20-bookworm'
+ steps:
+ - uses: https://code.forgejo.org/actions/checkout@v4
+ - run: make deps-frontend
+ - run: make lint-frontend
+ - run: make checks-frontend
+ - run: make test-frontend-coverage
+ - run: make frontend
+ test-unit:
+ if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
+ runs-on: docker
+ needs: [backend-checks, frontend-checks]
+ container:
+ image: 'code.forgejo.org/oci/node:20-bookworm'
+ services:
+ elasticsearch:
+ image: docker.io/bitnami/elasticsearch:7
+ env:
+ discovery.type: single-node
+ ES_JAVA_OPTS: "-Xms512m -Xmx512m"
+ minio:
+ image: docker.io/bitnami/minio:2024.8.17
+ options: >-
+ --hostname gitea.minio
+ env:
+ MINIO_DOMAIN: minio
+ MINIO_ROOT_USER: 123456
+ MINIO_ROOT_PASSWORD: 12345678
+ steps:
+ - uses: https://code.forgejo.org/actions/checkout@v4
+ - uses: https://code.forgejo.org/actions/setup-go@v4
+ with:
+ go-version-file: "go.mod"
+ - run: |
+ git config --add safe.directory '*'
+ adduser --quiet --comment forgejo --disabled-password forgejo
+ chown -R forgejo:forgejo .
+ - name: install git >= 2.42
+ run: |
+ export DEBIAN_FRONTEND=noninteractive
+ echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list
+ apt-get update -qq
+ apt-get -q install -qq -y git
+ rm /etc/apt/sources.list.d/testing.list
+ apt-get update -qq
+ - name: test release-notes-assistant.sh
+ run: |
+ apt-get -q install -qq -y jq
+ ./release-notes-assistant.sh test_main
+ - run: |
+ su forgejo -c 'make deps-backend'
+ - uses: actions/cache/restore@v4
+ id: cache-backend
+ with:
+ path: '/workspace/forgejo/forgejo/gitea'
+ key: backend-build-${{ github.sha }}
+ - if: steps.cache-backend.outputs.cache-hit != 'true'
+ run: |
+ su forgejo -c 'make backend'
+ env:
+ TAGS: bindata
+ - run: |
+ su forgejo -c 'make test-backend test-check'
+ timeout-minutes: 50
+ env:
+ RACE_ENABLED: 'true'
+ TAGS: bindata
+ TEST_ELASTICSEARCH_URL: http://elasticsearch:9200
+ test-remote-cacher:
+ if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
+ runs-on: docker
+ needs: [backend-checks, frontend-checks]
+ container:
+ image: 'code.forgejo.org/oci/node:20-bookworm'
+ strategy:
+ matrix:
+ cacher:
+ # redis
+ - image: docker.io/bitnami/redis:7.2
+ port: 6379
+ # redict
+ - image: registry.redict.io/redict:7.3.0-scratch
+ port: 6379
+ # valkey
+ - image: docker.io/bitnami/valkey:7.2
+ port: 6379
+ # garnet
+ - image: ghcr.io/microsoft/garnet-alpine:1.0.14
+ port: 6379
+ services:
+ cacher:
+ image: ${{ matrix.cacher.image }}
+ options: ${{ matrix.cacher.options }}
+ steps:
+ - uses: https://code.forgejo.org/actions/checkout@v4
+ - uses: https://code.forgejo.org/actions/setup-go@v4
+ with:
+ go-version-file: "go.mod"
+ - run: |
+ git config --add safe.directory '*'
+ adduser --quiet --comment forgejo --disabled-password forgejo
+ chown -R forgejo:forgejo .
+ - name: install git >= 2.42
+ run: |
+ export DEBIAN_FRONTEND=noninteractive
+ echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list
+ apt-get update -qq
+ apt-get -q install -qq -y git
+ rm /etc/apt/sources.list.d/testing.list
+ apt-get update -qq
+ - run: |
+ su forgejo -c 'make deps-backend'
+ - uses: actions/cache/restore@v4
+ id: cache-backend
+ with:
+ path: '/workspace/forgejo/forgejo/gitea'
+ key: backend-build-${{ github.sha }}
+ - if: steps.cache-backend.outputs.cache-hit != 'true'
+ run: |
+ su forgejo -c 'make backend'
+ env:
+ TAGS: bindata
+ - run: |
+ su forgejo -c 'make test-remote-cacher test-check'
+ timeout-minutes: 50
+ env:
+ RACE_ENABLED: 'true'
+ TAGS: bindata
+ TEST_REDIS_SERVER: cacher:${{ matrix.cacher.port }}
+ test-mysql:
+ if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
+ runs-on: docker
+ needs: [backend-checks, frontend-checks]
+ container:
+ image: 'code.forgejo.org/oci/node:20-bookworm'
+ services:
+ mysql:
+ image: 'docker.io/bitnami/mysql:8.4'
+ env:
+ ALLOW_EMPTY_PASSWORD: yes
+ MYSQL_DATABASE: testgitea
+ #
+ # See also https://codeberg.org/forgejo/forgejo/issues/976
+ #
+ MYSQL_EXTRA_FLAGS: --innodb-adaptive-flushing=OFF --innodb-buffer-pool-size=4G --innodb-log-buffer-size=128M --innodb-flush-log-at-trx-commit=0 --innodb-flush-log-at-timeout=30 --innodb-flush-method=nosync --innodb-fsync-threshold=1000000000
+ steps:
+ - uses: https://code.forgejo.org/actions/checkout@v4
+ - uses: https://code.forgejo.org/actions/setup-go@v4
+ with:
+ go-version-file: "go.mod"
+ - name: install dependencies & git >= 2.42
+ run: |
+ export DEBIAN_FRONTEND=noninteractive
+ echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list
+ apt-get update -qq
+ apt-get install --no-install-recommends -qq -y git git-lfs
+ rm /etc/apt/sources.list.d/testing.list
+ apt-get update -qq
+ - name: setup user and permissions
+ run: |
+ git config --add safe.directory '*'
+ adduser --quiet --comment forgejo --disabled-password forgejo
+ chown -R forgejo:forgejo .
+ - run: |
+ su forgejo -c 'make deps-backend'
+ - uses: actions/cache/restore@v4
+ id: cache-backend
+ with:
+ path: '/workspace/forgejo/forgejo/gitea'
+ key: backend-build-${{ github.sha }}
+ - if: steps.cache-backend.outputs.cache-hit != 'true'
+ run: |
+ su forgejo -c 'make backend'
+ env:
+ TAGS: bindata
+ - run: |
+ su forgejo -c 'make test-mysql-migration test-mysql'
+ timeout-minutes: 50
+ env:
+ USE_REPO_TEST_DIR: 1
+ test-pgsql:
+ if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
+ runs-on: docker
+ needs: [backend-checks, frontend-checks]
+ container:
+ image: 'code.forgejo.org/oci/node:20-bookworm'
+ services:
+ minio:
+ image: docker.io/bitnami/minio:2024.8.17
+ env:
+ MINIO_ROOT_USER: 123456
+ MINIO_ROOT_PASSWORD: 12345678
+ ldap:
+ image: docker.io/gitea/test-openldap:latest
+ pgsql:
+ image: 'code.forgejo.org/oci/postgres:15'
+ env:
+ POSTGRES_DB: test
+ POSTGRES_PASSWORD: postgres
+ steps:
+ - uses: https://code.forgejo.org/actions/checkout@v4
+ - uses: https://code.forgejo.org/actions/setup-go@v4
+ with:
+ go-version-file: "go.mod"
+ - name: install dependencies & git >= 2.42
+ run: |
+ export DEBIAN_FRONTEND=noninteractive
+ echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list
+ apt-get update -qq
+ apt-get install --no-install-recommends -qq -y git git-lfs
+ rm /etc/apt/sources.list.d/testing.list
+ apt-get update -qq
+ - name: setup user and permissions
+ run: |
+ git config --add safe.directory '*'
+ adduser --quiet --comment forgejo --disabled-password forgejo
+ chown -R forgejo:forgejo .
+ - run: |
+ su forgejo -c 'make deps-backend'
+ - uses: actions/cache/restore@v4
+ id: cache-backend
+ with:
+ path: '/workspace/forgejo/forgejo/gitea'
+ key: backend-build-${{ github.sha }}
+ - if: steps.cache-backend.outputs.cache-hit != 'true'
+ run: |
+ su forgejo -c 'make backend'
+ env:
+ TAGS: bindata
+ - run: |
+ su forgejo -c 'make test-pgsql-migration test-pgsql'
+ timeout-minutes: 50
+ env:
+ RACE_ENABLED: true
+ USE_REPO_TEST_DIR: 1
+ TEST_LDAP: 1
+ test-sqlite:
+ if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
+ runs-on: docker
+ needs: [backend-checks, frontend-checks]
+ container:
+ image: 'code.forgejo.org/oci/node:20-bookworm'
+ steps:
+ - uses: https://code.forgejo.org/actions/checkout@v4
+ - uses: https://code.forgejo.org/actions/setup-go@v4
+ with:
+ go-version-file: "go.mod"
+ - name: install dependencies & git >= 2.42
+ run: |
+ export DEBIAN_FRONTEND=noninteractive
+ echo deb http://deb.debian.org/debian/ testing main > /etc/apt/sources.list.d/testing.list
+ apt-get update -qq
+ apt-get install --no-install-recommends -qq -y git git-lfs
+ rm /etc/apt/sources.list.d/testing.list
+ apt-get update -qq
+ - name: setup user and permissions
+ run: |
+ git config --add safe.directory '*'
+ adduser --quiet --comment forgejo --disabled-password forgejo
+ chown -R forgejo:forgejo .
+ - run: |
+ su forgejo -c 'make deps-backend'
+ - uses: actions/cache/restore@v4
+ id: cache-backend
+ with:
+ path: '/workspace/forgejo/forgejo/gitea'
+ key: backend-build-${{ github.sha }}
+ - if: steps.cache-backend.outputs.cache-hit != 'true'
+ run: |
+ su forgejo -c 'make backend'
+ env:
+ TAGS: bindata sqlite sqlite_unlock_notify
+ - run: |
+ su forgejo -c 'make test-sqlite-migration test-sqlite'
+ timeout-minutes: 50
+ env:
+ TAGS: sqlite sqlite_unlock_notify
+ RACE_ENABLED: true
+ TEST_TAGS: sqlite sqlite_unlock_notify
+ USE_REPO_TEST_DIR: 1
+ security-check:
+ if: vars.ROLE == 'forgejo-coding' || vars.ROLE == 'forgejo-testing'
+ runs-on: docker
+ needs:
+ - test-sqlite
+ - test-pgsql
+ - test-mysql
+ - test-remote-cacher
+ - test-unit
+ container:
+ image: 'code.forgejo.org/oci/node:20-bookworm'
+ steps:
+ - uses: https://code.forgejo.org/actions/checkout@v4
+ - uses: https://code.forgejo.org/actions/setup-go@v4
+ with:
+ go-version-file: "go.mod"
+ - run: make deps-backend deps-tools
+ - run: make security-check