From 168d5d586904835762d213b2b8815b458a38c78f Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Fri, 7 Jul 2023 16:30:56 +0200 Subject: [PATCH] [CI] Forgejo Actions based release process (squash) doc / ca / verbosity - Document workflow - Increase verbosity if VERBOSE=true - Download the Certificate Authority if behind the VPN --- .forgejo/actions/publish-release/action.yml | 18 +++++++---- .forgejo/workflows/publish-release.yml | 35 +++++++++++++++++++++ 2 files changed, 47 insertions(+), 6 deletions(-) diff --git a/.forgejo/actions/publish-release/action.yml b/.forgejo/actions/publish-release/action.yml index bafa473000..e093b46e4d 100644 --- a/.forgejo/actions/publish-release/action.yml +++ b/.forgejo/actions/publish-release/action.yml @@ -5,30 +5,33 @@ description: | inputs: forgejo: - description: 'URL of the Forgejo instance where the release is uploaded' + description: 'URL of the Forgejo instance where the release is uploaded (e.g. https://codeberg.org)' required: true from-owner: - description: 'the owner from which a release is to be copied' + description: 'the owner from which a release is to be copied (e.g forgejo-integration)' required: true to-owner: - description: 'the owner to which a release is to be copied' + description: 'the owner to which a release is to be copied (e.g. forgejo-experimental). It has be an organization in which doer has the required permissions. Or be the same as the doer' required: true repo: description: 'the repository from which a release is to be copied relative to from-owner and to-owner' default: 'forgejo' ref-name: - description: 'ref_name of the tag of the release to be copied' + description: 'ref_name of the tag of the release to be copied (e.g. github.ref_name)' required: true doer: - description: 'Name of the user authoring the release' + description: 'Name of the user authoring the release (e.g. release-team). The user must be authorized to create packages in to-owner and releases in to-owner/repo' required: true token: - description: 'application token on FORGEJO with permission to the repository and the packages' + description: 'application token created on forgejo by the doer, with a scope allowing it to create packages in to-owner and releases in to-owner/repo' required: true gpg-private-key: description: 'GPG Private Key to sign the release artifacts' gpg-passphrase: description: 'Passphrase of the GPG Private Key' + verbose: + description: 'Increase the verbosity level' + default: 'false' runs: using: "composite" @@ -59,6 +62,7 @@ runs: release-dir: release download-retry: 60 token: ${{ inputs.token }} + verbose: ${{ inputs.verbose }} - name: upload release uses: https://code.forgejo.org/actions/forgejo-release@v1 @@ -71,6 +75,7 @@ runs: token: ${{ inputs.token }} gpg-private-key: ${{ inputs.gpg-private-key }} gpg-passphrase: ${{ inputs.gpg-passphrase }} + verbose: ${{ inputs.verbose }} - name: login to the registry uses: https://github.com/docker/login-action@v2 @@ -91,3 +96,4 @@ runs: tag: ${{ steps.tag-version.outputs.value }} doer: ${{ inputs.doer }} token: ${{ inputs.token }} + verbose: ${{ inputs.verbose }} diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml index d95c20a31f..c76e78cc12 100644 --- a/.forgejo/workflows/publish-release.yml +++ b/.forgejo/workflows/publish-release.yml @@ -1,4 +1,31 @@ # SPDX-License-Identifier: MIT +# +# See also https://forgejo.org/docs/next/developer/RELEASE/#release-process +# +# https://codeberg.org/forgejo-experimental/forgejo +# +# Copies a release from codeberg.org/forgejo-integration to codeberg.org/forgejo-experimental +# +# ROLE: forgejo-experimental +# FORGEJO: https://codeberg.org +# FROM_OWNER: forgejo-integration +# TO_OWNER: forgejo-experimental +# DOER: forgejo-experimental-ci +# TOKEN: +# +# https://forgejo.octopuce.forgejo.org/forgejo/forgejo +# +# Copies & sign a release from codeberg.org/forgejo-integration to codeberg.org/forgejo +# +# ROLE: forgejo-release +# FORGEJO: https://codeberg.org +# FROM_OWNER: forgejo-integration +# TO_OWNER: forgejo +# DOER: release-team +# TOKEN: +# GPG_PRIVATE_KEY: +# GPG_PASSPHRASE: +# name: Pubish release on: @@ -10,6 +37,13 @@ jobs: runs-on: self-hosted if: secrets.DOER != '' && secrets.FORGEJO != '' && secrets.TO_OWNER != '' && secrets.FROM_OWNER != '' && secrets.TOKEN != '' steps: + - name: install the certificate authority + if: secrets.ROLE == 'forgejo-release' + run: | + apt-get install -qq -y wget + wget --no-check-certificate -O /usr/local/share/ca-certificates/enough.crt https://forgejo.octopuce.forgejo.org/forgejo/enough/raw/branch/main/certs/2023-05-13/ca.crt + update-ca-certificates --fresh + - uses: actions/checkout@v3 - name: copy & sign binaries and container images from one owner to another @@ -23,3 +57,4 @@ jobs: token: ${{ secrets.TOKEN }} gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} + verbose: ${{ secrets.VERBOSE }}