mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-12-11 15:22:33 +01:00
231 lines
9.2 KiB
YAML
231 lines
9.2 KiB
YAML
#
|
|
# See also https://forgejo.org/docs/next/contributor/release/#stable-release-process
|
|
#
|
|
# https://codeberg.org/forgejo-integration/forgejo
|
|
#
|
|
# Builds a release from a codeberg.org/forgejo-integration tag
|
|
#
|
|
# vars.ROLE: forgejo-integration
|
|
#
|
|
# secrets.DOER: forgejo-experimental-ci
|
|
# secrets.TOKEN: <generated from codeberg.org/forgejo-experimental-ci> scope read:user, write:repository, write:package
|
|
#
|
|
# secrets.CASCADE_ORIGIN_TOKEN: <generated from codeberg.org/forgejo-experimental-ci> scope read:user, write:repository, write:issue
|
|
# secrets.CASCADE_DESTINATION_TOKEN: <generated from code.forgejo.org/forgejo-ci> scope read:user, write:repository, write:issue
|
|
# vars.CASCADE_DESTINATION_DOER: forgejo-ci
|
|
#
|
|
on:
|
|
push:
|
|
tags: 'v[0-9]+.[0-9]+.*'
|
|
branches:
|
|
- 'forgejo'
|
|
- 'v*/forgejo'
|
|
|
|
jobs:
|
|
release:
|
|
runs-on: self-hosted
|
|
# root is used for testing, allow it
|
|
if: vars.ROLE == 'forgejo-integration' || github.repository_owner == 'root'
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Sanitize the name of the repository
|
|
id: repository
|
|
run: |
|
|
repository="${{ github.repository }}"
|
|
echo "value=${repository##*/}" >> "$GITHUB_OUTPUT"
|
|
|
|
- uses: https://code.forgejo.org/actions/setup-node@v3
|
|
with:
|
|
node-version: 20
|
|
|
|
- uses: https://code.forgejo.org/actions/setup-go@v4
|
|
with:
|
|
go-version-file: "go.mod"
|
|
|
|
- name: version from ref
|
|
id: release-info
|
|
shell: bash
|
|
run: |
|
|
set -x
|
|
ref="${{ github.ref }}"
|
|
if [[ $ref =~ ^refs/heads/ ]] ; then
|
|
if test "$ref" = "refs/heads/forgejo" ; then
|
|
version=$(git tag -l --sort=version:refname --merged | grep -v -e '-test$' | tail -1 | sed -E -e 's/^(v[0-9]+\.[0-9]+).*/\1/')-test
|
|
else
|
|
version=${ref#refs/heads/}
|
|
version=${version%/forgejo}-test
|
|
fi
|
|
override=true
|
|
fi
|
|
if [[ $ref =~ ^refs/tags/ ]] ; then
|
|
version=${ref#refs/tags/}
|
|
override=false
|
|
fi
|
|
if test -z "$version" ; then
|
|
echo failed to figure out the release version from the reference=$ref
|
|
exit 1
|
|
fi
|
|
version=${version#v}
|
|
git describe --exclude '*-test' --tags --always
|
|
echo "sha=${{ github.sha }}" >> "$GITHUB_OUTPUT"
|
|
echo "version=$version" >> "$GITHUB_OUTPUT"
|
|
echo "override=$override" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: release notes
|
|
id: release-notes
|
|
run: |
|
|
anchor=${{ steps.release-info.outputs.version }}
|
|
anchor=${anchor//./-}
|
|
cat >> "$GITHUB_OUTPUT" <<EOF
|
|
value<<ENDVAR
|
|
See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#$anchor
|
|
ENDVAR
|
|
EOF
|
|
|
|
- name: cache node_modules
|
|
id: node
|
|
uses: https://code.forgejo.org/actions/cache@v3
|
|
with:
|
|
path: |
|
|
node_modules
|
|
key: node-${{ steps.release-info.outputs.version }}
|
|
|
|
- name: skip if node cache hit
|
|
if: steps.node.outputs.cache-hit != 'true'
|
|
run: echo no hit
|
|
|
|
- name: Build sources
|
|
run: |
|
|
set -x
|
|
apt-get -qq install -y make
|
|
version=${{ steps.release-info.outputs.version }}
|
|
#
|
|
# Make sure all files are owned by the current user.
|
|
# When run as root `npx webpack` will assume the identity
|
|
# of the owner of the current working directory and may
|
|
# fail to create files if some sub-directories are not owned
|
|
# by the same user.
|
|
#
|
|
# Binaries:
|
|
# Node: 18.17.0 - /usr/local/node-v18.17.0-linux-x64/bin/node
|
|
# npm: 9.6.7 - /usr/local/node-v18.17.0-linux-x64/bin/npm
|
|
# Packages:
|
|
# add-asset-webpack-plugin: 2.0.1 => 2.0.1
|
|
# css-loader: 6.8.1 => 6.8.1
|
|
# esbuild-loader: 3.0.1 => 3.0.1
|
|
# license-checker-webpack-plugin: 0.2.1 => 0.2.1
|
|
# monaco-editor-webpack-plugin: 7.0.1 => 7.0.1
|
|
# vue-loader: 17.2.2 => 17.2.2
|
|
# webpack: 5.87.0 => 5.87.0
|
|
# webpack-cli: 5.1.4 => 5.1.4
|
|
#
|
|
chown -R $(id -u) .
|
|
make VERSION=$version TAGS=bindata sources-tarbal
|
|
mv dist/release release
|
|
|
|
(
|
|
tmp=$(mktemp -d)
|
|
tar --directory $tmp -zxvf release/*$version*.tar.gz
|
|
cd $tmp/*
|
|
#
|
|
# Verify `make frontend` files are available
|
|
#
|
|
test -d public/assets/css
|
|
test -d public/assets/fonts
|
|
test -d public/assets/js
|
|
#
|
|
# Verify `make generate` files are available
|
|
#
|
|
test -f modules/public/bindata.go
|
|
#
|
|
# Sanity check to verify that the source tarbal knows the
|
|
# version and is able to rebuild itself from it.
|
|
#
|
|
# When in sources the version is determined with git.
|
|
# When in the tarbal the version is determined from a VERSION file.
|
|
#
|
|
make sources-tarbal
|
|
tarbal=$(echo dist/release/*$version*.tar.gz)
|
|
if ! test -f $tarbal ; then
|
|
echo $tarbal does not exist
|
|
find dist release
|
|
exit 1
|
|
fi
|
|
)
|
|
|
|
- name: build container & release
|
|
if: ${{ secrets.TOKEN != '' }}
|
|
uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5.1.1
|
|
with:
|
|
forgejo: "${{ env.GITHUB_SERVER_URL }}"
|
|
owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
|
|
repository: "${{ steps.repository.outputs.value }}"
|
|
doer: "${{ secrets.DOER }}"
|
|
release-version: "${{ steps.release-info.outputs.version }}"
|
|
sha: "${{ steps.release-info.outputs.sha }}"
|
|
token: "${{ secrets.TOKEN }}"
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v6
|
|
release-notes: "${{ steps.release-notes.outputs.value }}"
|
|
binary-name: forgejo
|
|
binary-path: /app/gitea/forgejo-cli
|
|
override: "${{ steps.release-info.outputs.override }}"
|
|
verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}"
|
|
verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }}
|
|
|
|
- name: build rootless container
|
|
if: ${{ secrets.TOKEN != '' }}
|
|
uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5.1.1
|
|
with:
|
|
forgejo: "${{ env.GITHUB_SERVER_URL }}"
|
|
owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
|
|
repository: "${{ steps.repository.outputs.value }}"
|
|
doer: "${{ secrets.DOER }}"
|
|
release-version: "${{ steps.release-info.outputs.version }}"
|
|
sha: "${{ steps.release-info.outputs.sha }}"
|
|
token: "${{ secrets.TOKEN }}"
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v6
|
|
suffix: -rootless
|
|
dockerfile: Dockerfile.rootless
|
|
override: "${{ steps.release-info.outputs.override }}"
|
|
verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}"
|
|
verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }}
|
|
|
|
- name: end-to-end tests
|
|
if: ${{ secrets.TOKEN != '' && vars.ROLE == 'forgejo-integration' }}
|
|
uses: https://code.forgejo.org/actions/cascading-pr@v2
|
|
with:
|
|
origin-url: ${{ env.GITHUB_SERVER_URL }}
|
|
origin-repo: ${{ github.repository }}
|
|
origin-token: ${{ secrets.CASCADE_ORIGIN_TOKEN }}
|
|
origin-ref: refs/heads/forgejo
|
|
destination-url: https://code.forgejo.org
|
|
destination-fork-repo: ${{ vars.CASCADE_DESTINATION_DOER }}/end-to-end
|
|
destination-repo: forgejo/end-to-end
|
|
destination-branch: main
|
|
destination-token: ${{ secrets.CASCADE_DESTINATION_TOKEN }}
|
|
update: .forgejo/cascading-release-end-to-end
|
|
|
|
- name: copy to experimental
|
|
if: vars.ROLE == 'forgejo-integration' && secrets.TOKEN != ''
|
|
run: |
|
|
if test "${{ vars.VERBOSE }}" = true ; then
|
|
set -x
|
|
fi
|
|
tag=v${{ steps.release-info.outputs.version }}
|
|
url=https://any:${{ secrets.TOKEN }}@codeberg.org
|
|
if test "${{ steps.release-info.outputs.override }}" = "true" ; then
|
|
curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/releases/tags/$tag > /dev/null
|
|
curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/tags/$tag > /dev/null
|
|
fi
|
|
# actions/checkout@v3 sets http.https://codeberg.org/.extraheader with the automatic token.
|
|
# Get rid of it so it does not prevent using the token that has write permissions
|
|
git config --local --unset http.https://codeberg.org/.extraheader
|
|
if test -f .git/shallow ; then
|
|
echo "unexptected .git/shallow file is present"
|
|
echo "it suggests a checkout --depth X was used which may prevent pushing the commit"
|
|
echo "it happens when actions/checkout is called without depth: 0"
|
|
fi
|
|
git push $url/forgejo-experimental/forgejo ${{ steps.release-info.outputs.sha }}:refs/tags/$tag
|