c8017a2853
The ARG RELEASE_VERSION set in the build-env image does not propagate to the images that follow. As a result the value of the version label is always empty. This should have been caught by the test in the CI but although it notified the problem in the output, it did not fail. Upgrade to the forgejo-build-publish version that fixes this false positive. (cherry picked from commit 97189d41f3b9fd148312bc3e3c4a6295ff34fef5)
232 lines
9.2 KiB
YAML
232 lines
9.2 KiB
YAML
#
|
|
# See also https://forgejo.org/docs/next/developer/RELEASE/#release-process
|
|
#
|
|
# https://codeberg.org/forgejo-integration/forgejo
|
|
#
|
|
# Builds a release from a codeberg.org/forgejo-integration tag
|
|
#
|
|
# vars.ROLE: forgejo-integration
|
|
#
|
|
# secrets.DOER: forgejo-experimental-ci
|
|
# secrets.TOKEN: <generated from codeberg.org/forgejo-experimental-ci> scope read:user, write:repository, write:package
|
|
#
|
|
# secrets.CASCADE_ORIGIN_TOKEN: <generated from codeberg.org/forgejo-experimental-ci> scope read:user, write:repository, write:issue
|
|
# secrets.CASCADE_DESTINATION_TOKEN: <generated from code.forgejo.org/forgejo-ci> scope read:user, write:repository, write:issue
|
|
# vars.CASCADE_DESTINATION_DOER: forgejo-ci
|
|
#
|
|
on:
|
|
push:
|
|
tags: 'v[0-9]+.[0-9]+.*'
|
|
branches:
|
|
- 'forgejo'
|
|
- 'v*/forgejo'
|
|
|
|
jobs:
|
|
release:
|
|
runs-on: self-hosted
|
|
# root is used for testing, allow it
|
|
if: vars.ROLE == 'forgejo-integration' || github.repository_owner == 'root'
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Sanitize the name of the repository
|
|
id: repository
|
|
run: |
|
|
repository="${{ github.repository }}"
|
|
echo "value=${repository##*/}" >> "$GITHUB_OUTPUT"
|
|
|
|
- uses: https://code.forgejo.org/actions/setup-node@v3
|
|
with:
|
|
node-version: 20
|
|
|
|
- uses: https://code.forgejo.org/actions/setup-go@v4
|
|
with:
|
|
go-version: "1.22"
|
|
check-latest: true
|
|
|
|
- name: version from ref
|
|
id: release-info
|
|
shell: bash
|
|
run: |
|
|
set -x
|
|
ref="${{ github.ref }}"
|
|
if [[ $ref =~ ^refs/heads/ ]] ; then
|
|
if test "$ref" = "refs/heads/forgejo" ; then
|
|
version=$(git tag -l --sort=version:refname --merged | grep -v -e '-test$' | tail -1 | sed -E -e 's/^(v[0-9]+\.[0-9]+).*/\1/')-test
|
|
else
|
|
version=${ref#refs/heads/}
|
|
version=${version%/forgejo}-test
|
|
fi
|
|
override=true
|
|
fi
|
|
if [[ $ref =~ ^refs/tags/ ]] ; then
|
|
version=${ref#refs/tags/}
|
|
override=false
|
|
fi
|
|
if test -z "$version" ; then
|
|
echo failed to figure out the release version from the reference=$ref
|
|
exit 1
|
|
fi
|
|
version=${version#v}
|
|
git describe --exclude '*-test' --tags --always
|
|
echo "sha=${{ github.sha }}" >> "$GITHUB_OUTPUT"
|
|
echo "version=$version" >> "$GITHUB_OUTPUT"
|
|
echo "override=$override" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: release notes
|
|
id: release-notes
|
|
run: |
|
|
anchor=${{ steps.release-info.outputs.version }}
|
|
anchor=${anchor//./-}
|
|
cat >> "$GITHUB_OUTPUT" <<EOF
|
|
value<<ENDVAR
|
|
See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#$anchor
|
|
ENDVAR
|
|
EOF
|
|
|
|
- name: cache node_modules
|
|
id: node
|
|
uses: https://code.forgejo.org/actions/cache@v3
|
|
with:
|
|
path: |
|
|
node_modules
|
|
key: node-${{ steps.release-info.outputs.version }}
|
|
|
|
- name: skip if node cache hit
|
|
if: steps.node.outputs.cache-hit != 'true'
|
|
run: echo no hit
|
|
|
|
- name: Build sources
|
|
run: |
|
|
set -x
|
|
apt-get -qq install -y make
|
|
version=${{ steps.release-info.outputs.version }}
|
|
#
|
|
# Make sure all files are owned by the current user.
|
|
# When run as root `npx webpack` will assume the identity
|
|
# of the owner of the current working directory and may
|
|
# fail to create files if some sub-directories are not owned
|
|
# by the same user.
|
|
#
|
|
# Binaries:
|
|
# Node: 18.17.0 - /usr/local/node-v18.17.0-linux-x64/bin/node
|
|
# npm: 9.6.7 - /usr/local/node-v18.17.0-linux-x64/bin/npm
|
|
# Packages:
|
|
# add-asset-webpack-plugin: 2.0.1 => 2.0.1
|
|
# css-loader: 6.8.1 => 6.8.1
|
|
# esbuild-loader: 3.0.1 => 3.0.1
|
|
# license-checker-webpack-plugin: 0.2.1 => 0.2.1
|
|
# monaco-editor-webpack-plugin: 7.0.1 => 7.0.1
|
|
# vue-loader: 17.2.2 => 17.2.2
|
|
# webpack: 5.87.0 => 5.87.0
|
|
# webpack-cli: 5.1.4 => 5.1.4
|
|
#
|
|
chown -R $(id -u) .
|
|
make VERSION=$version TAGS=bindata sources-tarbal
|
|
mv dist/release release
|
|
|
|
(
|
|
tmp=$(mktemp -d)
|
|
tar --directory $tmp -zxvf release/*$version*.tar.gz
|
|
cd $tmp/*
|
|
#
|
|
# Verify `make frontend` files are available
|
|
#
|
|
test -d public/assets/css
|
|
test -d public/assets/fonts
|
|
test -d public/assets/js
|
|
#
|
|
# Verify `make generate` files are available
|
|
#
|
|
test -f modules/public/bindata.go
|
|
#
|
|
# Sanity check to verify that the source tarbal knows the
|
|
# version and is able to rebuild itself from it.
|
|
#
|
|
# When in sources the version is determined with git.
|
|
# When in the tarbal the version is determined from a VERSION file.
|
|
#
|
|
make sources-tarbal
|
|
tarbal=$(echo dist/release/*$version*.tar.gz)
|
|
if ! test -f $tarbal ; then
|
|
echo $tarbal does not exist
|
|
find dist release
|
|
exit 1
|
|
fi
|
|
)
|
|
|
|
- name: build container & release
|
|
if: ${{ secrets.TOKEN != '' }}
|
|
uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5.1.1
|
|
with:
|
|
forgejo: "${{ env.GITHUB_SERVER_URL }}"
|
|
owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
|
|
repository: "${{ steps.repository.outputs.value }}"
|
|
doer: "${{ secrets.DOER }}"
|
|
release-version: "${{ steps.release-info.outputs.version }}"
|
|
sha: "${{ steps.release-info.outputs.sha }}"
|
|
token: "${{ secrets.TOKEN }}"
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v6
|
|
release-notes: "${{ steps.release-notes.outputs.value }}"
|
|
binary-name: forgejo
|
|
binary-path: /app/gitea/gitea
|
|
override: "${{ steps.release-info.outputs.override }}"
|
|
verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}"
|
|
verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }}
|
|
|
|
- name: build rootless container
|
|
if: ${{ secrets.TOKEN != '' }}
|
|
uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5.1.1
|
|
with:
|
|
forgejo: "${{ env.GITHUB_SERVER_URL }}"
|
|
owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
|
|
repository: "${{ steps.repository.outputs.value }}"
|
|
doer: "${{ secrets.DOER }}"
|
|
release-version: "${{ steps.release-info.outputs.version }}"
|
|
sha: "${{ steps.release-info.outputs.sha }}"
|
|
token: "${{ secrets.TOKEN }}"
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v6
|
|
suffix: -rootless
|
|
dockerfile: Dockerfile.rootless
|
|
override: "${{ steps.release-info.outputs.override }}"
|
|
verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}"
|
|
verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }}
|
|
|
|
- name: end-to-end tests
|
|
if: ${{ secrets.TOKEN != '' && vars.ROLE == 'forgejo-integration' }}
|
|
uses: https://code.forgejo.org/actions/cascading-pr@v2
|
|
with:
|
|
origin-url: ${{ env.GITHUB_SERVER_URL }}
|
|
origin-repo: ${{ github.repository }}
|
|
origin-token: ${{ secrets.CASCADE_ORIGIN_TOKEN }}
|
|
origin-ref: refs/heads/forgejo
|
|
destination-url: https://code.forgejo.org
|
|
destination-fork-repo: ${{ vars.CASCADE_DESTINATION_DOER }}/end-to-end
|
|
destination-repo: forgejo/end-to-end
|
|
destination-branch: main
|
|
destination-token: ${{ secrets.CASCADE_DESTINATION_TOKEN }}
|
|
update: .forgejo/cascading-release-end-to-end
|
|
|
|
- name: copy to experimental
|
|
if: vars.ROLE == 'forgejo-integration' && secrets.TOKEN != ''
|
|
run: |
|
|
if test "${{ vars.VERBOSE }}" = true ; then
|
|
set -x
|
|
fi
|
|
tag=v${{ steps.release-info.outputs.version }}
|
|
url=https://any:${{ secrets.TOKEN }}@codeberg.org
|
|
if test "${{ steps.release-info.outputs.override }}" = "true" ; then
|
|
curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/releases/tags/$tag > /dev/null
|
|
curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/tags/$tag > /dev/null
|
|
fi
|
|
# actions/checkout@v3 sets http.https://codeberg.org/.extraheader with the automatic token.
|
|
# Get rid of it so it does not prevent using the token that has write permissions
|
|
git config --local --unset http.https://codeberg.org/.extraheader
|
|
if test -f .git/shallow ; then
|
|
echo "unexptected .git/shallow file is present"
|
|
echo "it suggests a checkout --depth X was used which may prevent pushing the commit"
|
|
echo "it happens when actions/checkout is called without depth: 0"
|
|
fi
|
|
git push $url/forgejo-experimental/forgejo ${{ steps.release-info.outputs.sha }}:refs/tags/$tag
|