# # See also https://forgejo.org/docs/next/contributor/release/#stable-release-process # # https://codeberg.org/forgejo-integration/forgejo # # Builds a release from a codeberg.org/forgejo-integration tag # # vars.ROLE: forgejo-integration # # secrets.DOER: forgejo-experimental-ci # secrets.TOKEN: <generated from codeberg.org/forgejo-experimental-ci> scope read:user, write:repository, write:package # # secrets.CASCADE_ORIGIN_TOKEN: <generated from codeberg.org/forgejo-experimental-ci> scope read:user, write:repository, write:issue # secrets.CASCADE_DESTINATION_TOKEN: <generated from code.forgejo.org/forgejo-ci> scope read:user, write:repository, write:issue # vars.CASCADE_DESTINATION_DOER: forgejo-ci # on: push: tags: 'v[0-9]+.[0-9]+.*' branches: - 'forgejo' - 'v*/forgejo' jobs: release: runs-on: self-hosted # root is used for testing, allow it if: vars.ROLE == 'forgejo-integration' || github.repository_owner == 'root' steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - name: Sanitize the name of the repository id: repository run: | repository="${{ github.repository }}" echo "value=${repository##*/}" >> "$GITHUB_OUTPUT" - uses: https://code.forgejo.org/actions/setup-node@v4 with: node-version: 20 - uses: https://code.forgejo.org/actions/setup-go@v5 with: go-version-file: "go.mod" - name: version from ref id: release-info shell: bash run: | set -x ref="${{ github.ref }}" if [[ $ref =~ ^refs/heads/ ]] ; then if test "$ref" = "refs/heads/forgejo" ; then version=$(git tag -l --sort=version:refname --merged | grep -v -e '-test$' | tail -1 | sed -E -e 's/^(v[0-9]+\.[0-9]+).*/\1/')-test else version=${ref#refs/heads/} version=${version%/forgejo}-test fi override=true fi if [[ $ref =~ ^refs/tags/ ]] ; then version=${ref#refs/tags/} override=false fi if test -z "$version" ; then echo failed to figure out the release version from the reference=$ref exit 1 fi version=${version#v} git describe --exclude '*-test' --tags --always echo "sha=${{ github.sha }}" >> "$GITHUB_OUTPUT" echo "version=$version" >> "$GITHUB_OUTPUT" echo "override=$override" >> "$GITHUB_OUTPUT" - name: release notes id: release-notes run: | anchor=${{ steps.release-info.outputs.version }} anchor=${anchor//./-} cat >> "$GITHUB_OUTPUT" <<EOF value<<ENDVAR See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#$anchor ENDVAR EOF - name: cache node_modules id: node uses: https://code.forgejo.org/actions/cache@v4 with: path: | node_modules key: node-${{ steps.release-info.outputs.version }} - name: skip if node cache hit if: steps.node.outputs.cache-hit != 'true' run: echo no hit - name: Build sources run: | set -x apt-get -qq install -y make version=${{ steps.release-info.outputs.version }} # # Make sure all files are owned by the current user. # When run as root `npx webpack` will assume the identity # of the owner of the current working directory and may # fail to create files if some sub-directories are not owned # by the same user. # # Binaries: # Node: 18.17.0 - /usr/local/node-v18.17.0-linux-x64/bin/node # npm: 9.6.7 - /usr/local/node-v18.17.0-linux-x64/bin/npm # Packages: # add-asset-webpack-plugin: 2.0.1 => 2.0.1 # css-loader: 6.8.1 => 6.8.1 # esbuild-loader: 3.0.1 => 3.0.1 # license-checker-webpack-plugin: 0.2.1 => 0.2.1 # monaco-editor-webpack-plugin: 7.0.1 => 7.0.1 # vue-loader: 17.2.2 => 17.2.2 # webpack: 5.87.0 => 5.87.0 # webpack-cli: 5.1.4 => 5.1.4 # chown -R $(id -u) . make VERSION=$version TAGS=bindata sources-tarbal mv dist/release release ( tmp=$(mktemp -d) tar --directory $tmp -zxvf release/*$version*.tar.gz cd $tmp/* # # Verify `make frontend` files are available # test -d public/assets/css test -d public/assets/fonts test -d public/assets/js # # Verify `make generate` files are available # test -f modules/public/bindata.go # # Sanity check to verify that the source tarbal knows the # version and is able to rebuild itself from it. # # When in sources the version is determined with git. # When in the tarbal the version is determined from a VERSION file. # make sources-tarbal tarbal=$(echo dist/release/*$version*.tar.gz) if ! test -f $tarbal ; then echo $tarbal does not exist find dist release exit 1 fi ) - name: build container & release if: ${{ secrets.TOKEN != '' }} uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5.1.1 with: forgejo: "${{ env.GITHUB_SERVER_URL }}" owner: "${{ env.GITHUB_REPOSITORY_OWNER }}" repository: "${{ steps.repository.outputs.value }}" doer: "${{ secrets.DOER }}" release-version: "${{ steps.release-info.outputs.version }}" sha: "${{ steps.release-info.outputs.sha }}" token: "${{ secrets.TOKEN }}" platforms: linux/amd64,linux/arm64,linux/arm/v6 release-notes: "${{ steps.release-notes.outputs.value }}" binary-name: forgejo binary-path: /app/gitea/gitea override: "${{ steps.release-info.outputs.override }}" verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}" verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }} - name: build rootless container if: ${{ secrets.TOKEN != '' }} uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5.1.1 with: forgejo: "${{ env.GITHUB_SERVER_URL }}" owner: "${{ env.GITHUB_REPOSITORY_OWNER }}" repository: "${{ steps.repository.outputs.value }}" doer: "${{ secrets.DOER }}" release-version: "${{ steps.release-info.outputs.version }}" sha: "${{ steps.release-info.outputs.sha }}" token: "${{ secrets.TOKEN }}" platforms: linux/amd64,linux/arm64,linux/arm/v6 suffix: -rootless dockerfile: Dockerfile.rootless override: "${{ steps.release-info.outputs.override }}" verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}" verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }} - name: end-to-end tests if: ${{ secrets.TOKEN != '' && vars.ROLE == 'forgejo-integration' && vars.SKIP_END_TO_END != 'true' }} uses: https://code.forgejo.org/actions/cascading-pr@v2 with: origin-url: ${{ env.GITHUB_SERVER_URL }} origin-repo: ${{ github.repository }} origin-token: ${{ secrets.CASCADE_ORIGIN_TOKEN }} origin-ref: refs/heads/forgejo destination-url: https://code.forgejo.org destination-fork-repo: ${{ vars.CASCADE_DESTINATION_DOER }}/end-to-end destination-repo: forgejo/end-to-end destination-branch: main destination-token: ${{ secrets.CASCADE_DESTINATION_TOKEN }} update: .forgejo/cascading-release-end-to-end - name: copy to experimental if: vars.ROLE == 'forgejo-integration' && secrets.TOKEN != '' run: | if test "${{ vars.VERBOSE }}" = true ; then set -x fi tag=v${{ steps.release-info.outputs.version }} url=https://any:${{ secrets.TOKEN }}@codeberg.org if test "${{ steps.release-info.outputs.override }}" = "true" ; then curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/releases/tags/$tag > /dev/null curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/tags/$tag > /dev/null fi # actions/checkout@v3 sets http.https://codeberg.org/.extraheader with the automatic token. # Get rid of it so it does not prevent using the token that has write permissions git config --local --unset http.https://codeberg.org/.extraheader if test -f .git/shallow ; then echo "unexptected .git/shallow file is present" echo "it suggests a checkout --depth X was used which may prevent pushing the commit" echo "it happens when actions/checkout is called without depth: 0" fi git push $url/forgejo-experimental/forgejo ${{ steps.release-info.outputs.sha }}:refs/tags/$tag