From e613ab40a5d70a56bd97672b3d0555e7ac21fb60 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Sun, 30 Apr 2023 18:26:17 +0200 Subject: [PATCH] [FORGEJO] workflows --- .forgejo/workflows/build-release.yml | 133 ++++++++++++++++++ .forgejo/workflows/integration.yml | 58 ++++++++ .forgejo/workflows/publish-binary.yml | 40 ++++++ .../workflows/publish-container-image.yml | 43 ++++++ .forgejo/workflows/test.yml | 24 ++++ 5 files changed, 298 insertions(+) create mode 100644 .forgejo/workflows/build-release.yml create mode 100644 .forgejo/workflows/integration.yml create mode 100644 .forgejo/workflows/publish-binary.yml create mode 100644 .forgejo/workflows/publish-container-image.yml create mode 100644 .forgejo/workflows/test.yml diff --git a/.forgejo/workflows/build-release.yml b/.forgejo/workflows/build-release.yml new file mode 100644 index 0000000..874f733 --- /dev/null +++ b/.forgejo/workflows/build-release.yml @@ -0,0 +1,133 @@ +name: Build release + +on: + push: + tags: 'v*' + +jobs: + release: + runs-on: self-hosted + # root is used for testing, allow it + if: github.repository_owner == 'forgejo-integration' || github.repository_owner == 'root' + steps: + - uses: actions/checkout@v3 + + - id: verbose + run: | + # if there are no secrets, be verbose + if test -z "${{ secrets.TOKEN }}"; then + value=true + else + value=false + fi + echo "value=$value" >> "$GITHUB_OUTPUT" + echo "shell=set -x" >> "$GITHUB_OUTPUT" + + - id: registry + run: | + ${{ steps.verbose.outputs.shell }} + url="${{ env.GITHUB_SERVER_URL }}" + hostport=${url##http*://} + hostport=${hostport%%/} + echo "host-port=${hostport}" >> "$GITHUB_OUTPUT" + if ! [[ $url =~ ^http:// ]] ; then + exit 0 + fi + cat >> "$GITHUB_OUTPUT" <> "$GITHUB_OUTPUT" + echo "doer=${doer}" >> "$GITHUB_OUTPUT" + + - name: allow docker pull/push to forgejo + if: ${{ steps.registry.outputs.insecure }} + run: |- + mkdir /etc/docker + cat > /etc/docker/daemon.json < ~/.docker/config.json + env: + CI_REGISTRY: "${{ env.GITHUB_SERVER_URL }}${{ env.GITHUB_REPOSITORY_OWNER }}" + + - id: build + run: | + ${{ steps.verbose.outputs.shell }} + tag="${{ github.ref_name }}" + tag=${tag##*v} + echo "tag=$tag" >> "$GITHUB_OUTPUT" + echo "image=${{ steps.registry.outputs.host-port }}/${{ github.repository }}:${tag}" >> "$GITHUB_OUTPUT" + + - uses: https://github.com/docker/build-push-action@v4 + # workaround until https://github.com/docker/build-push-action/commit/d8823bfaed2a82c6f5d4799a2f8e86173c461aba is in @v4 or @v5 is released + env: + ACTIONS_RUNTIME_TOKEN: '' + with: + context: . + push: true + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.build.outputs.image }} + + - run: | + ${{ steps.verbose.outputs.shell }} + mkdir -p release + for arch in amd64 arm64; do + docker create --platform linux/$arch --name runner ${{ steps.build.outputs.image }} + docker cp runner:/bin/forgejo-runner release/forgejo-runner-$arch + shasum -a 256 < release/forgejo-runner-$arch | cut -f1 -d ' ' > release/forgejo-runner-$arch.sha256 + docker rm runner + done + + - name: publish release (when TOKEN secret is NOT set) + if: ${{ secrets.TOKEN == '' }} + uses: https://code.forgejo.org/actions/forgejo-release@v1 + with: + direction: upload + release-dir: release + release-notes: "RELEASE-NOTES#${{ steps.build.outputs.tag }}" + token: ${{ steps.secrets.outputs.token }} + verbose: ${{ steps.verbose.outputs.value }} + + - name: publish release (when TOKEN secret is set) + if: ${{ secrets.TOKEN != '' }} + uses: https://code.forgejo.org/actions/forgejo-release@v1 + with: + direction: upload + release-dir: release + release-notes: "RELEASE-NOTES#${{ steps.build.outputs.tag }}" + token: ${{ secrets.TOKEN }} + verbose: ${{ steps.verbose.outputs.value }} diff --git a/.forgejo/workflows/integration.yml b/.forgejo/workflows/integration.yml new file mode 100644 index 0000000..55907cb --- /dev/null +++ b/.forgejo/workflows/integration.yml @@ -0,0 +1,58 @@ +name: Integration tests for the release process + +on: + push: + paths: + - go.mod + - .forgejo/workflows/release.yml + - .forgejo/workflows/integration.yml + +jobs: + release-simulation: + runs-on: self-hosted + if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release' + steps: + - uses: actions/checkout@v3 + + - id: forgejo + uses: https://code.forgejo.org/actions/setup-forgejo@v1 + with: + user: root + password: admin1234 + image-version: 1.19 + lxc-ip-prefix: 10.0.9 + + - name: publish the runner release + run: | + set -x + + dir=$(mktemp -d) + trap "rm -fr $dir" EXIT + + url=http://root:admin1234@${{ steps.forgejo.outputs.host-port }} + export FORGEJO_RUNNER_LOGS="${{ steps.forgejo.outputs.runner-logs }}" + + # + # Create a new project with the runner and the release workflow only + # + rsync -a --exclude .git ./ $dir/ + rm $(find $dir/.forgejo/workflows/*.yml | grep -v release.yml) + forgejo-test-helper.sh push $dir $url root runner |& tee $dir/pushed + eval $(grep '^sha=' < $dir/pushed) + + # + # Push a tag to trigger the release workflow and wait for it to complete + # + forgejo-test-helper.sh api POST $url repos/root/runner/tags ${{ steps.forgejo.outputs.token }} --data-raw '{"tag_name": "v1.2.3", "target": "'$sha'"}' + LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/runner $sha + + # + # Minimal sanity checks. e2e test is for the setup-forgejo action + # and the infrastructure playbook. + # + curl -L -sS $url/root/runner/releases/download/v1.2.3/forgejo-runner-amd64 > forgejo-runner + chmod +x forgejo-runner + ./forgejo-runner --version | grep 1.2.3 + curl -L -sS $url/root/runner/releases/download/v1.2.3/forgejo-runner-amd64.sha256 > forgejo-runner.one + shasum -a 256 < forgejo-runner | cut -f1 -d ' ' > forgejo-runner.two + diff forgejo-runner.one forgejo-runner.two diff --git a/.forgejo/workflows/publish-binary.yml b/.forgejo/workflows/publish-binary.yml new file mode 100644 index 0000000..68519d4 --- /dev/null +++ b/.forgejo/workflows/publish-binary.yml @@ -0,0 +1,40 @@ +name: Publish release + +on: + push: + tags: 'v*' + +jobs: + release: + runs-on: self-hosted + if: github.repository_owner == 'forgejo-release' && secrets.TOKEN != '' + steps: + + - name: install the certificate authority + run: | + apt-get install -qq -y wget + wget --no-check-certificate -O /usr/local/share/ca-certificates/enough.crt https://forgejo.octopuce.forgejo.org/forgejo/enough/raw/branch/main/certs/2023-05-13/ca.crt + update-ca-certificates --fresh + + - uses: actions/checkout@v3 + + - name: download release + uses: https://code.forgejo.org/actions/forgejo-release@v1 + with: + url: https://code.forgejo.org + repo: forgejo-integration/runner + direction: download + release-dir: release + download-retry: 60 + token: ${{ secrets.TOKEN }} + + - name: upload release + uses: https://code.forgejo.org/actions/forgejo-release@v1 + with: + url: https://code.forgejo.org + repo: forgejo/runner + direction: upload + release-dir: release + release-notes: "RELEASE-NOTES" + token: ${{ secrets.TOKEN }} + gpg-private-key: ${{ secrets.GPG }} diff --git a/.forgejo/workflows/publish-container-image.yml b/.forgejo/workflows/publish-container-image.yml new file mode 100644 index 0000000..f556ab2 --- /dev/null +++ b/.forgejo/workflows/publish-container-image.yml @@ -0,0 +1,43 @@ +# SPDX-License-Identifier: MIT +name: copy container images from integration to the destination organization + +on: + push: + tags: 'v*' + +jobs: + builder: + runs-on: self-hosted + if: github.repository_owner == 'forgejo-release' && secrets.TOKEN != '' + steps: + + - name: apt-get install docker.io + run: | + DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qq -y docker.io + + - name: login code.forgejo.org + uses: https://github.com/docker/login-action@v2 + with: + registry: code.forgejo.org + username: ${{ secrets.DOER }} + password: ${{ secrets.TOKEN }} + + - id: tag + run: | + tag="${{ github.ref_name }}" + tag=${tag##*v} + echo "tag=$tag" >> "$GITHUB_OUTPUT" + + - uses: https://code.forgejo.org/forgejo/forgejo-container-image@v1 + env: + VERIFY: 'false' + with: + url: https://code.forgejo.org + destination-owner: forgejo + owner: forgejo-integration + suffixes: ' ' + project: runner + tag: ${{ steps.tag.outputs.tag }} + doer: ${{ secrets.DOER }} + token: ${{ secrets.TOKEN }} + verbose: true diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml new file mode 100644 index 0000000..636c4ad --- /dev/null +++ b/.forgejo/workflows/test.yml @@ -0,0 +1,24 @@ +name: checks +on: + - pull_request + - push + +env: + GOPROXY: https://goproxy.io,direct + +jobs: + lint: + name: check and test + if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release' + runs-on: ubuntu-latest + steps: + - uses: actions/setup-go@v3 + with: + go-version: 1.20 + - uses: actions/checkout@v3 + - name: vet checks + run: make vet + - name: build + run: make build + - name: test + run: make test