From a52778c74785fe57cdee3b64b4c6c8a326471532 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Fri, 16 Jun 2023 17:50:06 +0200 Subject: [PATCH] [CI] Forgejo Actions based release process (squash) publish and sign release --- .forgejo/actions/publish-release/action.yml | 93 +++++++++++++++++++++ .forgejo/workflows/publish-release.yml | 25 ++++++ 2 files changed, 118 insertions(+) create mode 100644 .forgejo/actions/publish-release/action.yml create mode 100644 .forgejo/workflows/publish-release.yml diff --git a/.forgejo/actions/publish-release/action.yml b/.forgejo/actions/publish-release/action.yml new file mode 100644 index 0000000000..bafa473000 --- /dev/null +++ b/.forgejo/actions/publish-release/action.yml @@ -0,0 +1,93 @@ +name: 'Publish release' +author: 'Forgejo authors' +description: | + Publish release + +inputs: + forgejo: + description: 'URL of the Forgejo instance where the release is uploaded' + required: true + from-owner: + description: 'the owner from which a release is to be copied' + required: true + to-owner: + description: 'the owner to which a release is to be copied' + required: true + repo: + description: 'the repository from which a release is to be copied relative to from-owner and to-owner' + default: 'forgejo' + ref-name: + description: 'ref_name of the tag of the release to be copied' + required: true + doer: + description: 'Name of the user authoring the release' + required: true + token: + description: 'application token on FORGEJO with permission to the repository and the packages' + required: true + gpg-private-key: + description: 'GPG Private Key to sign the release artifacts' + gpg-passphrase: + description: 'Passphrase of the GPG Private Key' + +runs: + using: "composite" + steps: + - id: hostport + run: | + url="${{ inputs.forgejo }}" + hostport=${url##http*://} + hostport=${hostport%%/} + echo "value=$hostport" >> "$GITHUB_OUTPUT" + + - id: tag-version + run: | + version="${{ inputs.ref-name }}" + version=${version##*v} + echo "value=$version" >> "$GITHUB_OUTPUT" + + - name: apt-get install docker.io + run: | + DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qq -y docker.io + + - name: download release + uses: https://code.forgejo.org/actions/forgejo-release@v1 + with: + url: ${{ inputs.forgejo }} + repo: ${{ inputs.from-owner }}/${{ inputs.repo }} + direction: download + release-dir: release + download-retry: 60 + token: ${{ inputs.token }} + + - name: upload release + uses: https://code.forgejo.org/actions/forgejo-release@v1 + with: + url: ${{ inputs.forgejo }} + repo: ${{ inputs.to-owner }}/${{ inputs.repo }} + direction: upload + release-dir: release + release-notes: "See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#${{ steps.tag-version.outputs.value }}" + token: ${{ inputs.token }} + gpg-private-key: ${{ inputs.gpg-private-key }} + gpg-passphrase: ${{ inputs.gpg-passphrase }} + + - name: login to the registry + uses: https://github.com/docker/login-action@v2 + with: + registry: ${{ steps.hostport.outputs.value }} + username: ${{ inputs.doer }} + password: ${{ inputs.token }} + + - uses: https://code.forgejo.org/forgejo/forgejo-container-image@v1 + env: + VERIFY: 'false' + with: + url: https://${{ steps.hostport.outputs.value }} + destination-owner: ${{ inputs.to-owner }} + owner: ${{ inputs.from-owner }} + suffixes: '-rootless' + project: ${{ inputs.repo }} + tag: ${{ steps.tag-version.outputs.value }} + doer: ${{ inputs.doer }} + token: ${{ inputs.token }} diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml new file mode 100644 index 0000000000..d95c20a31f --- /dev/null +++ b/.forgejo/workflows/publish-release.yml @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: MIT +name: Pubish release + +on: + push: + tags: 'v*' + +jobs: + publish: + runs-on: self-hosted + if: secrets.DOER != '' && secrets.FORGEJO != '' && secrets.TO_OWNER != '' && secrets.FROM_OWNER != '' && secrets.TOKEN != '' + steps: + - uses: actions/checkout@v3 + + - name: copy & sign binaries and container images from one owner to another + uses: ./.forgejo/actions/publish-release + with: + forgejo: ${{ secrets.FORGEJO }} + from-owner: ${{ secrets.FROM_OWNER }} + to-owner: ${{ secrets.TO_OWNER }} + ref-name: ${{ github.ref_name }} + doer: ${{ secrets.DOER }} + token: ${{ secrets.TOKEN }} + gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} + gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}