54c8ac3e39
The end-to-end tests will always fail when more than one release is broken. When trying to fix one, the other will get in the way and vice versa. The only way to get out of this deadlock is to replace all broken releases but one by doing the following on forgejo-integration: * set SKIP_END_TO_END to true in the actions vars tab * pushing a commit to the corresponding branch, fixing the problem
231 lines
9.3 KiB
YAML
231 lines
9.3 KiB
YAML
#
|
|
# See also https://forgejo.org/docs/next/contributor/release/#stable-release-process
|
|
#
|
|
# https://codeberg.org/forgejo-integration/forgejo
|
|
#
|
|
# Builds a release from a codeberg.org/forgejo-integration tag
|
|
#
|
|
# vars.ROLE: forgejo-integration
|
|
#
|
|
# secrets.DOER: forgejo-experimental-ci
|
|
# secrets.TOKEN: <generated from codeberg.org/forgejo-experimental-ci> scope read:user, write:repository, write:package
|
|
#
|
|
# secrets.CASCADE_ORIGIN_TOKEN: <generated from codeberg.org/forgejo-experimental-ci> scope read:user, write:repository, write:issue
|
|
# secrets.CASCADE_DESTINATION_TOKEN: <generated from code.forgejo.org/forgejo-ci> scope read:user, write:repository, write:issue
|
|
# vars.CASCADE_DESTINATION_DOER: forgejo-ci
|
|
#
|
|
on:
|
|
push:
|
|
tags: 'v[0-9]+.[0-9]+.*'
|
|
branches:
|
|
- 'forgejo'
|
|
- 'v*/forgejo'
|
|
|
|
jobs:
|
|
release:
|
|
runs-on: self-hosted
|
|
# root is used for testing, allow it
|
|
if: vars.ROLE == 'forgejo-integration' || github.repository_owner == 'root'
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Sanitize the name of the repository
|
|
id: repository
|
|
run: |
|
|
repository="${{ github.repository }}"
|
|
echo "value=${repository##*/}" >> "$GITHUB_OUTPUT"
|
|
|
|
- uses: https://code.forgejo.org/actions/setup-node@v4
|
|
with:
|
|
node-version: 20
|
|
|
|
- uses: https://code.forgejo.org/actions/setup-go@v5
|
|
with:
|
|
go-version-file: "go.mod"
|
|
|
|
- name: version from ref
|
|
id: release-info
|
|
shell: bash
|
|
run: |
|
|
set -x
|
|
ref="${{ github.ref }}"
|
|
if [[ $ref =~ ^refs/heads/ ]] ; then
|
|
if test "$ref" = "refs/heads/forgejo" ; then
|
|
version=$(git tag -l --sort=version:refname --merged | grep -v -e '-test$' | tail -1 | sed -E -e 's/^(v[0-9]+\.[0-9]+).*/\1/')-test
|
|
else
|
|
version=${ref#refs/heads/}
|
|
version=${version%/forgejo}-test
|
|
fi
|
|
override=true
|
|
fi
|
|
if [[ $ref =~ ^refs/tags/ ]] ; then
|
|
version=${ref#refs/tags/}
|
|
override=false
|
|
fi
|
|
if test -z "$version" ; then
|
|
echo failed to figure out the release version from the reference=$ref
|
|
exit 1
|
|
fi
|
|
version=${version#v}
|
|
git describe --exclude '*-test' --tags --always
|
|
echo "sha=${{ github.sha }}" >> "$GITHUB_OUTPUT"
|
|
echo "version=$version" >> "$GITHUB_OUTPUT"
|
|
echo "override=$override" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: release notes
|
|
id: release-notes
|
|
run: |
|
|
anchor=${{ steps.release-info.outputs.version }}
|
|
anchor=${anchor//./-}
|
|
cat >> "$GITHUB_OUTPUT" <<EOF
|
|
value<<ENDVAR
|
|
See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#$anchor
|
|
ENDVAR
|
|
EOF
|
|
|
|
- name: cache node_modules
|
|
id: node
|
|
uses: https://code.forgejo.org/actions/cache@v4
|
|
with:
|
|
path: |
|
|
node_modules
|
|
key: node-${{ steps.release-info.outputs.version }}
|
|
|
|
- name: skip if node cache hit
|
|
if: steps.node.outputs.cache-hit != 'true'
|
|
run: echo no hit
|
|
|
|
- name: Build sources
|
|
run: |
|
|
set -x
|
|
apt-get -qq install -y make
|
|
version=${{ steps.release-info.outputs.version }}
|
|
#
|
|
# Make sure all files are owned by the current user.
|
|
# When run as root `npx webpack` will assume the identity
|
|
# of the owner of the current working directory and may
|
|
# fail to create files if some sub-directories are not owned
|
|
# by the same user.
|
|
#
|
|
# Binaries:
|
|
# Node: 18.17.0 - /usr/local/node-v18.17.0-linux-x64/bin/node
|
|
# npm: 9.6.7 - /usr/local/node-v18.17.0-linux-x64/bin/npm
|
|
# Packages:
|
|
# add-asset-webpack-plugin: 2.0.1 => 2.0.1
|
|
# css-loader: 6.8.1 => 6.8.1
|
|
# esbuild-loader: 3.0.1 => 3.0.1
|
|
# license-checker-webpack-plugin: 0.2.1 => 0.2.1
|
|
# monaco-editor-webpack-plugin: 7.0.1 => 7.0.1
|
|
# vue-loader: 17.2.2 => 17.2.2
|
|
# webpack: 5.87.0 => 5.87.0
|
|
# webpack-cli: 5.1.4 => 5.1.4
|
|
#
|
|
chown -R $(id -u) .
|
|
make VERSION=$version TAGS=bindata sources-tarbal
|
|
mv dist/release release
|
|
|
|
(
|
|
tmp=$(mktemp -d)
|
|
tar --directory $tmp -zxvf release/*$version*.tar.gz
|
|
cd $tmp/*
|
|
#
|
|
# Verify `make frontend` files are available
|
|
#
|
|
test -d public/assets/css
|
|
test -d public/assets/fonts
|
|
test -d public/assets/js
|
|
#
|
|
# Verify `make generate` files are available
|
|
#
|
|
test -f modules/public/bindata.go
|
|
#
|
|
# Sanity check to verify that the source tarbal knows the
|
|
# version and is able to rebuild itself from it.
|
|
#
|
|
# When in sources the version is determined with git.
|
|
# When in the tarbal the version is determined from a VERSION file.
|
|
#
|
|
make sources-tarbal
|
|
tarbal=$(echo dist/release/*$version*.tar.gz)
|
|
if ! test -f $tarbal ; then
|
|
echo $tarbal does not exist
|
|
find dist release
|
|
exit 1
|
|
fi
|
|
)
|
|
|
|
- name: build container & release
|
|
if: ${{ secrets.TOKEN != '' }}
|
|
uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5.1.1
|
|
with:
|
|
forgejo: "${{ env.GITHUB_SERVER_URL }}"
|
|
owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
|
|
repository: "${{ steps.repository.outputs.value }}"
|
|
doer: "${{ secrets.DOER }}"
|
|
release-version: "${{ steps.release-info.outputs.version }}"
|
|
sha: "${{ steps.release-info.outputs.sha }}"
|
|
token: "${{ secrets.TOKEN }}"
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v6
|
|
release-notes: "${{ steps.release-notes.outputs.value }}"
|
|
binary-name: forgejo
|
|
binary-path: /app/gitea/gitea
|
|
override: "${{ steps.release-info.outputs.override }}"
|
|
verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}"
|
|
verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }}
|
|
|
|
- name: build rootless container
|
|
if: ${{ secrets.TOKEN != '' }}
|
|
uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5.1.1
|
|
with:
|
|
forgejo: "${{ env.GITHUB_SERVER_URL }}"
|
|
owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
|
|
repository: "${{ steps.repository.outputs.value }}"
|
|
doer: "${{ secrets.DOER }}"
|
|
release-version: "${{ steps.release-info.outputs.version }}"
|
|
sha: "${{ steps.release-info.outputs.sha }}"
|
|
token: "${{ secrets.TOKEN }}"
|
|
platforms: linux/amd64,linux/arm64,linux/arm/v6
|
|
suffix: -rootless
|
|
dockerfile: Dockerfile.rootless
|
|
override: "${{ steps.release-info.outputs.override }}"
|
|
verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}"
|
|
verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }}
|
|
|
|
- name: end-to-end tests
|
|
if: ${{ secrets.TOKEN != '' && vars.ROLE == 'forgejo-integration' && vars.SKIP_END_TO_END != 'true' }}
|
|
uses: https://code.forgejo.org/actions/cascading-pr@v2
|
|
with:
|
|
origin-url: ${{ env.GITHUB_SERVER_URL }}
|
|
origin-repo: ${{ github.repository }}
|
|
origin-token: ${{ secrets.CASCADE_ORIGIN_TOKEN }}
|
|
origin-ref: refs/heads/forgejo
|
|
destination-url: https://code.forgejo.org
|
|
destination-fork-repo: ${{ vars.CASCADE_DESTINATION_DOER }}/end-to-end
|
|
destination-repo: forgejo/end-to-end
|
|
destination-branch: main
|
|
destination-token: ${{ secrets.CASCADE_DESTINATION_TOKEN }}
|
|
update: .forgejo/cascading-release-end-to-end
|
|
|
|
- name: copy to experimental
|
|
if: vars.ROLE == 'forgejo-integration' && secrets.TOKEN != ''
|
|
run: |
|
|
if test "${{ vars.VERBOSE }}" = true ; then
|
|
set -x
|
|
fi
|
|
tag=v${{ steps.release-info.outputs.version }}
|
|
url=https://any:${{ secrets.TOKEN }}@codeberg.org
|
|
if test "${{ steps.release-info.outputs.override }}" = "true" ; then
|
|
curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/releases/tags/$tag > /dev/null
|
|
curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/tags/$tag > /dev/null
|
|
fi
|
|
# actions/checkout@v3 sets http.https://codeberg.org/.extraheader with the automatic token.
|
|
# Get rid of it so it does not prevent using the token that has write permissions
|
|
git config --local --unset http.https://codeberg.org/.extraheader
|
|
if test -f .git/shallow ; then
|
|
echo "unexptected .git/shallow file is present"
|
|
echo "it suggests a checkout --depth X was used which may prevent pushing the commit"
|
|
echo "it happens when actions/checkout is called without depth: 0"
|
|
fi
|
|
git push $url/forgejo-experimental/forgejo ${{ steps.release-info.outputs.sha }}:refs/tags/$tag
|