forgejo/.forgejo/workflows/build-release.yml
Earl Warren 97189d41f3
fix(release): add missing ARG RELEASE_VERSION
The ARG RELEASE_VERSION set in the build-env image does not propagate
to the images that follow. As a result the value of the version label
is always empty.

This should have been caught by the test in the CI but although it
notified the problem in the output, it did not fail. Upgrade to the
forgejo-build-publish version that fixes this false positive.
2024-04-17 17:16:53 +02:00

233 lines
9.2 KiB
YAML

#
# See also https://forgejo.org/docs/next/developer/RELEASE/#release-process
#
# https://codeberg.org/forgejo-integration/forgejo
#
# Builds a release from a codeberg.org/forgejo-integration tag
#
# vars.ROLE: forgejo-integration
#
# secrets.DOER: forgejo-experimental-ci
# secrets.TOKEN: <generated from codeberg.org/forgejo-experimental-ci> scope read:user, write:repository, write:package
#
# secrets.CASCADE_ORIGIN_TOKEN: <generated from codeberg.org/forgejo-experimental-ci> scope read:user, write:repository, write:issue
# secrets.CASCADE_DESTINATION_TOKEN: <generated from code.forgejo.org/forgejo-ci> scope read:user, write:repository, write:issue
# vars.CASCADE_DESTINATION_DOER: forgejo-ci
#
on:
push:
tags: 'v[0-9]+.[0-9]+.*'
branches:
- 'forgejo'
- 'v*/forgejo'
jobs:
release:
runs-on: self-hosted
# root is used for testing, allow it
if: vars.ROLE == 'forgejo-integration' || github.repository_owner == 'root'
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Sanitize the name of the repository
id: repository
run: |
repository="${{ github.repository }}"
echo "value=${repository##*/}" >> "$GITHUB_OUTPUT"
- uses: https://code.forgejo.org/actions/setup-node@v3
with:
node-version: 20
- uses: https://code.forgejo.org/actions/setup-go@v4
with:
go-version: "1.22"
check-latest: true
- name: version from ref
id: release-info
shell: bash
run: |
set -x
ref="${{ github.ref }}"
if [[ $ref =~ ^refs/heads/ ]] ; then
if test "$ref" = "refs/heads/forgejo" ; then
version=$(git tag -l --sort=version:refname --merged | grep -v -e '-test$' | tail -1 | sed -E -e 's/^(v[0-9]+\.[0-9]+).*/\1/')-test
else
version=${ref#refs/heads/}
version=${version%/forgejo}-test
fi
override=true
fi
if [[ $ref =~ ^refs/tags/ ]] ; then
version=${ref#refs/tags/}
override=false
fi
if test -z "$version" ; then
echo failed to figure out the release version from the reference=$ref
exit 1
fi
version=${version#v}
git describe --exclude '*-test' --tags --always
echo "sha=${{ github.sha }}" >> "$GITHUB_OUTPUT"
echo "version=$version" >> "$GITHUB_OUTPUT"
echo "override=$override" >> "$GITHUB_OUTPUT"
- name: release notes
id: release-notes
run: |
anchor=${{ steps.release-info.outputs.version }}
anchor=${anchor//./-}
cat >> "$GITHUB_OUTPUT" <<EOF
value<<ENDVAR
See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#$anchor
ENDVAR
EOF
- name: cache node_modules
id: node
uses: https://code.forgejo.org/actions/cache@v3
with:
path: |
node_modules
key: node-${{ steps.release-info.outputs.version }}
- name: skip if node cache hit
if: steps.node.outputs.cache-hit != 'true'
run: echo no hit
- name: Build sources
run: |
set -x
apt-get -qq install -y make
version=${{ steps.release-info.outputs.version }}
#
# Make sure all files are owned by the current user.
# When run as root `npx webpack` will assume the identity
# of the owner of the current working directory and may
# fail to create files if some sub-directories are not owned
# by the same user.
#
# Binaries:
# Node: 18.17.0 - /usr/local/node-v18.17.0-linux-x64/bin/node
# npm: 9.6.7 - /usr/local/node-v18.17.0-linux-x64/bin/npm
# Packages:
# add-asset-webpack-plugin: 2.0.1 => 2.0.1
# css-loader: 6.8.1 => 6.8.1
# esbuild-loader: 3.0.1 => 3.0.1
# license-checker-webpack-plugin: 0.2.1 => 0.2.1
# monaco-editor-webpack-plugin: 7.0.1 => 7.0.1
# vue-loader: 17.2.2 => 17.2.2
# webpack: 5.87.0 => 5.87.0
# webpack-cli: 5.1.4 => 5.1.4
#
chown -R $(id -u) .
make VERSION=$version TAGS=bindata sources-tarbal
mv dist/release release
(
tmp=$(mktemp -d)
tar --directory $tmp -zxvf release/*$version*.tar.gz
cd $tmp/*
#
# Verify `make frontend` files are available
#
test -d public/assets/css
test -d public/assets/fonts
test -d public/assets/js
#
# Verify `make generate` files are available
#
test -f modules/public/bindata.go
#
# Sanity check to verify that the source tarbal knows the
# version and is able to rebuild itself from it.
#
# When in sources the version is determined with git.
# When in the tarbal the version is determined from a VERSION file.
#
make sources-tarbal
tarbal=$(echo dist/release/*$version*.tar.gz)
if ! test -f $tarbal ; then
echo $tarbal does not exist
find dist release
exit 1
fi
)
- name: build container & release
if: ${{ secrets.TOKEN != '' }}
uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5.1.1
with:
forgejo: "${{ env.GITHUB_SERVER_URL }}"
owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
repository: "${{ steps.repository.outputs.value }}"
doer: "${{ secrets.DOER }}"
release-version: "${{ steps.release-info.outputs.version }}"
sha: "${{ steps.release-info.outputs.sha }}"
token: "${{ secrets.TOKEN }}"
platforms: linux/amd64,linux/arm64,linux/arm/v6
release-notes: "${{ steps.release-notes.outputs.value }}"
binary-name: forgejo
binary-path: /app/gitea/gitea
override: "${{ steps.release-info.outputs.override }}"
verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}"
verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }}
- name: build rootless container
if: ${{ secrets.TOKEN != '' }}
uses: https://code.forgejo.org/forgejo/forgejo-build-publish/build@v5.1.1
with:
forgejo: "${{ env.GITHUB_SERVER_URL }}"
owner: "${{ env.GITHUB_REPOSITORY_OWNER }}"
repository: "${{ steps.repository.outputs.value }}"
doer: "${{ secrets.DOER }}"
release-version: "${{ steps.release-info.outputs.version }}"
sha: "${{ steps.release-info.outputs.sha }}"
token: "${{ secrets.TOKEN }}"
platforms: linux/amd64,linux/arm64,linux/arm/v6
suffix: -rootless
dockerfile: Dockerfile.rootless
override: "${{ steps.release-info.outputs.override }}"
verify-labels: "maintainer=contact@forgejo.org,org.opencontainers.image.version=${{ steps.release-info.outputs.version }}"
verbose: ${{ vars.VERBOSE || secrets.VERBOSE || 'false' }}
- name: end-to-end tests
if: ${{ secrets.TOKEN != '' && vars.ROLE == 'forgejo-integration' }}
uses: https://code.forgejo.org/actions/cascading-pr@v2
with:
origin-url: ${{ env.GITHUB_SERVER_URL }}
origin-repo: ${{ github.repository }}
origin-token: ${{ secrets.CASCADE_ORIGIN_TOKEN }}
origin-ref: refs/heads/forgejo
destination-url: https://code.forgejo.org
destination-fork-repo: ${{ vars.CASCADE_DESTINATION_DOER }}/end-to-end
destination-repo: forgejo/end-to-end
destination-branch: main
destination-token: ${{ secrets.CASCADE_DESTINATION_TOKEN }}
update: .forgejo/cascading-release-end-to-end
- name: copy to experimental
if: vars.ROLE == 'forgejo-integration' && secrets.TOKEN != ''
run: |
if test "${{ vars.VERBOSE }}" = true ; then
set -x
fi
tag=v${{ steps.release-info.outputs.version }}
url=https://any:${{ secrets.TOKEN }}@codeberg.org
if test "${{ steps.release-info.outputs.override }}" = "true" ; then
curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/releases/tags/$tag > /dev/null
curl -sS -X DELETE $url/api/v1/repos/forgejo-experimental/forgejo/tags/$tag > /dev/null
fi
# actions/checkout@v3 sets http.https://codeberg.org/.extraheader with the automatic token.
# Get rid of it so it does not prevent using the token that has write permissions
git config --local --unset http.https://codeberg.org/.extraheader
if test -f .git/shallow ; then
echo "unexptected .git/shallow file is present"
echo "it suggests a checkout --depth X was used which may prevent pushing the commit"
echo "it happens when actions/checkout is called without depth: 0"
fi
git push $url/forgejo-experimental/forgejo ${{ steps.release-info.outputs.sha }}:refs/tags/$tag