[CI] Forgejo Actions based release process (squash) doc / ca / verbosity

- Document workflow
- Increase verbosity if VERBOSE=true
- Download the Certificate Authority if behind the VPN

(cherry picked from commit 168d5d5869)
(cherry picked from commit d678484159)
This commit is contained in:
Earl Warren 2023-07-07 16:30:56 +02:00
parent cd1b258e3e
commit 1c7698055a
No known key found for this signature in database
GPG key ID: 0579CB2928A78A00
2 changed files with 47 additions and 6 deletions

View file

@ -5,30 +5,33 @@ description: |
inputs: inputs:
forgejo: forgejo:
description: 'URL of the Forgejo instance where the release is uploaded' description: 'URL of the Forgejo instance where the release is uploaded (e.g. https://codeberg.org)'
required: true required: true
from-owner: from-owner:
description: 'the owner from which a release is to be copied' description: 'the owner from which a release is to be copied (e.g forgejo-integration)'
required: true required: true
to-owner: to-owner:
description: 'the owner to which a release is to be copied' description: 'the owner to which a release is to be copied (e.g. forgejo-experimental). It has be an organization in which doer has the required permissions. Or be the same as the doer'
required: true required: true
repo: repo:
description: 'the repository from which a release is to be copied relative to from-owner and to-owner' description: 'the repository from which a release is to be copied relative to from-owner and to-owner'
default: 'forgejo' default: 'forgejo'
ref-name: ref-name:
description: 'ref_name of the tag of the release to be copied' description: 'ref_name of the tag of the release to be copied (e.g. github.ref_name)'
required: true required: true
doer: doer:
description: 'Name of the user authoring the release' description: 'Name of the user authoring the release (e.g. release-team). The user must be authorized to create packages in to-owner and releases in to-owner/repo'
required: true required: true
token: token:
description: 'application token on FORGEJO with permission to the repository and the packages' description: 'application token created on forgejo by the doer, with a scope allowing it to create packages in to-owner and releases in to-owner/repo'
required: true required: true
gpg-private-key: gpg-private-key:
description: 'GPG Private Key to sign the release artifacts' description: 'GPG Private Key to sign the release artifacts'
gpg-passphrase: gpg-passphrase:
description: 'Passphrase of the GPG Private Key' description: 'Passphrase of the GPG Private Key'
verbose:
description: 'Increase the verbosity level'
default: 'false'
runs: runs:
using: "composite" using: "composite"
@ -59,6 +62,7 @@ runs:
release-dir: release release-dir: release
download-retry: 60 download-retry: 60
token: ${{ inputs.token }} token: ${{ inputs.token }}
verbose: ${{ inputs.verbose }}
- name: upload release - name: upload release
uses: https://code.forgejo.org/actions/forgejo-release@v1 uses: https://code.forgejo.org/actions/forgejo-release@v1
@ -71,6 +75,7 @@ runs:
token: ${{ inputs.token }} token: ${{ inputs.token }}
gpg-private-key: ${{ inputs.gpg-private-key }} gpg-private-key: ${{ inputs.gpg-private-key }}
gpg-passphrase: ${{ inputs.gpg-passphrase }} gpg-passphrase: ${{ inputs.gpg-passphrase }}
verbose: ${{ inputs.verbose }}
- name: login to the registry - name: login to the registry
uses: https://github.com/docker/login-action@v2 uses: https://github.com/docker/login-action@v2
@ -91,3 +96,4 @@ runs:
tag: ${{ steps.tag-version.outputs.value }} tag: ${{ steps.tag-version.outputs.value }}
doer: ${{ inputs.doer }} doer: ${{ inputs.doer }}
token: ${{ inputs.token }} token: ${{ inputs.token }}
verbose: ${{ inputs.verbose }}

View file

@ -1,4 +1,31 @@
# SPDX-License-Identifier: MIT # SPDX-License-Identifier: MIT
#
# See also https://forgejo.org/docs/next/developer/RELEASE/#release-process
#
# https://codeberg.org/forgejo-experimental/forgejo
#
# Copies a release from codeberg.org/forgejo-integration to codeberg.org/forgejo-experimental
#
# ROLE: forgejo-experimental
# FORGEJO: https://codeberg.org
# FROM_OWNER: forgejo-integration
# TO_OWNER: forgejo-experimental
# DOER: forgejo-experimental-ci
# TOKEN: <generated from codeberg.org/forgejo-experimental-ci>
#
# https://forgejo.octopuce.forgejo.org/forgejo/forgejo
#
# Copies & sign a release from codeberg.org/forgejo-integration to codeberg.org/forgejo
#
# ROLE: forgejo-release
# FORGEJO: https://codeberg.org
# FROM_OWNER: forgejo-integration
# TO_OWNER: forgejo
# DOER: release-team
# TOKEN: <generated from codeberg.org/release-team>
# GPG_PRIVATE_KEY: <XYZ>
# GPG_PASSPHRASE: <ABC>
#
name: Pubish release name: Pubish release
on: on:
@ -10,6 +37,13 @@ jobs:
runs-on: self-hosted runs-on: self-hosted
if: secrets.DOER != '' && secrets.FORGEJO != '' && secrets.TO_OWNER != '' && secrets.FROM_OWNER != '' && secrets.TOKEN != '' if: secrets.DOER != '' && secrets.FORGEJO != '' && secrets.TO_OWNER != '' && secrets.FROM_OWNER != '' && secrets.TOKEN != ''
steps: steps:
- name: install the certificate authority
if: secrets.ROLE == 'forgejo-release'
run: |
apt-get install -qq -y wget
wget --no-check-certificate -O /usr/local/share/ca-certificates/enough.crt https://forgejo.octopuce.forgejo.org/forgejo/enough/raw/branch/main/certs/2023-05-13/ca.crt
update-ca-certificates --fresh
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- name: copy & sign binaries and container images from one owner to another - name: copy & sign binaries and container images from one owner to another
@ -23,3 +57,4 @@ jobs:
token: ${{ secrets.TOKEN }} token: ${{ secrets.TOKEN }}
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }} gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
verbose: ${{ secrets.VERBOSE }}