adc6436330
Refs: https://codeberg.org/forgejo/website/pulls/230 (cherry picked from commit87d56bf6c7
) [CI] Forgejo Actions based release process (squash) base64 -w0 to avoid wrapping when the doer name is long as it creates a broken config.json (cherry picked from commit9efdc27e49
) [CI] Forgejo Actions based release process (squash) generate .xz files and sources Generate .xz files Check .sha256 Generate the source tarbal (cherry picked from commit7afec520c4
) [CI] Forgejo Actions based release process (squash) release notes (cherry picked from commitd8f4f4807b
) [CI] Forgejo Actions based release process (squash) publish and sign release (cherry picked from commita52778c747
) (cherry picked from commitcf2ec62740
) [CI] Forgejo Actions based release process (squash) version use Actions environment variables in Makefile (#25319) (#25318) uses Actions variable to determine the version. But Forgejo builds happen in a container where they are not available. Do not use them. Also verify the version of the binary is as expected for sanity check. (cherry picked from commit6decf111a1
) (cherry picked from commit206d0b3886
) (cherry picked from commite75cfdcfb4
)
154 lines
5.5 KiB
YAML
154 lines
5.5 KiB
YAML
name: 'Build release'
|
|
author: 'Forgejo authors'
|
|
description: |
|
|
Build release
|
|
|
|
inputs:
|
|
forgejo:
|
|
description: 'URL of the Forgejo instance where the release is uploaded'
|
|
required: true
|
|
owner:
|
|
description: 'User or organization where the release is uploaded, relative to the Forgejo instance'
|
|
required: true
|
|
repository:
|
|
description: 'Repository where the release is uploaded, relative to the owner'
|
|
required: true
|
|
doer:
|
|
description: 'Name of the user authoring the release'
|
|
required: true
|
|
tag-version:
|
|
description: 'Version of the release derived from the tag withint the leading v'
|
|
required: true
|
|
suffix:
|
|
description: 'Suffix to add to the image tag'
|
|
token:
|
|
description: 'token'
|
|
required: true
|
|
dockerfile:
|
|
description: 'path to the dockerfile'
|
|
default: 'Dockerfile'
|
|
platforms:
|
|
description: 'Coma separated list of platforms'
|
|
default: 'linux/amd64,linux/arm64'
|
|
release-notes:
|
|
description: 'Full text of the release notes'
|
|
default: 'Release notes placeholder'
|
|
binary-name:
|
|
description: 'Name of the binary'
|
|
binary-path:
|
|
description: 'Path of the binary within the container to extract into binary-name'
|
|
verbose:
|
|
description: 'Increase the verbosity level'
|
|
default: 'false'
|
|
|
|
runs:
|
|
using: "composite"
|
|
steps:
|
|
- run: echo "${{ github.action_path }}" >> $GITHUB_PATH
|
|
shell: bash
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
apt-get install -y -qq xz-utils
|
|
|
|
- name: set -x if verbose is required
|
|
id: verbose
|
|
run: |
|
|
if ${{ inputs.verbose }} ; then
|
|
echo "shell=set -x" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
- name: Create the insecure and buildx-config variables for the container registry
|
|
id: registry
|
|
run: |
|
|
${{ steps.verbose.outputs.shell }}
|
|
url="${{ inputs.forgejo }}"
|
|
hostport=${url##http*://}
|
|
hostport=${hostport%%/}
|
|
echo "host-port=${hostport}" >> "$GITHUB_OUTPUT"
|
|
if ! [[ $url =~ ^http:// ]] ; then
|
|
exit 0
|
|
fi
|
|
cat >> "$GITHUB_OUTPUT" <<EOF
|
|
insecure=true
|
|
buildx-config<<ENDVAR
|
|
[registry."${hostport}"]
|
|
http = true
|
|
ENDVAR
|
|
EOF
|
|
|
|
- name: Allow docker pull/push to forgejo
|
|
if: ${{ steps.registry.outputs.insecure }}
|
|
run: |-
|
|
mkdir -p /etc/docker
|
|
cat > /etc/docker/daemon.json <<EOF
|
|
{
|
|
"insecure-registries" : ["${{ steps.registry.outputs.host-port }}"],
|
|
"bip": "172.26.0.1/16"
|
|
}
|
|
EOF
|
|
|
|
- name: Install docker
|
|
run: |
|
|
echo deb http://deb.debian.org/debian bullseye-backports main | tee /etc/apt/sources.list.d/backports.list && apt-get -qq update
|
|
DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qq -y -t bullseye-backports docker.io
|
|
|
|
- uses: https://github.com/docker/setup-buildx-action@v2
|
|
with:
|
|
config-inline: |
|
|
${{ steps.registry.outputs.buildx-config }}
|
|
|
|
- name: Login to the container registry
|
|
run: |
|
|
BASE64_AUTH=`echo -n "${{ inputs.doer }}:${{ inputs.token }}" | base64 -w0`
|
|
mkdir -p ~/.docker
|
|
echo "{\"auths\": {\"$CI_REGISTRY\": {\"auth\": \"$BASE64_AUTH\"}}}" > ~/.docker/config.json
|
|
env:
|
|
CI_REGISTRY: "${{ steps.registry.outputs.host-port }}"
|
|
|
|
- name: Build the container image for each architecture
|
|
uses: https://github.com/docker/build-push-action@v4
|
|
# workaround until https://github.com/docker/build-push-action/commit/d8823bfaed2a82c6f5d4799a2f8e86173c461aba is in @v4 or @v5 is released
|
|
env:
|
|
ACTIONS_RUNTIME_TOKEN: ''
|
|
with:
|
|
context: .
|
|
push: true
|
|
file: ${{ inputs.dockerfile }}
|
|
platforms: ${{ inputs.platforms }}
|
|
tags: ${{ steps.registry.outputs.host-port }}/${{ inputs.owner }}/${{ inputs.repository }}:${{ inputs.tag-version }}${{ inputs.suffix }}
|
|
|
|
- name: Extract the binary from the container images into the release directory
|
|
if: inputs.binary-name != ''
|
|
run: |
|
|
${{ steps.verbose.outputs.shell }}
|
|
mkdir -p release
|
|
cd release
|
|
for platform in $(echo ${{ inputs.platforms }} | tr ',' ' '); do
|
|
arch=$(echo $platform | sed -e 's|linux/||g' -e 's|arm/v6|arm-6|g')
|
|
docker create --platform $platform --name forgejo-$arch ${{ steps.registry.outputs.host-port }}/${{ inputs.owner }}/${{ inputs.repository }}:${{ inputs.tag-version }}${{ inputs.suffix }}
|
|
binary="${{ inputs.binary-name }}-${{ inputs.tag-version }}-linux"
|
|
docker cp forgejo-$arch:${{ inputs.binary-path }} $binary-$arch
|
|
chmod +x $binary-$arch
|
|
# the displayed version is converted with - sometime changed into +, deal with it
|
|
pattern=$(echo "${{ inputs.tag-version }}" | tr - .)
|
|
if ! ./$binary-$arch --version | grep "$pattern" ; then
|
|
echo "ERROR: expected version pattern $pattern not found in the output of $binary-$arch --version"
|
|
./$binary-$arch --version
|
|
exit 1
|
|
fi
|
|
xz --keep -9 $binary-$arch
|
|
shasum -a 256 $binary-$arch > $binary-$arch.sha256
|
|
shasum -a 256 $binary-$arch.xz > $binary-$arch.xz.sha256
|
|
docker rm forgejo-$arch
|
|
done
|
|
|
|
- name: publish release
|
|
if: inputs.binary-name != ''
|
|
uses: https://code.forgejo.org/actions/forgejo-release@v1
|
|
with:
|
|
direction: upload
|
|
release-dir: release
|
|
release-notes: "${{ inputs.release-notes }}"
|
|
token: ${{ inputs.token }}
|
|
verbose: ${{ steps.verbose.outputs.value }}
|