Forgejo/.forgejo/workflows/publish-release.yml

# SPDX-License-Identifier: MIT
#
# See also https://forgejo.org/docs/next/developer/RELEASE/#release-process
#
# https://codeberg.org/forgejo-experimental/forgejo
#
#  Copies a release from codeberg.org/forgejo-integration to codeberg.org/forgejo-experimental
#
#  ROLE: forgejo-experimental
#  FORGEJO: https://codeberg.org
#  FROM_OWNER: forgejo-integration
#  TO_OWNER: forgejo-experimental
#  DOER: forgejo-experimental-ci
#  TOKEN: <generated from codeberg.org/forgejo-experimental-ci>
#
# https://forgejo.octopuce.forgejo.org/forgejo/forgejo
#
#  Copies & sign a release from codeberg.org/forgejo-integration to codeberg.org/forgejo
#
#  ROLE: forgejo-release
#  FORGEJO: https://codeberg.org
#  FROM_OWNER: forgejo-integration
#  TO_OWNER: forgejo
#  DOER: release-team
#  TOKEN: <generated from codeberg.org/release-team>
#  GPG_PRIVATE_KEY: <XYZ>
#  GPG_PASSPHRASE: <ABC>
#
name: Pubish release

on: 
  push:
    tags: 'v*'

jobs:
  publish:
    runs-on: self-hosted
    if: secrets.DOER != '' && secrets.FORGEJO != '' && secrets.TO_OWNER != '' && secrets.FROM_OWNER != '' && secrets.TOKEN != ''
    steps:
      - name: install the certificate authority
        if: secrets.ROLE == 'forgejo-release'
        run: |
          apt-get install -qq -y wget
          wget --no-check-certificate -O /usr/local/share/ca-certificates/enough.crt https://forgejo.octopuce.forgejo.org/forgejo/enough/raw/branch/main/certs/2023-05-13/ca.crt
          update-ca-certificates --fresh

      - uses: actions/checkout@v3

      - name: copy & sign binaries and container images from one owner to another
        uses: ./.forgejo/actions/publish-release
        with:
          forgejo: ${{ secrets.FORGEJO }}
          from-owner: ${{ secrets.FROM_OWNER }}
          to-owner: ${{ secrets.TO_OWNER }}
          ref-name: ${{ github.ref_name }}
          doer: ${{ secrets.DOER }}
          token: ${{ secrets.TOKEN }}
          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
          gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
          verbose: ${{ secrets.VERBOSE }}
[CI] Forgejo Actions based release process Refs: https://codeberg.org/forgejo/website/pulls/230 (cherry picked from commit 87d56bf6c73d726dae8aafbc7e147969f1899931) [CI] Forgejo Actions based release process (squash) base64 -w0 to avoid wrapping when the doer name is long as it creates a broken config.json (cherry picked from commit 9efdc27e49bdfb3e62401baf27b224385f9f3e5e) [CI] Forgejo Actions based release process (squash) generate .xz files and sources Generate .xz files Check .sha256 Generate the source tarbal (cherry picked from commit 7afec520c4b1032d7e67a05a41e4e2913bcd9312) [CI] Forgejo Actions based release process (squash) release notes (cherry picked from commit d8f4f4807b28297b318d2f555a76d0efef762cf7) [CI] Forgejo Actions based release process (squash) publish and sign release (cherry picked from commit a52778c74785fe57cdee3b64b4c6c8a326471532) (cherry picked from commit cf2ec6274094ac7aebda71d54c64581f528df00a) [CI] Forgejo Actions based release process (squash) version use Actions environment variables in Makefile (#25319) (#25318) uses Actions variable to determine the version. But Forgejo builds happen in a container where they are not available. Do not use them. Also verify the version of the binary is as expected for sanity check. (cherry picked from commit 6decf111a132a869f9e5c6f4d20e368b8f74309f) (cherry picked from commit 206d0b3886b2d56b585bf552e53d952b35f07284) (cherry picked from commit e75cfdcfb418d567b0b02db11f9c701b51d6b1d0) (cherry picked from commit adc6436330c977fbfa1da8a41f4c94dda0b9c743) (cherry picked from commit cd6221dfea3401b9cde3e987dd75fa61e85c4ce4) 2023-06-14 13:32:20 +02:00			`# SPDX-License-Identifier: MIT`
[CI] Forgejo Actions based release process (squash) doc / ca / verbosity - Document workflow - Increase verbosity if VERBOSE=true - Download the Certificate Authority if behind the VPN (cherry picked from commit 168d5d586904835762d213b2b8815b458a38c78f) (cherry picked from commit d6784841599f2f52b7f551b9d91293dfa008a4b0) (cherry picked from commit 1c7698055adfd08b7690ea98b31fd97a384255d9) 2023-07-07 16:30:56 +02:00			`#`
			`# See also https://forgejo.org/docs/next/developer/RELEASE/#release-process`
			`#`
			`# https://codeberg.org/forgejo-experimental/forgejo`
			`#`
			`# Copies a release from codeberg.org/forgejo-integration to codeberg.org/forgejo-experimental`
			`#`
			`# ROLE: forgejo-experimental`
			`# FORGEJO: https://codeberg.org`
			`# FROM_OWNER: forgejo-integration`
			`# TO_OWNER: forgejo-experimental`
			`# DOER: forgejo-experimental-ci`
			`# TOKEN: <generated from codeberg.org/forgejo-experimental-ci>`
			`#`
			`# https://forgejo.octopuce.forgejo.org/forgejo/forgejo`
			`#`
			`# Copies & sign a release from codeberg.org/forgejo-integration to codeberg.org/forgejo`
			`#`
			`# ROLE: forgejo-release`
			`# FORGEJO: https://codeberg.org`
			`# FROM_OWNER: forgejo-integration`
			`# TO_OWNER: forgejo`
			`# DOER: release-team`
			`# TOKEN: <generated from codeberg.org/release-team>`
			`# GPG_PRIVATE_KEY: <XYZ>`
			`# GPG_PASSPHRASE: <ABC>`
			`#`
[CI] Forgejo Actions based release process Refs: https://codeberg.org/forgejo/website/pulls/230 (cherry picked from commit 87d56bf6c73d726dae8aafbc7e147969f1899931) [CI] Forgejo Actions based release process (squash) base64 -w0 to avoid wrapping when the doer name is long as it creates a broken config.json (cherry picked from commit 9efdc27e49bdfb3e62401baf27b224385f9f3e5e) [CI] Forgejo Actions based release process (squash) generate .xz files and sources Generate .xz files Check .sha256 Generate the source tarbal (cherry picked from commit 7afec520c4b1032d7e67a05a41e4e2913bcd9312) [CI] Forgejo Actions based release process (squash) release notes (cherry picked from commit d8f4f4807b28297b318d2f555a76d0efef762cf7) [CI] Forgejo Actions based release process (squash) publish and sign release (cherry picked from commit a52778c74785fe57cdee3b64b4c6c8a326471532) (cherry picked from commit cf2ec6274094ac7aebda71d54c64581f528df00a) [CI] Forgejo Actions based release process (squash) version use Actions environment variables in Makefile (#25319) (#25318) uses Actions variable to determine the version. But Forgejo builds happen in a container where they are not available. Do not use them. Also verify the version of the binary is as expected for sanity check. (cherry picked from commit 6decf111a132a869f9e5c6f4d20e368b8f74309f) (cherry picked from commit 206d0b3886b2d56b585bf552e53d952b35f07284) (cherry picked from commit e75cfdcfb418d567b0b02db11f9c701b51d6b1d0) (cherry picked from commit adc6436330c977fbfa1da8a41f4c94dda0b9c743) (cherry picked from commit cd6221dfea3401b9cde3e987dd75fa61e85c4ce4) 2023-06-14 13:32:20 +02:00			`name: Pubish release`

			`on:`
			`push:`
			`tags: 'v*'`

			`jobs:`
			`publish:`
			`runs-on: self-hosted`
			`if: secrets.DOER != '' && secrets.FORGEJO != '' && secrets.TO_OWNER != '' && secrets.FROM_OWNER != '' && secrets.TOKEN != ''`
			`steps:`
[CI] Forgejo Actions based release process (squash) doc / ca / verbosity - Document workflow - Increase verbosity if VERBOSE=true - Download the Certificate Authority if behind the VPN (cherry picked from commit 168d5d586904835762d213b2b8815b458a38c78f) (cherry picked from commit d6784841599f2f52b7f551b9d91293dfa008a4b0) (cherry picked from commit 1c7698055adfd08b7690ea98b31fd97a384255d9) 2023-07-07 16:30:56 +02:00			`- name: install the certificate authority`
			`if: secrets.ROLE == 'forgejo-release'`
			`run: \|`
			`apt-get install -qq -y wget`
			`wget --no-check-certificate -O /usr/local/share/ca-certificates/enough.crt https://forgejo.octopuce.forgejo.org/forgejo/enough/raw/branch/main/certs/2023-05-13/ca.crt`
			`update-ca-certificates --fresh`

[CI] Forgejo Actions based release process Refs: https://codeberg.org/forgejo/website/pulls/230 (cherry picked from commit 87d56bf6c73d726dae8aafbc7e147969f1899931) [CI] Forgejo Actions based release process (squash) base64 -w0 to avoid wrapping when the doer name is long as it creates a broken config.json (cherry picked from commit 9efdc27e49bdfb3e62401baf27b224385f9f3e5e) [CI] Forgejo Actions based release process (squash) generate .xz files and sources Generate .xz files Check .sha256 Generate the source tarbal (cherry picked from commit 7afec520c4b1032d7e67a05a41e4e2913bcd9312) [CI] Forgejo Actions based release process (squash) release notes (cherry picked from commit d8f4f4807b28297b318d2f555a76d0efef762cf7) [CI] Forgejo Actions based release process (squash) publish and sign release (cherry picked from commit a52778c74785fe57cdee3b64b4c6c8a326471532) (cherry picked from commit cf2ec6274094ac7aebda71d54c64581f528df00a) [CI] Forgejo Actions based release process (squash) version use Actions environment variables in Makefile (#25319) (#25318) uses Actions variable to determine the version. But Forgejo builds happen in a container where they are not available. Do not use them. Also verify the version of the binary is as expected for sanity check. (cherry picked from commit 6decf111a132a869f9e5c6f4d20e368b8f74309f) (cherry picked from commit 206d0b3886b2d56b585bf552e53d952b35f07284) (cherry picked from commit e75cfdcfb418d567b0b02db11f9c701b51d6b1d0) (cherry picked from commit adc6436330c977fbfa1da8a41f4c94dda0b9c743) (cherry picked from commit cd6221dfea3401b9cde3e987dd75fa61e85c4ce4) 2023-06-14 13:32:20 +02:00			`- uses: actions/checkout@v3`

			`- name: copy & sign binaries and container images from one owner to another`
			`uses: ./.forgejo/actions/publish-release`
			`with:`
			`forgejo: ${{ secrets.FORGEJO }}`
			`from-owner: ${{ secrets.FROM_OWNER }}`
			`to-owner: ${{ secrets.TO_OWNER }}`
			`ref-name: ${{ github.ref_name }}`
			`doer: ${{ secrets.DOER }}`
			`token: ${{ secrets.TOKEN }}`
			`gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}`
			`gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}`
[CI] Forgejo Actions based release process (squash) doc / ca / verbosity - Document workflow - Increase verbosity if VERBOSE=true - Download the Certificate Authority if behind the VPN (cherry picked from commit 168d5d586904835762d213b2b8815b458a38c78f) (cherry picked from commit d6784841599f2f52b7f551b9d91293dfa008a4b0) (cherry picked from commit 1c7698055adfd08b7690ea98b31fd97a384255d9) 2023-07-07 16:30:56 +02:00			`verbose: ${{ secrets.VERBOSE }}`