From 168d5d586904835762d213b2b8815b458a38c78f Mon Sep 17 00:00:00 2001
From: Earl Warren <contact@earl-warren.org>
Date: Fri, 7 Jul 2023 16:30:56 +0200
Subject: [PATCH] [CI] Forgejo Actions based release process (squash) doc / ca
 / verbosity

- Document workflow
- Increase verbosity if VERBOSE=true
- Download the Certificate Authority if behind the VPN
---
 .forgejo/actions/publish-release/action.yml | 18 +++++++----
 .forgejo/workflows/publish-release.yml      | 35 +++++++++++++++++++++
 2 files changed, 47 insertions(+), 6 deletions(-)

diff --git a/.forgejo/actions/publish-release/action.yml b/.forgejo/actions/publish-release/action.yml
index bafa473000..e093b46e4d 100644
--- a/.forgejo/actions/publish-release/action.yml
+++ b/.forgejo/actions/publish-release/action.yml
@@ -5,30 +5,33 @@ description: |
 
 inputs:
   forgejo:
-    description: 'URL of the Forgejo instance where the release is uploaded'
+    description: 'URL of the Forgejo instance where the release is uploaded (e.g. https://codeberg.org)'
     required: true
   from-owner:
-    description: 'the owner from which a release is to be copied'
+    description: 'the owner from which a release is to be copied (e.g forgejo-integration)'
     required: true
   to-owner:
-    description: 'the owner to which a release is to be copied'
+    description: 'the owner to which a release is to be copied (e.g. forgejo-experimental). It has be an organization in which doer has the required permissions. Or be the same as the doer'
     required: true
   repo:
     description: 'the repository from which a release is to be copied relative to from-owner and to-owner'
     default: 'forgejo'
   ref-name:
-    description: 'ref_name of the tag of the release to be copied'
+    description: 'ref_name of the tag of the release to be copied (e.g. github.ref_name)'
     required: true
   doer:
-    description: 'Name of the user authoring the release'
+    description: 'Name of the user authoring the release (e.g. release-team). The user must be authorized to create packages in to-owner and releases in to-owner/repo'
     required: true
   token:
-    description: 'application token on FORGEJO with permission to the repository and the packages'
+    description: 'application token created on forgejo by the doer, with a scope allowing it to create packages in to-owner and releases in to-owner/repo'
     required: true
   gpg-private-key:
     description: 'GPG Private Key to sign the release artifacts'
   gpg-passphrase:
     description: 'Passphrase of the GPG Private Key'
+  verbose:
+    description: 'Increase the verbosity level'
+    default: 'false'
 
 runs:
   using: "composite"
@@ -59,6 +62,7 @@ runs:
         release-dir: release
         download-retry: 60
         token: ${{ inputs.token }}
+        verbose: ${{ inputs.verbose }}
 
     - name: upload release
       uses: https://code.forgejo.org/actions/forgejo-release@v1
@@ -71,6 +75,7 @@ runs:
         token: ${{ inputs.token }}
         gpg-private-key: ${{ inputs.gpg-private-key }}
         gpg-passphrase: ${{ inputs.gpg-passphrase }}
+        verbose: ${{ inputs.verbose }}
 
     - name: login to the registry
       uses: https://github.com/docker/login-action@v2
@@ -91,3 +96,4 @@ runs:
         tag: ${{ steps.tag-version.outputs.value }}
         doer: ${{ inputs.doer }}
         token: ${{ inputs.token }}
+        verbose: ${{ inputs.verbose }}
diff --git a/.forgejo/workflows/publish-release.yml b/.forgejo/workflows/publish-release.yml
index d95c20a31f..c76e78cc12 100644
--- a/.forgejo/workflows/publish-release.yml
+++ b/.forgejo/workflows/publish-release.yml
@@ -1,4 +1,31 @@
 # SPDX-License-Identifier: MIT
+#
+# See also https://forgejo.org/docs/next/developer/RELEASE/#release-process
+#
+# https://codeberg.org/forgejo-experimental/forgejo
+#
+#  Copies a release from codeberg.org/forgejo-integration to codeberg.org/forgejo-experimental
+#
+#  ROLE: forgejo-experimental
+#  FORGEJO: https://codeberg.org
+#  FROM_OWNER: forgejo-integration
+#  TO_OWNER: forgejo-experimental
+#  DOER: forgejo-experimental-ci
+#  TOKEN: <generated from codeberg.org/forgejo-experimental-ci>
+#
+# https://forgejo.octopuce.forgejo.org/forgejo/forgejo
+#
+#  Copies & sign a release from codeberg.org/forgejo-integration to codeberg.org/forgejo
+#
+#  ROLE: forgejo-release
+#  FORGEJO: https://codeberg.org
+#  FROM_OWNER: forgejo-integration
+#  TO_OWNER: forgejo
+#  DOER: release-team
+#  TOKEN: <generated from codeberg.org/release-team>
+#  GPG_PRIVATE_KEY: <XYZ>
+#  GPG_PASSPHRASE: <ABC>
+#
 name: Pubish release
 
 on: 
@@ -10,6 +37,13 @@ jobs:
     runs-on: self-hosted
     if: secrets.DOER != '' && secrets.FORGEJO != '' && secrets.TO_OWNER != '' && secrets.FROM_OWNER != '' && secrets.TOKEN != ''
     steps:
+      - name: install the certificate authority
+        if: secrets.ROLE == 'forgejo-release'
+        run: |
+          apt-get install -qq -y wget
+          wget --no-check-certificate -O /usr/local/share/ca-certificates/enough.crt https://forgejo.octopuce.forgejo.org/forgejo/enough/raw/branch/main/certs/2023-05-13/ca.crt
+          update-ca-certificates --fresh
+
       - uses: actions/checkout@v3
 
       - name: copy & sign binaries and container images from one owner to another
@@ -23,3 +57,4 @@ jobs:
           token: ${{ secrets.TOKEN }}
           gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
           gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
+          verbose: ${{ secrets.VERBOSE }}