b087cdc002
The input to the action is not image_suffix but tag_suffix. It finds an image and does not error. But it is the root image and the k8s cluster needs the rootless image.
96 lines
3.7 KiB
YAML
96 lines
3.7 KiB
YAML
# SPDX-License-Identifier: MIT
|
|
#
|
|
# See also https://forgejo.org/docs/next/contributor/release/#stable-release-process
|
|
#
|
|
# https://codeberg.org/forgejo-experimental/forgejo
|
|
#
|
|
# Copies a release from codeberg.org/forgejo-integration to codeberg.org/forgejo-experimental
|
|
#
|
|
# vars.ROLE: forgejo-experimental
|
|
# vars.FORGEJO: https://codeberg.org
|
|
# vars.FROM_OWNER: forgejo-integration
|
|
# vars.TO_OWNER: forgejo-experimental
|
|
# vars.REPO: forgejo
|
|
# vars.DOER: forgejo-experimental-ci
|
|
# secrets.TOKEN: <generated from codeberg.org/forgejo-experimental-ci>
|
|
#
|
|
# http://private.forgejo.org/forgejo/forgejo
|
|
#
|
|
# Copies & sign a release from codeberg.org/forgejo-integration to codeberg.org/forgejo
|
|
#
|
|
# vars.ROLE: forgejo-release
|
|
# vars.FORGEJO: https://codeberg.org
|
|
# vars.FROM_OWNER: forgejo-integration
|
|
# vars.TO_OWNER: forgejo
|
|
# vars.REPO: forgejo
|
|
# vars.DOER: release-team
|
|
# secrets.TOKEN: <generated from codeberg.org/release-team>
|
|
# secrets.GPG_PRIVATE_KEY: <XYZ>
|
|
# secrets.GPG_PASSPHRASE: <ABC>
|
|
#
|
|
name: Pubish release
|
|
|
|
on:
|
|
push:
|
|
tags: 'v*'
|
|
|
|
jobs:
|
|
publish:
|
|
runs-on: self-hosted
|
|
if: vars.DOER != '' && vars.FORGEJO != '' && vars.TO_OWNER != '' && vars.FROM_OWNER != '' && secrets.TOKEN != ''
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: copy & sign
|
|
uses: https://code.forgejo.org/forgejo/forgejo-build-publish/publish@v5
|
|
with:
|
|
from-forgejo: ${{ vars.FORGEJO }}
|
|
to-forgejo: ${{ vars.FORGEJO }}
|
|
from-owner: ${{ vars.FROM_OWNER }}
|
|
to-owner: ${{ vars.TO_OWNER }}
|
|
repo: ${{ vars.REPO }}
|
|
release-notes: "See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/RELEASE-NOTES.md#{ANCHOR}"
|
|
ref-name: ${{ github.ref_name }}
|
|
sha: ${{ github.sha }}
|
|
from-token: ${{ secrets.TOKEN }}
|
|
to-doer: ${{ vars.DOER }}
|
|
to-token: ${{ secrets.TOKEN }}
|
|
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
|
|
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
|
|
verbose: ${{ vars.VERBOSE }}
|
|
|
|
- name: upgrade v*.next.forgejo.org
|
|
run: |
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
apt-get update -qq
|
|
apt-get -q install -y -qq curl
|
|
version="${{ github.ref_name }}"
|
|
version=${version##*v}
|
|
major=$(echo $version | sed -E -e 's/^([0-9]+).*/\1/')
|
|
# https://forgejo.org/docs/next/developer/infrastructure
|
|
curl -o /dev/null -sS https://v$major.next.forgejo.org/.well-known/wakeup-on-logs/forgejo-v$major
|
|
|
|
- name: upgrade v*.next.forgejo.org (k8s)
|
|
uses: https://code.forgejo.org/infrastructure/next-digest@v1.0.0
|
|
with:
|
|
url: https://placeholder:${{ secrets.TOKEN_NEXT_DIGEST }}@code.forgejo.org/infrastructure/next-digest
|
|
ref_name: '${{ github.ref_name }}'
|
|
image: 'codeberg.org/forgejo-experimental/forgejo'
|
|
tag_suffix: '-rootless'
|
|
|
|
- name: set up go for the DNS update below
|
|
if: vars.ROLE == 'forgejo-experimental' && secrets.OVH_APP_KEY != ''
|
|
uses: https://code.forgejo.org/actions/setup-go@v5
|
|
with:
|
|
go-version-file: "go.mod"
|
|
- name: update the _release.experimental DNS record
|
|
if: vars.ROLE == 'forgejo-experimental' && secrets.OVH_APP_KEY != ''
|
|
uses: https://code.forgejo.org/actions/ovh-dns-update@v1
|
|
with:
|
|
subdomain: _release.experimental
|
|
domain: forgejo.com # there is a CNAME from .org to .com (for security reasons)
|
|
record-id: 5283602601
|
|
value: v=${{ github.ref_name }}
|
|
ovh-app-key: ${{ secrets.OVH_APP_KEY }}
|
|
ovh-app-secret: ${{ secrets.OVH_APP_SECRET }}
|
|
ovh-consumer-key: ${{ secrets.OVH_CON_KEY }}
|