From 4e3b8eaee30ef5684f954967a426772e57f77791 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 14 Jun 2023 15:10:35 -0400 Subject: [PATCH 01/11] switch to Actions for nightly builds --- .github/workflows/cron-licenses.yml | 1 + .github/workflows/cron-translations.yml | 1 + .github/workflows/release-nightly.yml | 32 +++++++++++++++++++++++++ 3 files changed, 34 insertions(+) create mode 100644 .github/workflows/release-nightly.yml diff --git a/.github/workflows/cron-licenses.yml b/.github/workflows/cron-licenses.yml index 8642049117e35..700d45a3c8bf3 100644 --- a/.github/workflows/cron-licenses.yml +++ b/.github/workflows/cron-licenses.yml @@ -3,6 +3,7 @@ name: cron-licenses on: schedule: - cron: "7 0 * * 1" # every Monday at 00:07 UTC + workflow_dispatch: jobs: cron-licenses: diff --git a/.github/workflows/cron-translations.yml b/.github/workflows/cron-translations.yml index a7c9ceabd345a..3f147c685d8c5 100644 --- a/.github/workflows/cron-translations.yml +++ b/.github/workflows/cron-translations.yml @@ -3,6 +3,7 @@ name: cron-translations on: schedule: - cron: "7 0 * * *" # every day at 00:07 UTC + workflow_dispatch: jobs: crowdin-pull: diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml new file mode 100644 index 0000000000000..83f6b6219c916 --- /dev/null +++ b/.github/workflows/release-nightly.yml @@ -0,0 +1,32 @@ +name: release-nightly-assets + +on: + push: + branches: [ main, release/v1.* ] + pull_request: + +jobs: + nightly-binary: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-go@v4 + with: + go-version: ">=1.20" + check-latest: true + - uses: actions/setup-node@v3 + with: + node-version: 20 + - run: git fetch --tags --force + - run: make deps-frontend deps-backend + - run: make release + env: + TAGS: bindata sqlite sqlite_unlock_notify + # gpg sign + # upload to s3 (directory based on branch name) + nightly-docker: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - uses: docker/setup-buildx-action@v1 + # build for linux/amd64, and linux/arm64 (possibly include linux/arm/v7 later. not included now because it adds significant amount to the build time) From 1b68cce95d3687f09f1c29c55d909bb6d51260d0 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 14 Jun 2023 15:30:04 -0400 Subject: [PATCH 02/11] rm specific container modifications from makefile --- .github/workflows/release-nightly.yml | 15 +++++++++++++-- Makefile | 12 ------------ 2 files changed, 13 insertions(+), 14 deletions(-) diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 83f6b6219c916..8ddf49f7dc360 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -17,12 +17,23 @@ jobs: - uses: actions/setup-node@v3 with: node-version: 20 + # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567 - run: git fetch --tags --force - run: make deps-frontend deps-backend - - run: make release + # xgo build + - run: | + make release + ls -laR dist env: TAGS: bindata sqlite sqlite_unlock_notify - # gpg sign + + - name: import gpg key + id: import_gpg + uses: crazy-max/ghaction-import-gpg@v5 + with: + gpg_private_key: ${{ secrets.GPGSIGN_KEY }} + passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} + # upload to s3 (directory based on branch name) nightly-docker: runs-on: ubuntu-latest diff --git a/Makefile b/Makefile index 664839273b55b..b3111d65f1832 100644 --- a/Makefile +++ b/Makefile @@ -831,30 +831,18 @@ release-windows: | $(DIST_DIRS) ifeq (,$(findstring gogit,$(TAGS))) CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit . endif -ifeq ($(CI),true) - cp /build/* $(DIST)/binaries -endif .PHONY: release-linux release-linux: | $(DIST_DIRS) CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out gitea-$(VERSION) . -ifeq ($(CI),true) - cp /build/* $(DIST)/binaries -endif .PHONY: release-darwin release-darwin: | $(DIST_DIRS) CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64,darwin-10.12/arm64' -out gitea-$(VERSION) . -ifeq ($(CI),true) - cp /build/* $(DIST)/binaries -endif .PHONY: release-freebsd release-freebsd: | $(DIST_DIRS) CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'freebsd/amd64' -out gitea-$(VERSION) . -ifeq ($(CI),true) - cp /build/* $(DIST)/binaries -endif .PHONY: release-copy release-copy: | $(DIST_DIRS) From 161d095b05414c6b4c94a5c72ead68b92f4e2e79 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 14 Jun 2023 15:57:15 -0400 Subject: [PATCH 03/11] build frontend outside of container --- .github/workflows/release-nightly.yml | 10 +++++++--- Makefile | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 8ddf49f7dc360..2491a4ec6d6a8 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -10,6 +10,12 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + with: + # depth: 0 fetches all commits + # we fetch all instead of just some, as some branches are long lived and could have many between versions + fetch-depth: 0 + # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567 + - run: git fetch --tags --force - uses: actions/setup-go@v4 with: go-version: ">=1.20" @@ -17,9 +23,7 @@ jobs: - uses: actions/setup-node@v3 with: node-version: 20 - # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567 - - run: git fetch --tags --force - - run: make deps-frontend deps-backend + - run: make deps-frontend deps-backend frontend # xgo build - run: | make release diff --git a/Makefile b/Makefile index b3111d65f1832..2fdffc8e1c7eb 100644 --- a/Makefile +++ b/Makefile @@ -820,7 +820,7 @@ $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ) CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@ .PHONY: release -release: frontend generate release-windows release-linux release-darwin release-freebsd release-copy release-compress vendor release-sources release-docs release-check +release: generate release-windows release-linux release-darwin release-freebsd release-copy release-compress vendor release-sources release-docs release-check $(DIST_DIRS): mkdir -p $(DIST_DIRS) From f7b1df594e3a5578560495bcb93780366e1789be Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Wed, 14 Jun 2023 15:57:56 -0400 Subject: [PATCH 04/11] add frontend back --- .github/workflows/release-nightly.yml | 2 +- Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 2491a4ec6d6a8..41b89c4bed2d1 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -23,7 +23,7 @@ jobs: - uses: actions/setup-node@v3 with: node-version: 20 - - run: make deps-frontend deps-backend frontend + - run: make deps-frontend deps-backend # xgo build - run: | make release diff --git a/Makefile b/Makefile index 2fdffc8e1c7eb..b3111d65f1832 100644 --- a/Makefile +++ b/Makefile @@ -820,7 +820,7 @@ $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ) CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@ .PHONY: release -release: generate release-windows release-linux release-darwin release-freebsd release-copy release-compress vendor release-sources release-docs release-check +release: frontend generate release-windows release-linux release-darwin release-freebsd release-copy release-compress vendor release-sources release-docs release-check $(DIST_DIRS): mkdir -p $(DIST_DIRS) From 363d5f9adc236bb31bdc4df54cd5cb7ef5310bb3 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Thu, 15 Jun 2023 01:31:12 -0400 Subject: [PATCH 05/11] sign binaries wth gpg --- .drone.yml | 51 --------------------------- .github/workflows/release-nightly.yml | 16 +++++++-- 2 files changed, 14 insertions(+), 53 deletions(-) diff --git a/.drone.yml b/.drone.yml index 4e7789ef92331..d86071fc17f0d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -26,57 +26,6 @@ volumes: temp: {} steps: - - name: fetch-tags - image: docker:git - pull: always - commands: - - git fetch --tags --force - - - name: deps-frontend - image: node:20 - pull: always - commands: - - make deps-frontend - - - name: deps-backend - image: gitea/test_env:linux-1.20-amd64 - pull: always - commands: - - make deps-backend - volumes: - - name: deps - path: /go - - - name: static - image: techknowlogick/xgo:go-1.20.x - pull: always - commands: - # Upgrade to node 20 once https://github.com/techknowlogick/xgo/issues/163 is resolved - - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get -qqy install nodejs - - export PATH=$PATH:$GOPATH/bin - - make release - environment: - GOPROXY: https://goproxy.io # proxy.golang.org is blocked in China, this proxy is not - TAGS: bindata sqlite sqlite_unlock_notify - DEBIAN_FRONTEND: noninteractive - volumes: - - name: deps - path: /go - - - name: gpg-sign - image: plugins/gpgsign:1 - pull: always - settings: - detach_sign: true - excludes: - - "dist/release/*.sha256" - files: - - "dist/release/*" - environment: - GPGSIGN_KEY: - from_secret: gpgsign_key - GPGSIGN_PASSPHRASE: - from_secret: gpgsign_passphrase - name: release-branch image: woodpeckerci/plugin-s3:latest diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 41b89c4bed2d1..bb476b6391fe3 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -37,8 +37,20 @@ jobs: with: gpg_private_key: ${{ secrets.GPGSIGN_KEY }} passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} - - # upload to s3 (directory based on branch name) + - name: sign binaries + run: | + for f in dist/release/*; do + echo "${{ secrets.GPGSIGN_PASSPHRASE }}" | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output $f.asc $f + done + - name: upload binaries to s3 + uses: jakejarvis/s3-sync-action@master + env: + AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_REGION: ${{ secrets.AWS_REGION }} + SOURCE_DIR: dist/release + DEST_DIR: gitea/${{ github.ref }} # TODO: fix dir here nightly-docker: runs-on: ubuntu-latest steps: From 876fb75eb91b4cd17213123b57d04d3ababb21a5 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Thu, 15 Jun 2023 14:18:32 -0400 Subject: [PATCH 06/11] upload to s3 --- .drone.yml | 84 --------------------------- .github/workflows/release-nightly.yml | 16 +++-- 2 files changed, 10 insertions(+), 90 deletions(-) diff --git a/.drone.yml b/.drone.yml index d86071fc17f0d..d54f3c198d204 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,87 +1,3 @@ ---- -kind: pipeline -type: docker -name: release-latest - -platform: - os: linux - arch: amd64 - -workspace: - base: /source - path: / - -trigger: - branch: - - main - - "release/*" - event: - - push - paths: - exclude: - - "docs/**" - -volumes: - - name: deps - temp: {} - -steps: - - - name: release-branch - image: woodpeckerci/plugin-s3:latest - pull: always - settings: - acl: - from_secret: aws_s3_acl - region: - from_secret: aws_s3_region - bucket: - from_secret: aws_s3_bucket - endpoint: - from_secret: aws_s3_endpoint - path_style: - from_secret: aws_s3_path_style - source: "dist/release/*" - strip_prefix: dist/release/ - target: "/gitea/${DRONE_BRANCH##release/v}" - environment: - AWS_ACCESS_KEY_ID: - from_secret: aws_access_key_id - AWS_SECRET_ACCESS_KEY: - from_secret: aws_secret_access_key - when: - branch: - - "release/*" - event: - - push - - - name: release-main - image: woodpeckerci/plugin-s3:latest - settings: - acl: - from_secret: aws_s3_acl - region: - from_secret: aws_s3_region - bucket: - from_secret: aws_s3_bucket - endpoint: - from_secret: aws_s3_endpoint - path_style: - from_secret: aws_s3_path_style - source: "dist/release/*" - strip_prefix: dist/release/ - target: /gitea/main - environment: - AWS_ACCESS_KEY_ID: - from_secret: aws_access_key_id - AWS_SECRET_ACCESS_KEY: - from_secret: aws_secret_access_key - when: - branch: - - main - event: - - push - --- kind: pipeline name: release-version diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index bb476b6391fe3..f21742ca375f9 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -25,12 +25,9 @@ jobs: node-version: 20 - run: make deps-frontend deps-backend # xgo build - - run: | - make release - ls -laR dist + - run: make release env: TAGS: bindata sqlite sqlite_unlock_notify - - name: import gpg key id: import_gpg uses: crazy-max/ghaction-import-gpg@v5 @@ -40,8 +37,15 @@ jobs: - name: sign binaries run: | for f in dist/release/*; do - echo "${{ secrets.GPGSIGN_PASSPHRASE }}" | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output $f.asc $f + echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output $f.asc $f done + # clean branch name to get the folder name in S3 + - name: Get cleaned branch name + id: clean_name + run: | + REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//') + echo "Cleaned name is ${REF_NAME}" + echo "::set-output name=branch::${REF_NAME}" - name: upload binaries to s3 uses: jakejarvis/s3-sync-action@master env: @@ -50,7 +54,7 @@ jobs: AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_REGION: ${{ secrets.AWS_REGION }} SOURCE_DIR: dist/release - DEST_DIR: gitea/${{ github.ref }} # TODO: fix dir here + DEST_DIR: gitea/${{ steps.clean_name.outputs.branch }} nightly-docker: runs-on: ubuntu-latest steps: From a4b59914fea67f608362d4bf99b5bc06dc9f7629 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Fri, 16 Jun 2023 10:15:34 -0400 Subject: [PATCH 07/11] rm run on PR --- .github/workflows/release-nightly.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index f21742ca375f9..3faa0d5e20cf2 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -3,7 +3,6 @@ name: release-nightly-assets on: push: branches: [ main, release/v1.* ] - pull_request: jobs: nightly-binary: From 57b6792949c03a696dea1eaf7cdc1377bcc53867 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Fri, 16 Jun 2023 11:14:36 -0400 Subject: [PATCH 08/11] update per feedback and also fix shellcheck issues --- .github/workflows/release-nightly.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 3faa0d5e20cf2..9b9ced9c68a8e 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -2,7 +2,7 @@ name: release-nightly-assets on: push: - branches: [ main, release/v1.* ] + branches: [ main, release/v* ] jobs: nightly-binary: @@ -36,7 +36,7 @@ jobs: - name: sign binaries run: | for f in dist/release/*; do - echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output $f.asc $f + echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output '$f.asc' '$f' done # clean branch name to get the folder name in S3 - name: Get cleaned branch name @@ -44,7 +44,7 @@ jobs: run: | REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//') echo "Cleaned name is ${REF_NAME}" - echo "::set-output name=branch::${REF_NAME}" + echo "branch=${REF_NAME}" >> $GITHUB_OUTPUT - name: upload binaries to s3 uses: jakejarvis/s3-sync-action@master env: From 4b5dfc2a8ef065302d600bd281a59aa4ab97c509 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Fri, 16 Jun 2023 12:02:00 -0400 Subject: [PATCH 09/11] shellcheck --- .github/workflows/release-nightly.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 9b9ced9c68a8e..3d83cc8c5174c 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -36,7 +36,7 @@ jobs: - name: sign binaries run: | for f in dist/release/*; do - echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output '$f.asc' '$f' + echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output "$f.asc" "$f" done # clean branch name to get the folder name in S3 - name: Get cleaned branch name From 42fb49309213b5dfcc7a1087840096ba9fb1abf3 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Fri, 16 Jun 2023 12:06:32 -0400 Subject: [PATCH 10/11] Update .github/workflows/release-nightly.yml Co-authored-by: silverwind --- .github/workflows/release-nightly.yml | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 3d83cc8c5174c..a6d23ad4ff926 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -9,12 +9,9 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 - with: - # depth: 0 fetches all commits - # we fetch all instead of just some, as some branches are long lived and could have many between versions - fetch-depth: 0 + # fetch all commits instead of only the last as some branches are long lived and could have many between versions # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567 - - run: git fetch --tags --force + - run: git fetch --unshallow --quiet --tags --force - uses: actions/setup-go@v4 with: go-version: ">=1.20" From bb878088270b03b01cbb857415220f35d92e4d1f Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Fri, 16 Jun 2023 12:23:19 -0400 Subject: [PATCH 11/11] shellcheck --- .github/workflows/release-nightly.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml index 3d83cc8c5174c..9a88e4a7f3daa 100644 --- a/.github/workflows/release-nightly.yml +++ b/.github/workflows/release-nightly.yml @@ -44,7 +44,7 @@ jobs: run: | REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//') echo "Cleaned name is ${REF_NAME}" - echo "branch=${REF_NAME}" >> $GITHUB_OUTPUT + echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT" - name: upload binaries to s3 uses: jakejarvis/s3-sync-action@master env: