CatAClock/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-05-20 11:12:38 +00:00
Code Issues Projects Releases Packages Wiki Activity
forgejo/.forgejo/workflows/publish-release.yml
Earl Warren a16350d9f4 chore(release): next-digest moved to invisible.forgejo.org (#7720) 
In order to improve the security of the Forgejo infrastructure the next-digest repository was moved to a private instance.

## Testing

- After the merge, trigger a mirror to build a new v12.0-test release
- Verify in experimental that the workflows works as expected
- Verify v12.next.forgejo.org is upgraded with the latest commit
- Once the test completes
    - Tag for backport to v11 & v7
    - Manual backport to v7 because it conflicts

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7720
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
2025-04-29 15:53:08 +00:00

88 lines
3.2 KiB
YAML
Raw Blame History

# SPDX-License-Identifier: MIT
#
# See also https://forgejo.org/docs/next/contributor/release/#stable-release-process
#
# TOKEN_NEXT_DIGEST is a token with write repository access to https://invisible.forgejo.org/infrastructure/next-digest issued by https://invisible.forgejo.org/forgejo-next-digest
#
# https://codeberg.org/forgejo-experimental/forgejo
#
# Copies a release from codeberg.org/forgejo-integration to codeberg.org/forgejo-experimental
#
# vars.ROLE: forgejo-experimental
# vars.FORGEJO: https://codeberg.org
# vars.FROM_OWNER: forgejo-integration
# vars.TO_OWNER: forgejo-experimental
# vars.REPO: forgejo
# vars.DOER: forgejo-experimental-ci
# secrets.TOKEN: <generated from codeberg.org/forgejo-experimental-ci>
#
# http://invisible.forgejo.org/forgejo/forgejo
#
# Copies & sign a release from codeberg.org/forgejo-integration to codeberg.org/forgejo
#
# vars.ROLE: forgejo-release
# vars.FORGEJO: https://codeberg.org
# vars.FROM_OWNER: forgejo-integration
# vars.TO_OWNER: forgejo
# vars.REPO: forgejo
# vars.DOER: release-team
# secrets.TOKEN: <generated from codeberg.org/release-team>
# secrets.GPG_PRIVATE_KEY: <XYZ>
# secrets.GPG_PASSPHRASE: <ABC>
#
name: Pubish release
on:
push:
tags: 'v*'
jobs:
publish:
runs-on: lxc-bookworm
if: vars.DOER != '' && vars.FORGEJO != '' && vars.TO_OWNER != '' && vars.FROM_OWNER != '' && secrets.TOKEN != ''
steps:
- uses: https://data.forgejo.org/actions/checkout@v4
- name: copy & sign
uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.3.4
with:
from-forgejo: ${{ vars.FORGEJO }}
to-forgejo: ${{ vars.FORGEJO }}
from-owner: ${{ vars.FROM_OWNER }}
to-owner: ${{ vars.TO_OWNER }}
repo: ${{ vars.REPO }}
release-notes: "See https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/{VERSION}.md"
ref-name: ${{ github.ref_name }}
sha: ${{ github.sha }}
from-token: ${{ secrets.TOKEN }}
to-doer: ${{ vars.DOER }}
to-token: ${{ secrets.TOKEN }}
gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
verbose: ${{ vars.VERBOSE }}
- name: get trigger mirror issue
id: mirror
uses: https://data.forgejo.org/infrastructure/issue-action/get@v1.3.0
with:
forgejo: https://code.forgejo.org
repository: forgejo/forgejo
labels: mirror-trigger
- name: trigger the mirror
uses: https://data.forgejo.org/infrastructure/issue-action/set@v1.3.0
with:
forgejo: https://code.forgejo.org
repository: forgejo/forgejo
token: ${{ secrets.LABEL_ISSUE_FORGEJO_MIRROR_TOKEN }}
numbers: ${{ steps.mirror.outputs.numbers }}
label-wait-if-exists: 3600
label: trigger
- name: upgrade v*.next.forgejo.org
uses: https://data.forgejo.org/infrastructure/next-digest@v1.1.0
with:
url: https://placeholder:${{ secrets.TOKEN_NEXT_DIGEST }}@invisible.forgejo.org/infrastructure/next-digest
ref_name: '${{ github.ref_name }}'
image: 'codeberg.org/forgejo-experimental/forgejo'
tag_suffix: '-rootless'
Reference in a new issue View git blame Copy permalink