Build nightly binaries with Actions (#25308)

Co-authored-by: silverwind <me@silverwind.io>
2024-11-04 09:19:06 +01:00 · 2023-06-16 13:00:39 -04:00 · 2023-06-16 13:00:39 -04:00 · 0ab9b7f426
commit 0ab9b7f426
parent 86d019682f
5 changed files with 61 additions and 147 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -1,138 +1,3 @@
 ---
 kind: pipeline
 type: docker
 name: release-latest
 platform:
  os: linux
  arch: amd64
 workspace:
  base: /source
  path: /
 trigger:
  branch:
    - main
    - "release/*"
  event:
    - push
  paths:
    exclude:
      - "docs/**"
 volumes:
  - name: deps
    temp: {}
 steps:
  - name: fetch-tags
    image: docker:git
    pull: always
    commands:
      - git fetch --tags --force
  - name: deps-frontend
    image: node:20
    pull: always
    commands:
      - make deps-frontend
  - name: deps-backend
    image: gitea/test_env:linux-1.20-amd64
    pull: always
    commands:
      - make deps-backend
    volumes:
      - name: deps
        path: /go
  - name: static
    image: techknowlogick/xgo:go-1.20.x
    pull: always
    commands:
      # Upgrade to node 20 once https://github.com/techknowlogick/xgo/issues/163 is resolved
      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get -qqy install nodejs
      - export PATH=$PATH:$GOPATH/bin
      - make release
    environment:
      GOPROXY: https://goproxy.io # proxy.golang.org is blocked in China, this proxy is not
      TAGS: bindata sqlite sqlite_unlock_notify
      DEBIAN_FRONTEND: noninteractive
    volumes:
      - name: deps
        path: /go
  - name: gpg-sign
    image: plugins/gpgsign:1
    pull: always
    settings:
      detach_sign: true
      excludes:
        - "dist/release/*.sha256"
      files:
        - "dist/release/*"
    environment:
      GPGSIGN_KEY:
        from_secret: gpgsign_key
      GPGSIGN_PASSPHRASE:
        from_secret: gpgsign_passphrase
  - name: release-branch
    image: woodpeckerci/plugin-s3:latest
    pull: always
    settings:
      acl:
        from_secret: aws_s3_acl
      region:
        from_secret: aws_s3_region
      bucket:
        from_secret: aws_s3_bucket
      endpoint:
        from_secret: aws_s3_endpoint
      path_style:
        from_secret: aws_s3_path_style
      source: "dist/release/*"
      strip_prefix: dist/release/
      target: "/gitea/${DRONE_BRANCH##release/v}"
    environment:
      AWS_ACCESS_KEY_ID:
        from_secret: aws_access_key_id
      AWS_SECRET_ACCESS_KEY:
        from_secret: aws_secret_access_key
    when:
      branch:
        - "release/*"
      event:
        - push
  - name: release-main
    image: woodpeckerci/plugin-s3:latest
    settings:
      acl:
        from_secret: aws_s3_acl
      region:
        from_secret: aws_s3_region
      bucket:
        from_secret: aws_s3_bucket
      endpoint:
        from_secret: aws_s3_endpoint
      path_style:
        from_secret: aws_s3_path_style
      source: "dist/release/*"
      strip_prefix: dist/release/
      target: /gitea/main
    environment:
      AWS_ACCESS_KEY_ID:
        from_secret: aws_access_key_id
      AWS_SECRET_ACCESS_KEY:
        from_secret: aws_secret_access_key
    when:
      branch:
        - main
      event:
        - push
 ---
 kind: pipeline
 name: release-version
--- a/.github/workflows/cron-licenses.yml
+++ b/.github/workflows/cron-licenses.yml
@ -3,6 +3,7 @@ name: cron-licenses
 on:
  schedule:
    - cron: "7 0 * * 1" # every Monday at 00:07 UTC
  workflow_dispatch:
 jobs:
  cron-licenses:
--- a/.github/workflows/cron-translations.yml
+++ b/.github/workflows/cron-translations.yml
@ -3,6 +3,7 @@ name: cron-translations
 on:
  schedule:
    - cron: "7 0 * * *" # every day at 00:07 UTC
  workflow_dispatch:
 jobs:
  crowdin-pull:
--- a/.github/workflows/release-nightly.yml
+++ b/.github/workflows/release-nightly.yml
@ -0,0 +1,59 @@
 name: release-nightly-assets
 on:
  push:
    branches: [ main, release/v* ]
 jobs:
  nightly-binary:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
      - run: git fetch --unshallow --quiet --tags --force
      - uses: actions/setup-go@v4
        with:
          go-version: ">=1.20"
          check-latest: true
      - uses: actions/setup-node@v3
        with:
          node-version: 20
      - run: make deps-frontend deps-backend
      # xgo build
      - run: make release
        env:
          TAGS: bindata sqlite sqlite_unlock_notify
      - name: import gpg key
        id: import_gpg
        uses: crazy-max/ghaction-import-gpg@v5
        with:
          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
      - name: sign binaries
        run: |
          for f in dist/release/*; do
            echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output "$f.asc" "$f"
          done
      # clean branch name to get the folder name in S3
      - name: Get cleaned branch name
        id: clean_name
        run: |
          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
          echo "Cleaned name is ${REF_NAME}"
          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
      - name: upload binaries to s3
        uses: jakejarvis/s3-sync-action@master
        env:
          AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
          SOURCE_DIR: dist/release
          DEST_DIR: gitea/${{ steps.clean_name.outputs.branch }}
  nightly-docker:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: docker/setup-buildx-action@v1
      # build for linux/amd64, and linux/arm64 (possibly include linux/arm/v7 later. not included now because it adds significant amount to the build time)
--- a/12
+++ b/12
@ -837,30 +837,18 @@ release-windows: | $(DIST_DIRS)
 ifeq (,$(findstring gogit,$(TAGS)))
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
 endif
 ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
 endif
 .PHONY: release-linux
 release-linux: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out gitea-$(VERSION) .
 ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
 endif
 .PHONY: release-darwin
 release-darwin: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64,darwin-10.12/arm64' -out gitea-$(VERSION) .
 ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
 endif
 .PHONY: release-freebsd
 release-freebsd: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'freebsd/amd64' -out gitea-$(VERSION) .
 ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
 endif
 .PHONY: release-copy
 release-copy: | $(DIST_DIRS)