this builds binaries and docker images for tagstags/v1.22.0-rc0
@@ -1,428 +0,0 @@ | |||
--- | |||
kind: pipeline | |||
name: release-version | |||
platform: | |||
os: linux | |||
arch: amd64 | |||
workspace: | |||
base: /source | |||
path: / | |||
trigger: | |||
event: | |||
- tag | |||
volumes: | |||
- name: deps | |||
temp: {} | |||
steps: | |||
- name: fetch-tags | |||
image: docker:git | |||
pull: always | |||
commands: | |||
- git fetch --tags --force | |||
- name: deps-frontend | |||
image: node:20 | |||
pull: always | |||
commands: | |||
- make deps-frontend | |||
- name: deps-backend | |||
image: gitea/test_env:linux-1.20-amd64 | |||
pull: always | |||
commands: | |||
- make deps-backend | |||
volumes: | |||
- name: deps | |||
path: /go | |||
- name: static | |||
image: techknowlogick/xgo:go-1.21.x | |||
pull: always | |||
commands: | |||
- apt-get update && apt-get -qqy install ca-certificates curl gnupg | |||
- mkdir -p /etc/apt/keyrings && curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg | |||
- echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" > /etc/apt/sources.list.d/nodesource.list | |||
- apt-get update && apt-get -qqy install nodejs | |||
- export PATH=$PATH:$GOPATH/bin | |||
- make release | |||
environment: | |||
GOPROXY: https://goproxy.io # proxy.golang.org is blocked in China, this proxy is not | |||
TAGS: bindata sqlite sqlite_unlock_notify | |||
DEBIAN_FRONTEND: noninteractive | |||
depends_on: [fetch-tags] | |||
volumes: | |||
- name: deps | |||
path: /go | |||
- name: gpg-sign | |||
image: plugins/gpgsign:1 | |||
pull: always | |||
settings: | |||
detach_sign: true | |||
excludes: | |||
- "dist/release/*.sha256" | |||
files: | |||
- "dist/release/*" | |||
environment: | |||
GPGSIGN_KEY: | |||
from_secret: gpgsign_key | |||
GPGSIGN_PASSPHRASE: | |||
from_secret: gpgsign_passphrase | |||
depends_on: [static] | |||
- name: release-tag | |||
image: woodpeckerci/plugin-s3:latest | |||
pull: always | |||
settings: | |||
acl: | |||
from_secret: aws_s3_acl | |||
region: | |||
from_secret: aws_s3_region | |||
bucket: | |||
from_secret: aws_s3_bucket | |||
endpoint: | |||
from_secret: aws_s3_endpoint | |||
path_style: | |||
from_secret: aws_s3_path_style | |||
source: "dist/release/*" | |||
strip_prefix: dist/release/ | |||
target: "/gitea/${DRONE_TAG##v}" | |||
environment: | |||
AWS_ACCESS_KEY_ID: | |||
from_secret: aws_access_key_id | |||
AWS_SECRET_ACCESS_KEY: | |||
from_secret: aws_secret_access_key | |||
depends_on: [gpg-sign] | |||
- name: github | |||
image: plugins/github-release:latest | |||
pull: always | |||
settings: | |||
files: | |||
- "dist/release/*" | |||
file_exists: overwrite | |||
environment: | |||
GITHUB_TOKEN: | |||
from_secret: github_token | |||
depends_on: [gpg-sign] | |||
--- | |||
kind: pipeline | |||
type: docker | |||
name: docker-linux-amd64-release-version | |||
platform: | |||
os: linux | |||
arch: amd64 | |||
trigger: | |||
ref: | |||
include: | |||
- "refs/tags/**" | |||
exclude: | |||
- "refs/tags/**-rc*" | |||
paths: | |||
exclude: | |||
- "docs/**" | |||
steps: | |||
- name: fetch-tags | |||
image: docker:git | |||
pull: always | |||
commands: | |||
- git fetch --tags --force | |||
- name: publish | |||
image: plugins/docker:latest | |||
pull: always | |||
settings: | |||
auto_tag: true | |||
auto_tag_suffix: linux-amd64 | |||
repo: gitea/gitea | |||
build_args: | |||
- GOPROXY=https://goproxy.io | |||
password: | |||
from_secret: docker_password | |||
username: | |||
from_secret: docker_username | |||
environment: | |||
PLUGIN_MIRROR: | |||
from_secret: plugin_mirror | |||
DOCKER_BUILDKIT: 1 | |||
when: | |||
event: | |||
exclude: | |||
- pull_request | |||
- name: publish-rootless | |||
image: plugins/docker:latest | |||
settings: | |||
dockerfile: Dockerfile.rootless | |||
auto_tag: true | |||
auto_tag_suffix: linux-amd64-rootless | |||
repo: gitea/gitea | |||
build_args: | |||
- GOPROXY=https://goproxy.io | |||
password: | |||
from_secret: docker_password | |||
username: | |||
from_secret: docker_username | |||
environment: | |||
PLUGIN_MIRROR: | |||
from_secret: plugin_mirror | |||
DOCKER_BUILDKIT: 1 | |||
when: | |||
event: | |||
exclude: | |||
- pull_request | |||
--- | |||
kind: pipeline | |||
type: docker | |||
name: docker-linux-amd64-release-candidate-version | |||
platform: | |||
os: linux | |||
arch: amd64 | |||
trigger: | |||
ref: | |||
- "refs/tags/**-rc*" | |||
paths: | |||
exclude: | |||
- "docs/**" | |||
steps: | |||
- name: fetch-tags | |||
image: docker:git | |||
pull: always | |||
commands: | |||
- git fetch --tags --force | |||
- name: publish | |||
image: plugins/docker:latest | |||
pull: always | |||
settings: | |||
tags: ${DRONE_TAG##v}-linux-amd64 | |||
repo: gitea/gitea | |||
build_args: | |||
- GOPROXY=https://goproxy.io | |||
password: | |||
from_secret: docker_password | |||
username: | |||
from_secret: docker_username | |||
environment: | |||
PLUGIN_MIRROR: | |||
from_secret: plugin_mirror | |||
DOCKER_BUILDKIT: 1 | |||
when: | |||
event: | |||
exclude: | |||
- pull_request | |||
- name: publish-rootless | |||
image: plugins/docker:latest | |||
settings: | |||
dockerfile: Dockerfile.rootless | |||
tags: ${DRONE_TAG##v}-linux-amd64-rootless | |||
repo: gitea/gitea | |||
build_args: | |||
- GOPROXY=https://goproxy.io | |||
password: | |||
from_secret: docker_password | |||
username: | |||
from_secret: docker_username | |||
environment: | |||
PLUGIN_MIRROR: | |||
from_secret: plugin_mirror | |||
DOCKER_BUILDKIT: 1 | |||
when: | |||
event: | |||
exclude: | |||
- pull_request | |||
--- | |||
kind: pipeline | |||
type: docker | |||
name: docker-linux-arm64-release-version | |||
platform: | |||
os: linux | |||
arch: arm64 | |||
trigger: | |||
ref: | |||
include: | |||
- "refs/tags/**" | |||
exclude: | |||
- "refs/tags/**-rc*" | |||
paths: | |||
exclude: | |||
- "docs/**" | |||
steps: | |||
- name: fetch-tags | |||
image: docker:git | |||
pull: always | |||
commands: | |||
- git fetch --tags --force | |||
- name: publish | |||
image: plugins/docker:latest | |||
pull: always | |||
settings: | |||
auto_tag: true | |||
auto_tag_suffix: linux-arm64 | |||
repo: gitea/gitea | |||
build_args: | |||
- GOPROXY=https://goproxy.io | |||
password: | |||
from_secret: docker_password | |||
username: | |||
from_secret: docker_username | |||
environment: | |||
PLUGIN_MIRROR: | |||
from_secret: plugin_mirror | |||
DOCKER_BUILDKIT: 1 | |||
when: | |||
event: | |||
exclude: | |||
- pull_request | |||
- name: publish-rootless | |||
image: plugins/docker:latest | |||
settings: | |||
dockerfile: Dockerfile.rootless | |||
auto_tag: true | |||
auto_tag_suffix: linux-arm64-rootless | |||
repo: gitea/gitea | |||
build_args: | |||
- GOPROXY=https://goproxy.io | |||
password: | |||
from_secret: docker_password | |||
username: | |||
from_secret: docker_username | |||
environment: | |||
PLUGIN_MIRROR: | |||
from_secret: plugin_mirror | |||
DOCKER_BUILDKIT: 1 | |||
when: | |||
event: | |||
exclude: | |||
- pull_request | |||
--- | |||
kind: pipeline | |||
type: docker | |||
name: docker-linux-arm64-release-candidate-version | |||
platform: | |||
os: linux | |||
arch: arm64 | |||
trigger: | |||
ref: | |||
- "refs/tags/**-rc*" | |||
paths: | |||
exclude: | |||
- "docs/**" | |||
steps: | |||
- name: fetch-tags | |||
image: docker:git | |||
pull: always | |||
commands: | |||
- git fetch --tags --force | |||
- name: publish | |||
image: plugins/docker:latest | |||
pull: always | |||
settings: | |||
tags: ${DRONE_TAG##v}-linux-arm64 | |||
repo: gitea/gitea | |||
build_args: | |||
- GOPROXY=https://goproxy.io | |||
password: | |||
from_secret: docker_password | |||
username: | |||
from_secret: docker_username | |||
environment: | |||
PLUGIN_MIRROR: | |||
from_secret: plugin_mirror | |||
DOCKER_BUILDKIT: 1 | |||
when: | |||
event: | |||
exclude: | |||
- pull_request | |||
- name: publish-rootless | |||
image: plugins/docker:latest | |||
settings: | |||
dockerfile: Dockerfile.rootless | |||
tags: ${DRONE_TAG##v}-linux-arm64-rootless | |||
repo: gitea/gitea | |||
build_args: | |||
- GOPROXY=https://goproxy.io | |||
password: | |||
from_secret: docker_password | |||
username: | |||
from_secret: docker_username | |||
environment: | |||
PLUGIN_MIRROR: | |||
from_secret: plugin_mirror | |||
DOCKER_BUILDKIT: 1 | |||
when: | |||
event: | |||
exclude: | |||
- pull_request | |||
--- | |||
kind: pipeline | |||
type: docker | |||
name: docker-manifest-version | |||
platform: | |||
os: linux | |||
arch: amd64 | |||
steps: | |||
- name: manifest-rootless | |||
image: plugins/manifest | |||
pull: always | |||
settings: | |||
auto_tag: true | |||
ignore_missing: true | |||
spec: docker/manifest.rootless.tmpl | |||
password: | |||
from_secret: docker_password | |||
username: | |||
from_secret: docker_username | |||
- name: manifest | |||
image: plugins/manifest | |||
settings: | |||
auto_tag: true | |||
ignore_missing: true | |||
spec: docker/manifest.tmpl | |||
password: | |||
from_secret: docker_password | |||
username: | |||
from_secret: docker_username | |||
trigger: | |||
ref: | |||
- "refs/tags/**" | |||
paths: | |||
exclude: | |||
- "docs/**" | |||
depends_on: | |||
- docker-linux-amd64-release-version | |||
- docker-linux-amd64-release-candidate-version | |||
- docker-linux-arm64-release-version | |||
- docker-linux-arm64-release-candidate-version |
@@ -1,4 +1,4 @@ | |||
name: release-nightly-assets | |||
name: release-nightly | |||
on: | |||
push: |
@@ -0,0 +1,125 @@ | |||
name: release-tag-rc | |||
on: | |||
push: | |||
tags: | |||
- 'v1*-rc*' | |||
concurrency: | |||
group: ${{ github.workflow }}-${{ github.ref }} | |||
cancel-in-progress: false | |||
jobs: | |||
binary: | |||
runs-on: nscloud | |||
steps: | |||
- uses: actions/checkout@v4 | |||
# fetch all commits instead of only the last as some branches are long lived and could have many between versions | |||
# fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567 | |||
- run: git fetch --unshallow --quiet --tags --force | |||
- uses: actions/setup-go@v4 | |||
with: | |||
go-version: "~1.21" | |||
check-latest: true | |||
- uses: actions/setup-node@v3 | |||
with: | |||
node-version: 20 | |||
- run: make deps-frontend deps-backend | |||
# xgo build | |||
- run: make release | |||
env: | |||
TAGS: bindata sqlite sqlite_unlock_notify | |||
- name: import gpg key | |||
id: import_gpg | |||
uses: crazy-max/ghaction-import-gpg@v5 | |||
with: | |||
gpg_private_key: ${{ secrets.GPGSIGN_KEY }} | |||
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} | |||
- name: sign binaries | |||
run: | | |||
for f in dist/release/*; do | |||
echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output "$f.asc" "$f" | |||
done | |||
# clean branch name to get the folder name in S3 | |||
- name: Get cleaned branch name | |||
id: clean_name | |||
run: | | |||
REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//') | |||
echo "Cleaned name is ${REF_NAME}" | |||
echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT" | |||
- name: configure aws | |||
uses: aws-actions/configure-aws-credentials@v4 | |||
with: | |||
aws-region: ${{ secrets.AWS_REGION }} | |||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |||
- name: upload binaries to s3 | |||
run: | | |||
aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress | |||
- name: create github release | |||
run: | | |||
gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --draft --notes-from-tag dist/release/* | |||
env: | |||
GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |||
docker-rootful: | |||
runs-on: ubuntu-latest | |||
steps: | |||
- uses: actions/checkout@v4 | |||
# fetch all commits instead of only the last as some branches are long lived and could have many between versions | |||
# fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567 | |||
- run: git fetch --unshallow --quiet --tags --force | |||
- uses: docker/setup-qemu-action@v2 | |||
- uses: docker/setup-buildx-action@v2 | |||
- uses: docker/metadata-action@v5 | |||
id: meta | |||
with: | |||
images: gitea/gitea | |||
# 1.2.3-rc0 | |||
tags: | | |||
type=semver,pattern={{version}} | |||
- name: Login to Docker Hub | |||
uses: docker/login-action@v2 | |||
with: | |||
username: ${{ secrets.DOCKERHUB_USERNAME }} | |||
password: ${{ secrets.DOCKERHUB_TOKEN }} | |||
- name: build rootful docker image | |||
uses: docker/build-push-action@v4 | |||
with: | |||
context: . | |||
platforms: linux/amd64,linux/arm64 | |||
push: true | |||
tags: ${{ steps.meta.outputs.tags }} | |||
labels: ${{ steps.meta.outputs.labels }} | |||
docker-rootless: | |||
runs-on: ubuntu-latest | |||
steps: | |||
- uses: actions/checkout@v4 | |||
# fetch all commits instead of only the last as some branches are long lived and could have many between versions | |||
# fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567 | |||
- run: git fetch --unshallow --quiet --tags --force | |||
- uses: docker/setup-qemu-action@v2 | |||
- uses: docker/setup-buildx-action@v2 | |||
- uses: docker/metadata-action@v5 | |||
id: meta | |||
with: | |||
images: gitea/gitea | |||
# each tag below will have the suffix of -rootless | |||
flavor: | | |||
suffix=-rootless | |||
# 1.2.3-rc0 | |||
tags: | | |||
type=semver,pattern={{version}} | |||
- name: Login to Docker Hub | |||
uses: docker/login-action@v2 | |||
with: | |||
username: ${{ secrets.DOCKERHUB_USERNAME }} | |||
password: ${{ secrets.DOCKERHUB_TOKEN }} | |||
- name: build rootless docker image | |||
uses: docker/build-push-action@v4 | |||
with: | |||
context: . | |||
platforms: linux/amd64,linux/arm64 | |||
push: true | |||
file: Dockerfile.rootless | |||
tags: ${{ steps.meta.outputs.tags }} | |||
labels: ${{ steps.meta.outputs.labels }} |
@@ -0,0 +1,141 @@ | |||
name: release-tag-version | |||
on: | |||
push: | |||
tags: | |||
- 'v1.*' | |||
- '!v1*-rc*' | |||
- '!v1*-dev' | |||
concurrency: | |||
group: ${{ github.workflow }}-${{ github.ref }} | |||
cancel-in-progress: false | |||
jobs: | |||
binary: | |||
runs-on: nscloud | |||
steps: | |||
- uses: actions/checkout@v4 | |||
# fetch all commits instead of only the last as some branches are long lived and could have many between versions | |||
# fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567 | |||
- run: git fetch --unshallow --quiet --tags --force | |||
- uses: actions/setup-go@v4 | |||
with: | |||
go-version: "~1.21" | |||
check-latest: true | |||
- uses: actions/setup-node@v3 | |||
with: | |||
node-version: 20 | |||
- run: make deps-frontend deps-backend | |||
# xgo build | |||
- run: make release | |||
env: | |||
TAGS: bindata sqlite sqlite_unlock_notify | |||
- name: import gpg key | |||
id: import_gpg | |||
uses: crazy-max/ghaction-import-gpg@v5 | |||
with: | |||
gpg_private_key: ${{ secrets.GPGSIGN_KEY }} | |||
passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }} | |||
- name: sign binaries | |||
run: | | |||
for f in dist/release/*; do | |||
echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output "$f.asc" "$f" | |||
done | |||
# clean branch name to get the folder name in S3 | |||
- name: Get cleaned branch name | |||
id: clean_name | |||
run: | | |||
REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//') | |||
echo "Cleaned name is ${REF_NAME}" | |||
echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT" | |||
- name: configure aws | |||
uses: aws-actions/configure-aws-credentials@v4 | |||
with: | |||
aws-region: ${{ secrets.AWS_REGION }} | |||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |||
- name: upload binaries to s3 | |||
run: | | |||
aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress | |||
- name: create github release | |||
run: | | |||
gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --draft --notes-from-tag dist/release/* | |||
env: | |||
GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }} | |||
docker-rootful: | |||
runs-on: ubuntu-latest | |||
steps: | |||
- uses: actions/checkout@v4 | |||
# fetch all commits instead of only the last as some branches are long lived and could have many between versions | |||
# fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567 | |||
- run: git fetch --unshallow --quiet --tags --force | |||
- uses: docker/setup-qemu-action@v2 | |||
- uses: docker/setup-buildx-action@v2 | |||
- uses: docker/metadata-action@v5 | |||
id: meta | |||
with: | |||
images: gitea/gitea | |||
# this will generate tags in the following format: | |||
# latest | |||
# 1 | |||
# 1.2 | |||
# 1.2.3 | |||
tags: | | |||
type=raw,value=latest | |||
type=semver,pattern={{major}} | |||
type=semver,pattern={{major}}.{{minor}} | |||
type=semver,pattern={{version}} | |||
- name: Login to Docker Hub | |||
uses: docker/login-action@v2 | |||
with: | |||
username: ${{ secrets.DOCKERHUB_USERNAME }} | |||
password: ${{ secrets.DOCKERHUB_TOKEN }} | |||
- name: build rootful docker image | |||
uses: docker/build-push-action@v4 | |||
with: | |||
context: . | |||
platforms: linux/amd64,linux/arm64 | |||
push: true | |||
tags: ${{ steps.meta.outputs.tags }} | |||
labels: ${{ steps.meta.outputs.labels }} | |||
docker-rootless: | |||
runs-on: ubuntu-latest | |||
steps: | |||
- uses: actions/checkout@v4 | |||
# fetch all commits instead of only the last as some branches are long lived and could have many between versions | |||
# fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567 | |||
- run: git fetch --unshallow --quiet --tags --force | |||
- uses: docker/setup-qemu-action@v2 | |||
- uses: docker/setup-buildx-action@v2 | |||
- uses: docker/metadata-action@v5 | |||
id: meta | |||
with: | |||
images: gitea/gitea | |||
# each tag below will have the suffix of -rootless | |||
flavor: | | |||
suffix=-rootless | |||
# this will generate tags in the following format (with -rootless suffix added): | |||
# latest | |||
# 1 | |||
# 1.2 | |||
# 1.2.3 | |||
tags: | | |||
type=raw,value=latest | |||
type=semver,pattern={{major}} | |||
type=semver,pattern={{major}}.{{minor}} | |||
type=semver,pattern={{version}} | |||
- name: Login to Docker Hub | |||
uses: docker/login-action@v2 | |||
with: | |||
username: ${{ secrets.DOCKERHUB_USERNAME }} | |||
password: ${{ secrets.DOCKERHUB_TOKEN }} | |||
- name: build rootless docker image | |||
uses: docker/build-push-action@v4 | |||
with: | |||
context: . | |||
platforms: linux/amd64,linux/arm64 | |||
push: true | |||
file: Dockerfile.rootless | |||
tags: ${{ steps.meta.outputs.tags }} | |||
labels: ${{ steps.meta.outputs.labels }} |
@@ -24,8 +24,6 @@ rules: | |||
document-start: | |||
level: error | |||
present: false | |||
ignore: | | |||
/.drone.yml | |||
document-end: | |||
present: false |