Build nightly binaries with Actions (go-gitea#25308)

Co-authored-by: silverwind <[email protected]>

Author: techknowlogick

.drone.yml

@@ -1,138 +1,3 @@
----
-kind: pipeline
-type: docker
-name: release-latest
-
-platform:
-  os: linux
-  arch: amd64
-
-workspace:
-  base: /source
-  path: /
-
-trigger:
-  branch:
-    - main
-    - "release/*"
-  event:
-    - push
-  paths:
-    exclude:
-      - "docs/**"
-
-volumes:
-  - name: deps
-    temp: {}
-
-steps:
-  - name: fetch-tags
-    image: docker:git
-    pull: always
-    commands:
-      - git fetch --tags --force
-
-  - name: deps-frontend
-    image: node:20
-    pull: always
-    commands:
-      - make deps-frontend
-
-  - name: deps-backend
-    image: gitea/test_env:linux-1.20-amd64
-    pull: always
-    commands:
-      - make deps-backend
-    volumes:
-      - name: deps
-        path: /go
-
-  - name: static
-    image: techknowlogick/xgo:go-1.20.x
-    pull: always
-    commands:
-      # Upgrade to node 20 once https://github.com/techknowlogick/xgo/issues/163 is resolved
-      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get -qqy install nodejs
-      - export PATH=$PATH:$GOPATH/bin
-      - make release
-    environment:
-      GOPROXY: https://goproxy.io # proxy.golang.org is blocked in China, this proxy is not
-      TAGS: bindata sqlite sqlite_unlock_notify
-      DEBIAN_FRONTEND: noninteractive
-    volumes:
-      - name: deps
-        path: /go
-
-  - name: gpg-sign
-    image: plugins/gpgsign:1
-    pull: always
-    settings:
-      detach_sign: true
-      excludes:
-        - "dist/release/*.sha256"
-      files:
-        - "dist/release/*"
-    environment:
-      GPGSIGN_KEY:
-        from_secret: gpgsign_key
-      GPGSIGN_PASSPHRASE:
-        from_secret: gpgsign_passphrase
-
-  - name: release-branch
-    image: woodpeckerci/plugin-s3:latest
-    pull: always
-    settings:
-      acl:
-        from_secret: aws_s3_acl
-      region:
-        from_secret: aws_s3_region
-      bucket:
-        from_secret: aws_s3_bucket
-      endpoint:
-        from_secret: aws_s3_endpoint
-      path_style:
-        from_secret: aws_s3_path_style
-      source: "dist/release/*"
-      strip_prefix: dist/release/
-      target: "/gitea/${DRONE_BRANCH##release/v}"
-    environment:
-      AWS_ACCESS_KEY_ID:
-        from_secret: aws_access_key_id
-      AWS_SECRET_ACCESS_KEY:
-        from_secret: aws_secret_access_key
-    when:
-      branch:
-        - "release/*"
-      event:
-        - push
-
-  - name: release-main
-    image: woodpeckerci/plugin-s3:latest
-    settings:
-      acl:
-        from_secret: aws_s3_acl
-      region:
-        from_secret: aws_s3_region
-      bucket:
-        from_secret: aws_s3_bucket
-      endpoint:
-        from_secret: aws_s3_endpoint
-      path_style:
-        from_secret: aws_s3_path_style
-      source: "dist/release/*"
-      strip_prefix: dist/release/
-      target: /gitea/main
-    environment:
-      AWS_ACCESS_KEY_ID:
-        from_secret: aws_access_key_id
-      AWS_SECRET_ACCESS_KEY:
-        from_secret: aws_secret_access_key
-    when:
-      branch:
-        - main
-      event:
-        - push
-
 ---
 kind: pipeline
 name: release-version

.github/workflows/cron-licenses.yml

@@ -3,6 +3,7 @@ name: cron-licenses
 on:
   schedule:
     - cron: "7 0 * * 1" # every Monday at 00:07 UTC
+  workflow_dispatch:
 
 jobs:
   cron-licenses:

.github/workflows/cron-translations.yml

@@ -3,6 +3,7 @@ name: cron-translations
 on:
   schedule:
     - cron: "7 0 * * *" # every day at 00:07 UTC
+  workflow_dispatch:
 
 jobs:
   crowdin-pull:

.github/workflows/release-nightly.yml

@@ -0,0 +1,59 @@
+name: release-nightly-assets
+
+on:
+  push:
+    branches: [ main, release/v* ]
+
+jobs:
+  nightly-binary:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
+      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
+      - run: git fetch --unshallow --quiet --tags --force
+      - uses: actions/setup-go@v4
+        with:
+          go-version: ">=1.20"
+          check-latest: true
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 20
+      - run: make deps-frontend deps-backend
+      # xgo build
+      - run: make release
+        env:
+          TAGS: bindata sqlite sqlite_unlock_notify
+      - name: import gpg key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v5
+        with:
+          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
+          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
+      - name: sign binaries
+        run: |
+          for f in dist/release/*; do
+            echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output "$f.asc" "$f"
+          done
+      # clean branch name to get the folder name in S3
+      - name: Get cleaned branch name
+        id: clean_name
+        run: |
+          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
+          echo "Cleaned name is ${REF_NAME}"
+          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
+      - name: upload binaries to s3
+        uses: jakejarvis/s3-sync-action@master
+        env:
+          AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_REGION: ${{ secrets.AWS_REGION }}
+          SOURCE_DIR: dist/release
+          DEST_DIR: gitea/${{ steps.clean_name.outputs.branch }}
+  nightly-docker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: docker/setup-buildx-action@v1
+      # build for linux/amd64, and linux/arm64 (possibly include linux/arm/v7 later. not included now because it adds significant amount to the build time)

Makefile

@@ -837,30 +837,18 @@ release-windows: | $(DIST_DIRS)
 ifeq (,$(findstring gogit,$(TAGS)))
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
 endif
-ifeq ($(CI),true)
-	cp /build/* $(DIST)/binaries
-endif
 
 .PHONY: release-linux
 release-linux: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out gitea-$(VERSION) .
-ifeq ($(CI),true)
-	cp /build/* $(DIST)/binaries
-endif
 
 .PHONY: release-darwin
 release-darwin: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64,darwin-10.12/arm64' -out gitea-$(VERSION) .
-ifeq ($(CI),true)
-	cp /build/* $(DIST)/binaries
-endif
 
 .PHONY: release-freebsd
 release-freebsd: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'freebsd/amd64' -out gitea-$(VERSION) .
-ifeq ($(CI),true)
-	cp /build/* $(DIST)/binaries
-endif
 
 .PHONY: release-copy
 release-copy: | $(DIST_DIRS)