diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..d86c502 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,3 @@ +.git +Dockerfile +forgejo-runner diff --git a/.forgejo/workflows/integration.yml b/.forgejo/workflows/integration.yml new file mode 100644 index 0000000..bbb7bee --- /dev/null +++ b/.forgejo/workflows/integration.yml @@ -0,0 +1,51 @@ +name: Integration tests for the release process + +on: + push: + paths: + - .forgejo/workflows/release.yml + - .forgejo/workflows/integration.yml + +jobs: + release-simulation: + runs-on: self-hosted + steps: + - uses: actions/checkout@v3 + + - id: forgejo + uses: https://code.forgejo.org/actions/setup-forgejo@v1 + with: + user: root + password: admin1234 + image-version: 1.19 + lxc-ip-prefix: 10.0.9 + + - name: publish the runner release + run: | + set -x + + dir=$(mktemp -d) + trap "rm -fr $dir" EXIT + + url=http://root:admin1234@${{ steps.forgejo.outputs.host-port }} + export FORGEJO_RUNNER_LOGS="${{ steps.forgejo.outputs.runner-logs }}" + + # + # Create a new project with the runner and the release workflow only + # + rsync -a --exclude .git ./ $dir/ + rm $(find $dir/.forgejo/workflows/*.yml | grep -v release.yml) + forgejo-test-helper.sh push $dir $url root runner |& tee $dir/pushed + eval $(grep '^sha=' < $dir/pushed) + + # + # Push a tag to trigger the release workflow and wait for it to complete + # + forgejo-test-helper.sh api POST $url repos/root/runner/tags ${{ steps.forgejo.outputs.token }} --data-raw '{"tag_name": "v1.2.3", "target": "'$sha'"}' + LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/runner $sha + + # + # Minimal sanity checks. e2e test is for the setup-forgejo action + # and the infrastructure playbook. + # + curl -sS $url/root/runner/releases/download/v1.2.3/forgejo-runner-amd64 > /dev/null diff --git a/.forgejo/workflows/release.yml b/.forgejo/workflows/release.yml new file mode 100644 index 0000000..3337b8d --- /dev/null +++ b/.forgejo/workflows/release.yml @@ -0,0 +1,114 @@ +name: Publish release + +on: + push: + tags: 'v*' + +jobs: + release: + runs-on: self-hosted + steps: + - uses: actions/checkout@v3 + + - id: verbose + run: | + # if there are no secrets, be verbose + if test -z "${{ secrets.TOKEN }}"; then + value=true + else + value=false + fi + echo "value=$value" >> "$GITHUB_OUTPUT" + echo "shell=set -x" >> "$GITHUB_OUTPUT" + + - id: registry + run: | + ${{ steps.verbose.outputs.shell }} + url="${{ env.GITHUB_SERVER_URL }}" + hostport=${url##http*://} + hostport=${hostport%%/} + echo "host-port=${hostport}" >> "$GITHUB_OUTPUT" + if ! [[ $url =~ ^http:// ]] ; then + exit 0 + fi + cat >> "$GITHUB_OUTPUT" <> "$GITHUB_OUTPUT" + echo "doer=${doer}" >> "$GITHUB_OUTPUT" + + - name: allow docker pull/push to forgejo + if: ${{ steps.registry.outputs.insecure }} + run: |- + mkdir /etc/docker + cat > /etc/docker/daemon.json < ~/.docker/config.json + env: + CI_REGISTRY: "${{ env.GITHUB_SERVER_URL }}${{ env.GITHUB_REPOSITORY_OWNER }}" + + - id: build + run: | + ${{ steps.verbose.outputs.shell }} + tag="${{ github.ref_name }}" + tag=${tag##*v} + echo "tag=$tag" >> "$GITHUB_OUTPUT" + echo "image=${{ steps.registry.outputs.host-port }}/${{ github.repository }}:${tag}" >> "$GITHUB_OUTPUT" + + - uses: https://github.com/docker/build-push-action@v4 + with: + context: . + push: true + platforms: linux/amd64,linux/arm64 + tags: ${{ steps.build.outputs.image }} + + - run: | + ${{ steps.verbose.outputs.shell }} + mkdir -p release + for arch in amd64 arm64; do + docker create --platform linux/$arch --name runner ${{ steps.build.outputs.image }} + docker cp runner:/bin/forgejo-runner release/forgejo-runner-$arch + shasum -a 256 < release/forgejo-runner-$arch > release/forgejo-runner-$arch.sha256 + docker rm runner + done + + - uses: https://code.forgejo.org/actions/forgejo-release@v1 + with: + direction: upload + release-dir: release + release-notes: "RELEASE-NOTES#${{ steps.build.outputs.tag }}" + token: ${{ steps.secrets.outputs.token }} + verbose: ${{ steps.verbose.outputs.value }} diff --git a/.forgejo/workflows/test.yml b/.forgejo/workflows/test.yml index bc8e956..25ec300 100644 --- a/.forgejo/workflows/test.yml +++ b/.forgejo/workflows/test.yml @@ -1,7 +1,8 @@ name: checks on: - - push - pull_request + - push: + branches: [main] env: GOPROXY: https://goproxy.io,direct @@ -21,3 +22,14 @@ jobs: run: make build - name: test run: make test + - run: | + mkdir release + mv forgejo-runner release + - if: ${{ startsWith(github.ref, 'refs/tags/v') }} + uses: https://code.forgejo.org/actions/forgejo-release@v1 + with: + direction: upload + release-dir: release + release-notes: "RELEASE-NOTES#${{ github.ref_name }}" + token: ${{ secrets.TOKEN }} + verbose: true diff --git a/.gitignore b/.gitignore index a77f656..8328ce1 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ +*~ forgejo-runner .env .runner diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..0fdae4a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,15 @@ +#Build stage +FROM golang:1.20-alpine3.17 AS build-env + +RUN apk --no-cache add build-base git + +COPY . /srv +WORKDIR /srv +RUN make build + +FROM alpine:3.17 +LABEL maintainer="contact@forgejo.org" + +COPY --from=build-env /srv/forgejo-runner /bin/forgejo-runner + +ENTRYPOINT ["/bin/forgejo-runner"] diff --git a/Makefile b/Makefile index 437138c..8496e1f 100644 --- a/Makefile +++ b/Makefile @@ -17,11 +17,7 @@ WINDOWS_ARCHS ?= windows/amd64 GO_FMT_FILES := $(shell find . -type f -name "*.go" ! -name "generated.*") GOFILES := $(shell find . -type f -name "*.go" -o -name "go.mod" ! -name "generated.*") -ifneq ($(shell uname), Darwin) - EXTLDFLAGS = -extldflags "-static" $(null) -else - EXTLDFLAGS = -endif +EXTLDFLAGS = -extldflags "-static" $(null) ifeq ($(HAS_GO), GO) GOPATH ?= $(shell $(GO) env GOPATH) @@ -107,7 +103,7 @@ install: $(GOFILES) build: go-check $(EXECUTABLE) $(EXECUTABLE): $(GOFILES) - $(GO) build -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o $@ + $(GO) build -v -tags 'netgo osusergo $(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o $@ .PHONY: deps-backend deps-backend: