rename the workflows to better reflect their purpose

Reviewed-on: https://code.forgejo.org/forgejo/runner/pulls/32

.dockerignore

@@ -0,0 +1,2 @@
+Dockerfile
+forgejo-runner

.forgejo/workflows/build-release.yml

@@ -0,0 +1,133 @@
+name: Build release
+
+on: 
+  push:
+    tags: 'v*'
+
+jobs:
+  release:
+    runs-on: self-hosted
+    # root is used for testing, allow it
+    if: github.repository_owner == 'forgejo-integration' || github.repository_owner == 'root'
+    steps:
+      - uses: actions/checkout@v3
+
+      - id: verbose
+        run: |
+          # if there are no secrets, be verbose
+          if test -z "${{ secrets.TOKEN }}"; then
+            value=true
+          else
+            value=false
+          fi
+          echo "value=$value" >> "$GITHUB_OUTPUT"
+          echo "shell=set -x" >> "$GITHUB_OUTPUT"
+          
+      - id: registry
+        run: |
+          ${{ steps.verbose.outputs.shell }}
+          url="${{ env.GITHUB_SERVER_URL }}"
+          hostport=${url##http*://}
+          hostport=${hostport%%/}
+          echo "host-port=${hostport}" >> "$GITHUB_OUTPUT"
+          if ! [[ $url =~ ^http:// ]] ; then
+             exit 0
+          fi
+          cat >> "$GITHUB_OUTPUT" <<EOF
+          insecure=true
+          buildx-config<<ENDVAR
+          [registry."${hostport}"]
+            http = true
+          ENDVAR
+          EOF
+        
+      - id: secrets
+        run: |
+          token="${{ secrets.TOKEN }}"
+          doer="${{ secrets.DOER }}"
+          if test -z "$token"; then
+             apt-get -qq install -y jq
+             doer=root
+             api=http://$doer:admin1234@${{ steps.registry.outputs.host-port }}/api/v1/users/$doer/tokens
+             curl -sS -X DELETE $api/release
+             token=$(curl -sS -X POST -H 'Content-Type: application/json' --data-raw '{"name": "release", "scopes": ["all"]}' $api | jq --raw-output .sha1)
+          fi
+          echo "token=${token}" >> "$GITHUB_OUTPUT"
+          echo "doer=${doer}" >> "$GITHUB_OUTPUT"
+
+      - name: allow docker pull/push to forgejo
+        if: ${{ steps.registry.outputs.insecure }}
+        run: |-
+          mkdir /etc/docker
+          cat > /etc/docker/daemon.json <<EOF
+            {
+              "insecure-registries" : ["${{ steps.registry.outputs.host-port }}"],
+              "bip": "172.26.0.1/16"
+            }
+          EOF
+
+      - run: |
+          echo deb http://deb.debian.org/debian bullseye-backports main | tee /etc/apt/sources.list.d/backports.list && apt-get -qq update
+          DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qq -y -t bullseye-backports docker.io
+          
+      - uses: https://github.com/docker/setup-buildx-action@v2
+        with:
+          config-inline: |
+           ${{ steps.registry.outputs.buildx-config }}
+
+      - run: |
+          token="${{ steps.secrets.outputs.token }}" ; test -z "$token" && token="${{ secrets.TOKEN }}"
+          doer="${{ steps.secrets.outputs.doer }}" ; test -z "$doer" && doer="${{ secrets.DOER }}"
+          BASE64_AUTH=`echo -n "$doer:$token" | base64`
+          mkdir -p ~/.docker
+          echo "{\"auths\": {\"$CI_REGISTRY\": {\"auth\": \"$BASE64_AUTH\"}}}" > ~/.docker/config.json
+        env:
+          CI_REGISTRY: "${{ env.GITHUB_SERVER_URL }}${{ env.GITHUB_REPOSITORY_OWNER }}"
+
+      - id: build
+        run: |
+          ${{ steps.verbose.outputs.shell }}
+          tag="${{ github.ref_name }}"
+          tag=${tag##*v}
+          echo "tag=$tag" >> "$GITHUB_OUTPUT"
+          echo "image=${{ steps.registry.outputs.host-port }}/${{ github.repository }}:${tag}" >> "$GITHUB_OUTPUT"
+          
+      - uses: https://github.com/docker/build-push-action@v4
+        # workaround until https://github.com/docker/build-push-action/commit/d8823bfaed2a82c6f5d4799a2f8e86173c461aba is in @v4 or @v5 is released
+        env:
+          ACTIONS_RUNTIME_TOKEN: ''
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: ${{ steps.build.outputs.image }}
+
+      - run: |
+          ${{ steps.verbose.outputs.shell }}
+          mkdir -p release
+          for arch in amd64 arm64; do
+            docker create --platform linux/$arch --name runner ${{ steps.build.outputs.image }}
+            docker cp runner:/bin/forgejo-runner release/forgejo-runner-$arch
+            shasum -a 256 < release/forgejo-runner-$arch | cut -f1 -d ' ' > release/forgejo-runner-$arch.sha256
+            docker rm runner
+          done
+
+      - name: publish release (when TOKEN secret is NOT set)
+        if: ${{ secrets.TOKEN == '' }}
+        uses: https://code.forgejo.org/actions/forgejo-release@v1
+        with:
+          direction: upload
+          release-dir: release
+          release-notes: "RELEASE-NOTES#${{ steps.build.outputs.tag }}"
+          token: ${{ steps.secrets.outputs.token }}
+          verbose: ${{ steps.verbose.outputs.value }}
+
+      - name: publish release (when TOKEN secret is set)
+        if: ${{ secrets.TOKEN != '' }}
+        uses: https://code.forgejo.org/actions/forgejo-release@v1
+        with:
+          direction: upload
+          release-dir: release
+          release-notes: "RELEASE-NOTES#${{ steps.build.outputs.tag }}"
+          token: ${{ secrets.TOKEN }}
+          verbose: ${{ steps.verbose.outputs.value }}

.forgejo/workflows/integration.yml

@@ -0,0 +1,58 @@
+name: Integration tests for the release process
+
+on: 
+  push:
+    paths:
+      - go.mod
+      - .forgejo/workflows/release.yml
+      - .forgejo/workflows/integration.yml
+
+jobs:
+  release-simulation:
+    runs-on: self-hosted
+    if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release'
+    steps:
+      - uses: actions/checkout@v3
+
+      - id: forgejo
+        uses: https://code.forgejo.org/actions/setup-forgejo@v1
+        with:
+          user: root
+          password: admin1234
+          image-version: 1.19
+          lxc-ip-prefix: 10.0.9
+
+      - name: publish the runner release
+        run: |
+          set -x
+
+          dir=$(mktemp -d)
+          trap "rm -fr $dir" EXIT
+
+          url=http://root:admin1234@${{ steps.forgejo.outputs.host-port }}
+          export FORGEJO_RUNNER_LOGS="${{ steps.forgejo.outputs.runner-logs }}"
+
+          #
+          # Create a new project with the runner and the release workflow only
+          #
+          rsync -a --exclude .git ./ $dir/
+          rm $(find $dir/.forgejo/workflows/*.yml | grep -v release.yml)
+          forgejo-test-helper.sh push $dir $url root runner |& tee $dir/pushed
+          eval $(grep '^sha=' < $dir/pushed)
+
+          #
+          # Push a tag to trigger the release workflow and wait for it to complete
+          #
+          forgejo-test-helper.sh api POST $url repos/root/runner/tags ${{ steps.forgejo.outputs.token }} --data-raw '{"tag_name": "v1.2.3", "target": "'$sha'"}'
+          LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/runner $sha
+
+          #
+          # Minimal sanity checks. e2e test is for the setup-forgejo action
+          # and the infrastructure playbook.
+          #
+          curl -L -sS $url/root/runner/releases/download/v1.2.3/forgejo-runner-amd64 > forgejo-runner
+          chmod +x forgejo-runner
+          ./forgejo-runner --version | grep 1.2.3
+          curl -L -sS $url/root/runner/releases/download/v1.2.3/forgejo-runner-amd64.sha256 > forgejo-runner.one
+          shasum -a 256 < forgejo-runner | cut -f1 -d ' ' > forgejo-runner.two
+          diff forgejo-runner.one forgejo-runner.two

.forgejo/workflows/publish-binary.yml

@@ -0,0 +1,40 @@
+name: Publish release
+
+on: 
+  push:
+    tags: 'v*'
+
+jobs:
+  release:
+    runs-on: self-hosted
+    if: github.repository_owner == 'forgejo-release' && secrets.TOKEN != ''
+    steps:
+
+      - name: install the certificate authority
+        run: |
+          apt-get install -qq -y wget
+          wget --no-check-certificate -O /usr/local/share/ca-certificates/enough.crt https://forgejo.octopuce.forgejo.org/forgejo/enough/raw/branch/main/certs/2023-05-13/ca.crt
+          update-ca-certificates --fresh
+
+      - uses: actions/checkout@v3
+
+      - name: download release
+        uses: https://code.forgejo.org/actions/forgejo-release@v1
+        with:
+          url: https://code.forgejo.org
+          repo: forgejo-integration/runner
+          direction: download
+          release-dir: release
+          download-retry: 60
+          token: ${{ secrets.TOKEN }}
+
+      - name: upload release
+        uses: https://code.forgejo.org/actions/forgejo-release@v1
+        with:
+          url: https://code.forgejo.org
+          repo: forgejo/runner
+          direction: upload
+          release-dir: release
+          release-notes: "RELEASE-NOTES"
+          token: ${{ secrets.TOKEN }}
+          gpg-private-key: ${{ secrets.GPG }}

.forgejo/workflows/publish-container-image.yml

@@ -0,0 +1,43 @@
+# SPDX-License-Identifier: MIT
+name: copy container images from integration to the destination organization
+
+on: 
+  push:
+    tags: 'v*'
+
+jobs:
+  builder:
+    runs-on: self-hosted
+    if: github.repository_owner == 'forgejo-release' && secrets.TOKEN != ''
+    steps:
+
+    - name: apt-get install docker.io
+      run: |
+        DEBIAN_FRONTEND=noninteractive apt-get install --no-install-recommends -qq -y docker.io
+
+    - name: login code.forgejo.org
+      uses: https://github.com/docker/login-action@v2
+      with:
+          registry: code.forgejo.org
+          username: ${{ secrets.DOER }}
+          password: ${{ secrets.TOKEN }}
+
+    - id: tag
+      run: |
+        tag="${{ github.ref_name }}"
+        tag=${tag##*v}
+        echo "tag=$tag" >> "$GITHUB_OUTPUT"
+
+    - uses: https://code.forgejo.org/forgejo/forgejo-container-image@v1
+      env:
+        VERIFY: 'false'
+      with:
+        url: https://code.forgejo.org
+        destination-owner: forgejo
+        owner: forgejo-integration
+        suffixes: ' '
+        project: runner
+        tag: ${{ steps.tag.outputs.tag }}
+        doer: ${{ secrets.DOER }}
+        token: ${{ secrets.TOKEN }}
+        verbose: true

.forgejo/workflows/test.yml

@@ -0,0 +1,24 @@
+name: checks
+on: 
+  - pull_request
+  - push
+
+env:
+  GOPROXY: https://goproxy.io,direct
+
+jobs:
+  lint:
+    name: check and test
+    if: github.repository_owner != 'forgejo-integration' && github.repository_owner != 'forgejo-experimental' && github.repository_owner != 'forgejo-release'
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.20
+      - uses: actions/checkout@v3
+      - name: vet checks
+        run: make vet
+      - name: build
+        run: make build
+      - name: test
+        run: make test

.gitignore

@@ -1,4 +1,6 @@
-act_runner
+*~
+
+forgejo-runner
 .env
 .runner
 coverage.txt

Dockerfile

@@ -1,18 +1,15 @@
-FROM golang:1.20-alpine3.17 as builder
-# Do not remove `git` here, it is required for getting runner version when executing `make build`
-RUN apk add --no-cache make=4.3-r1 git=2.38.5-r0
+#Build stage
+FROM golang:1.20-alpine3.17 AS build-env
 
-COPY . /opt/src/act_runner
-WORKDIR /opt/src/act_runner
+RUN apk --no-cache add build-base git
 
-RUN make clean && make build
+COPY . /srv
+WORKDIR /srv
+RUN make build
 
 FROM alpine:3.17
-RUN apk add --no-cache \
-  git=2.38.5-r0 bash=5.2.15-r0 tini=0.19.0-r1 \
-  && rm -rf /var/cache/apk/*
+LABEL maintainer="contact@forgejo.org"
 
-COPY --from=builder /opt/src/act_runner/act_runner /usr/local/bin/act_runner
-COPY run.sh /opt/act/run.sh
+COPY --from=build-env /srv/forgejo-runner /bin/forgejo-runner
 
-ENTRYPOINT ["/sbin/tini","--","/opt/act/run.sh"]
+ENTRYPOINT ["/bin/forgejo-runner"]

Makefile

@@ -1,5 +1,5 @@
 DIST := dist
-EXECUTABLE := act_runner
+EXECUTABLE := forgejo-runner
 GOFMT ?= gofumpt -l
 DIST := dist
 DIST_DIRS := $(DIST)/binaries $(DIST)/release
@@ -20,11 +20,7 @@ DOCKER_IMAGE ?= gitea/act_runner
 DOCKER_TAG ?= nightly
 DOCKER_REF := $(DOCKER_IMAGE):$(DOCKER_TAG)
 
-ifneq ($(shell uname), Darwin)
-	EXTLDFLAGS = -extldflags "-static" $(null)
-else
-	EXTLDFLAGS =
-endif
+EXTLDFLAGS = -extldflags "-static" $(null)
 
 ifeq ($(HAS_GO), GO)
 	GOPATH ?= $(shell $(GO) env GOPATH)
@@ -116,7 +112,7 @@ install: $(GOFILES)
 build: go-check $(EXECUTABLE)
 
 $(EXECUTABLE): $(GOFILES)
-	$(GO) build -v -tags '$(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o $@
+	$(GO) build -v -tags 'netgo osusergo $(TAGS)' -ldflags '$(EXTLDFLAGS)-s -w $(LDFLAGS)' -o $@
 
 .PHONY: deps-backend
 deps-backend:

go.mod

@@ -87,4 +87,4 @@ require (
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 )
 
-replace github.com/nektos/act => gitea.com/gitea/act v0.245.2-0.20230516060355-9283cfc9b166
+replace github.com/nektos/act => code.forgejo.org/forgejo/act v1.6.0

go.sum

@@ -1,9 +1,9 @@
+code.forgejo.org/forgejo/act v1.6.0 h1:RBJFRsmxNzfj0dKQb2aplu3NjtfI8TLdGsGqxmx9lcQ=
+code.forgejo.org/forgejo/act v1.6.0/go.mod h1:1ffiGQZAZCLuk9QEBDdbRuQj1GL4uAQk6GNNtcEnPmI=
 code.gitea.io/actions-proto-go v0.2.1 h1:ToMN/8thz2q10TuCq8dL2d8mI+/pWpJcHCvG+TELwa0=
 code.gitea.io/actions-proto-go v0.2.1/go.mod h1:00ys5QDo1iHN1tHNvvddAcy2W/g+425hQya1cCSvq9A=
 code.gitea.io/gitea-vet v0.2.3-0.20230113022436-2b1561217fa5 h1:daBEK2GQeqGikJESctP5Cu1i33z5ztAD4kyQWiw185M=
 code.gitea.io/gitea-vet v0.2.3-0.20230113022436-2b1561217fa5/go.mod h1:zcNbT/aJEmivCAhfmkHOlT645KNOf9W2KnkLgFjGGfE=
-gitea.com/gitea/act v0.245.2-0.20230516060355-9283cfc9b166 h1:hvyzFmxDmdSZBd8S2+r8VqPSK9eihTD2SrTBAvwgYsA=
-gitea.com/gitea/act v0.245.2-0.20230516060355-9283cfc9b166/go.mod h1:1ffiGQZAZCLuk9QEBDdbRuQj1GL4uAQk6GNNtcEnPmI=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78 h1:w+iIsaOQNcT7OZ575w+acHgRric5iCyQh+xv+KJ4HB8=
 github.com/Azure/go-ansiterm v0.0.0-20170929234023-d6e3b3328b78/go.mod h1:LmzpDX56iTiv29bbRTIsUNlaFfuhWRQBWjQdVyAevI8=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=

internal/app/cmd/exec.go

@@ -439,7 +439,7 @@ func loadExecCmd(ctx context.Context) *cobra.Command {
 	execCmd.Flags().BoolVarP(&execArg.runList, "list", "l", false, "list workflows")
 	execCmd.Flags().StringVarP(&execArg.job, "job", "j", "", "run a specific job ID")
 	execCmd.Flags().StringVarP(&execArg.event, "event", "E", "", "run a event name")
-	execCmd.PersistentFlags().StringVarP(&execArg.workflowsPath, "workflows", "W", "./.gitea/workflows/", "path to workflow file(s)")
+	execCmd.PersistentFlags().StringVarP(&execArg.workflowsPath, "workflows", "W", "./.forgejo/workflows/", "path to workflow file(s)")
 	execCmd.PersistentFlags().StringVarP(&execArg.workdir, "directory", "C", ".", "working directory")
 	execCmd.PersistentFlags().BoolVarP(&execArg.noWorkflowRecurse, "no-recurse", "", false, "Flag to disable running workflows from subdirectories of specified path in '--workflows'/'-W' flag")
 	execCmd.Flags().BoolVarP(&execArg.autodetectEvent, "detect-event", "", false, "Use first event type from workflow as event that triggered the workflow")
@@ -460,7 +460,7 @@ func loadExecCmd(ctx context.Context) *cobra.Command {
 	execCmd.Flags().StringVarP(&execArg.containerOptions, "container-opts", "", "", "container options")
 	execCmd.PersistentFlags().StringVarP(&execArg.artifactServerPath, "artifact-server-path", "", ".", "Defines the path where the artifact server stores uploads and retrieves downloads from. If not specified the artifact server will not start.")
 	execCmd.PersistentFlags().StringVarP(&execArg.artifactServerPort, "artifact-server-port", "", "34567", "Defines the port where the artifact server listens (will only bind to localhost).")
-	execCmd.PersistentFlags().StringVarP(&execArg.defaultActionsUrl, "default-actions-url", "", "https://gitea.com", "Defines the default url of action instance.")
+	execCmd.PersistentFlags().StringVarP(&execArg.defaultActionsUrl, "default-actions-url", "", "https://code.forgejo.org", "Defines the default url of action instance.")
 	execCmd.PersistentFlags().BoolVarP(&execArg.noSkipCheckout, "no-skip-checkout", "", false, "Do not skip actions/checkout")
 	execCmd.PersistentFlags().BoolVarP(&execArg.debug, "debug", "d", false, "enable debug log")
 	execCmd.PersistentFlags().BoolVarP(&execArg.dryrun, "dryrun", "n", false, "dryrun mode")

internal/app/run/runner.go

@@ -47,6 +47,13 @@ func NewRunner(cfg *config.Config, reg *config.Registration, cli client.Client)
 			ls = append(ls, l)
 		}
 	}
+
+	if cfg.Runner.Envs == nil {
+		cfg.Runner.Envs = make(map[string]string, 10)
+	}
+
+	cfg.Runner.Envs["GITHUB_SERVER_URL"] = reg.Address
+
 	envs := make(map[string]string, len(cfg.Runner.Envs))
 	for k, v := range cfg.Runner.Envs {
 		envs[k] = v