neuropoly · kousu · Mar 26, 2022 · Mar 26, 2022 · Apr 8, 2022 · Apr 9, 2022
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,4 +1,3 @@
-blank_issues_enabled: false
 contact_links:
   - name: Security Concern
     url: https://tinyurl.com/security-gitea

diff --git a/.github/workflows/release-tag-version.yml b/.github/workflows/release-tag-version.yml
@@ -13,7 +13,7 @@ concurrency:
 
 jobs:
   binary:
-    runs-on: nscloud
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       # fetch all commits instead of only the last as some branches are long lived and could have many between versions
@@ -31,111 +31,8 @@ jobs:
       - run: make release
         env:
           TAGS: bindata sqlite sqlite_unlock_notify
-      - name: import gpg key
-        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v6
-        with:
-          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
-          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
-      - name: sign binaries
-        run: |
-          for f in dist/release/*; do
-            echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output "$f.asc" "$f"
-          done
-      # clean branch name to get the folder name in S3
-      - name: Get cleaned branch name
-        id: clean_name
-        run: |
-          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
-          echo "Cleaned name is ${REF_NAME}"
-          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
-      - name: configure aws
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-region: ${{ secrets.AWS_REGION }}
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      - name: upload binaries to s3
-        run: |
-          aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
       - name: create github release
         run: |
           gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --draft --notes-from-tag dist/release/*
         env:
-          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
-  docker-rootful:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: docker/setup-qemu-action@v3
-      - uses: docker/setup-buildx-action@v3
-      - uses: docker/metadata-action@v5
-        id: meta
-        with:
-          images: gitea/gitea
-          # this will generate tags in the following format:
-          # latest
-          # 1
-          # 1.2
-          # 1.2.3
-          tags: |
-            type=raw,value=latest
-            type=semver,pattern={{major}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{version}}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: build rootful docker image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-  docker-rootless:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: docker/setup-qemu-action@v3
-      - uses: docker/setup-buildx-action@v3
-      - uses: docker/metadata-action@v5
-        id: meta
-        with:
-          images: gitea/gitea
-          # each tag below will have the suffix of -rootless
-          flavor: |
-            suffix=-rootless
-          # this will generate tags in the following format (with -rootless suffix added):
-          # latest
-          # 1
-          # 1.2
-          # 1.2.3
-          tags: |
-            type=raw,value=latest
-            type=semver,pattern={{major}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{version}}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: build rootless docker image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          file: Dockerfile.rootless
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -0,0 +1,61 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*.*.*"
+
+  # This second trigger covers the case where you
+  # delete and recreate from an existing tag
+  release:
+    types:
+      - created
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install toolchain
+        run: |
+          sudo apt-get update && sudo DEBIAN_FRONTEND=noninteractive apt-get install -y make git xz-utils libpam0g-dev
+      # per README.md, building needs Go 1.19 and Node LTS
+      - uses: actions/setup-go@v3
+        with:
+          go-version: '^1.19' # The Go version to download (if necessary) and use.
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 'lts/*'
+
+      - name: Build Release Assets
+        # The officially releases use 'make release' (https://github.com/neuropoly/gitea/blob/65e42f83e916af771a51af6a3f8db483ffa05c05/.drone.yml#L772)
+        # but that does cross-compilation (via docker (via https://github.com/techknowlogick/xgo))
+        # which is overhead and complication I don't need or want to deal with.
+        #
+        # Instead, just do native Linux compilation then pretend we did 'make release'.
+        run: |
+          TAGS="bindata sqlite sqlite_unlock_notify pam" make build
+          mkdir -p dist/release
+          cp -p gitea dist/release/gitea-"$(git describe --tags --always)"-linux-amd64
+
+      - name: Compress Release Assets
+        run: |
+          xz -k dist/release/*
+
+      - name: Checksum Release Assets
+        # each release asset in the official build process gets a separate .sha256 file
+        # which means we need a loop to emulate it
+        run: |
+          (cd dist/release; for asset in *; do sha256sum "$asset" > "$asset".sha256; done)
+
+      - name: Upload Release
+        # this Action creates the release if not yet created
+        uses: softprops/action-gh-release@v1
+        with:
+          # We don't have .drone.yml's pretty changelog
+          #  generator, so just empty the release notes
+          # ('' doesn't work, it needs at least one character)
+          body: '.'
+          files: 'dist/release/*'
+          fail_on_unmatched_files: true