ci: gate softprops release steps + add Forgejo API equivalents
The build-iso workflow used softprops/action-gh-release@v2 unconditionally,
which only speaks the GitHub Releases REST API. When the workflow runs on
the Forgejo runner registered on nullstone, those steps would fail.
Add a server_url check so the GH-only path runs only on github.com, and
mirror it with a curl-based step that hits the Forgejo /api/v1/releases
endpoints. Behaviour:
- github.com: identical to before (action-gh-release@v2).
- git.s8n.ru: drop+recreate ci-latest release, upload chunked assets
via the Forgejo attachments API.
Tag-driven "Attach to release" path mirrored the same way.
Refs: A1 build-eng task — Forgejo runner adaptation.
This commit is contained in:
parent
356013e1ca
commit
a3f6c1a1a6
1 changed files with 94 additions and 4 deletions
98
.github/workflows/build-iso.yml
vendored
98
.github/workflows/build-iso.yml
vendored
|
|
@ -236,8 +236,12 @@ jobs:
|
||||||
with:
|
with:
|
||||||
subject-path: 'build/out/*.iso.part-*'
|
subject-path: 'build/out/*.iso.part-*'
|
||||||
|
|
||||||
- name: Publish to ci-latest rolling prerelease
|
# GitHub-only: softprops/action-gh-release uses the GitHub REST API
|
||||||
if: success() && github.ref == 'refs/heads/main'
|
# which Forgejo doesn't expose at the same endpoints. When this
|
||||||
|
# workflow runs on git.s8n.ru the step below (Forgejo) handles
|
||||||
|
# publishing instead.
|
||||||
|
- name: Publish to ci-latest rolling prerelease (GitHub)
|
||||||
|
if: success() && github.ref == 'refs/heads/main' && github.server_url == 'https://github.com'
|
||||||
# Pinned to last v2 tag confirmed to ship on node20.
|
# Pinned to last v2 tag confirmed to ship on node20.
|
||||||
uses: softprops/action-gh-release@v2.0.4
|
uses: softprops/action-gh-release@v2.0.4
|
||||||
with:
|
with:
|
||||||
|
|
@ -264,6 +268,67 @@ jobs:
|
||||||
build/out/*.pem
|
build/out/*.pem
|
||||||
build/out/*.spdx.json
|
build/out/*.spdx.json
|
||||||
|
|
||||||
|
# Forgejo equivalent: drop+recreate ci-latest release via the
|
||||||
|
# Forgejo REST API, then upload chunks. Only runs when not on GitHub.
|
||||||
|
# All ${{ }} interpolations are vetted (repo coords + signed SHA).
|
||||||
|
- name: Publish to ci-latest rolling prerelease (Forgejo)
|
||||||
|
if: success() && github.ref == 'refs/heads/main' && github.server_url != 'https://github.com'
|
||||||
|
env:
|
||||||
|
FORGEJO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
FORGEJO_API: ${{ github.server_url }}/api/v1
|
||||||
|
REPO: ${{ github.repository }}
|
||||||
|
GIT_SHA: ${{ github.sha }}
|
||||||
|
run: |
|
||||||
|
set -euo pipefail
|
||||||
|
TAG="ci-latest"
|
||||||
|
REL_JSON=$(curl -fsSL -H "Authorization: token ${FORGEJO_TOKEN}" \
|
||||||
|
"${FORGEJO_API}/repos/${REPO}/releases/tags/${TAG}" 2>/dev/null || echo "")
|
||||||
|
if [ -n "$REL_JSON" ]; then
|
||||||
|
REL_ID=$(echo "$REL_JSON" | grep -oE '"id":\s*[0-9]+' | head -1 | grep -oE '[0-9]+')
|
||||||
|
if [ -n "$REL_ID" ]; then
|
||||||
|
echo "[INFO] deleting existing ci-latest release id=$REL_ID"
|
||||||
|
curl -fsSL -X DELETE -H "Authorization: token ${FORGEJO_TOKEN}" \
|
||||||
|
"${FORGEJO_API}/repos/${REPO}/releases/${REL_ID}" || true
|
||||||
|
curl -fsSL -X DELETE -H "Authorization: token ${FORGEJO_TOKEN}" \
|
||||||
|
"${FORGEJO_API}/repos/${REPO}/git/refs/tags/${TAG}" || true
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
BODY="Rolling auto-build from main. Latest commit: ${GIT_SHA}.
|
||||||
|
|
||||||
|
ISO is split into chunks. Reassemble:
|
||||||
|
cat veilor-os-*.iso.part-* > veilor-os.iso
|
||||||
|
sha256sum -c veilor-os-*.iso.parts.sha256
|
||||||
|
|
||||||
|
Or use test/auto-install.sh (handles reassembly automatically).
|
||||||
|
|
||||||
|
Not a stable release — for testing only."
|
||||||
|
PAYLOAD=$(BODY="$BODY" TAG="$TAG" python3 -c "
|
||||||
|
import json,os
|
||||||
|
print(json.dumps({
|
||||||
|
'tag_name': os.environ['TAG'],
|
||||||
|
'target_commitish': 'main',
|
||||||
|
'name': 'ci-latest (auto)',
|
||||||
|
'body': os.environ['BODY'],
|
||||||
|
'prerelease': True,
|
||||||
|
'draft': False,
|
||||||
|
}))")
|
||||||
|
REL_ID=$(curl -fsSL -X POST -H "Authorization: token ${FORGEJO_TOKEN}" \
|
||||||
|
-H "Content-Type: application/json" \
|
||||||
|
-d "$PAYLOAD" \
|
||||||
|
"${FORGEJO_API}/repos/${REPO}/releases" | \
|
||||||
|
grep -oE '"id":\s*[0-9]+' | head -1 | grep -oE '[0-9]+')
|
||||||
|
[ -n "$REL_ID" ] || { echo "[ERR] failed to create Forgejo release"; exit 1; }
|
||||||
|
echo "[OK] Forgejo release id=$REL_ID created"
|
||||||
|
cd build/out
|
||||||
|
for f in *.iso.part-* *.sha256; do
|
||||||
|
[ -f "$f" ] || continue
|
||||||
|
echo "[INFO] uploading $f"
|
||||||
|
curl -fsSL -X POST -H "Authorization: token ${FORGEJO_TOKEN}" \
|
||||||
|
-F "attachment=@${f}" \
|
||||||
|
"${FORGEJO_API}/repos/${REPO}/releases/${REL_ID}/assets?name=${f}"
|
||||||
|
done
|
||||||
|
echo "[OK] all assets uploaded to Forgejo ci-latest"
|
||||||
|
|
||||||
# Build log on failure: print inline + skip artifact upload to avoid
|
# Build log on failure: print inline + skip artifact upload to avoid
|
||||||
# quota wall. Job log retains everything anyway.
|
# quota wall. Job log retains everything anyway.
|
||||||
- name: Print build log on failure
|
- name: Print build log on failure
|
||||||
|
|
@ -274,11 +339,36 @@ jobs:
|
||||||
echo "─── anaconda program.log ───"
|
echo "─── anaconda program.log ───"
|
||||||
find build/out/build/anaconda -name 'program.log' -exec tail -100 {} \; 2>/dev/null || echo "(no anaconda log)"
|
find build/out/build/anaconda -name 'program.log' -exec tail -100 {} \; 2>/dev/null || echo "(no anaconda log)"
|
||||||
|
|
||||||
- name: Attach to release on tag
|
# GitHub-only: same restriction as ci-latest publish.
|
||||||
if: github.event_name == 'release'
|
- name: Attach to release on tag (GitHub)
|
||||||
|
if: github.event_name == 'release' && github.server_url == 'https://github.com'
|
||||||
# Pinned to last v2 tag confirmed to ship on node20.
|
# Pinned to last v2 tag confirmed to ship on node20.
|
||||||
uses: softprops/action-gh-release@v2.0.4
|
uses: softprops/action-gh-release@v2.0.4
|
||||||
with:
|
with:
|
||||||
files: |
|
files: |
|
||||||
build/out/*.iso
|
build/out/*.iso
|
||||||
build/out/*.sha256
|
build/out/*.sha256
|
||||||
|
|
||||||
|
# Forgejo equivalent for tag-driven release uploads. The release
|
||||||
|
# is assumed to already exist (Forgejo creates it from the tag);
|
||||||
|
# we only attach assets here.
|
||||||
|
- name: Attach to release on tag (Forgejo)
|
||||||
|
if: github.event_name == 'release' && github.server_url != 'https://github.com'
|
||||||
|
env:
|
||||||
|
FORGEJO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
FORGEJO_API: ${{ github.server_url }}/api/v1
|
||||||
|
REPO: ${{ github.repository }}
|
||||||
|
REF_NAME: ${{ github.ref_name }}
|
||||||
|
run: |
|
||||||
|
set -euo pipefail
|
||||||
|
REL_JSON=$(curl -fsSL -H "Authorization: token ${FORGEJO_TOKEN}" \
|
||||||
|
"${FORGEJO_API}/repos/${REPO}/releases/tags/${REF_NAME}")
|
||||||
|
REL_ID=$(echo "$REL_JSON" | grep -oE '"id":\s*[0-9]+' | head -1 | grep -oE '[0-9]+')
|
||||||
|
[ -n "$REL_ID" ] || { echo "[ERR] no Forgejo release for tag ${REF_NAME}"; exit 1; }
|
||||||
|
cd build/out
|
||||||
|
for f in *.iso *.sha256; do
|
||||||
|
[ -f "$f" ] || continue
|
||||||
|
curl -fsSL -X POST -H "Authorization: token ${FORGEJO_TOKEN}" \
|
||||||
|
-F "attachment=@${f}" \
|
||||||
|
"${FORGEJO_API}/repos/${REPO}/releases/${REL_ID}/assets?name=${f}"
|
||||||
|
done
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue