[CI] Forgejo Actions based release process (squash) generate .xz files and sources

Generate .xz files
Check .sha256
Generate the source tarbal

.forgejo/actions/build-release/action.yml

@@ -44,6 +44,10 @@ runs:
     - run: echo "${{ github.action_path }}" >> $GITHUB_PATH
       shell: bash
 
+    - name: Install dependencies
+      run: |
+        apt-get install -y -qq xz-utils
+
     - name: set -x if verbose is required
       id: verbose
       run: |
@@ -124,12 +128,15 @@ runs:
       run: |
         ${{ steps.verbose.outputs.shell }}
         mkdir -p release
+        cd release
         for platform in $(echo ${{ inputs.platforms }} | tr ',' ' '); do
           arch=$(echo $platform | sed -e 's|linux/||g' -e 's|arm/v6|arm-6|g')
           docker create --platform $platform --name forgejo-$arch ${{ steps.registry.outputs.host-port }}/${{ inputs.owner }}/${{ inputs.repository }}:${{ steps.build.outputs.tag }}${{ inputs.suffix }}
-          binary="${{ inputs.binary-name }}-${{ steps.build.outputs.tag }}"
-          docker cp forgejo-$arch:${{ inputs.binary-path }} release/$binary-$arch
-          shasum -a 256 < release/$binary-$arch | cut -f1 -d ' ' > release/$binary-$arch.sha256
+          binary="${{ inputs.binary-name }}-${{ steps.build.outputs.tag }}-linux"
+          docker cp forgejo-$arch:${{ inputs.binary-path }} $binary-$arch
+          xz --keep -9 $binary-$arch
+          shasum -a 256 $binary-$arch > $binary-$arch.sha256
+          shasum -a 256 $binary-$arch.xz > $binary-$arch.xz.sha256
           docker rm forgejo-$arch
         done
 

.forgejo/workflows/build-release-integration.yml

@@ -28,6 +28,7 @@ jobs:
         run: |
           set -x
 
+          version=1.2.3
           cat > /etc/docker/daemon.json <<EOF
             {
               "insecure-registries" : ["${{ steps.forgejo.outputs.host-port }}"]
@@ -35,6 +36,8 @@ jobs:
           EOF
           systemctl restart docker
 
+          apt-get install -qq -y xz-utils
+
           dir=$(mktemp -d)
           trap "rm -fr $dir" EXIT
 
@@ -50,9 +53,11 @@ jobs:
           cat > $dir/Dockerfile <<EOF
           FROM docker.io/library/alpine:3.18
           RUN mkdir -p /app/gitea
-          RUN ( echo '#!/bin/sh' ; echo 'echo forgejo v1.2.3' ) > /app/gitea/gitea ; chmod +x /app/gitea/gitea
+          RUN ( echo '#!/bin/sh' ; echo "echo forgejo v$version" ) > /app/gitea/gitea ; chmod +x /app/gitea/gitea
           EOF
           cp $dir/Dockerfile $dir/Dockerfile.rootless
+          sources=forgejo-src-$version.tar.gz
+          ( echo 'sources-tarbal:' ; echo -e '\tmkdir -p dist/release ; cd dist/release ; sources=forgejo-src-$(VERSION).tar.gz ; echo sources > $$sources ; shasum -a 256 $$sources > $$sources.sha256' ) > $dir/Makefile
 
           forgejo-test-helper.sh push $dir $url root forgejo |& tee $dir/pushed
           eval $(grep '^sha=' < $dir/pushed)
@@ -60,13 +65,13 @@ jobs:
           #
           # Push a tag to trigger the release workflow and wait for it to complete
           #
-          forgejo-test-helper.sh api POST $url repos/root/forgejo/tags ${{ steps.forgejo.outputs.token }} --data-raw '{"tag_name": "v1.2.3", "target": "'$sha'"}'
+          forgejo-test-helper.sh api POST $url repos/root/forgejo/tags ${{ steps.forgejo.outputs.token }} --data-raw '{"tag_name": "v'$version'", "target": "'$sha'"}'
           LOOPS=180 forgejo-test-helper.sh wait_success "$url" root/forgejo $sha
 
           #
           # uncomment to see the logs even when everything is reported to be working ok
           #
-          cat $FORGEJO_RUNNER_LOGS
+          #cat $FORGEJO_RUNNER_LOGS
 
           #
           # Minimal sanity checks. e2e test is for the setup-forgejo
@@ -75,12 +80,23 @@ jobs:
           # build, only the sanity of the naming of the binaries.
           #
           for arch in amd64 arm64 arm-6 ; do
-            curl -L -sS $url/root/forgejo/releases/download/v1.2.3/forgejo-1.2.3-$arch > forgejo
-            chmod +x forgejo
-            ./forgejo --version | grep 1.2.3
-            curl -L -sS $url/root/forgejo/releases/download/v1.2.3/forgejo-1.2.3-$arch.sha256 > forgejo.one
-            shasum -a 256 < forgejo | cut -f1 -d ' ' > forgejo.two
-            diff forgejo.one forgejo.two
+            binary=forgejo-$version-linux-$arch
+            for suffix in '' '.xz' ; do
+              curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$binary$suffix > $binary$suffix
+              if test "$suffix" = .xz ; then
+                 unxz --keep $binary$suffix
+              fi
+              chmod +x $binary
+              ./$binary --version | grep $version
+              curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$binary$suffix.sha256 > $binary$suffix.sha256
+              shasum -a 256 --check $binary$suffix.sha256
+              rm $binary$suffix
+            done
           done
-          docker pull ${{ steps.forgejo.outputs.host-port }}/root/forgejo:1.2.3
-          docker pull ${{ steps.forgejo.outputs.host-port }}/root/forgejo:1.2.3-rootless
+
+          curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$sources > $sources
+          curl --fail -L -sS $url/root/forgejo/releases/download/v$version/$sources.sha256 > $sources.sha256
+          shasum -a 256 --check $sources.sha256
+
+          docker pull ${{ steps.forgejo.outputs.host-port }}/root/forgejo:$version
+          docker pull ${{ steps.forgejo.outputs.host-port }}/root/forgejo:$version-rootless

.forgejo/workflows/build-release.yml

@@ -12,9 +12,9 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      - id: verbose
+      - name: Increase the verbosity when there are no secrets
+        id: verbose
         run: |
-          # if there are no secrets, be verbose
           if test -z "${{ secrets.TOKEN }}"; then
             value=true
           else
@@ -22,17 +22,17 @@ jobs:
           fi
           echo "value=$value" >> "$GITHUB_OUTPUT"
 
-      - id: repository
+      - name: Sanitize the name of the repository
+        id: repository
         run: |
           set -x # comment out
           repository="${{ github.repository }}"
           echo "value=${repository##*/}" >> "$GITHUB_OUTPUT"
 
-      - name: when in a test environment, create a token
+      - name: When in a test environment, create a token
         id: token
         if: ${{ secrets.TOKEN == '' }}
         run: |
-          set -x # comment out
           apt-get -qq install -y jq
           url="${{ env.GITHUB_SERVER_URL }}"
           hostport=${url##http*://}
@@ -43,6 +43,19 @@ jobs:
           token=$(curl -sS -X POST -H 'Content-Type: application/json' --data-raw '{"name": "release", "scopes": ["all"]}' $api | jq --raw-output .sha1)
           echo "value=${token}" >> "$GITHUB_OUTPUT"
 
+      - uses: https://code.forgejo.org/actions/setup-go@v4
+        with:
+          go-version: ">=1.20"
+          check-latest: true
+
+      - name: build sources
+        run: |
+          apt-get -qq install -y make
+          tag="${{ github.ref_name }}"
+          make VERSION=${tag##*v} sources-tarbal
+          mv dist/release release
+          find release | grep tar.gz # sanity check to fail fast
+
       - name: build container & release (when TOKEN secret is not set)
         if: ${{ secrets.TOKEN == '' }}
         uses: ./.forgejo/actions/build-release

Makefile

@@ -821,6 +821,8 @@ $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 .PHONY: release
 release: frontend generate release-linux release-copy release-compress vendor release-sources release-check
 
+sources-tarbal: vendor release-sources release-check
+
 $(DIST_DIRS):
 	mkdir -p $(DIST_DIRS)