From d5beb9fc73e65d2073945d72d92665eefa5e4ae4 Mon Sep 17 00:00:00 2001 From: logikonline Date: Thu, 22 Jan 2026 11:47:31 -0500 Subject: [PATCH] refactor(ci): split release workflow from build workflow Moves release-specific jobs (keygen build and server trigger) from build.yml to new release-with-server.yml workflow. The build workflow now focuses on CI tasks (lint/test) and runs on push/PR, while release workflow handles manual releases via workflow_dispatch. This separation improves clarity and allows independent execution of build checks vs release processes. --- .gitea/workflows/build.yml | 106 +--------------- .gitea/workflows/release-with-server.yml | 147 +++++++++++++++++++++++ 2 files changed, 148 insertions(+), 105 deletions(-) create mode 100644 .gitea/workflows/release-with-server.yml diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index 4586779..baef6ea 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -9,6 +9,7 @@ on: pull_request: branches: - main + workflow_dispatch: env: GOPROXY: https://proxy.golang.org,direct @@ -116,108 +117,3 @@ jobs: exit 1 fi - # Build keygen utility for license management - build-keygen: - name: Build Keygen Utility - runs-on: linux-latest - needs: [lint, test, create-release] - if: startsWith(github.ref, 'refs/tags/v') && needs.lint.result == 'success' && needs.create-release.result == 'success' - strategy: - matrix: - include: - - goos: linux - goarch: amd64 - - goos: linux - goarch: arm64 - - goos: darwin - goarch: amd64 - - goos: darwin - goarch: arm64 - - goos: windows - goarch: amd64 - steps: - - name: Get latest server version - id: server - run: | - VERSION=$(curl -sf "https://direct.git.marketally.com/api/v1/repos/gitcaddy/gitcaddy-server/releases/latest" | grep -o '"tag_name":"[^"]*"' | cut -d'"' -f4) - echo "version=$VERSION" >> "$GITHUB_OUTPUT" - - - name: Checkout code - uses: actions/checkout@v4 - - - name: Setup Go - uses: actions/setup-go@v5 - with: - go-version: ${{ env.GO_VERSION }} - cache: false - - - name: Update replace directive for gitcaddy-server - run: | - SERVER_VERSION="${{ steps.server.outputs.version }}" - sed -i "s|replace code.gitcaddy.com/server/v3 => ../gitcaddy-server|replace code.gitcaddy.com/server/v3 => git.marketally.com/gitcaddy/gitcaddy-server/v3 $SERVER_VERSION|" go.mod - go mod tidy - - - name: Build keygen - env: - GOOS: ${{ matrix.goos }} - GOARCH: ${{ matrix.goarch }} - CGO_ENABLED: 0 - run: | - VERSION=$(git describe --tags --always 2>/dev/null || echo "dev") - EXT="" - if [ "$GOOS" = "windows" ]; then - EXT=".exe" - fi - OUTPUT="vault-keygen-${VERSION}-${GOOS}-${GOARCH}${EXT}" - - mkdir -p dist - go build -trimpath -ldflags "-s -w" -o "dist/${OUTPUT}" ./cmd/keygen - - cd dist && sha256sum "${OUTPUT}" > "${OUTPUT}.sha256" - - - name: Upload to release - env: - RELEASE_ID: ${{ needs.create-release.outputs.release_id }} - run: | - for file in dist/*; do - if [ -f "$file" ]; then - filename=$(basename "$file") - echo "Uploading $filename..." - curl -sf -X POST \ - -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}" \ - -F "attachment=@$file" \ - "https://direct.git.marketally.com/api/v1/repos/${{ github.repository }}/releases/$RELEASE_ID/assets?name=$filename" || true - fi - done - - # Trigger server rebuild after vault release is complete - trigger-server: - name: Trigger Server Rebuild - runs-on: linux-latest - needs: [lint, test, create-release, build-keygen] - if: startsWith(github.ref, 'refs/tags/v') && needs.lint.result == 'success' && needs.test.result == 'success' && needs.create-release.result == 'success' - steps: - - name: Get latest server version - id: server - run: | - VERSION=$(curl -sf "https://direct.git.marketally.com/api/v1/repos/gitcaddy/gitcaddy-server/releases/latest" | grep -o '"tag_name":"[^"]*"' | cut -d'"' -f4) - echo "version=$VERSION" >> "$GITHUB_OUTPUT" - echo "Latest server version: $VERSION" - - - name: Trigger server rebuild - run: | - VAULT_TAG="${{ github.ref_name }}" - SERVER_TAG="${{ steps.server.outputs.version }}" - - echo "Vault $VAULT_TAG complete - triggering server rebuild" - echo "Server will rebuild at $SERVER_TAG with new vault $VAULT_TAG" - - # Trigger server workflow via repository dispatch - curl -sf -X POST \ - -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}" \ - -H "Content-Type: application/json" \ - -d '{"ref":"main","inputs":{"vault_tag":"'"$VAULT_TAG"'"}}' \ - "https://direct.git.marketally.com/api/v1/repos/gitcaddy/gitcaddy-server/actions/workflows/vault-update.yml/dispatches" || { - echo "Note: Server vault-update workflow may not exist yet" - echo "Manual server rebuild may be required" - } diff --git a/.gitea/workflows/release-with-server.yml b/.gitea/workflows/release-with-server.yml new file mode 100644 index 0000000..47d6dc2 --- /dev/null +++ b/.gitea/workflows/release-with-server.yml @@ -0,0 +1,147 @@ +name: Release and Trigger Server + +on: + workflow_dispatch: + inputs: + tag: + description: 'Tag to release (e.g., v1.0.0)' + required: true + type: string + +env: + GOPROXY: https://proxy.golang.org,direct + GO_VERSION: "1.25" + +jobs: + lint: + name: Lint + runs-on: linux-latest + steps: + - name: Get latest server version + id: server + run: | + VERSION=$(curl -sf "https://direct.git.marketally.com/api/v1/repos/gitcaddy/gitcaddy-server/releases/latest" | grep -o '"tag_name":"[^"]*"' | cut -d'"' -f4) + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ inputs.tag }} + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GO_VERSION }} + cache: false + + - name: Update replace directive for gitcaddy-server + run: | + SERVER_VERSION="${{ steps.server.outputs.version }}" + sed -i "s|replace code.gitcaddy.com/server/v3 => ../gitcaddy-server|replace code.gitcaddy.com/server/v3 => git.marketally.com/gitcaddy/gitcaddy-server/v3 $SERVER_VERSION|" go.mod + cat go.mod | grep -A2 "^replace" + go mod tidy + + - name: Run linter + run: go run github.com/golangci/golangci-lint/v2/cmd/golangci-lint@v2.7.2 run --timeout=10m + + test: + name: Tests + runs-on: linux-latest + steps: + - name: Get latest server version + id: server + run: | + VERSION=$(curl -sf "https://direct.git.marketally.com/api/v1/repos/gitcaddy/gitcaddy-server/releases/latest" | grep -o '"tag_name":"[^"]*"' | cut -d'"' -f4) + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + + - name: Checkout code + uses: actions/checkout@v4 + with: + ref: ${{ inputs.tag }} + + - name: Setup Go + uses: actions/setup-go@v5 + with: + go-version: ${{ env.GO_VERSION }} + cache: false + + - name: Update replace directive for gitcaddy-server + run: | + SERVER_VERSION="${{ steps.server.outputs.version }}" + sed -i "s|replace code.gitcaddy.com/server/v3 => ../gitcaddy-server|replace code.gitcaddy.com/server/v3 => git.marketally.com/gitcaddy/gitcaddy-server/v3 $SERVER_VERSION|" go.mod + go mod tidy + + - name: Run tests + run: go test -race -v ./... + + create-release: + name: Create Release + runs-on: linux-latest + needs: [lint, test] + outputs: + release_id: ${{ steps.create.outputs.release_id }} + steps: + - name: Create or get release + id: create + run: | + TAG="${{ inputs.tag }}" + echo "Creating/getting release for tag: $TAG" + + # Try to get existing release first + EXISTING=$(curl -sf \ + -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}" \ + "https://direct.git.marketally.com/api/v1/repos/${{ github.repository }}/releases/tags/$TAG" 2>/dev/null || echo "") + + if echo "$EXISTING" | grep -q '"id":[0-9]'; then + RELEASE_ID=$(echo "$EXISTING" | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2) + echo "Found existing release: $RELEASE_ID" + echo "release_id=$RELEASE_ID" >> "$GITHUB_OUTPUT" + exit 0 + fi + + # Create new release + echo "Creating new release..." + RESPONSE=$(curl -sf -X POST \ + -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}" \ + -H "Content-Type: application/json" \ + -d '{"tag_name":"'"$TAG"'","name":"GitCaddy Vault '"$TAG"'","body":"GitCaddy Vault '"$TAG"'\n\nThis release is automatically compiled into GitCaddy Server. No separate installation required.\n\nSee the [GitCaddy Server releases](https://git.marketally.com/gitcaddy/gitcaddy-server/releases) for download.","draft":false,"prerelease":false}' \ + "https://direct.git.marketally.com/api/v1/repos/${{ github.repository }}/releases" 2>&1) + + if echo "$RESPONSE" | grep -q '"id":[0-9]'; then + RELEASE_ID=$(echo "$RESPONSE" | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2) + echo "Created release: $RELEASE_ID" + echo "release_id=$RELEASE_ID" >> "$GITHUB_OUTPUT" + else + echo "ERROR: Failed to create release: $RESPONSE" + exit 1 + fi + + trigger-server: + name: Trigger Server Rebuild + runs-on: linux-latest + needs: [lint, test, create-release] + steps: + - name: Get latest server version + id: server + run: | + VERSION=$(curl -sf "https://direct.git.marketally.com/api/v1/repos/gitcaddy/gitcaddy-server/releases/latest" | grep -o '"tag_name":"[^"]*"' | cut -d'"' -f4) + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + echo "Latest server version: $VERSION" + + - name: Trigger server rebuild + run: | + VAULT_TAG="${{ inputs.tag }}" + SERVER_TAG="${{ steps.server.outputs.version }}" + + echo "Vault $VAULT_TAG complete - triggering server rebuild" + echo "Server will rebuild at $SERVER_TAG with new vault $VAULT_TAG" + + # Trigger server workflow via repository dispatch + curl -sf -X POST \ + -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}" \ + -H "Content-Type: application/json" \ + -d '{"ref":"main","inputs":{"vault_tag":"'"$VAULT_TAG"'"}}' \ + "https://direct.git.marketally.com/api/v1/repos/gitcaddy/gitcaddy-server/actions/workflows/vault-update.yml/dispatches" || { + echo "Note: Server vault-update workflow may not exist yet" + echo "Manual server rebuild may be required" + }