chore(ci): strip GHA pipeline and add Forgejo-native build/publish #6
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "bd-grimmory-9ej"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Summary
Closes grimmory-9ej.
Replaces the upstream-targeted GitHub Actions pipeline with a single Forgejo-native workflow tailored for this fork. Tests run on every PR to
developand on every push; pushes todevelopandv*tags additionally build the rootDockerfilevia Kaniko and publish togit.zombor.net/zombor/grimmory.What is removed
All 13 workflows under
.github/workflows/:angular-lint-threshold.ymlci-validate.ymlcodeql.ymlmigrations-check.ymlnotify-discord-release-notes.ymlpreview-image.ymlpublish-nightly.ymlpublish-release.ymlrelease-candidate.ymlrelease-main.ymlrelease-preview.ymlsemantic-pr-title.ymltest-suite.ymlThese were aimed at the upstream's semantic-release / GitHub-only flow (CodeQL, GitHub release API, ghcr.io, Discord notifier, multi-arch buildx). They auto-fail on Forgejo Actions and are noise for a personal fork.
What is added
.forgejo/workflows/ci.yml— single workflow with three jobs:libarchive(NightCompress native dep), runsjust api test, uploadsbackend/build/test-results/+ reports.just ui install-ci,just ui test, uploadsfrontend/test-results/vitest-results.xml.github.event_name == 'push'(so PRs never publish),needs: [backend-tests, frontend-tests], runs ingcr.io/kaniko-project/executor:v1.23.2-debug. Fetches the source viawgetagainst the archive URL (noactions/checkoutinside Kaniko — no Node), writes/kaniko/.docker/config.jsonwith the base64-encoded${{ github.actor }}:${{ secrets.REGISTRY_TOKEN }}forgit.zombor.net, then invokes/kaniko/executorwith one--destination=per tag plus--build-arg APP_VERSION=...and--build-arg APP_REVISION=${{ github.sha }}.Tag scheme:
develop:latest,:develop,:sha-<short-sha>vX.Y.Z:vX.Y.Z,:latestAPP_VERSIONis the tag name onv*pushes andsha-<short>ondeveloppushes — matches the contract the existingDockerfilebuild args expect.amd64 only for the first cut. Multi-arch (arm64) is deferred to a follow-up bead.
DEVELOPMENT.md— adds a## Continuous Integrationsection documenting the image name, tag scheme, pull command, and the REGISTRY_TOKEN setup.Setting up REGISTRY_TOKEN (one-time, REQUIRED before first push lands)
The publish job will not run until this secret exists. To create it:
grimmory-ci-publish. Required scopes: write:package (and read:package for pulls).REGISTRY_TOKEN. Paste the token as the value. Save.The next push to
develop(or av*tag) will trigger a publish job that uses this secret.Post-merge verification checklist
REGISTRY_TOKENsecret is configured on the repo per the steps above.developtriggers.forgejo/workflows/ci.yml; both test jobs and the publish job succeed.git.zombor.net/zombor/grimmory:latest,:develop, and:sha-<short>appear in the Forgejo package registry.developruns the test jobs but skips the publish job.vX.Y.Ztag produces:vX.Y.Zand updates:latest.Test plan
YAML.load_file)..forgejo/workflows/ci.ymlon the first push following merge.pull_requesttodevelop).View command line instructions
Checkout
From your project repository, check out a new branch and test the changes.Merge
Merge the changes and update on Forgejo.Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.