chore(ci): strip GHA pipeline and add Forgejo-native build/publish #6

Open
zombor wants to merge 3 commits from bd-grimmory-9ej into develop
Owner

Summary

Closes grimmory-9ej.

Replaces the upstream-targeted GitHub Actions pipeline with a single Forgejo-native workflow tailored for this fork. Tests run on every PR to develop and on every push; pushes to develop and v* tags additionally build the root Dockerfile via Kaniko and publish to git.zombor.net/zombor/grimmory.

What is removed

All 13 workflows under .github/workflows/:

  • angular-lint-threshold.yml
  • ci-validate.yml
  • codeql.yml
  • migrations-check.yml
  • notify-discord-release-notes.yml
  • preview-image.yml
  • publish-nightly.yml
  • publish-release.yml
  • release-candidate.yml
  • release-main.yml
  • release-preview.yml
  • semantic-pr-title.yml
  • test-suite.yml

These were aimed at the upstream's semantic-release / GitHub-only flow (CodeQL, GitHub release API, ghcr.io, Discord notifier, multi-arch buildx). They auto-fail on Forgejo Actions and are noise for a personal fork.

What is added

  • .forgejo/workflows/ci.yml — single workflow with three jobs:
    • backend-tests — JDK 25 (temurin), installs libarchive (NightCompress native dep), runs just api test, uploads backend/build/test-results/ + reports.
    • frontend-tests — Node 24, enables Corepack, just ui install-ci, just ui test, uploads frontend/test-results/vitest-results.xml.
    • build-and-publish — gated on github.event_name == 'push' (so PRs never publish), needs: [backend-tests, frontend-tests], runs in gcr.io/kaniko-project/executor:v1.23.2-debug. Fetches the source via wget against the archive URL (no actions/checkout inside Kaniko — no Node), writes /kaniko/.docker/config.json with the base64-encoded ${{ github.actor }}:${{ secrets.REGISTRY_TOKEN }} for git.zombor.net, then invokes /kaniko/executor with one --destination= per tag plus --build-arg APP_VERSION=... and --build-arg APP_REVISION=${{ github.sha }}.

Tag scheme:

Trigger Tags applied
Push to develop :latest, :develop, :sha-<short-sha>
Push of tag vX.Y.Z :vX.Y.Z, :latest

APP_VERSION is the tag name on v* pushes and sha-<short> on develop pushes — matches the contract the existing Dockerfile build args expect.

amd64 only for the first cut. Multi-arch (arm64) is deferred to a follow-up bead.

  • DEVELOPMENT.md — adds a ## Continuous Integration section documenting the image name, tag scheme, pull command, and the REGISTRY_TOKEN setup.

Setting up REGISTRY_TOKEN (one-time, REQUIRED before first push lands)

The publish job will not run until this secret exists. To create it:

  1. Log into git.zombor.net.
  2. Click your avatar -> Settings -> Applications.
  3. Under Manage Access Tokens, generate a new token. Name it something like grimmory-ci-publish. Required scopes: write:package (and read:package for pulls).
  4. Copy the generated token immediately — Forgejo only shows it once.
  5. In the grimmory repo: Settings -> Actions -> Secrets.
  6. Add a new secret named exactly REGISTRY_TOKEN. Paste the token as the value. Save.

The next push to develop (or a v* tag) will trigger a publish job that uses this secret.

Post-merge verification checklist

  • REGISTRY_TOKEN secret is configured on the repo per the steps above.
  • Push to develop triggers .forgejo/workflows/ci.yml; both test jobs and the publish job succeed.
  • git.zombor.net/zombor/grimmory:latest, :develop, and :sha-<short> appear in the Forgejo package registry.
  • Opening a follow-up PR against develop runs the test jobs but skips the publish job.
  • Pushing a vX.Y.Z tag produces :vX.Y.Z and updates :latest.

Test plan

  • Verify the workflow YAML parses (done locally via Ruby YAML.load_file).
  • Confirm Forgejo Actions picks up .forgejo/workflows/ci.yml on the first push following merge.
  • Confirm the test jobs run on this PR (Forgejo Actions, gated by pull_request to develop).
## Summary Closes grimmory-9ej. Replaces the upstream-targeted GitHub Actions pipeline with a single Forgejo-native workflow tailored for this fork. Tests run on every PR to `develop` and on every push; pushes to `develop` and `v*` tags additionally build the root `Dockerfile` via Kaniko and publish to `git.zombor.net/zombor/grimmory`. ## What is removed All 13 workflows under `.github/workflows/`: - `angular-lint-threshold.yml` - `ci-validate.yml` - `codeql.yml` - `migrations-check.yml` - `notify-discord-release-notes.yml` - `preview-image.yml` - `publish-nightly.yml` - `publish-release.yml` - `release-candidate.yml` - `release-main.yml` - `release-preview.yml` - `semantic-pr-title.yml` - `test-suite.yml` These were aimed at the upstream's semantic-release / GitHub-only flow (CodeQL, GitHub release API, ghcr.io, Discord notifier, multi-arch buildx). They auto-fail on Forgejo Actions and are noise for a personal fork. ## What is added - `.forgejo/workflows/ci.yml` — single workflow with three jobs: - **backend-tests** — JDK 25 (temurin), installs `libarchive` (NightCompress native dep), runs `just api test`, uploads `backend/build/test-results/` + reports. - **frontend-tests** — Node 24, enables Corepack, `just ui install-ci`, `just ui test`, uploads `frontend/test-results/vitest-results.xml`. - **build-and-publish** — gated on `github.event_name == 'push'` (so PRs never publish), `needs: [backend-tests, frontend-tests]`, runs in `gcr.io/kaniko-project/executor:v1.23.2-debug`. Fetches the source via `wget` against the archive URL (no `actions/checkout` inside Kaniko — no Node), writes `/kaniko/.docker/config.json` with the base64-encoded `${{ github.actor }}:${{ secrets.REGISTRY_TOKEN }}` for `git.zombor.net`, then invokes `/kaniko/executor` with one `--destination=` per tag plus `--build-arg APP_VERSION=...` and `--build-arg APP_REVISION=${{ github.sha }}`. Tag scheme: | Trigger | Tags applied | | -------------------- | ----------------------------------------- | | Push to `develop` | `:latest`, `:develop`, `:sha-<short-sha>` | | Push of tag `vX.Y.Z` | `:vX.Y.Z`, `:latest` | `APP_VERSION` is the tag name on `v*` pushes and `sha-<short>` on `develop` pushes — matches the contract the existing `Dockerfile` build args expect. amd64 only for the first cut. Multi-arch (arm64) is deferred to a follow-up bead. - `DEVELOPMENT.md` — adds a `## Continuous Integration` section documenting the image name, tag scheme, pull command, and the REGISTRY_TOKEN setup. ## Setting up REGISTRY_TOKEN (one-time, REQUIRED before first push lands) The publish job will not run until this secret exists. To create it: 1. Log into git.zombor.net. 2. Click your avatar -> **Settings** -> **Applications**. 3. Under **Manage Access Tokens**, generate a new token. Name it something like `grimmory-ci-publish`. Required scopes: **write:package** (and **read:package** for pulls). 4. Copy the generated token immediately — Forgejo only shows it once. 5. In the grimmory repo: **Settings** -> **Actions** -> **Secrets**. 6. Add a new secret named exactly `REGISTRY_TOKEN`. Paste the token as the value. Save. The next push to `develop` (or a `v*` tag) will trigger a publish job that uses this secret. ## Post-merge verification checklist - [ ] `REGISTRY_TOKEN` secret is configured on the repo per the steps above. - [ ] Push to `develop` triggers `.forgejo/workflows/ci.yml`; both test jobs and the publish job succeed. - [ ] `git.zombor.net/zombor/grimmory:latest`, `:develop`, and `:sha-<short>` appear in the Forgejo package registry. - [ ] Opening a follow-up PR against `develop` runs the test jobs but skips the publish job. - [ ] Pushing a `vX.Y.Z` tag produces `:vX.Y.Z` and updates `:latest`. ## Test plan - [ ] Verify the workflow YAML parses (done locally via Ruby `YAML.load_file`). - [ ] Confirm Forgejo Actions picks up `.forgejo/workflows/ci.yml` on the first push following merge. - [ ] Confirm the test jobs run on this PR (Forgejo Actions, gated by `pull_request` to `develop`).
chore(ci): strip GHA pipeline and add Forgejo-native build/publish
Some checks failed
CI / Backend Tests (pull_request) Failing after 3m25s
CI / Frontend Tests (pull_request) Has been cancelled
CI / Build and Publish Image (pull_request) Has been cancelled
c0d7f8e1d5
Remove the upstream-targeted GitHub Actions workflows (test-suite, release-*,
publish-*, codeql, semantic-pr-title, etc.) and replace them with a single
Forgejo-native workflow at .forgejo/workflows/ci.yml that:

- Runs backend + frontend tests on PRs to develop and on push.
- On push to develop, builds the root Dockerfile via Kaniko and publishes
  git.zombor.net/zombor/grimmory tagged :latest, :develop, :sha-<short>.
- On push of a v* tag, publishes :vX.Y.Z and :latest.
- Does not publish on pull_request (tests only).

Documents the image, tag scheme, and REGISTRY_TOKEN setup in DEVELOPMENT.md.
fix(ci): drop sudo from libarchive install for act runner
Some checks failed
CI / Build and Publish Image (pull_request) Blocked by required conditions
CI / Backend Tests (pull_request) Has been cancelled
CI / Frontend Tests (pull_request) Has been cancelled
8b3a446e94
Forgejo's act-based runner executes jobs inside a Debian container as
root; sudo is not installed. The libarchive install step was copied
from the deleted GHA test-suite.yml which assumed a GitHub-hosted
runner (non-root with passwordless sudo).
perf(ci): enable gradle and yarn dependency caching
Some checks failed
CI / Backend Tests (pull_request) Failing after 4m24s
CI / Frontend Tests (pull_request) Failing after 4m24s
CI / Build and Publish Image (pull_request) Has been skipped
0495b72a85
setup-java caches the gradle wrapper and ~/.gradle/caches keyed on
build files. setup-node caches the yarn cache keyed on
frontend/yarn.lock. Cold runs are unchanged; repeat runs skip
re-downloading the dependency trees.
Some checks failed
CI / Backend Tests (pull_request) Failing after 4m24s
CI / Frontend Tests (pull_request) Failing after 4m24s
CI / Build and Publish Image (pull_request) Has been skipped
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin bd-grimmory-9ej:bd-grimmory-9ej
git switch bd-grimmory-9ej

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch develop
git merge --no-ff bd-grimmory-9ej
git switch bd-grimmory-9ej
git rebase develop
git switch develop
git merge --ff-only bd-grimmory-9ej
git switch bd-grimmory-9ej
git rebase develop
git switch develop
git merge --no-ff bd-grimmory-9ej
git switch develop
git merge --squash bd-grimmory-9ej
git switch develop
git merge --ff-only bd-grimmory-9ej
git switch develop
git merge bd-grimmory-9ej
git push origin develop
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
zombor/grimmory!6
No description provided.