Commit Graph

116 Commits

Author SHA1 Message Date
kolaente be7eabb9b3 ci: move build-mage prep job out of test.yml into release.yml
build_mage_bin is only consumed by publish-repos in release.yml, so it
doesn't belong in the test workflow. Move it to release.yml as a
prep job and add it to publish-repos's needs list.
2026-05-27 13:01:44 +00:00
kolaente ed9df9064c refactor(ci): derive composite-action inputs from project name
Reviewer asked us to stop over-configuring the release-binaries and
release-os-package composite actions — they're called only with
vikunja or veans, so per-project paths, artifact names, cache keys, S3
target, and version-or-unstable can all be derived inside the action
from the project name. The xgo-out-name input goes away too.

Vikunja-specific pre-build (downloading frontend_dist, generating
config.yml.sample) now happens inside the action, gated on the project
input. Callers no longer need those preamble steps.

Secrets stay as inputs — composite actions can't read \`\${{ secrets.* }}\`
directly; passing them through is the simplest workaround.

Each callsite shrinks to ~13 lines of mostly-secret pass-through plus
2-4 lines of real parameters.
2026-05-27 13:01:44 +00:00
kolaente e903b72b9e refactor(ci): call release composite actions from release.yml
Replace the inline bodies of binaries, veans-binaries, os-package, and
veans-os-package jobs with calls to the new release-binaries and
release-os-package composite actions. Each call site is now ~25 lines
of inputs instead of ~75 lines of duplicated mage+upx+gpg+s3 plumbing.

publish-repos switches from the parent's ./mage-static to the
prebuilt build_mage_bin artifact so it can drive build/'s repo metadata
targets inside the publish-repos containers.
2026-05-27 13:01:44 +00:00
kolaente 5f00fca166 feat(veans): build and publish veans alongside vikunja
Cross-compile veans for the same OS/arch matrix as the main vikunja
binary, wrap each into a signed zip, build deb/rpm/apk/archlinux
packages via nfpm, and merge those into the existing dl.vikunja.io
package repos so `apt install veans` works from the same source.

- veans/magefile.go: Release namespace (xgo cross-compile, upx, sha256,
  per-target zip bundle, nfpm.yaml templating).
- veans/nfpm.yaml: minimal — binary at /usr/local/bin/veans, no service
  or postinstall.
- .github/workflows/release.yml: veans-binaries + veans-os-package
  jobs, veans artifacts merged into publish-repos and create-release.
S3 layout mirrors vikunja under /veans/<version>/.
2026-05-27 13:01:44 +00:00
kolaente 0b45cff583
feat(ci): sign archlinux packages with GPG for pacman verification
Pacman verifies individual package signatures (.sig files). Add GPG
setup and detach-sign step for archlinux packages in the os-package
job. The .sig is uploaded alongside the package to S3.
2026-04-14 19:35:23 +02:00
kolaente c970f87e89
fix(ci): resolve symlinks before upload instead of deleting them
S3 can't store symlinks. Previously all symlinks were deleted, which
removed vikunja.db -> vikunja.db.tar.gz needed by pacman. Now resolve
symlinks into real file copies first, then delete package files.
2026-04-14 17:08:27 +02:00
kolaente fdeacd3eaf
fix(ci): write GPG key directly to file instead of importing and exporting
No need to import the key into GPG and then export it again. Just
write the secret key data directly to a file for nfpm to use.
2026-04-14 16:22:52 +02:00
kolaente f6ec5d8e96
feat(ci): sign RPM packages with GPG via nfpm
Add GPG signing configuration to nfpm.yaml for rpm packages. The
os-package job now sets up GPG and exports the key for nfpm to use
during package creation.
2026-04-14 15:47:31 +02:00
kolaente 4d8c37f8ff
fix(ci): exclude package files from repo metadata upload
The dl.vikunja.io worker redirects package file requests under /repos/
to the existing artifacts, so uploading them again is redundant.
Remove .deb, .rpm, .apk, .archlinux, .pacman, .pkg.tar.zst files
and symlinks before uploading to R2.
2026-04-14 14:36:00 +02:00
kolaente 77167eb356
fix(ci): pin s3-action to main branch 2026-04-14 12:47:18 +02:00
kolaente 3d08a4f78f
fix(ci): update s3-action to skip directories during upload
The s3-action glob matched directories causing EISDIR errors. Fixed
the action to filter with fs.statSync().isFile(). Updated all
s3-action references to the new version.
2026-04-14 12:25:43 +02:00
kolaente 797c813091
fix(ci): revert S3 glob to **/* and clean up directories before upload
The **/*.* glob skipped extensionless files like Release, InRelease,
and Packages. Revert to **/* and instead remove reprepro's internal
db/conf directories and directory symlinks before uploading.
2026-04-14 10:02:50 +02:00
kolaente cff690fb5f
fix(ci): skip desktop .apk in APK repo, not a valid Alpine package
The desktop .apk file from electron-builder is not an Alpine APK
package and causes apk index to fail with "v2 package format error".
2026-04-13 16:15:41 +02:00
kolaente a110642093
fix(ci): inline APK repo generation to avoid glibc binary on Alpine
The mage-static binary is compiled with glibc which can't run on
Alpine's musl. Instead of fighting compatibility, inline the APK
repo generation as shell commands since the logic is simple.
2026-04-13 15:18:08 +02:00
kolaente 29098aee62
fix(ci): add libc6-compat for Alpine, fix S3 upload glob, add debug
- Install libc6-compat on Alpine so the glibc-linked mage binary runs
- Change S3 upload glob from **/* to **/*.* to skip directories
- Add debug step to inspect mage-static binary on Alpine
2026-04-13 12:13:05 +02:00
kolaente f3aaf27242
fix(ci): set RELEASE_VERSION to avoid git dependency in containers
The mage initVars calls git describe when RELEASE_VERSION is not
set. Setting it avoids needing git in the container images.
2026-04-13 11:45:37 +02:00
kolaente cd61db4415
refactor(ci): split publish-repos into matrix with native containers
Each package format now runs in its native container image:
- apt: ubuntu:noble (reprepro)
- rpm: fedora:latest (createrepo_c)
- pacman: archlinux:latest (repo-add + bsdtar built-in)
- apk: alpine:latest (apk + abuild-sign built-in)

This eliminates cross-distro tool availability issues. Desktop
packages are downloaded and renamed per format to match the mage
target glob patterns. Also adds --allow-untrusted to apk index
since nfpm-produced .apk packages are unsigned.
2026-04-13 11:19:12 +02:00
kolaente 136fafdf37
fix(ci): install libarchive-tools for repo-add bsdtar dependency
repo-add uses bsdtar to validate packages, which requires
libarchive-tools. The .archlinux extension works fine with repo-add
so the rename to .pkg.tar.zst was unnecessary. Also removes debug
steps.
2026-04-13 10:50:56 +02:00
kolaente 2a2b3c787e
fix(ci): add deeper debug for archlinux/pacman package contents 2026-04-13 08:22:18 +02:00
kolaente ab6cdf91eb
fix(ci): add debug step to list incoming package files 2026-04-12 19:56:03 +02:00
kolaente e1fed9e252
fix(ci): install makepkg for repo-add utility scripts
repo-add from pacman-package-manager sources scripts from
/usr/share/makepkg/util/ which are shipped in the separate
makepkg package on Ubuntu.
2026-04-12 17:59:32 +02:00
kolaente 80ecaeb567
fix(ci): sign APT Release files manually instead of via reprepro gpgme
reprepro uses gpgme for signing which fails in CI environments because
gpgme cannot access pinentry. Instead, remove SignWith from the reprepro
distributions config and sign Release files manually with gpg after
reprepro finishes, producing both Release.gpg and InRelease.
2026-04-12 17:32:11 +02:00
kolaente e8d12186d1
fix(ci): configure gpg loopback pinentry for reprepro signing
reprepro uses gpgme which bypasses the preset passphrase cache and
tries to launch a pinentry dialog, failing in CI with
"Inappropriate ioctl for device". Adding loopback pinentry mode
allows gpgme to obtain the passphrase without a dialog.
2026-04-12 16:49:36 +02:00
kolaente b375399e34 feat(ci): add publish-repos job for OS package repository metadata
New CI job runs after os-package and desktop jobs complete. Downloads
all package artifacts, runs Mage repo targets to generate repository
metadata (APT, RPM, APK, Pacman), GPG-signs the metadata, and uploads
to R2 under /repos/.

Publishes to stable suite for tagged releases, unstable for main
branch builds. Artifact uploads from os-package and desktop jobs are
no longer gated on tags to support this.
2026-04-12 12:06:14 +00:00
kolaente 1cde0a1705
feat(ci): add multi-architecture support for OS package builds (#2610) 2026-04-12 12:24:08 +02:00
kolaente c92dcf6351 chore(ci): add debugging around release signing 2026-02-08 22:23:23 +01:00
kolaente 1a4dd0269d fix(ci): move gpg setup to right before sign step
Siging seems to fail now, with no changes to the pipeline. This change
moves the setup to right before the signing, in case the build step
mangles with the gpg setup
2026-02-08 22:23:05 +01:00
renovate[bot] 0b1f5d0024 chore(deps): update actions/setup-node digest to 6044e13 2026-01-15 09:42:39 +01:00
renovate[bot] 53158b1351 chore(deps): update actions/setup-go digest to 7a3fe6c 2026-01-13 12:34:57 +01:00
renovate[bot] 62f291c9a8
chore(deps): update actions/upload-artifact action to v6 (#1977)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[actions/upload-artifact](https://redirect.github.com/actions/upload-artifact)
| action | major | `v5` -> `v6` |

---

### Release Notes

<details>
<summary>actions/upload-artifact (actions/upload-artifact)</summary>

###
[`v6`](https://redirect.github.com/actions/upload-artifact/compare/v5...v6)

[Compare
Source](https://redirect.github.com/actions/upload-artifact/compare/v5...v6)

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/go-vikunja/vikunja).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi40Mi4yIiwidXBkYXRlZEluVmVyIjoiNDIuNDIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-12-12 19:51:19 +00:00
kolaente 2fcf31b916 fix(ci): make docker build setup work
As instructed on https://namespace.so/docs/solutions/github-actions/docker-builds
2025-12-08 22:05:52 +01:00
kolaente 8ccc5428a8 feat(ci): use namespace runner for docker prod builds 2025-12-08 21:48:14 +01:00
renovate[bot] 96acdb1692
chore(deps): update actions/checkout digest to 8e8c483 (#1922)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/checkout](https://redirect.github.com/actions/checkout) |
action | digest | `1af3b93` -> `8e8c483` |

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/go-vikunja/vikunja).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xOS45IiwidXBkYXRlZEluVmVyIjoiNDIuMTkuOSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-12-03 11:23:29 +01:00
renovate[bot] 5a36351f44
chore(deps): update actions/setup-node digest to 395ad32 (#1925)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [actions/setup-node](https://redirect.github.com/actions/setup-node) |
action | digest | `2028fbc` -> `395ad32` |

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/go-vikunja/vikunja).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xOS45IiwidXBkYXRlZEluVmVyIjoiNDIuMTkuOSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-12-03 11:21:57 +01:00
renovate[bot] 4d3f72f656
chore(deps): update softprops/action-gh-release digest to a06a81a (#1914)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[softprops/action-gh-release](https://redirect.github.com/softprops/action-gh-release)
| action | digest | `5be0e66` -> `a06a81a` |

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/go-vikunja/vikunja).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi4xOS45IiwidXBkYXRlZEluVmVyIjoiNDIuMTkuOSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsiZGVwZW5kZW5jaWVzIl19-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-12-01 22:56:27 +01:00
renovate[bot] 785fe6e306
chore(deps): update docker/metadata-action digest to c299e40 (#1887)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-11-27 17:45:12 +01:00
renovate[bot] 4c524dd1a0
chore(deps): update actions/setup-go digest to 4dc6199 (#1853)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-11-22 12:11:17 +01:00
renovate[bot] aea4cb83d4
chore(deps): update actions/checkout action to v6 (#1854)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-11-22 01:19:54 +01:00
renovate[bot] 572140f744
chore(deps): update actions/checkout digest to 93cb6ef (#1838)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-11-17 23:23:13 +00:00
renovate[bot] aafd16fbe3
chore(deps): update softprops/action-gh-release digest to 5be0e66 (#1777)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-11-10 22:44:00 +00:00
renovate[bot] ed0b1f766b
chore(deps): update docker/metadata-action digest to 318604b (#1744)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-11-10 23:27:49 +01:00
renovate[bot] f135ade3a0
chore(deps): update docker/setup-qemu-action digest to c7c5346 (#1757)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-11-06 07:18:18 +00:00
renovate[bot] 070c03bd47
chore(deps): update github artifact actions (major) (#1719)
chore(deps): update github artifact actions

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-27 12:47:51 +00:00
renovate[bot] 4d51e6f52d
chore(deps): pin docker/login-action action to 5e57cd1 (#1698)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-22 10:07:23 +02:00
kolaente c02650346d
fix(ci): login to ghcr 2025-10-21 16:29:27 +02:00
kolaente ee9744aaa1
feat(ci): publish docker images to ghcr as well 2025-10-21 15:26:33 +02:00
renovate[bot] 07f978207e
chore(deps): pin docker/build-push-action action to 2634353 (#1683)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-19 20:03:10 +02:00
kolaente 040ac8906d
fix(ci): remove blacksmith docker builder
Blacksmith's docker builder is fast, but it uses way too much cache
storage, ballooning our bill.
2025-10-19 19:35:09 +02:00
renovate[bot] 09fc61fdf1
chore(deps): update actions/setup-node action to v6 (#1654)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-14 12:12:21 +02:00
renovate[bot] a110d0f577
chore(deps): update softprops/action-gh-release digest to 6da8fa9 (#1641)
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2025-10-11 20:06:18 +02:00