name: Release on: workflow_call: jobs: build-mage: runs-on: ubuntu-latest name: prepare-build-mage steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Set up Go uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version: stable - name: Cache build mage id: cache-build-mage uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0 with: key: ${{ runner.os }}-build-mage-build-${{ hashFiles('build/magefile.go') }} path: | ./build/build-mage-static # Statically compile build/magefile.go so publish-repos can run repo # metadata targets inside ubuntu/fedora/archlinux containers without # needing a Go toolchain available there. - name: Install mage if: ${{ steps.cache-build-mage.outputs.cache-hit != 'true' }} run: go install github.com/magefile/mage@v1.17.2 - name: Compile build mage if: ${{ steps.cache-build-mage.outputs.cache-hit != 'true' }} working-directory: build run: | export PATH=$PATH:$GOPATH/bin mage -compile ./build-mage-static - name: Store build mage binary uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: build_mage_bin path: ./build/build-mage-static docker: runs-on: namespace-profile-default steps: - name: Git describe id: ghd uses: proudust/gh-describe@80412be8ce0e77d8afba6b340e34790bc772aa45 # v2.2.0 - name: Login to Docker Hub uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_PASSWORD }} - name: Login to GHCR uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3.7.0 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker meta version if: ${{ github.ref_type == 'tag' }} id: meta uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 with: images: | vikunja/vikunja ghcr.io/go-vikunja/vikunja tags: | type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=raw,value=latest - name: Build and push unstable if: ${{ github.ref_type != 'tag' }} uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 with: platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8 push: true tags: | vikunja/vikunja:unstable ghcr.io/go-vikunja/vikunja:unstable build-args: | RELEASE_VERSION=${{ steps.ghd.outputs.describe }} - name: Build and push version if: ${{ github.ref_type == 'tag' }} uses: docker/build-push-action@10e90e3645eae34f1e60eeb005ba3a3d33f178e8 # v6.19.2 with: platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | RELEASE_VERSION=${{ steps.ghd.outputs.describe }} binaries: runs-on: blacksmith-8vcpu-ubuntu-2204 steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Git describe id: ghd uses: proudust/gh-describe@80412be8ce0e77d8afba6b340e34790bc772aa45 # v2.2.0 - uses: ./.github/actions/release-binaries with: project: vikunja release-version: ${{ steps.ghd.outputs.describe }} gpg-passphrase: ${{ secrets.RELEASE_GPG_PASSPHRASE }} gpg-sign-key: ${{ secrets.RELEASE_GPG_SIGN_KEY }} s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }} s3-secret-access-key: ${{ secrets.S3_SECRET_KEY }} s3-endpoint: ${{ secrets.S3_ENDPOINT }} s3-bucket: ${{ secrets.S3_BUCKET }} s3-region: ${{ secrets.S3_REGION }} veans-binaries: runs-on: blacksmith-8vcpu-ubuntu-2204 steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Git describe id: ghd uses: proudust/gh-describe@80412be8ce0e77d8afba6b340e34790bc772aa45 # v2.2.0 - uses: ./.github/actions/release-binaries with: project: veans release-version: ${{ steps.ghd.outputs.describe }} gpg-passphrase: ${{ secrets.RELEASE_GPG_PASSPHRASE }} gpg-sign-key: ${{ secrets.RELEASE_GPG_SIGN_KEY }} s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }} s3-secret-access-key: ${{ secrets.S3_SECRET_KEY }} s3-endpoint: ${{ secrets.S3_ENDPOINT }} s3-bucket: ${{ secrets.S3_BUCKET }} s3-region: ${{ secrets.S3_REGION }} os-package: runs-on: ubuntu-latest needs: - binaries strategy: matrix: package: [rpm, deb, apk, archlinux] arch: - go_name: linux-amd64 nfpm: amd64 pkg: x86_64 - go_name: linux-arm64 nfpm: arm64 pkg: aarch64 - go_name: linux-arm-7 nfpm: arm7 pkg: armv7 steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Git describe id: ghd uses: proudust/gh-describe@80412be8ce0e77d8afba6b340e34790bc772aa45 # v2.2.0 - uses: ./.github/actions/release-os-package with: project: vikunja release-version: ${{ steps.ghd.outputs.describe }} packager: ${{ matrix.package }} nfpm-arch: ${{ matrix.arch.nfpm }} pkg-arch: ${{ matrix.arch.pkg }} go-name: ${{ matrix.arch.go_name }} gpg-passphrase: ${{ secrets.RELEASE_GPG_PASSPHRASE }} gpg-sign-key: ${{ secrets.RELEASE_GPG_SIGN_KEY }} s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }} s3-secret-access-key: ${{ secrets.S3_SECRET_KEY }} s3-endpoint: ${{ secrets.S3_ENDPOINT }} s3-bucket: ${{ secrets.S3_BUCKET }} s3-region: ${{ secrets.S3_REGION }} veans-os-package: runs-on: ubuntu-latest needs: - veans-binaries strategy: matrix: package: [rpm, deb, apk, archlinux] arch: - go_name: linux-amd64 nfpm: amd64 pkg: x86_64 - go_name: linux-arm64 nfpm: arm64 pkg: aarch64 - go_name: linux-arm-7 nfpm: arm7 pkg: armv7 steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Git describe id: ghd uses: proudust/gh-describe@80412be8ce0e77d8afba6b340e34790bc772aa45 # v2.2.0 - uses: ./.github/actions/release-os-package with: project: veans release-version: ${{ steps.ghd.outputs.describe }} packager: ${{ matrix.package }} nfpm-arch: ${{ matrix.arch.nfpm }} pkg-arch: ${{ matrix.arch.pkg }} go-name: ${{ matrix.arch.go_name }} gpg-passphrase: ${{ secrets.RELEASE_GPG_PASSPHRASE }} gpg-sign-key: ${{ secrets.RELEASE_GPG_SIGN_KEY }} s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }} s3-secret-access-key: ${{ secrets.S3_SECRET_KEY }} s3-endpoint: ${{ secrets.S3_ENDPOINT }} s3-bucket: ${{ secrets.S3_BUCKET }} s3-region: ${{ secrets.S3_REGION }} publish-repos: runs-on: ubuntu-latest needs: - build-mage - os-package - veans-os-package - desktop strategy: fail-fast: false matrix: include: - format: apt image: ubuntu:noble mage_target: release:repo-apt - format: rpm image: fedora:latest mage_target: release:repo-rpm - format: pacman image: archlinux:latest mage_target: release:repo-pacman - format: apk image: alpine:latest mage_target: release:repo-apk container: image: ${{ matrix.image }} env: REPO_SUITE: ${{ github.ref_type == 'tag' && 'stable' || 'unstable' }} RELEASE_VERSION: unstable steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Download build mage binary # Statically compiled in test.yml's build-mage job so it runs inside # ubuntu/fedora/archlinux containers without a Go toolchain. if: matrix.format != 'apk' uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: build_mage_bin path: build - name: Download all server OS packages uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: vikunja_os_package_* merge-multiple: true path: dist/repo-work/incoming - name: Download all veans OS packages # Merged into the same incoming dir so reprepro / createrepo_c / # repo-add / the apk loop pick them up alongside vikunja's packages # — same suite, same arch fan-out, no extra source entry for users. uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: veans_os_package_* merge-multiple: true path: dist/repo-work/incoming - name: Download desktop packages (Linux) uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: vikunja_desktop_packages_ubuntu-latest path: dist/repo-work/incoming-desktop - name: Copy desktop packages to incoming run: | cd dist/repo-work/incoming-desktop case "${{ matrix.format }}" in apt) cp *.deb ../incoming/ 2>/dev/null || true ;; rpm) # Add arch suffix so the mage target's *-x86_64.rpm glob matches for f in *.rpm; do [ -f "$f" ] && cp "$f" "../incoming/${f%.rpm}-x86_64.rpm" done ;; pacman) # Rename .pacman to .archlinux with arch suffix for f in *.pacman; do [ -f "$f" ] && cp "$f" "../incoming/${f%.pacman}-x86_64.archlinux" done ;; apk) # Desktop .apk is not an Alpine package, skip ;; esac - name: Install tools (apt) if: matrix.format == 'apt' run: | apt-get update apt-get install -y --no-install-recommends reprepro - name: Install tools (rpm) if: matrix.format == 'rpm' run: dnf install -y createrepo_c - name: Install tools (apk) if: matrix.format == 'apk' run: apk add --no-cache abuild libc6-compat - name: GPG setup if: matrix.format != 'apk' uses: kolaente/action-gpg@eb0fd8f16fe9b499f060f659092c470cb9f76eb7 # main with: gpg-passphrase: "${{ secrets.RELEASE_GPG_PASSPHRASE }}" gpg-sign-key: "${{ secrets.RELEASE_GPG_SIGN_KEY }}" - name: Export GPG public key if: matrix.format == 'apt' run: | mkdir -p dist/repo-output gpg --export --armor 7D061A4AA61436B40713D42EFF054DACD908493A > dist/repo-output/gpg.key - name: Setup APK signing key if: matrix.format == 'apk' run: | mkdir -p ~/.abuild echo "${{ secrets.APK_SIGNING_KEY }}" > ~/.abuild/vikunja-apk.rsa echo "PACKAGER_PRIVKEY=$HOME/.abuild/vikunja-apk.rsa" > ~/.abuild/abuild.conf - name: Generate repo metadata if: matrix.format != 'apk' working-directory: build env: RELEASE_GPG_KEY: 7D061A4AA61436B40713D42EFF054DACD908493A RELEASE_GPG_PASSPHRASE: ${{ secrets.RELEASE_GPG_PASSPHRASE }} run: | chmod +x ./build-mage-static ./build-mage-static ${{ matrix.mage_target }} - name: Generate APK repo metadata if: matrix.format == 'apk' run: | incoming=dist/repo-work/incoming output_base=dist/repo-output/apk/$REPO_SUITE/main signing_key=~/.abuild/vikunja-apk.rsa for arch in x86_64 aarch64 armv7; do repo_dir="$output_base/$arch" mkdir -p "$repo_dir" # Symlink matching packages found=false for pkg in "$incoming"/*-"$arch".apk; do [ -f "$pkg" ] || continue found=true ln -sf "$(realpath "$pkg")" "$repo_dir/$(basename "$pkg")" done $found || continue # Create index and sign apk index --allow-untrusted -o "$repo_dir/APKINDEX.tar.gz" "$repo_dir"/*.apk abuild-sign -k "$signing_key" "$repo_dir/APKINDEX.tar.gz" done echo "APK repo metadata generated in $output_base" - name: Debug - repo output structure run: find dist/repo-output -type f 2>/dev/null || ls -laR dist/repo-output/ || true - name: Remove packages and internal state from repo output run: | # Remove reprepro internal state (not needed for serving) rm -rf dist/repo-output/apt/db dist/repo-output/apt/conf 2>/dev/null || true # Resolve symlinks into real files (S3 can't store symlinks) find dist/repo-output -type l | while IFS= read -r link; do target=$(readlink -f "$link") if [ -f "$target" ]; then rm "$link" cp "$target" "$link" else rm "$link" fi done # Remove actual package files — the worker redirects these to the # existing artifacts so we don't need to store them twice. find dist/repo-output -type f \( -name '*.deb' -o -name '*.rpm' -o -name '*.apk' -o -name '*.archlinux' -o -name '*.pacman' -o -name '*.pkg.tar.zst' \) -delete 2>/dev/null || true # Remove now-empty directories find dist/repo-output -type d -empty -delete 2>/dev/null || true - name: Upload to R2 uses: kolaente/s3-action@7f58dddd682b2f93a6c6799c9f68e7a38f2da558 # main with: s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }} s3-secret-access-key: ${{ secrets.S3_SECRET_KEY }} s3-endpoint: ${{ secrets.S3_ENDPOINT }} s3-bucket: ${{ secrets.S3_BUCKET }} s3-region: ${{ secrets.S3_REGION }} target-path: /repos files: "dist/repo-output/**/*" strip-path-prefix: dist/repo-output/ config-yaml: runs-on: ubuntu-latest steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Git describe id: ghd uses: proudust/gh-describe@80412be8ce0e77d8afba6b340e34790bc772aa45 # v2.2.0 - name: Download Mage Binary uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: mage_bin - name: generate run: | chmod +x ./mage-static ./mage-static generate:config-yaml 1 - name: Upload to S3 uses: kolaente/s3-action@7f58dddd682b2f93a6c6799c9f68e7a38f2da558 # main with: s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }} s3-secret-access-key: ${{ secrets.S3_SECRET_KEY }} s3-endpoint: ${{ secrets.S3_ENDPOINT }} s3-bucket: ${{ secrets.S3_BUCKET }} s3-region: ${{ secrets.S3_REGION }} target-path: /vikunja/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }} files: "config.yml.sample" desktop: strategy: matrix: os: - ubuntu-latest - windows-latest - macos-latest runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 - name: Git describe id: ghd uses: proudust/gh-describe@80412be8ce0e77d8afba6b340e34790bc772aa45 # v2.2.0 - name: Install pnpm uses: pnpm/action-setup@fc06bc1257f339d1d5d8b3a19a8cae5388b55320 # v4.4.0 with: package_json_file: desktop/package.json - name: Setup Node uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0 with: node-version-file: frontend/.nvmrc cache: pnpm cache-dependency-path: desktop/pnpm-lock.yaml - name: Install Linux dependencies if: ${{ runner.os == 'Linux' }} run: | sudo apt-get update sudo apt-get install --no-install-recommends -y libopenjp2-tools rpm libarchive-tools - name: get frontend uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: frontend_dist path: frontend/dist - name: Build desktop app working-directory: desktop run: | pnpm install --frozen-lockfile --prefer-offline --fetch-timeout 100000 node build.js "${{ steps.ghd.outputs.describe }}" ${{ github.ref_type == 'tag' }} - name: Upload to S3 uses: kolaente/s3-action@7f58dddd682b2f93a6c6799c9f68e7a38f2da558 # main with: s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }} s3-secret-access-key: ${{ secrets.S3_SECRET_KEY }} s3-endpoint: ${{ secrets.S3_ENDPOINT }} s3-bucket: ${{ secrets.S3_BUCKET }} s3-region: ${{ secrets.S3_REGION }} files: "desktop/dist/Vikunja*" target-path: /desktop/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }} strip-path-prefix: desktop/dist/ exclude: "desktop/dist/*.blockmap" - name: Store Desktop Package uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: vikunja_desktop_packages_${{ matrix.os }} path: | ./desktop/dist/Vikunja* !./desktop/dist/*.blockmap generate-swagger-docs: runs-on: ubuntu-latest permissions: contents: write steps: - name: Checkout uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 with: ssh-key: ${{ secrets.SSH_PRIVATE_KEY }} persist-credentials: true - name: Download Mage Binary uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: mage_bin - name: Set up Go uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0 with: go-version: stable - name: generate run: | export PATH=$PATH:$GOPATH/bin go install github.com/swaggo/swag/cmd/swag chmod +x ./mage-static ./mage-static generate:swagger-docs - name: Check for changes id: check_changes run: | if git diff --quiet; then echo "changes_exist=0" >> "$GITHUB_OUTPUT" else echo "changes_exist=1" >> "$GITHUB_OUTPUT" fi - name: Commit files if: steps.check_changes.outputs.changes_exist != '0' run: | git config --local user.email "bot@vikunja.io" git config --local user.name "Frederick [Bot]" git commit -am "[skip ci] Updated swagger docs" - name: Push changes if: steps.check_changes.outputs.changes_exist != '0' uses: ad-m/github-push-action@881a6320fdb16eb5318c5054f31c218aec2b324c # master with: ssh: true branch: ${{ github.ref }} create-release: runs-on: ubuntu-latest needs: - binaries - os-package - veans-binaries - veans-os-package - desktop - publish-repos if: ${{ github.ref_type == 'tag' }} permissions: contents: write steps: - name: Download Binaries uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: vikunja_bin_packages - name: Download OS Packages uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: vikunja_os_package_* merge-multiple: true - name: Download Veans Binaries uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: veans_bin_packages - name: Download Veans OS Packages uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: pattern: veans_os_package_* merge-multiple: true - name: Download Desktop Package Linux uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: vikunja_desktop_packages_ubuntu-latest - name: Download Desktop Package MacOS uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: vikunja_desktop_packages_macos-latest - name: Download Desktop Package Windows uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7.0.0 with: name: vikunja_desktop_packages_windows-latest - name: Release uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2.6.2 if: github.ref_type == 'tag' with: draft: true files: | vikunja*.zip vikunja*.rpm vikunja*.deb vikunja*.apk vikunja*.archlinux veans*.zip veans*.rpm veans*.deb veans*.apk veans*.archlinux Vikunja Desktop*