name: Release on: workflow_call: jobs: docker: runs-on: namespace-profile-default steps: - name: Git describe id: ghd uses: proudust/gh-describe@v2 - name: Login to Docker Hub uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_PASSWORD }} - name: Login to GHCR uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3 with: registry: ghcr.io username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Docker meta version if: ${{ github.ref_type == 'tag' }} id: meta uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5 with: images: | vikunja/vikunja ghcr.io/go-vikunja/vikunja tags: | type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=semver,pattern={{major}} type=raw,value=latest - name: Build and push unstable if: ${{ github.ref_type != 'tag' }} uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 with: platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8 push: true tags: | vikunja/vikunja:unstable ghcr.io/go-vikunja/vikunja:unstable build-args: | RELEASE_VERSION=${{ steps.ghd.outputs.describe }} - name: Build and push version if: ${{ github.ref_type == 'tag' }} uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6 with: platforms: linux/amd64,linux/arm/v6,linux/arm/v7,linux/arm64/v8 push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} build-args: | RELEASE_VERSION=${{ steps.ghd.outputs.describe }} binaries: runs-on: blacksmith-8vcpu-ubuntu-2204 steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - name: Git describe id: ghd uses: proudust/gh-describe@v2 - uses: useblacksmith/setup-go@647ac649bd5b480f2a262e3e3e5f4d150ed452ad # v6 with: go-version: stable - name: Download Mage Binary uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: name: mage_bin - name: get frontend uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: name: frontend_dist path: frontend/dist - run: chmod +x ./mage-static - name: install upx run: | wget https://github.com/upx/upx/releases/download/v5.0.0/upx-5.0.0-amd64_linux.tar.xz echo 'b32abf118d721358a50f1aa60eacdbf3298df379c431c3a86f139173ab8289a1 upx-5.0.0-amd64_linux.tar.xz' > upx-5.0.0-amd64_linux.tar.xz.sha256 sha256sum -c upx-5.0.0-amd64_linux.tar.xz.sha256 tar xf upx-5.0.0-amd64_linux.tar.xz mv upx-5.0.0-amd64_linux/upx /usr/local/bin - name: setup xgo cache uses: useblacksmith/cache@71c7c918062ba3861252d84b07fe5ab2a6b467a6 # v5 with: path: /home/runner/.xgo-cache key: ${{ hashFiles('**/go.sum') }} restore-keys: | ${{ runner.os }}-go- - name: build and release env: RELEASE_VERSION: ${{ steps.ghd.outputs.describe }} XGO_OUT_NAME: vikunja-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }} run: | export PATH=$PATH:$GOPATH/bin ./mage-static release - name: GPG setup uses: kolaente/action-gpg@main with: gpg-passphrase: "${{ secrets.RELEASE_GPG_PASSPHRASE }}" gpg-sign-key: "${{ secrets.RELEASE_GPG_SIGN_KEY }}" - name: sign run: | echo "=== GPG agent status ===" gpg-connect-agent 'keyinfo --list' /bye || true echo "=== GPG secret keys ===" gpg -K --with-keygrip echo "=== GPG public keys ===" gpg --list-keys echo "=== GNUPG directory contents ===" ls -la ~/.gnupg/ ls -la ~/.gnupg/private-keys-v1.d/ || true echo "=== Signing files ===" ls -hal dist/zip/* for file in dist/zip/*; do gpg -v --default-key 7D061A4AA61436B40713D42EFF054DACD908493A -b --batch --yes --passphrase "${{ secrets.RELEASE_GPG_PASSPHRASE }}" --pinentry-mode loopback --sign "$file" done - name: Upload uses: kolaente/s3-action@main with: s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }} s3-secret-access-key: ${{ secrets.S3_SECRET_KEY }} s3-endpoint: ${{ secrets.S3_ENDPOINT }} s3-bucket: ${{ secrets.S3_BUCKET }} s3-region: ${{ secrets.S3_REGION }} target-path: /vikunja/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }} files: "dist/zip/*" strip-path-prefix: dist/zip/ - name: Store Binaries uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 with: name: vikunja_bins path: ./dist/binaries/* - name: Store Binary Packages uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 if: ${{ github.ref_type == 'tag' }} with: name: vikunja_bin_packages path: ./dist/zip/* os-package: runs-on: ubuntu-latest needs: - binaries strategy: matrix: package: - rpm - deb - apk - archlinux arch: - go_name: linux-amd64 nfpm: amd64 pkg: x86_64 - go_name: linux-arm64 nfpm: arm64 pkg: aarch64 - go_name: linux-arm-7 nfpm: arm7 pkg: armv7 steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - name: Download Vikunja Binary uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: name: vikunja_bins - name: Git describe id: ghd uses: proudust/gh-describe@v2 - name: Download Mage Binary uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: name: mage_bin - name: Prepare env: RELEASE_VERSION: ${{ steps.ghd.outputs.describe }} NFPM_ARCH: ${{ matrix.arch.nfpm }} run: | chmod +x ./mage-static ./mage-static release:prepare-nfpm-config mkdir -p ./dist/os-packages mv ./vikunja-*-${{ matrix.arch.go_name }} ./vikunja chmod +x ./vikunja - name: Create package id: nfpm uses: kolaente/action-gh-nfpm@master with: packager: ${{ matrix.package }} target: ./dist/os-packages/vikunja-${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }}-${{ matrix.arch.pkg }}.${{ matrix.package }} config: ./nfpm.yaml - name: Upload uses: kolaente/s3-action@main with: s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }} s3-secret-access-key: ${{ secrets.S3_SECRET_KEY }} s3-endpoint: ${{ secrets.S3_ENDPOINT }} s3-bucket: ${{ secrets.S3_BUCKET }} s3-region: ${{ secrets.S3_REGION }} target-path: /vikunja/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }} files: "dist/os-packages/*" strip-path-prefix: dist/os-packages/ - name: Store OS Packages uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 with: name: vikunja_os_package_${{ matrix.package }}_${{ matrix.arch.pkg }} path: ./dist/os-packages/* publish-repos: runs-on: ubuntu-latest needs: - os-package - desktop strategy: fail-fast: false matrix: include: - format: apt image: ubuntu:noble mage_target: release:repo-apt - format: rpm image: fedora:latest mage_target: release:repo-rpm - format: pacman image: archlinux:latest mage_target: release:repo-pacman - format: apk image: alpine:latest mage_target: release:repo-apk container: image: ${{ matrix.image }} env: REPO_SUITE: ${{ github.ref_type == 'tag' && 'stable' || 'unstable' }} RELEASE_VERSION: unstable steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - name: Download Mage Binary uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: name: mage_bin - name: Download all server OS packages uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: pattern: vikunja_os_package_* merge-multiple: true path: dist/repo-work/incoming - name: Download desktop packages (Linux) uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: name: vikunja_desktop_packages_ubuntu-latest path: dist/repo-work/incoming-desktop - name: Copy desktop packages to incoming run: | cd dist/repo-work/incoming-desktop case "${{ matrix.format }}" in apt) cp *.deb ../incoming/ 2>/dev/null || true ;; rpm) # Add arch suffix so the mage target's *-x86_64.rpm glob matches for f in *.rpm; do [ -f "$f" ] && cp "$f" "../incoming/${f%.rpm}-x86_64.rpm" done ;; pacman) # Rename .pacman to .archlinux with arch suffix for f in *.pacman; do [ -f "$f" ] && cp "$f" "../incoming/${f%.pacman}-x86_64.archlinux" done ;; apk) # Desktop .apk is not an Alpine package, skip ;; esac - name: Install tools (apt) if: matrix.format == 'apt' run: | apt-get update apt-get install -y --no-install-recommends reprepro - name: Install tools (rpm) if: matrix.format == 'rpm' run: dnf install -y createrepo_c - name: Install tools (apk) if: matrix.format == 'apk' run: apk add --no-cache abuild libc6-compat - name: GPG setup if: matrix.format != 'apk' uses: kolaente/action-gpg@main with: gpg-passphrase: "${{ secrets.RELEASE_GPG_PASSPHRASE }}" gpg-sign-key: "${{ secrets.RELEASE_GPG_SIGN_KEY }}" - name: Export GPG public key if: matrix.format == 'apt' run: | mkdir -p dist/repo-output gpg --export --armor 7D061A4AA61436B40713D42EFF054DACD908493A > dist/repo-output/gpg.key - name: Setup APK signing key if: matrix.format == 'apk' run: | mkdir -p ~/.abuild echo "${{ secrets.APK_SIGNING_KEY }}" > ~/.abuild/vikunja-apk.rsa echo "PACKAGER_PRIVKEY=$HOME/.abuild/vikunja-apk.rsa" > ~/.abuild/abuild.conf - name: Generate repo metadata if: matrix.format != 'apk' env: RELEASE_GPG_KEY: 7D061A4AA61436B40713D42EFF054DACD908493A RELEASE_GPG_PASSPHRASE: ${{ secrets.RELEASE_GPG_PASSPHRASE }} run: | chmod +x ./mage-static ./mage-static ${{ matrix.mage_target }} - name: Generate APK repo metadata if: matrix.format == 'apk' run: | incoming=dist/repo-work/incoming output_base=dist/repo-output/apk/$REPO_SUITE/main signing_key=~/.abuild/vikunja-apk.rsa for arch in x86_64 aarch64 armv7; do repo_dir="$output_base/$arch" mkdir -p "$repo_dir" # Symlink matching packages found=false for pkg in "$incoming"/*-"$arch".apk; do [ -f "$pkg" ] || continue found=true ln -sf "$(realpath "$pkg")" "$repo_dir/$(basename "$pkg")" done $found || continue # Create index and sign apk index --allow-untrusted -o "$repo_dir/APKINDEX.tar.gz" "$repo_dir"/*.apk abuild-sign -k "$signing_key" "$repo_dir/APKINDEX.tar.gz" done echo "APK repo metadata generated in $output_base" - name: Debug - repo output structure run: find dist/repo-output -type f 2>/dev/null || ls -laR dist/repo-output/ || true - name: Remove packages and internal state from repo output run: | # Remove reprepro internal state (not needed for serving) rm -rf dist/repo-output/apt/db dist/repo-output/apt/conf 2>/dev/null || true # Remove actual package files — the worker redirects these to the # existing artifacts so we don't need to store them twice. find dist/repo-output -type f \( -name '*.deb' -o -name '*.rpm' -o -name '*.apk' -o -name '*.archlinux' -o -name '*.pacman' -o -name '*.pkg.tar.zst' \) -delete 2>/dev/null || true # Remove symlinks to package files (rpm/pacman/apk use symlinks) find dist/repo-output -type l -delete 2>/dev/null || true # Remove now-empty directories find dist/repo-output -type d -empty -delete 2>/dev/null || true - name: Upload to R2 uses: kolaente/s3-action@main with: s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }} s3-secret-access-key: ${{ secrets.S3_SECRET_KEY }} s3-endpoint: ${{ secrets.S3_ENDPOINT }} s3-bucket: ${{ secrets.S3_BUCKET }} s3-region: ${{ secrets.S3_REGION }} target-path: /repos files: "dist/repo-output/**/*" strip-path-prefix: dist/repo-output/ config-yaml: runs-on: ubuntu-latest steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - name: Git describe id: ghd uses: proudust/gh-describe@v2 - name: Download Mage Binary uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: name: mage_bin - name: generate run: | chmod +x ./mage-static ./mage-static generate:config-yaml 1 - name: Upload to S3 uses: kolaente/s3-action@main with: s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }} s3-secret-access-key: ${{ secrets.S3_SECRET_KEY }} s3-endpoint: ${{ secrets.S3_ENDPOINT }} s3-bucket: ${{ secrets.S3_BUCKET }} s3-region: ${{ secrets.S3_REGION }} target-path: /vikunja/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }} files: "config.yml.sample" desktop: strategy: matrix: os: - ubuntu-latest - windows-latest - macos-latest runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 - name: Git describe id: ghd uses: proudust/gh-describe@v2 - name: Install pnpm uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 with: package_json_file: desktop/package.json - name: Setup Node uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6 with: node-version-file: frontend/.nvmrc cache: pnpm cache-dependency-path: desktop/pnpm-lock.yaml - name: Install Linux dependencies if: ${{ runner.os == 'Linux' }} run: | sudo apt-get update sudo apt-get install --no-install-recommends -y libopenjp2-tools rpm libarchive-tools - name: get frontend uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: name: frontend_dist path: frontend/dist - name: Build desktop app working-directory: desktop run: | pnpm install --frozen-lockfile --prefer-offline --fetch-timeout 100000 node build.js "${{ steps.ghd.outputs.describe }}" ${{ github.ref_type == 'tag' }} - name: Upload to S3 uses: kolaente/s3-action@main with: s3-access-key-id: ${{ secrets.S3_ACCESS_KEY }} s3-secret-access-key: ${{ secrets.S3_SECRET_KEY }} s3-endpoint: ${{ secrets.S3_ENDPOINT }} s3-bucket: ${{ secrets.S3_BUCKET }} s3-region: ${{ secrets.S3_REGION }} files: "desktop/dist/Vikunja*" target-path: /desktop/${{ github.ref_type == 'tag' && steps.ghd.outputs.describe || 'unstable' }} strip-path-prefix: desktop/dist/ exclude: "desktop/dist/*.blockmap" - name: Store Desktop Package uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 with: name: vikunja_desktop_packages_${{ matrix.os }} path: | ./desktop/dist/Vikunja* !./desktop/dist/*.blockmap generate-swagger-docs: runs-on: ubuntu-latest permissions: contents: write steps: - name: Checkout uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6 with: ssh-key: ${{ secrets.SSH_PRIVATE_KEY }} persist-credentials: true - name: Download Mage Binary uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: name: mage_bin - name: Set up Go uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6 with: go-version: stable - name: generate run: | export PATH=$PATH:$GOPATH/bin go install github.com/swaggo/swag/cmd/swag chmod +x ./mage-static ./mage-static generate:swagger-docs - name: Check for changes id: check_changes run: | if git diff --quiet; then echo "changes_exist=0" >> "$GITHUB_OUTPUT" else echo "changes_exist=1" >> "$GITHUB_OUTPUT" fi - name: Commit files if: steps.check_changes.outputs.changes_exist != '0' run: | git config --local user.email "bot@vikunja.io" git config --local user.name "Frederick [Bot]" git commit -am "[skip ci] Updated swagger docs" - name: Push changes if: steps.check_changes.outputs.changes_exist != '0' uses: ad-m/github-push-action@master with: ssh: true branch: ${{ github.ref }} create-release: runs-on: ubuntu-latest needs: - binaries - os-package - desktop - publish-repos if: ${{ github.ref_type == 'tag' }} permissions: contents: write steps: - name: Download Binaries uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: name: vikunja_bin_packages - name: Download OS Packages uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: pattern: vikunja_os_package_* merge-multiple: true - name: Download Desktop Package Linux uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: name: vikunja_desktop_packages_ubuntu-latest - name: Download Desktop Package MacOS uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: name: vikunja_desktop_packages_macos-latest - name: Download Desktop Package Windows uses: actions/download-artifact@37930b1c2abaa49bbe596cd826c3c89aef350131 # v7 with: name: vikunja_desktop_packages_windows-latest - name: Release uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2 if: github.ref_type == 'tag' with: draft: true files: | vikunja*.zip vikunja*.rpm vikunja*.deb vikunja*.apk vikunja*.archlinux Vikunja Desktop*