From dba2e2ae68e08a10db163f0d37888898cd57df05 Mon Sep 17 00:00:00 2001 From: Juergen Kunz Date: Tue, 28 Oct 2025 06:38:02 +0000 Subject: [PATCH] chore: Remove deprecated Gitea workflows and add new CI/CD configurations --- .gitea/release-template.md | 31 ++++ .gitea/workflows/README.md | 122 +++++++++++++ .gitea/workflows/ci.yml | 82 +++++++++ .gitea/workflows/default_nottags.yaml | 66 ------- .gitea/workflows/default_tags.yaml | 108 ----------- .gitea/workflows/npm-publish.yml | 129 ++++++++++++++ .gitea/workflows/release.yml | 248 ++++++++++++++++++++++++++ 7 files changed, 612 insertions(+), 174 deletions(-) create mode 100644 .gitea/release-template.md create mode 100644 .gitea/workflows/README.md create mode 100644 .gitea/workflows/ci.yml delete mode 100644 .gitea/workflows/default_nottags.yaml delete mode 100644 .gitea/workflows/default_tags.yaml create mode 100644 .gitea/workflows/npm-publish.yml create mode 100644 .gitea/workflows/release.yml diff --git a/.gitea/release-template.md b/.gitea/release-template.md new file mode 100644 index 0000000..156e04d --- /dev/null +++ b/.gitea/release-template.md @@ -0,0 +1,31 @@ +## SZCI {{VERSION}} + +Pre-compiled binaries for multiple platforms. + +### Installation + +#### Option 1: Via npm (recommended) +```bash +npm install -g @ship.zone/szci +``` + +#### Option 2: Via installer script +```bash +curl -sSL https://code.foss.global/ship.zone/szci/raw/branch/master/install.sh | sudo bash +``` + +#### Option 3: Direct binary download +Download the appropriate binary for your platform from the assets below and make it executable. + +### Supported Platforms +- Linux x86_64 (x64) +- Linux ARM64 (aarch64) +- macOS x86_64 (Intel) +- macOS ARM64 (Apple Silicon) +- Windows x86_64 + +### Checksums +SHA256 checksums are provided in `SHA256SUMS.txt` for binary verification. + +### npm Package +The npm package includes automatic binary detection and installation for your platform. diff --git a/.gitea/workflows/README.md b/.gitea/workflows/README.md new file mode 100644 index 0000000..65b2e0d --- /dev/null +++ b/.gitea/workflows/README.md @@ -0,0 +1,122 @@ +# SZCI Gitea CI/CD Workflows + +This directory contains Gitea Actions workflows for automated CI/CD of the SZCI project. + +## Workflows + +### 1. CI (`ci.yml`) + +**Trigger:** Push to `master` branch or pull requests + +**Purpose:** Continuous integration checks on every push + +**Jobs:** +- **Type Check & Lint** - Validates TypeScript types and code style +- **Build Test** - Compiles binary for Linux x64 and tests execution +- **Build All Platforms** - Compiles all 5 platform binaries and uploads as artifacts + +**Usage:** Automatically runs on every commit to ensure code quality + +--- + +### 2. Release (`release.yml`) + +**Trigger:** Push of version tags (e.g., `v5.0.0`) + +**Purpose:** Creates GitHub releases with pre-compiled binaries + +**Jobs:** +1. Validates deno.json version matches git tag +2. Compiles binaries for all 5 platforms +3. Generates SHA256 checksums +4. Creates Gitea release with binaries as assets +5. Cleans up old releases (keeps last 3) + +**Usage:** +```bash +# Update version in deno.json to 6.0.1 +# Then create and push tag: +git tag v6.0.1 +git push origin v6.0.1 +``` + +**Output:** Release at `https://code.foss.global/ship.zone/szci/releases/tag/v6.0.1` + +--- + +### 3. NPM Publish (`npm-publish.yml`) + +**Trigger:** Push of version tags (e.g., `v5.0.0`) + +**Purpose:** Publishes package to npm registry + +**Jobs:** +1. Validates deno.json version matches git tag +2. Compiles all binaries +3. Syncs package.json version +4. Creates npm package +5. Publishes to npm with access token +6. Verifies publication + +**Prerequisites:** +- `NPM_TOKEN` must be set in Gitea secrets + +**Usage:** Same as release workflow (automatically triggered by version tags) + +**Output:** Package at `https://www.npmjs.com/package/@ship.zone/szci` + +--- + +## Release Process + +To create a new release: + +1. **Update version in deno.json:** + ```json + { + "version": "6.0.1" + } + ``` + +2. **Commit the version change:** + ```bash + git add deno.json + git commit -m "6.0.1" + ``` + +3. **Create and push tag:** + ```bash + git tag v6.0.1 + git push origin master + git push origin v6.0.1 + ``` + +4. **Workflows run automatically:** + - `release.yml` creates Gitea release with binaries + - `npm-publish.yml` publishes to npm + +5. **Verify:** + - Check https://code.foss.global/ship.zone/szci/releases + - Check https://www.npmjs.com/package/@ship.zone/szci + +--- + +## Secrets Required + +Configure these in Gitea repository settings: + +- `GITHUB_TOKEN` - Gitea access token (auto-provided) +- `NPM_TOKEN` - npm publish token (must be configured) + +--- + +## Binary Artifacts + +Each workflow produces binaries for: +- Linux x86_64 +- Linux ARM64 +- macOS x86_64 +- macOS ARM64 +- Windows x86_64 + +Total size per release: ~4GB (5 binaries × ~800MB each) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml new file mode 100644 index 0000000..9f221b1 --- /dev/null +++ b/.gitea/workflows/ci.yml @@ -0,0 +1,82 @@ +name: CI + +on: + push: + branches: + - master + pull_request: + branches: + - master + +jobs: + check: + name: Type Check & Lint + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Deno + uses: denoland/setup-deno@v1 + with: + deno-version: v2.x + + - name: Check TypeScript types + run: deno check mod.ts + + - name: Lint code + run: deno lint + continue-on-error: true + + - name: Format check + run: deno fmt --check + continue-on-error: true + + build: + name: Build Test (Current Platform) + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Deno + uses: denoland/setup-deno@v1 + with: + deno-version: v2.x + + - name: Compile for current platform + run: | + echo "Testing compilation for Linux x86_64..." + deno compile --allow-all --no-check \ + --output szci-test \ + --target x86_64-unknown-linux-gnu mod.ts + + - name: Test binary execution + run: | + chmod +x szci-test + ./szci-test --version + + build-all: + name: Build All Platforms + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Deno + uses: denoland/setup-deno@v1 + with: + deno-version: v2.x + + - name: Compile all platform binaries + run: bash scripts/compile-all.sh + + - name: Upload all binaries as artifact + uses: actions/upload-artifact@v3 + with: + name: szci-binaries.zip + path: dist/binaries/* + retention-days: 30 diff --git a/.gitea/workflows/default_nottags.yaml b/.gitea/workflows/default_nottags.yaml deleted file mode 100644 index ff13807..0000000 --- a/.gitea/workflows/default_nottags.yaml +++ /dev/null @@ -1,66 +0,0 @@ -name: Default (not tags) - -on: - push: - tags-ignore: - - '**' - -env: - IMAGE: registry.gitlab.com/hosttoday/ht-docker-node:npmci - NPMCI_TOKEN_NPM: ${{secrets.NPMCI_TOKEN_NPM}} - NPMCI_TOKEN_NPM2: ${{secrets.NPMCI_TOKEN_NPM2}} - NPMCI_GIT_GITHUBTOKEN: ${{secrets.NPMCI_GIT_GITHUBTOKEN}} - NPMCI_URL_CLOUDLY: ${{secrets.NPMCI_URL_CLOUDLY}} - -jobs: - - security: - runs-on: ubuntu-latest - continue-on-error: true - container: - image: ${{ env.IMAGE }} - - steps: - - uses: actions/checkout@v3 - - - name: Install pnpm and npmci - run: | - pnpm install -g pnpm - pnpm install -g @shipzone/npmci - - - name: Run npm prepare - run: npmci npm prepare - - - name: Audit production dependencies - run: | - npmci command npm config set registry https://registry.npmjs.org - npmci command pnpm audit --audit-level=high --prod - continue-on-error: true - - - name: Audit development dependencies - run: | - npmci command npm config set registry https://registry.npmjs.org - npmci command pnpm audit --audit-level=high --dev - continue-on-error: true - - test: - if: ${{ always() }} - needs: security - runs-on: ubuntu-latest - container: - image: ${{ env.IMAGE }} - - steps: - - uses: actions/checkout@v3 - - - name: Test stable - run: | - npmci node install stable - npmci npm install - npmci npm test - - - name: Test build - run: | - npmci node install stable - npmci npm install - npmci npm build diff --git a/.gitea/workflows/default_tags.yaml b/.gitea/workflows/default_tags.yaml deleted file mode 100644 index 7f86945..0000000 --- a/.gitea/workflows/default_tags.yaml +++ /dev/null @@ -1,108 +0,0 @@ -name: Default (tags) - -on: - push: - tags: - - '*' - -env: - IMAGE: registry.gitlab.com/hosttoday/ht-docker-node:npmci - NPMCI_TOKEN_NPM: ${{secrets.NPMCI_TOKEN_NPM}} - NPMCI_GIT_GITHUBTOKEN: ${{secrets.NPMCI_GIT_GITHUBTOKEN}} - NPMCI_LOGIN_DOCKER_GITEA: ${{secrets.NPMCI_DOCKER_REGISTRYURL_DEFAULT}}|${{ gitea.repository_owner }}|${{ secrets.GITEA_TOKEN }} - -jobs: - - security: - runs-on: ubuntu-latest - continue-on-error: true - container: - image: ${{ env.IMAGE }} - - steps: - - uses: actions/checkout@v3 - - - name: Install pnpm and npmci - run: | - pnpm install -g pnpm - pnpm install -g @shipzone/npmci - - - name: Run npm prepare - run: npmci npm prepare - - - name: Audit production dependencies - run: | - npmci command npm config set registry https://registry.npmjs.org - npmci command pnpm audit --audit-level=high --prod - continue-on-error: true - - - name: Audit development dependencies - run: | - npmci command npm config set registry https://registry.npmjs.org - npmci command pnpm audit --audit-level=high --dev - continue-on-error: true - - test: - if: ${{ always() }} - needs: security - runs-on: ubuntu-latest - container: - image: ${{ env.IMAGE }} - - steps: - - uses: actions/checkout@v3 - - - name: Test stable - run: | - npmci node install stable - npmci npm install - npmci npm test - - - name: Test build - run: | - npmci node install stable - npmci npm install - npmci npm build - - release: - needs: test - if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') - runs-on: ubuntu-latest - container: - image: ${{ env.IMAGE }} - - steps: - - uses: actions/checkout@v3 - - - name: Release - run: | - npmci node install stable - npmci npm publish - - metadata: - needs: test - if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') - runs-on: ubuntu-latest - container: - image: ${{ env.IMAGE }} - continue-on-error: true - - steps: - - uses: actions/checkout@v3 - - - name: Code quality - run: | - npmci command npm install -g typescript - npmci npm prepare - npmci npm install - - - name: Trigger - run: npmci trigger - - - name: Build docs and upload artifacts - run: | - npmci node install stable - npmci npm install - pnpm install -g @git.zone/tsdoc - npmci command tsdoc - continue-on-error: true diff --git a/.gitea/workflows/npm-publish.yml b/.gitea/workflows/npm-publish.yml new file mode 100644 index 0000000..6b08035 --- /dev/null +++ b/.gitea/workflows/npm-publish.yml @@ -0,0 +1,129 @@ +name: Publish to npm + +on: + push: + tags: + - 'v*' + +jobs: + npm-publish: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Set up Deno + uses: denoland/setup-deno@v1 + with: + deno-version: v2.x + + - name: Setup Node.js for npm publishing + uses: actions/setup-node@v4 + with: + node-version: '18.x' + registry-url: 'https://registry.npmjs.org/' + + - name: Get version from tag + id: version + run: | + VERSION=${GITHUB_REF#refs/tags/} + echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "version_number=${VERSION#v}" >> $GITHUB_OUTPUT + echo "Publishing version: $VERSION" + + - name: Verify deno.json version matches tag + run: | + DENO_VERSION=$(grep -o '"version": "[^"]*"' deno.json | cut -d'"' -f4) + TAG_VERSION="${{ steps.version.outputs.version_number }}" + echo "deno.json version: $DENO_VERSION" + echo "Tag version: $TAG_VERSION" + if [ "$DENO_VERSION" != "$TAG_VERSION" ]; then + echo "ERROR: Version mismatch!" + echo "deno.json has version $DENO_VERSION but tag is $TAG_VERSION" + exit 1 + fi + + - name: Compile binaries for npm package + run: | + echo "Compiling binaries for npm package..." + deno task compile + echo "" + echo "Binary sizes:" + ls -lh dist/binaries/ + + - name: Generate SHA256 checksums + run: | + cd dist/binaries + sha256sum * > SHA256SUMS + cat SHA256SUMS + cd ../.. + + - name: Sync package.json version + run: | + VERSION="${{ steps.version.outputs.version_number }}" + echo "Syncing package.json to version ${VERSION}..." + npm version ${VERSION} --no-git-tag-version --allow-same-version + echo "package.json version: $(grep '"version"' package.json | head -1)" + + - name: Create npm package + run: | + echo "Creating npm package..." + npm pack + echo "" + echo "Package created:" + ls -lh *.tgz + + - name: Test local installation + run: | + echo "Testing local package installation..." + PACKAGE_FILE=$(ls *.tgz) + npm install -g ${PACKAGE_FILE} + echo "" + echo "Testing szci command:" + szci --version || echo "Note: Binary execution may fail in CI environment" + echo "" + echo "Checking installed files:" + npm ls -g @ship.zone/szci || true + + - name: Publish to npm + env: + NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} + run: | + echo "Publishing to npm registry..." + npm publish --access public + echo "" + echo "✅ Successfully published @ship.zone/szci to npm!" + echo "" + echo "Package info:" + npm view @ship.zone/szci + + - name: Verify npm package + run: | + echo "Waiting for npm propagation..." + sleep 30 + echo "" + echo "Verifying published package..." + npm view @ship.zone/szci + echo "" + echo "Testing installation from npm:" + npm install -g @ship.zone/szci + echo "" + echo "Package installed successfully!" + which szci || echo "Binary location check skipped" + + - name: Publish Summary + run: | + echo "================================================" + echo " npm Publish Complete!" + echo "================================================" + echo "" + echo "✅ Package: @ship.zone/szci" + echo "✅ Version: ${{ steps.version.outputs.version }}" + echo "" + echo "Installation:" + echo " npm install -g @ship.zone/szci" + echo "" + echo "Registry:" + echo " https://www.npmjs.com/package/@ship.zone/szci" + echo "" diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml new file mode 100644 index 0000000..4a6c1d0 --- /dev/null +++ b/.gitea/workflows/release.yml @@ -0,0 +1,248 @@ +name: Release + +on: + push: + tags: + - 'v*' + +jobs: + build-and-release: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Set up Deno + uses: denoland/setup-deno@v1 + with: + deno-version: v2.x + + - name: Get version from tag + id: version + run: | + VERSION=${GITHUB_REF#refs/tags/} + echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "version_number=${VERSION#v}" >> $GITHUB_OUTPUT + echo "Building version: $VERSION" + + - name: Verify deno.json version matches tag + run: | + DENO_VERSION=$(grep -o '"version": "[^"]*"' deno.json | cut -d'"' -f4) + TAG_VERSION="${{ steps.version.outputs.version_number }}" + echo "deno.json version: $DENO_VERSION" + echo "Tag version: $TAG_VERSION" + if [ "$DENO_VERSION" != "$TAG_VERSION" ]; then + echo "ERROR: Version mismatch!" + echo "deno.json has version $DENO_VERSION but tag is $TAG_VERSION" + exit 1 + fi + + - name: Compile binaries for all platforms + run: | + echo "================================================" + echo " SZCI Release Compilation" + echo " Version: ${{ steps.version.outputs.version }}" + echo "================================================" + echo "" + + # Clean up old binaries and create fresh directory + rm -rf dist/binaries + mkdir -p dist/binaries + echo "→ Cleaned old binaries from dist/binaries" + echo "" + + # Linux x86_64 + echo "→ Compiling for Linux x86_64..." + deno compile --allow-all --no-check \ + --output dist/binaries/szci-linux-x64 \ + --target x86_64-unknown-linux-gnu mod.ts + echo " ✓ Linux x86_64 complete" + + # Linux ARM64 + echo "→ Compiling for Linux ARM64..." + deno compile --allow-all --no-check \ + --output dist/binaries/szci-linux-arm64 \ + --target aarch64-unknown-linux-gnu mod.ts + echo " ✓ Linux ARM64 complete" + + # macOS x86_64 + echo "→ Compiling for macOS x86_64..." + deno compile --allow-all --no-check \ + --output dist/binaries/szci-macos-x64 \ + --target x86_64-apple-darwin mod.ts + echo " ✓ macOS x86_64 complete" + + # macOS ARM64 + echo "→ Compiling for macOS ARM64..." + deno compile --allow-all --no-check \ + --output dist/binaries/szci-macos-arm64 \ + --target aarch64-apple-darwin mod.ts + echo " ✓ macOS ARM64 complete" + + # Windows x86_64 + echo "→ Compiling for Windows x86_64..." + deno compile --allow-all --no-check \ + --output dist/binaries/szci-windows-x64.exe \ + --target x86_64-pc-windows-msvc mod.ts + echo " ✓ Windows x86_64 complete" + + echo "" + echo "All binaries compiled successfully!" + ls -lh dist/binaries/ + + - name: Generate SHA256 checksums + run: | + cd dist/binaries + sha256sum * > SHA256SUMS.txt + cat SHA256SUMS.txt + cd ../.. + + - name: Extract changelog for this version + id: changelog + run: | + VERSION="${{ steps.version.outputs.version }}" + + # Check if changelog.md exists + if [ ! -f changelog.md ]; then + echo "No changelog.md found, using default release notes" + cat > /tmp/release_notes.md << EOF + ## SZCI $VERSION + + Pre-compiled binaries for multiple platforms. + + ### Installation + + Use the installation script: + \`\`\`bash + curl -sSL https://code.foss.global/ship.zone/szci/raw/branch/master/install.sh | sudo bash + \`\`\` + + Or download the binary for your platform and make it executable. + + ### Supported Platforms + - Linux x86_64 (x64) + - Linux ARM64 (aarch64) + - macOS x86_64 (Intel) + - macOS ARM64 (Apple Silicon) + - Windows x86_64 + + ### Checksums + SHA256 checksums are provided in SHA256SUMS.txt + EOF + else + # Try to extract section for this version from changelog.md + awk "/## \[$VERSION\]/,/## \[/" changelog.md | sed '$d' > /tmp/release_notes.md || cat > /tmp/release_notes.md << EOF + ## SZCI $VERSION + + See changelog.md for full details. + + ### Installation + + Use the installation script: + \`\`\`bash + curl -sSL https://code.foss.global/ship.zone/szci/raw/branch/master/install.sh | sudo bash + \`\`\` + EOF + fi + + echo "Release notes:" + cat /tmp/release_notes.md + + - name: Delete existing release if it exists + run: | + VERSION="${{ steps.version.outputs.version }}" + + echo "Checking for existing release $VERSION..." + + # Try to get existing release by tag + EXISTING_RELEASE_ID=$(curl -s \ + -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + "https://code.foss.global/api/v1/repos/ship.zone/szci/releases/tags/$VERSION" \ + | jq -r '.id // empty') + + if [ -n "$EXISTING_RELEASE_ID" ]; then + echo "Found existing release (ID: $EXISTING_RELEASE_ID), deleting..." + curl -X DELETE -s \ + -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + "https://code.foss.global/api/v1/repos/ship.zone/szci/releases/$EXISTING_RELEASE_ID" + echo "Existing release deleted" + sleep 2 + else + echo "No existing release found, proceeding with creation" + fi + + - name: Create Gitea Release + run: | + VERSION="${{ steps.version.outputs.version }}" + RELEASE_NOTES=$(cat /tmp/release_notes.md) + + # Create the release + echo "Creating release for $VERSION..." + RELEASE_ID=$(curl -X POST -s \ + -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + -H "Content-Type: application/json" \ + "https://code.foss.global/api/v1/repos/ship.zone/szci/releases" \ + -d "{ + \"tag_name\": \"$VERSION\", + \"name\": \"SZCI $VERSION\", + \"body\": $(jq -Rs . /tmp/release_notes.md), + \"draft\": false, + \"prerelease\": false + }" | jq -r '.id') + + echo "Release created with ID: $RELEASE_ID" + + # Upload binaries as release assets + for binary in dist/binaries/*; do + filename=$(basename "$binary") + echo "Uploading $filename..." + curl -X POST -s \ + -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + -H "Content-Type: application/octet-stream" \ + --data-binary "@$binary" \ + "https://code.foss.global/api/v1/repos/ship.zone/szci/releases/$RELEASE_ID/assets?name=$filename" + done + + echo "All assets uploaded successfully" + + - name: Clean up old releases + run: | + echo "Cleaning up old releases (keeping only last 3)..." + + # Fetch all releases sorted by creation date + RELEASES=$(curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + "https://code.foss.global/api/v1/repos/ship.zone/szci/releases" | \ + jq -r 'sort_by(.created_at) | reverse | .[3:] | .[].id') + + # Delete old releases + if [ -n "$RELEASES" ]; then + echo "Found releases to delete:" + for release_id in $RELEASES; do + echo " Deleting release ID: $release_id" + curl -X DELETE -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + "https://code.foss.global/api/v1/repos/ship.zone/szci/releases/$release_id" + done + echo "Old releases deleted successfully" + else + echo "No old releases to delete (less than 4 releases total)" + fi + echo "" + + - name: Release Summary + run: | + echo "================================================" + echo " Release ${{ steps.version.outputs.version }} Complete!" + echo "================================================" + echo "" + echo "Binaries published:" + ls -lh dist/binaries/ + echo "" + echo "Release URL:" + echo "https://code.foss.global/ship.zone/szci/releases/tag/${{ steps.version.outputs.version }}" + echo "" + echo "Installation command:" + echo "curl -sSL https://code.foss.global/ship.zone/szci/raw/branch/master/install.sh | sudo bash" + echo ""