cfd4666bb2
GitHub torrentclaw org is shadow-banned and the CI lives at git.torrentclaw.com
now. Forgejo Actions is enabled cluster-wide; this moves the workflows into the
runner's natively-watched .forgejo/workflows/ tree and adapts each step so the
existing Forgejo runner ('docker', 'ubuntu-latest' labels) can execute them
without leaning on GitHub-only tooling.
- ci.yml: drop actions/setup-go (use container: golang:1.25), replace
golangci-lint-action with the upstream install.sh, drop codecov-action
(third-party, can re-add later with a Forgejo-compatible variant).
- release.yml: drop goreleaser-action (install via curl), wire GITEA_TOKEN +
the new release.gitea_urls block in .goreleaser.yml so goreleaser publishes
to Forgejo. Sign step swaps 'gh release upload' for curl against the Forgejo
releases API (via the in-cluster forgejo:3000 hostname). VirusTotal job
dropped — depended heavily on 'gh release' wiring; can be reimplemented
against the Forgejo API later if we re-enable it.
- docker-rebuild.yml: drop docker/login-action + docker/build-push-action,
use raw 'docker' commands with manually-installed buildx + qemu. Same
weekly schedule (Mon 04:17 UTC) and same 'latest' refresh behaviour.
- pages.yml: deleted — install.sh / install.ps1 are already served from the
Hetzner releases volume at torrentclaw.com/install.sh, so the GitHub Pages
copy was redundant even before the shadow-ban.
.goreleaser.yml: add release.gitea_urls (api=forgejo:3000, download via the
public Forgejo URL) + prerelease:auto. ship.sh uses '--skip=publish' so local
runs aren't affected by the new release block.
61 lines
2.1 KiB
YAML
61 lines
2.1 KiB
YAML
# Rebuilds and re-pushes the `latest` image without a version bump so newly
|
|
# *fixed* Alpine / ffmpeg / Go patches land between tagged releases. Versioned
|
|
# tags are immutable and never touched here. Runs weekly and on demand.
|
|
name: Docker rebuild
|
|
|
|
on:
|
|
schedule:
|
|
# Mondays 04:17 UTC (off the hour to avoid the scheduler rush)
|
|
- cron: "17 4 * * 1"
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
rebuild:
|
|
runs-on: docker
|
|
container:
|
|
image: docker.io/library/docker:27-cli
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Install build deps
|
|
run: apk add --no-cache curl git bash
|
|
|
|
- name: Install buildx
|
|
run: |
|
|
mkdir -p ~/.docker/cli-plugins
|
|
curl -sSL https://github.com/docker/buildx/releases/latest/download/buildx-linux-amd64 \
|
|
-o ~/.docker/cli-plugins/docker-buildx
|
|
chmod +x ~/.docker/cli-plugins/docker-buildx
|
|
|
|
- name: Set up qemu
|
|
run: docker run --rm --privileged tonistiigi/binfmt --install all
|
|
|
|
# Stamp the binary with the most recent release tag (not "dev").
|
|
- name: Resolve version
|
|
id: ver
|
|
run: |
|
|
v=$(git describe --tags --abbrev=0 2>/dev/null || echo dev)
|
|
echo "version=$v" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Login to Docker Hub
|
|
env:
|
|
DH_USER: ${{ secrets.DOCKERHUB_USERNAME }}
|
|
DH_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
run: echo "$DH_TOKEN" | docker login -u "$DH_USER" --password-stdin
|
|
|
|
- name: Build + push (refresh latest)
|
|
env:
|
|
VERSION: ${{ steps.ver.outputs.version }}
|
|
run: |
|
|
docker buildx create --name builder --use --driver docker-container
|
|
# Refresh the floating tag only — never overwrite a versioned release.
|
|
# Force a fresh base pull so apk upgrade picks up new patches.
|
|
docker buildx build \
|
|
--platform linux/amd64,linux/arm64 \
|
|
--build-arg "VERSION=$VERSION" \
|
|
--tag "torrentclaw/unarr:latest" \
|
|
--no-cache \
|
|
--push \
|
|
.
|