enricobuehler
0205c7b8d6
ci / rust (push) Failing after 37s
apple / swift (push) Successful in 56s
ci / web (push) Successful in 42s
ci / docs-site (push) Failing after 27m33s
android / android (push) Failing after 28m53s
windows-host / package (push) Failing after 28m55s
deb / build-publish (push) Successful in 2m28s
decky / build-publish (push) Successful in 23s
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 5s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 4s
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 5s
ci / bench (push) Successful in 4m34s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 46s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 2m20s
rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Failing after 4m4s
flatpak / build-publish (push) Successful in 4m19s
docker / deploy-docs (push) Successful in 24s
rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Successful in 7m38s
release / apple (push) Successful in 4m36s
windows-msix / package (arm64, C:\Users\Public\ffmpeg-arm64, aarch64-pc-windows-msvc, C:\t-a64) (push) Successful in 1m48s
windows-msix / package (x64, C:\Users\Public\ffmpeg, x86_64-pc-windows-msvc, C:\t) (push) Successful in 1m25s
windows / build (aarch64-pc-windows-msvc) (push) Successful in 50s
windows / build (x86_64-pc-windows-msvc) (push) Successful in 1m6s
A push to main publishes canary builds to canary channels (fast iteration,
unchanged); a single vX.Y.Z tag releases every platform at one version to the
stable channels and attaches all artifacts (.deb/.rpm/.msix/.apk/.aab/.dmg +
flatpak/decky/host-installer) to one Gitea Release. Collapses the
host-v*/win-v*/host-win-v* tag namespaces into v* — the channel split makes the
version-shadow bug structurally impossible (canary and stable are separate repos,
never a shared version line).
- scripts/ci/gitea-release.{sh,ps1}: one idempotent release helper
(create-or-fetch + delete-before-upload), replacing 3 copy-pasted inline blocks
and fixing their latent 409-on-reupload bug; prerelease flag auto-derived from
the tag (an -rc tag won't shadow "Latest")
- channels: apt canary/stable distributions; rpm *-canary/base groups; flatpak
canary/stable OSTree branches + a 2nd .Canary.flatpakref; generic-registry
canary/ vs latest/ aliases; Play internal/alpha; Apple TestFlight vs notarized DMG
- android versionName threaded through gradle (versionCode stays run_number);
Apple canary = TestFlight-only (no DMG/tvOS); canary base bumped to 0.3.0
- docs: new docs-site channels.md (subscribe table + cut-a-release runbook +
box migration), refreshed ci.md workflow table + packaging READMEs
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
116 lines
4.4 KiB
YAML
116 lines
4.4 KiB
YAML
# Build + push the dockerized pieces to the Gitea container registry:
|
|
# punktfunk-web — management console (web/Dockerfile, repo-root context)
|
|
# punktfunk-docs — documentation site (docs-site/Dockerfile)
|
|
# punktfunk-rust-ci — Rust CI builder image consumed by ci.yml
|
|
# punktfunk-fedora-rpm — Fedora 43 builder image consumed by rpm.yml (Bazzite RPM)
|
|
# Host and clients are intentionally NOT containerized (see CLAUDE.md "What's left").
|
|
#
|
|
# REGISTRY_TOKEN: repo Actions secret, a PAT with write:package scope.
|
|
#
|
|
# Bootstrap note: ci.yml's rust job pulls punktfunk-rust-ci:latest from the registry, so
|
|
# this workflow (or a manual push) must have succeeded once before that job can run; on
|
|
# the same push, ci.yml builds against the PREVIOUS image. All three were seeded manually
|
|
# on 2026-06-12.
|
|
name: docker
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
tags: ['v*']
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
REGISTRY: git.unom.io
|
|
OWNER: unom
|
|
|
|
jobs:
|
|
build-push:
|
|
runs-on: ubuntu-24.04
|
|
timeout-minutes: 45
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- image: punktfunk-web
|
|
dockerfile: web/Dockerfile
|
|
context: .
|
|
- image: punktfunk-docs
|
|
dockerfile: docs-site/Dockerfile
|
|
context: docs-site
|
|
- image: punktfunk-rust-ci
|
|
dockerfile: ci/rust-ci.Dockerfile
|
|
context: ci
|
|
- image: punktfunk-fedora-rpm
|
|
dockerfile: ci/fedora-rpm.Dockerfile
|
|
context: ci
|
|
# Fedora 44 builder (Fedora KDE spin): same Dockerfile, newer base → libavcodec.so.62.
|
|
- image: punktfunk-fedora44-rpm
|
|
dockerfile: ci/fedora-rpm.Dockerfile
|
|
context: ci
|
|
buildargs: --build-arg FEDORA_VERSION=44
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Login to registry
|
|
# Username must be the owner of the REGISTRY_TOKEN PAT, not the push actor.
|
|
run: |
|
|
echo "${{ secrets.REGISTRY_TOKEN }}" \
|
|
| docker login "$REGISTRY" -u enricobuehler --password-stdin
|
|
|
|
- name: Build
|
|
run: |
|
|
# On a release tag, also tag the image vX.Y.Z so a release pins reproducible web/docs images.
|
|
EXTRA=""
|
|
case "$GITHUB_REF" in refs/tags/v*) EXTRA="-t $REGISTRY/$OWNER/${{ matrix.image }}:${GITHUB_REF_NAME}" ;; esac
|
|
docker build --pull ${{ matrix.buildargs }} \
|
|
-f "${{ matrix.dockerfile }}" \
|
|
-t "$REGISTRY/$OWNER/${{ matrix.image }}:latest" \
|
|
-t "$REGISTRY/$OWNER/${{ matrix.image }}:sha-${GITHUB_SHA::8}" \
|
|
$EXTRA \
|
|
"${{ matrix.context }}"
|
|
|
|
- name: Push
|
|
run: |
|
|
docker push "$REGISTRY/$OWNER/${{ matrix.image }}:sha-${GITHUB_SHA::8}"
|
|
docker push "$REGISTRY/$OWNER/${{ matrix.image }}:latest"
|
|
case "$GITHUB_REF" in refs/tags/v*) docker push "$REGISTRY/$OWNER/${{ matrix.image }}:${GITHUB_REF_NAME}" ;; esac
|
|
|
|
# Deploy the docs site to unom-1, the DMZ services VM website/cms also deploy to
|
|
# (docs.punktfunk.unom.io via Caddy on home-reverse-proxy-1 -> :3220). Same secret set
|
|
# as unom/website's deploy: DEPLOY_HOST/DEPLOY_USER/DEPLOY_PORT/DEPLOY_SSH_KEY (the
|
|
# unom-ci-deploy key).
|
|
deploy-docs:
|
|
runs-on: ubuntu-24.04
|
|
needs: build-push
|
|
timeout-minutes: 10
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Sync compose file
|
|
uses: appleboy/scp-action@v0.1.7
|
|
with:
|
|
host: ${{ secrets.DEPLOY_HOST }}
|
|
username: ${{ secrets.DEPLOY_USER }}
|
|
port: ${{ secrets.DEPLOY_PORT }}
|
|
key: ${{ secrets.DEPLOY_SSH_KEY }}
|
|
source: "compose.production.yml"
|
|
target: "~/punktfunk-docs"
|
|
overwrite: true
|
|
|
|
- name: Pull and start docs
|
|
uses: appleboy/ssh-action@v1.2.5
|
|
env:
|
|
REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }}
|
|
with:
|
|
host: ${{ secrets.DEPLOY_HOST }}
|
|
username: ${{ secrets.DEPLOY_USER }}
|
|
port: ${{ secrets.DEPLOY_PORT }}
|
|
key: ${{ secrets.DEPLOY_SSH_KEY }}
|
|
# Token enters via env, never the script text (keeps it out of run logs).
|
|
envs: REGISTRY_TOKEN
|
|
script: |
|
|
set -euo pipefail
|
|
printf '%s' "$REGISTRY_TOKEN" | docker login git.unom.io -u enricobuehler --password-stdin
|
|
cd ~/punktfunk-docs
|
|
docker compose -f compose.production.yml pull docs
|
|
docker compose -f compose.production.yml up -d --no-build docs
|