From 4ea38bba739c90c2994fe965f23664882092f36f Mon Sep 17 00:00:00 2001
From: Giteabot <>
Date: Fri, 16 Jun 2023 13:59:20 -0400
Subject: [PATCH] Build nightly binaries with Actions (#25308) (#25314)

Backport #25308 by @techknowlogick

Co-authored-by: techknowlogick <>
Co-authored-by: silverwind <>
 .drone.yml                              | 135 ------------------------
 .github/workflows/cron-licenses.yml     |   1 +
 .github/workflows/cron-translations.yml |   1 +
 .github/workflows/release-nightly.yml   |  59 +++++++++++
 Makefile                                |  12 ---
 5 files changed, 61 insertions(+), 147 deletions(-)
 create mode 100644 .github/workflows/release-nightly.yml

diff --git a/.drone.yml b/.drone.yml
index 4e7789ef92..d54f3c198d 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,138 +1,3 @@
-kind: pipeline
-type: docker
-name: release-latest
-  os: linux
-  arch: amd64
-  base: /source
-  path: /
-  branch:
-    - main
-    - "release/*"
-  event:
-    - push
-  paths:
-    exclude:
-      - "docs/**"
-  - name: deps
-    temp: {}
-  - name: fetch-tags
-    image: docker:git
-    pull: always
-    commands:
-      - git fetch --tags --force
-  - name: deps-frontend
-    image: node:20
-    pull: always
-    commands:
-      - make deps-frontend
-  - name: deps-backend
-    image: gitea/test_env:linux-1.20-amd64
-    pull: always
-    commands:
-      - make deps-backend
-    volumes:
-      - name: deps
-        path: /go
-  - name: static
-    image: techknowlogick/xgo:go-1.20.x
-    pull: always
-    commands:
-      # Upgrade to node 20 once is resolved
-      - curl -sL | bash - && apt-get -qqy install nodejs
-      - export PATH=$PATH:$GOPATH/bin
-      - make release
-    environment:
-      GOPROXY: # is blocked in China, this proxy is not
-      TAGS: bindata sqlite sqlite_unlock_notify
-      DEBIAN_FRONTEND: noninteractive
-    volumes:
-      - name: deps
-        path: /go
-  - name: gpg-sign
-    image: plugins/gpgsign:1
-    pull: always
-    settings:
-      detach_sign: true
-      excludes:
-        - "dist/release/*.sha256"
-      files:
-        - "dist/release/*"
-    environment:
-        from_secret: gpgsign_key
-        from_secret: gpgsign_passphrase
-  - name: release-branch
-    image: woodpeckerci/plugin-s3:latest
-    pull: always
-    settings:
-      acl:
-        from_secret: aws_s3_acl
-      region:
-        from_secret: aws_s3_region
-      bucket:
-        from_secret: aws_s3_bucket
-      endpoint:
-        from_secret: aws_s3_endpoint
-      path_style:
-        from_secret: aws_s3_path_style
-      source: "dist/release/*"
-      strip_prefix: dist/release/
-      target: "/gitea/${DRONE_BRANCH##release/v}"
-    environment:
-        from_secret: aws_access_key_id
-        from_secret: aws_secret_access_key
-    when:
-      branch:
-        - "release/*"
-      event:
-        - push
-  - name: release-main
-    image: woodpeckerci/plugin-s3:latest
-    settings:
-      acl:
-        from_secret: aws_s3_acl
-      region:
-        from_secret: aws_s3_region
-      bucket:
-        from_secret: aws_s3_bucket
-      endpoint:
-        from_secret: aws_s3_endpoint
-      path_style:
-        from_secret: aws_s3_path_style
-      source: "dist/release/*"
-      strip_prefix: dist/release/
-      target: /gitea/main
-    environment:
-        from_secret: aws_access_key_id
-        from_secret: aws_secret_access_key
-    when:
-      branch:
-        - main
-      event:
-        - push
 kind: pipeline
 name: release-version
diff --git a/.github/workflows/cron-licenses.yml b/.github/workflows/cron-licenses.yml
index 17b0d686d8..4fa4016168 100644
--- a/.github/workflows/cron-licenses.yml
+++ b/.github/workflows/cron-licenses.yml
@@ -3,6 +3,7 @@ name: cron-licenses
     - cron: "7 0 * * 1" # every Monday at 00:07 UTC
+  workflow_dispatch:
diff --git a/.github/workflows/cron-translations.yml b/.github/workflows/cron-translations.yml
index a7c9ceabd3..3f147c685d 100644
--- a/.github/workflows/cron-translations.yml
+++ b/.github/workflows/cron-translations.yml
@@ -3,6 +3,7 @@ name: cron-translations
     - cron: "7 0 * * *" # every day at 00:07 UTC
+  workflow_dispatch:
diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml
new file mode 100644
index 0000000000..4281c2ca09
--- /dev/null
+++ b/.github/workflows/release-nightly.yml
@@ -0,0 +1,59 @@
+name: release-nightly-assets
+  push:
+    branches: [ main, release/v* ]
+  nightly-binary:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
+      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
+      - run: git fetch --unshallow --quiet --tags --force
+      - uses: actions/setup-go@v4
+        with:
+          go-version: ">=1.20"
+          check-latest: true
+      - uses: actions/setup-node@v3
+        with:
+          node-version: 20
+      - run: make deps-frontend deps-backend
+      # xgo build
+      - run: make release
+        env:
+          TAGS: bindata sqlite sqlite_unlock_notify
+      - name: import gpg key
+        id: import_gpg
+        uses: crazy-max/ghaction-import-gpg@v5
+        with:
+          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
+          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
+      - name: sign binaries
+        run: |
+          for f in dist/release/*; do
+            echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output "$f.asc" "$f"
+          done
+      # clean branch name to get the folder name in S3
+      - name: Get cleaned branch name
+        id: clean_name
+        run: |
+          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
+          echo "Cleaned name is ${REF_NAME}"
+          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
+      - name: upload binaries to s3
+        uses: jakejarvis/s3-sync-action@master
+        env:
+          AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_REGION: ${{ secrets.AWS_REGION }}
+          SOURCE_DIR: dist/release
+          DEST_DIR: gitea/${{ steps.clean_name.outputs.branch }}
+  nightly-docker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: docker/setup-buildx-action@v1
+      # build for linux/amd64, and linux/arm64 (possibly include linux/arm/v7 later. not included now because it adds significant amount to the build time)
diff --git a/Makefile b/Makefile
index 664839273b..b3111d65f1 100644
--- a/Makefile
+++ b/Makefile
@@ -831,30 +831,18 @@ release-windows: | $(DIST_DIRS)
 ifeq (,$(findstring gogit,$(TAGS)))
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
-ifeq ($(CI),true)
-	cp /build/* $(DIST)/binaries
 .PHONY: release-linux
 release-linux: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out gitea-$(VERSION) .
-ifeq ($(CI),true)
-	cp /build/* $(DIST)/binaries
 .PHONY: release-darwin
 release-darwin: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64,darwin-10.12/arm64' -out gitea-$(VERSION) .
-ifeq ($(CI),true)
-	cp /build/* $(DIST)/binaries
 .PHONY: release-freebsd
 release-freebsd: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'freebsd/amd64' -out gitea-$(VERSION) .
-ifeq ($(CI),true)
-	cp /build/* $(DIST)/binaries
 .PHONY: release-copy
 release-copy: | $(DIST_DIRS)