mirror of
https://codeberg.org/forgejo/docs.git
synced 2024-12-24 22:32:43 -05:00
docs: explain how to debug the release publishing phase
This commit is contained in:
parent
2254870589
commit
c6d14c68ef
1 changed files with 8 additions and 0 deletions
|
@ -92,6 +92,14 @@ VPN and its role is to copy and sign release artifacts.
|
|||
- Binaries are downloaded from https://code.forgejo.org/forgejo-integration/runner, signed and copied to https://code.forgejo.org/forgejo/runner.
|
||||
- Container images are copied from https://code.forgejo.org/forgejo-integration to https://code.forgejo.org/forgejo
|
||||
|
||||
If the publishing the release needs debug, it can be done manually:
|
||||
|
||||
- https://forgejo.octopuce.forgejo.org/forgejo-release/runner-debug has the same secrets as https://forgejo.octopuce.forgejo.org/forgejo-release/runner
|
||||
- Make the changes, tag with vX.Y.Z-N and force push the tag to https://forgejo.octopuce.forgejo.org/forgejo-release/runner-debug
|
||||
- Watch the action run at https://forgejo.octopuce.forgejo.org/forgejo-release/runner-debug/actions
|
||||
- To skip one of the publish phases (binaries or container images), delete it and commit in the repository before pushing the tag
|
||||
- Reflect the changes in a PR at https://code.forgejo.org/forgejo/runner to make sure they are not lost
|
||||
|
||||
### Securing the release token and cryptographic keys
|
||||
|
||||
For both the Forgejo runner and Forgejo itself, copying and signing the release artifacts (container images and binaries) happen on a Forgejo isntance running [behind a VPN](infrastructure#octopuce) to safeguard the token that has write access to the Forgejo repository as well as the cryptographic key used to sign the releases.
|
||||
|
|
Loading…
Reference in a new issue