From c6d14c68ef6edb06e8a23230d6bccd61ea308409 Mon Sep 17 00:00:00 2001 From: Earl Warren Date: Mon, 3 Jul 2023 23:13:32 +0200 Subject: [PATCH] docs: explain how to debug the release publishing phase --- developer/RELEASE.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/developer/RELEASE.md b/developer/RELEASE.md index 6f4aabbf..251babb4 100644 --- a/developer/RELEASE.md +++ b/developer/RELEASE.md @@ -92,6 +92,14 @@ VPN and its role is to copy and sign release artifacts. - Binaries are downloaded from https://code.forgejo.org/forgejo-integration/runner, signed and copied to https://code.forgejo.org/forgejo/runner. - Container images are copied from https://code.forgejo.org/forgejo-integration to https://code.forgejo.org/forgejo +If the publishing the release needs debug, it can be done manually: + +- https://forgejo.octopuce.forgejo.org/forgejo-release/runner-debug has the same secrets as https://forgejo.octopuce.forgejo.org/forgejo-release/runner +- Make the changes, tag with vX.Y.Z-N and force push the tag to https://forgejo.octopuce.forgejo.org/forgejo-release/runner-debug +- Watch the action run at https://forgejo.octopuce.forgejo.org/forgejo-release/runner-debug/actions +- To skip one of the publish phases (binaries or container images), delete it and commit in the repository before pushing the tag +- Reflect the changes in a PR at https://code.forgejo.org/forgejo/runner to make sure they are not lost + ### Securing the release token and cryptographic keys For both the Forgejo runner and Forgejo itself, copying and signing the release artifacts (container images and binaries) happen on a Forgejo isntance running [behind a VPN](infrastructure#octopuce) to safeguard the token that has write access to the Forgejo repository as well as the cryptographic key used to sign the releases.