0
0
Fork 0
mirror of https://codeberg.org/forgejo/docs.git synced 2024-12-24 22:32:43 -05:00

docs: explain how to debug the release publishing phase

This commit is contained in:
Earl Warren 2023-07-03 23:13:32 +02:00 committed by Caesar Schinas
parent 2254870589
commit c6d14c68ef
No known key found for this signature in database
GPG key ID: AE9108461BEA5ACF

View file

@ -92,6 +92,14 @@ VPN and its role is to copy and sign release artifacts.
- Binaries are downloaded from https://code.forgejo.org/forgejo-integration/runner, signed and copied to https://code.forgejo.org/forgejo/runner. - Binaries are downloaded from https://code.forgejo.org/forgejo-integration/runner, signed and copied to https://code.forgejo.org/forgejo/runner.
- Container images are copied from https://code.forgejo.org/forgejo-integration to https://code.forgejo.org/forgejo - Container images are copied from https://code.forgejo.org/forgejo-integration to https://code.forgejo.org/forgejo
If the publishing the release needs debug, it can be done manually:
- https://forgejo.octopuce.forgejo.org/forgejo-release/runner-debug has the same secrets as https://forgejo.octopuce.forgejo.org/forgejo-release/runner
- Make the changes, tag with vX.Y.Z-N and force push the tag to https://forgejo.octopuce.forgejo.org/forgejo-release/runner-debug
- Watch the action run at https://forgejo.octopuce.forgejo.org/forgejo-release/runner-debug/actions
- To skip one of the publish phases (binaries or container images), delete it and commit in the repository before pushing the tag
- Reflect the changes in a PR at https://code.forgejo.org/forgejo/runner to make sure they are not lost
### Securing the release token and cryptographic keys ### Securing the release token and cryptographic keys
For both the Forgejo runner and Forgejo itself, copying and signing the release artifacts (container images and binaries) happen on a Forgejo isntance running [behind a VPN](infrastructure#octopuce) to safeguard the token that has write access to the Forgejo repository as well as the cryptographic key used to sign the releases. For both the Forgejo runner and Forgejo itself, copying and signing the release artifacts (container images and binaries) happen on a Forgejo isntance running [behind a VPN](infrastructure#octopuce) to safeguard the token that has write access to the Forgejo repository as well as the cryptographic key used to sign the releases.