Commit Graph

424 Commits

Author SHA1 Message Date
renovate[bot]
8a3f151f75 chore(deps): update postgres:18 docker digest to b913fd5 2026-07-15 10:11:22 +00:00
kolaente
5742068757 chore(ci): don't report duplicate dependencies 2026-07-15 12:19:41 +02:00
renovate[bot]
05ad8049ef chore(deps): update softprops/action-gh-release action to v3.0.2 2026-07-15 09:15:49 +00:00
renovate[bot]
0f451aae73 chore(deps): update danielroe/provenance-action digest to 97ee003 2026-07-15 09:15:36 +00:00
renovate[bot]
89133cd074 chore(deps): update actions/stale action to v10.4.0 2026-07-10 12:52:37 +00:00
renovate[bot]
7c05161a78 chore(deps): update cachix/install-nix-action action to v31.10.7 2026-07-10 12:52:08 +00:00
kolaente
fb55bf2a79 Extract golangci-lint setup into reusable action (#3142) 2026-07-09 15:17:35 +02:00
renovate[bot]
fb79de94d5 chore(deps): update postgres:18 docker digest to 22c89fe 2026-07-08 17:34:31 +00:00
renovate[bot]
58b2e68981 chore(deps): update postgres:18 docker digest to 3111367 2026-07-08 12:39:10 +00:00
renovate[bot]
33666d8fdc chore(deps): update danielroe/provenance-action digest to da28a90 2026-07-08 12:38:15 +00:00
renovate[bot]
7c65960c85 chore(deps): update docker/login-action action to v4.4.0 2026-07-03 14:27:17 +00:00
renovate[bot]
ffcdee336c chore(deps): update danielroe/provenance-action digest to 83ae780 2026-07-02 17:15:15 +00:00
renovate[bot]
7f74f1e174 chore(deps): update pnpm/action-setup action to v6 2026-07-02 15:34:30 +00:00
renovate[bot]
43adb94e3f chore(deps): update softprops/action-gh-release action to v3 2026-07-02 15:34:18 +00:00
renovate[bot]
4b7e747169 chore(deps): update docker/setup-buildx-action action to v4.2.0 2026-07-02 13:59:25 +00:00
renovate[bot]
2eaa019e64 chore(deps): update docker/metadata-action action to v6.2.0 2026-07-02 13:54:29 +00:00
renovate[bot]
6199189955 chore(deps): update docker/login-action action to v4.3.0 2026-07-02 10:32:16 +00:00
renovate[bot]
2d2669dcd1 chore(deps): pin cachix/install-nix-action action to v31.10.6 2026-07-02 10:22:18 +00:00
kolaente
9467594514 ci: let stale bot close PRs waiting for reply
The workflow was missing the pull-requests write permission, so its PR
settings never had any effect. Grant it and close PRs two weeks after
the author goes silent, matching the contribution policy.
2026-07-02 13:50:41 +02:00
renovate[bot]
ac3f4de80d chore(deps): update actions/github-script action to v9 2026-07-02 06:35:02 +00:00
renovate[bot]
a11c6f94ac chore(deps): update actions/stale action to v10 2026-07-02 06:31:06 +00:00
renovate[bot]
5c5f4c54b0 chore(deps): update cachix/install-nix-action action to v31 2026-07-02 06:30:37 +00:00
renovate[bot]
bf7c545716 chore(deps): update docker/build-push-action action to v7 2026-07-02 06:28:29 +00:00
renovate[bot]
8c7c74bb86 chore(deps): update docker/login-action action to v4 2026-07-02 06:28:12 +00:00
renovate[bot]
a968f22449 chore(deps): update docker/metadata-action action to v6 2026-07-02 06:27:45 +00:00
renovate[bot]
f488bc35cb chore(deps): update magefile/mage-action action to v4 2026-07-02 06:27:09 +00:00
renovate[bot]
fbe3c7cc9f chore(deps): update docker/setup-buildx-action action to v4 2026-07-01 12:41:51 +00:00
renovate[bot]
af7775bf00 chore(deps): update github artifact actions 2026-07-01 12:41:34 +00:00
kolaente
47d65e82c8 ci: stop Preview docker build from using GHA cache (fixes "failed to reserve cache")
The image build succeeds but exporting to the GHA cache fails with
'failed to reserve cache' under concurrent preview builds against the
10 GiB budget, and buildx treats that as fatal. #3053 (mode=max->min)
did not fix it. Remove cache-from/cache-to type=gha entirely so the
Preview build is decoupled from the cache budget.
2026-07-01 12:41:11 +00:00
renovate[bot]
8a97ef7f94 chore(deps): update dependency golangci/golangci-lint to v2.12.2 2026-06-30 18:53:56 +00:00
kolaente
7b2fb5089e ci: reduce Preview docker build cache to mode=min to fit GHA cache budget
Claude-Session: https://claude.ai/code/session_01AHD9BmNcUfgBZdPveZRa8z
2026-06-30 21:38:17 +02:00
renovate[bot]
89ea31a938 chore(deps): update actions/create-github-app-token action to v3 2026-06-30 17:44:15 +00:00
renovate[bot]
988dfa0b3a chore(deps): update golangci/golangci-lint-action action to v9.3.0 2026-06-29 17:52:24 +00:00
renovate[bot]
b0bbfa677a chore(deps): update playwright to v1.61.1 2026-06-29 08:16:15 +02:00
renovate[bot]
a2063a27a8 chore(deps): update actions/ai-inference action to v2.1.1 2026-06-29 08:12:04 +02:00
kolaente
8d0814e460 chore(ci): remove stale label from PR when there is activity 2026-06-28 19:41:30 +02:00
renovate[bot]
d374c8e6f9 chore(deps): update actions/checkout action to v7 2026-06-28 09:06:15 +00:00
renovate[bot]
dab2ac473f chore(deps): update postgres:18 docker digest to 4aabea7 2026-06-27 19:40:01 +00:00
renovate[bot]
ba5c09f962 chore(deps): update actions/cache action to v6 2026-06-27 19:39:18 +00:00
renovate[bot]
07d39b4290 chore(deps): pin dependencies 2026-06-27 18:01:23 +00:00
kolaente
2395239f0b fix(ci): generate config.yml.sample in release-os-package for vikunja
vikunja's nfpm.yaml packs ./config.yml.sample as /etc/vikunja/config.yml.
The release-binaries action already regenerates it for the zip bundles,
but release-os-package runs on a fresh runner without that file, so
nfpm aborted with "matching ./config.yml.sample: file does not exist"
on every vikunja os-package matrix shard (the veans shards skip this
step entirely).

Add a vikunja-only step to regenerate it before nfpm runs.
2026-05-27 18:16:38 +02:00
kolaente
1e1fcaafbc fix(ci): drop "./" from PACKAGE_OUTPUT_DIR so strip-path-prefix matches
The s3-action expands the upload glob into paths without a leading
"./", but strip-path-prefix was set to "./dist/os-packages/" (or
"./veans/dist/os-packages/"). The prefix never matched, so packages
landed at /<project>/<version>/<project>/dist/os-packages/<file>
instead of /<project>/<version>/<file>.

Drop the "./" prefix to match the working DIST_PREFIX pattern in
release-binaries.
2026-05-27 17:35:58 +02:00
kolaente
4f8a44de89 fix(ci): switch release composite actions to unstable on non-tag builds
The release-binaries and release-os-package composite actions were
comparing the raw release-version input against the literal "main" to
decide whether to use "unstable" for filenames and the S3 directory.
Callers always pass `steps.ghd.outputs.describe`, which is a value
like `v2.3.0-408-ge053d317` on non-tag builds — so the check never
fired and unstable artifacts landed under `/<project>/<describe>/`
with `<project>-<describe>-...` filenames.

Drive the switch from `github.ref_type == 'tag'` instead, matching the
pattern the desktop and config-yaml jobs in release.yml already use.
The raw describe value still flows into RELEASE_VERSION so the binary
and package metadata keep the precise commit reference.
2026-05-27 17:32:47 +02:00
kolaente
e053d3172f fix(ci): escape ${{ secrets.* }} mention in release-binaries description
GitHub's action manifest parser evaluates `${{ ... }}` expressions inside
`description:` block scalars, and `secrets` isn't a valid context in a
composite action — so the literal example text in the docstring caused
manifest validation to fail before any step ran.
2026-05-27 17:02:56 +02:00
kolaente
be7eabb9b3 ci: move build-mage prep job out of test.yml into release.yml
build_mage_bin is only consumed by publish-repos in release.yml, so it
doesn't belong in the test workflow. Move it to release.yml as a
prep job and add it to publish-repos's needs list.
2026-05-27 13:01:44 +00:00
kolaente
ed9df9064c refactor(ci): derive composite-action inputs from project name
Reviewer asked us to stop over-configuring the release-binaries and
release-os-package composite actions — they're called only with
vikunja or veans, so per-project paths, artifact names, cache keys, S3
target, and version-or-unstable can all be derived inside the action
from the project name. The xgo-out-name input goes away too.

Vikunja-specific pre-build (downloading frontend_dist, generating
config.yml.sample) now happens inside the action, gated on the project
input. Callers no longer need those preamble steps.

Secrets stay as inputs — composite actions can't read \`\${{ secrets.* }}\`
directly; passing them through is the simplest workaround.

Each callsite shrinks to ~13 lines of mostly-secret pass-through plus
2-4 lines of real parameters.
2026-05-27 13:01:44 +00:00
kolaente
e903b72b9e refactor(ci): call release composite actions from release.yml
Replace the inline bodies of binaries, veans-binaries, os-package, and
veans-os-package jobs with calls to the new release-binaries and
release-os-package composite actions. Each call site is now ~25 lines
of inputs instead of ~75 lines of duplicated mage+upx+gpg+s3 plumbing.

publish-repos switches from the parent's ./mage-static to the
prebuilt build_mage_bin artifact so it can drive build/'s repo metadata
targets inside the publish-repos containers.
2026-05-27 13:01:44 +00:00
kolaente
95f65c4712 ci: prebuild static build/mage for repo metadata containers
publish-repos runs inside ubuntu/fedora/archlinux containers that don't
ship a Go toolchain. Compile build/magefile.go into a static binary in
the test workflow (mirroring the existing mage_bin job for the parent
magefile) and upload it as the build_mage_bin artifact so publish-repos
can chmod+x and run it without setup-go.
2026-05-27 13:01:44 +00:00
kolaente
c690f74d75 feat(ci): add release-binaries and release-os-package composite actions
Two reusable composite actions wrap the CI side of the release pipeline:

- release-binaries: setup-go, install mage + upx, cache xgo, invoke
  `mage release:build <project>` from build/, GPG-sign the zip bundles,
  upload to S3, store binaries and zips as workflow artifacts.

- release-os-package: download a binaries artifact, install mage,
  `mage release:prepare-nfpm-config <project> <arch>`, stage the binary,
  nfpm pack (with rpm signing inline and archlinux signing after), upload
  to S3, store the package as an artifact.

Both actions are parameterized on project name, output paths, artifact
names, S3 target, and GPG/S3 secrets — adding a third Go binary to the
monorepo just means defining its project in build/magefile.go and adding
a four-line call site in release.yml.
2026-05-27 13:01:44 +00:00
kolaente
f39cf00290 ci: register custom actionlint runner labels
Declare namespace-profile-default and blacksmith-8vcpu-ubuntu-2204 as
known self-hosted runners so actionlint stops flagging them as unknown.
2026-05-27 13:01:44 +00:00