ci(forgejo): add manual release dispatch and refresh release docs

Allow rebuilding an existing tag via workflow_dispatch and document
Obtainium-friendly asset names, secrets, and runner setup.

Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
littlecodedragon 2026-07-10 10:12:13 +02:00
parent a81d717ca3
commit 49a0644f68
2 changed files with 103 additions and 37 deletions

View file

@ -5,6 +5,12 @@ on:
push: push:
tags: tags:
- v* - v*
workflow_dispatch:
inputs:
tag:
description: 'Release tag to build and publish (e.g. v1.13.6). Must already exist on the remote.'
required: true
type: string
permissions: permissions:
contents: write contents: write
@ -21,6 +27,7 @@ jobs:
shell: bash shell: bash
env: env:
FORGEJO_TOKEN: ${{ secrets.GITHUB_TOKEN }} FORGEJO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DISPATCH_TAG: ${{ github.event.inputs.tag }}
run: | run: |
set -euo pipefail set -euo pipefail
rm -rf .git rm -rf .git
@ -28,7 +35,11 @@ jobs:
origin_url="${GITHUB_SERVER_URL#https://}" origin_url="${GITHUB_SERVER_URL#https://}"
origin_url="${origin_url#http://}" origin_url="${origin_url#http://}"
git remote add origin "https://copilot:${FORGEJO_TOKEN}@${origin_url}/${GITHUB_REPOSITORY}.git" git remote add origin "https://copilot:${FORGEJO_TOKEN}@${origin_url}/${GITHUB_REPOSITORY}.git"
git -c http.sslVerify=false fetch --tags --prune origin "${GITHUB_SHA}" if [ "${GITHUB_EVENT_NAME}" = "workflow_dispatch" ]; then
git -c http.sslVerify=false fetch --tags --prune origin "refs/tags/${DISPATCH_TAG}"
else
git -c http.sslVerify=false fetch --tags --prune origin "${GITHUB_SHA}"
fi
git checkout --force FETCH_HEAD git checkout --force FETCH_HEAD
- name: Set up JDK - name: Set up JDK
@ -86,7 +97,11 @@ jobs:
run: | run: |
set -euo pipefail set -euo pipefail
version_tag="${GITHUB_REF_NAME:-${GITHUB_REF#refs/tags/}}" if [ "${GITHUB_EVENT_NAME}" = "workflow_dispatch" ]; then
version_tag="${{ github.event.inputs.tag }}"
else
version_tag="${GITHUB_REF_NAME:-${GITHUB_REF#refs/tags/}}"
fi
version_display="$(printf '%s' "$version_tag" | sed -E 's/^v//' )" version_display="$(printf '%s' "$version_tag" | sed -E 's/^v//' )"
previous_tag="$(git tag --list 'v*' --sort=-version:refname | grep -Fxv "$version_tag" | head -n 1 || true)" previous_tag="$(git tag --list 'v*' --sort=-version:refname | grep -Fxv "$version_tag" | head -n 1 || true)"
upstream_repo="komikku-app/komikku" upstream_repo="komikku-app/komikku"

View file

@ -1,62 +1,80 @@
# Forgejo release runner # Forgejo releases and Obtainium
This repository now includes a Forgejo-native release workflow at `.forgejo/workflows/build_release.yml`. Forgejo Actions workflow: [`.forgejo/workflows/build_release.yml`](../.forgejo/workflows/build_release.yml)
## What it does ## What it does
- Triggers on tags matching `v*` - Triggers on tags matching `v*`, or manually via **Actions → Forgejo Release Builder → Run workflow**
- Builds the release APKs - Builds release APKs (`assembleRelease -Penable-updater -Pdisable-code-shrink`, no telemetry)
- Signs the APKs - Signs APKs with your release keystore
- Creates or updates a draft release through the Forgejo API - Creates or updates a Forgejo release and uploads APK assets
- Uploads the APKs and a zipped ProGuard mapping as release assets - Publishes stable Obtainium-friendly asset names alongside versioned files
The workflow intentionally avoids GitHub-only artifact and release actions so it can run on Forgejo with a self-hosted runner. The workflow uses shell + Forgejo API calls only (no GitHub-only release actions), so it runs on self-hosted Forgejo runners.
## Cut a release
1. Bump `versionCode` / `versionName` in `app/build.gradle.kts` if needed.
2. Commit and push to your default branch.
3. Create and push an annotated tag:
```sh
git tag -a v1.13.6 -m "v1.13.6"
git push origin v1.13.6
```
4. Forgejo Actions builds, signs, and publishes the release automatically.
To **rebuild an existing tag** (e.g. after fixing signing secrets), use **Run workflow** and enter the tag name. The tag must already exist on the remote.
## Required repository secrets ## Required repository secrets
Set these secrets in the Forgejo repository settings: Configure under **Repository → Settings → Actions → Secrets**:
- `GOOGLE_SERVICES_JSON` | Secret | Description |
- `GOOGLE_CLIENT_SECRETS_JSON` |--------|-------------|
- `SIGNING_KEY` | `SIGNING_KEYSTORE_B64` | Base64-encoded release keystore (`.jks` / `.keystore`) |
- `ALIAS` | `SIGNING_KEYSTORE_PASSWORD` | Keystore password |
- `KEY_STORE_PASSWORD` | `SIGNING_KEY_ALIAS` | Key alias inside the keystore |
- `KEY_PASSWORD` | `SIGNING_KEY_PASSWORD` | Key password |
`secrets.GITHUB_TOKEN` is used as the Forgejo-provided built-in token for the release API calls. `secrets.GITHUB_TOKEN` is the built-in Forgejo Actions token used for release API calls (no extra setup).
Encode a keystore for the secret:
```sh
base64 -w0 your-release.keystore
```
## Runner label ## Runner label
The workflow uses: The workflow uses:
```yaml ```yaml
runs-on: forgejo-release runs-on: desktop-release
``` ```
Register a runner with a matching label. Host mode is the simplest option for Android builds: Register a self-hosted runner with a matching label. Host mode is simplest for Android builds:
```sh ```sh
forgejo-runner register \ forgejo-runner register \
--instance https://192.168.1.155:3030 \ --instance https://your-forgejo.example \
--token <registration-token> \ --token <registration-token> \
--name komikku-release \ --name komikku-release \
--labels "forgejo-release:host" --labels "desktop-release:host"
``` ```
## Runner prerequisites ## Runner prerequisites
Install these on the runner host before enabling the workflow: Install on the runner host:
- Git - Git, curl, jq, zip
- curl
- zip
- Python 3
- JDK 17 - JDK 17
- Android SDK command-line tools - Android SDK command-line tools
- Android platform `android-35` - Android platform `android-35`
- Android build-tools `35.0.1` - Android build-tools `35.0.0` (or newer; workflow installs via `sdkmanager` if missing)
Recommended environment variables on the runner host: Recommended environment:
```sh ```sh
export ANDROID_HOME=/opt/android-sdk export ANDROID_HOME=/opt/android-sdk
@ -64,15 +82,48 @@ export ANDROID_SDK_ROOT=/opt/android-sdk
export PATH="$ANDROID_HOME/cmdline-tools/latest/bin:$ANDROID_HOME/platform-tools:$PATH" export PATH="$ANDROID_HOME/cmdline-tools/latest/bin:$ANDROID_HOME/platform-tools:$PATH"
``` ```
## Suggested setup flow Optional persistent Gradle cache (speeds up repeat builds):
1. Enable Actions on the Forgejo instance and repository. ```sh
2. Register the `forgejo-release` runner. export KOMIKKU_GRADLE_CACHE="$HOME/.cache/komikku-ci-gradle"
3. Add the required repository secrets. ```
4. Push a test tag such as `v0.0.0-forgejo.1`.
5. Open the draft release in Forgejo and verify the uploaded APKs. ## Release assets
Versioned (one set per tag):
- `Komikku-v1.13.6.apk` — universal
- `Komikku-arm64-v8a-v1.13.6.apk`
- `Komikku-armeabi-v7a-v1.13.6.apk`
- `Komikku-x86-v1.13.6.apk`
- `Komikku-x86_64-v1.13.6.apk`
- `Komikku-mapping-v1.13.6.zip` — ProGuard mapping (when present)
Stable aliases (same filename every release; best for Obtainium):
- `Komikku-universal.apk`
- `Komikku-arm64-v8a.apk`
## Obtainium
Obtainium can install directly from Forgejo release assets.
1. Install [Obtainium](https://github.com/ImranR98/Obtainium) on your device.
2. **Add app** → source type **Forgejo** (or **Gitea** on older Obtainium).
3. Enter your repository URL, e.g. `https://forgejo.example/youruser/komikku`.
4. Set **APK filter** to a stable asset name:
- Most phones: `Komikku-arm64-v8a.apk`
- Universal fallback: `Komikku-universal.apk`
5. Obtainium reads the latest `v*` release tag; version is parsed from the tag (e.g. `v1.13.6``1.13.6`).
Direct download URL pattern (for reference):
```text
https://forgejo.example/<owner>/<repo>/releases/download/<tag>/Komikku-arm64-v8a.apk
```
## Notes ## Notes
- The existing GitHub workflows under `.github/workflows/` remain unchanged. - GitHub workflows under `.github/workflows/` are unchanged; they target GitHub Actions and upstream secrets.
- The Forgejo release notes are generated from git history, so they do not depend on the GitHub compare API. - Release notes are generated from git history between the previous and current `v*` tag.
- Unsigned APKs are built internally but only signed APKs are uploaded to the release.