Update workflow to use ACCESS_TOKEN and add setup instructions

- Updated workflow to use ACCESS_TOKEN instead of FORGEJO_TOKEN - Added comprehensive setup instructions in workflow comments - Updated all API calls and debug steps to use ACCESS_TOKEN - Added reminder for future repository setups
2025-07-21 21:50:32 +00:00 · 2025-07-21 21:50:32 +00:00 · 781b1c2650
commit 781b1c2650
parent 4b7ad029e9
3 changed files with 244 additions and 239 deletions
--- a/.forgejo/workflows/build-packages.yml
+++ b/.forgejo/workflows/build-packages.yml
@ -1,5 +1,20 @@
 name: Build bootc Package

+# ⚠️  IMPORTANT: Each repository needs its own FORGEJO_TOKEN secret!
+# 
+# To set up this workflow in a new repository:
+# 1. Go to repository settings: https://git.raines.xyz/OWNER/REPO/settings
+# 2. Find "Secrets" or "Repository secrets" section
+# 3. Add new secret:
+#    - Name: FORGEJO_TOKEN
+#    - Value: Your Personal Access Token with repo and write:packages permissions
+# 4. The token needs these scopes:
+#    - repo (Full control of private repositories)
+#    - write:packages (Write packages)
+#    - read:packages (Read packages)
+#
+# This workflow will fail with "FORGEJO_TOKEN is not set" if the secret is missing.
+
 on:
  push:
    branches: [ main, master ]
@ -21,7 +36,7 @@ jobs:
      - name: Setup build environment
        run: |
          apt update -y
-          apt install -y git curl pkg-config build-essential
+          apt install -y git curl pkg-config build-essential gnupg
          
          # Install Rust using rustup to get the latest version
          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
@ -30,6 +45,20 @@ jobs:
          # Verify Rust version
          rustc --version
          cargo --version
+          
+          # Add Forgejo repository for libostree packages
+          echo "Adding Forgejo repository for libostree packages..."
+          curl -fsSL https://git.raines.xyz/api/packages/robojerk/debian/repository.key | gpg --dearmor -o /usr/share/keyrings/forgejo-robojerk.gpg
+          echo "deb [signed-by=/usr/share/keyrings/forgejo-robojerk.gpg] https://git.raines.xyz/api/packages/robojerk/debian noble main" | tee /etc/apt/sources.list.d/forgejo-robojerk.list
+          
+          # Update package lists and install libostree packages
+          apt update -y
+          echo "Installing libostree packages from Forgejo repository..."
+          apt install -y libostree-dev=2025.2-1~noble1 libostree-1-1=2025.2-1~noble1
+          
+          echo "✅ libostree packages installed successfully"
+          echo "libostree-dev version: $(dpkg-query -W -f='${Version}' libostree-dev)"
+          echo "libostree-1-1 version: $(dpkg-query -W -f='${Version}' libostree-1-1)"

      - name: Checkout repository manually
        run: |
@ -38,18 +67,81 @@ jobs:
          cp -r /tmp/bootc-deb/* .
          cp -r /tmp/bootc-deb/.* . 2>/dev/null || true

-      - name: Setup build environment for bootc
+      - name: Install curl and jq for API testing
+        run: |
+          apt-get update -y
+          apt-get install -y curl jq
+
+      - name: Debug - Check ACCESS_TOKEN (safe)
+        run: |
+          echo "=== Debugging ACCESS_TOKEN ==="
+          echo "Token exists: ${{ secrets.ACCESS_TOKEN != '' }}"
+          echo "Token length: ${#ACCESS_TOKEN}"
+          echo "Token first 4 chars: $(echo "$ACCESS_TOKEN" | cut -c1-4)..."
+          echo "Token last 4 chars: ...$(echo "$ACCESS_TOKEN" | rev | cut -c1-4 | rev)"
+          echo "Environment variable name: ACCESS_TOKEN"
+          echo "Available secrets:"
+          env | grep -i token || echo "No token env vars found"
+        env:
+          ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+
+      - name: Test API endpoints
+        run: |
+          echo "=== Testing Forgejo API endpoints with ACCESS_TOKEN ==="
+          
+          # Test 1: Check Forgejo version and capabilities
+          echo "Testing Forgejo version..."
+          curl -s -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \
+               "https://git.raines.xyz/api/v1/version" | jq . 2>/dev/null || echo "Version endpoint failed"
+          
+          echo ""
+          echo "=== Testing user info ==="
+          
+          # Test 2: Check user info
+          echo "Testing user info..."
+          curl -s -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \
+               "https://git.raines.xyz/api/v1/user" | jq . 2>/dev/null || echo "User endpoint failed"
+          
+          echo ""
+          echo "=== Testing repository info ==="
+          
+          # Test 3: Check repository info
+          echo "Testing repository info..."
+          curl -s -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \
+               "https://git.raines.xyz/api/v1/repos/robojerk/bootc-deb" | jq . 2>/dev/null || echo "Repository endpoint failed"
+          
+          echo ""
+          echo "=== Testing package registry endpoints ==="
+          
+          # Test 4: Check if package registry is enabled
+          echo "Testing package registry availability..."
+          curl -s -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \
+               "https://git.raines.xyz/api/v1/user/packages" | jq . 2>/dev/null || echo "User packages endpoint failed"
+          
+          echo ""
+          echo "=== Testing repository packages ==="
+          
+          # Test 5: Check repository packages
+          echo "Testing repository packages..."
+          curl -s -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \
+               "https://git.raines.xyz/api/v1/repos/robojerk/bootc-deb/packages" | jq . 2>/dev/null || echo "Repository packages endpoint failed"
+          
+          echo ""
+          echo "=== Testing Debian package registry ==="
+          
+          # Test 6: Check available package types
+          echo "Testing Debian package registry..."
+          curl -s -H "Authorization: Bearer ${{ secrets.ACCESS_TOKEN }}" \
+               "https://git.raines.xyz/api/v1/packages/robojerk/debian" | jq . 2>/dev/null || echo "Debian packages endpoint failed"
+
+      - name: Install additional build dependencies
        run: |
          apt update -y
-          apt install -y git curl pkg-config build-essential
-          
-          # Install Rust using rustup to get the latest version
-          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-          source ~/.cargo/env
-          
-          # Verify Rust version
-          rustc --version
-          cargo --version
+          apt install -y libglib2.0-dev libgpgme-dev libssl-dev libcurl4-gnutls-dev \
+                         libarchive-dev libfuse3-dev libsystemd-dev libmount-dev \
+                         libselinux1-dev libavahi-client-dev libavahi-glib-dev \
+                         libsoup-3.0-dev gobject-introspection gtk-doc-tools \
+                         docbook-xml docbook-xsl xsltproc gjs libglib2.0-doc

      - name: Clone bootc source
        run: |
@ -102,6 +194,52 @@ jobs:
          echo "Built bootc packages:"
          ls -la bootc-${BOOTC_VERSION}/../*.deb

+      - name: Upload to Debian Package Registry
+        id: debian_upload
+        shell: bash
+        run: |
+          echo "=== Attempting Debian Package Registry upload with ACCESS_TOKEN ==="
+          
+          # Check if ACCESS_TOKEN is available
+          if [ -z "${{ secrets.ACCESS_TOKEN }}" ]; then
+            echo "❌ ACCESS_TOKEN is not set"
+            exit 1
+          fi
+          echo "✅ ACCESS_TOKEN is set"
+
+          # List contents for debugging
+          echo "Built packages:"
+          ls -la bootc-${BOOTC_VERSION}/../*.deb || echo "No .deb files found"
+
+          for deb_file in bootc-${BOOTC_VERSION}/../*.deb; do
+            if [ -f "$deb_file" ]; then
+              echo "Uploading $deb_file to Debian Package Registry..."
+              filename=$(basename "$deb_file")
+              echo "File: $filename"
+              
+              # Get HTTP code directly using curl -w (same as libostree-dev)
+              http_code=$(curl -s -o /dev/null -w "%{http_code}" \
+                               --user "robojerk:${{ secrets.ACCESS_TOKEN }}" \
+                               --upload-file "$deb_file" \
+                               "https://git.raines.xyz/api/packages/robojerk/debian/pool/noble/main/upload")
+              
+              echo "HTTP Response Code: $http_code"
+              
+              if [ "$http_code" = "201" ]; then
+                echo "✅ Debian Package Registry upload SUCCESS for $deb_file"
+              elif [ "$http_code" = "409" ]; then
+                echo "➡️ INFO: Package $deb_file already exists (HTTP 409 Conflict)"
+              else
+                echo "❌ Debian Package Registry upload FAILED for $deb_file (HTTP $http_code)"
+                # Show verbose output for debugging failures
+                curl -v -i --user "robojerk:${{ secrets.ACCESS_TOKEN }}" \
+                     --upload-file "$deb_file" \
+                     "https://git.raines.xyz/api/packages/robojerk/debian/pool/noble/main/upload" 2>&1
+                exit 1
+              fi
+            fi
+          done
+
      - name: Create release assets
        run: |
          mkdir -p release-assets
@ -118,4 +256,18 @@ jobs:
          ls -la release-assets/*.deb 2>/dev/null || echo "No packages found" >> release-assets/BUILD_SUMMARY.txt
          
          echo "Release assets created:"
-          ls -la release-assets/ 
+          ls -la release-assets/
+
+      - name: Success Summary
+        run: |
+          echo "=== Upload Summary ==="
+          echo "✅ All bootc packages uploaded successfully to Forgejo Debian Package Registry"
+          echo "✅ Packages automatically assigned to repository by Forgejo"
+          echo ""
+          echo "📦 Packages should now be available at:"
+          echo "   https://git.raines.xyz/robojerk/bootc-deb/packages"
+          echo ""
+          echo "🎯 Next steps:"
+          echo "   - Verify packages appear in repository packages page"
+          echo "   - Test package installation on Ubuntu Noble systems"
+          echo "   - Users can install with: sudo apt install bootc"