runner/.forgejo/workflows/publish-release.yml

# SPDX-License-Identifier: MIT
#
# https://invisible.forgejo.org/forgejo/runner
#
#  Copies & sign a release from code.forgejo.org/forgejo-integration/runner to code.forgejo.org/forgejo/runner
#
#  vars.FORGEJO: https://code.forgejo.org
#  vars.FROM_OWNER: forgejo-integration
#  vars.TO_OWNER: forgejo
#  vars.DOER: release-team
#  vars.ROLE: forgejo-release
#  secrets.TOKEN: <generated from code.forgejo.org/release-team>
#  secrets.GPG_PRIVATE_KEY: <XYZ>
#  secrets.GPG_PASSPHRASE: <ABC>
#
name: publish

on:
  push:
    tags:
      - 'v*'

enable-email-notifications: true

jobs:
  publish:
    runs-on: lxc-bookworm
    if: vars.ROLE == 'forgejo-release'
    steps:
      - uses: https://data.forgejo.org/actions/checkout@v4

      - name: copy & sign
        uses: https://data.forgejo.org/forgejo/forgejo-build-publish/publish@v5.4.1
        with:
          from-forgejo: ${{ vars.FORGEJO }}
          to-forgejo: ${{ vars.FORGEJO }}
          from-owner: ${{ vars.FROM_OWNER }}
          to-owner: ${{ vars.TO_OWNER }}
          repo: "runner"
          release-notes: |
            Release Notes

            ---

          release-notes-assistant: true
          ref-name: ${{ forge.ref_name }}
          sha: ${{ forge.sha }}
          container-suffixes: " "
          from-token: ${{ secrets.TOKEN }}
          to-doer: ${{ vars.DOER }}
          to-token: ${{ secrets.TOKEN }}
          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
          gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
          verbose: ${{ vars.VERBOSE }}