monero_c/.gitea/workflows/release.yml

name: release
run-name: release ${{ inputs.flavor }} ${{ inputs.tag_name }}

on:
  workflow_dispatch:
    inputs:
      tag_name:
        description: Release tag (for example v0.1.0)
        required: true
      flavor:
        description: monero_c flavor to build
        required: true
        default: peya
        type: choice
        options:
          - peya
          - salvium
          - monero
      target_ref:
        description: Branch, tag or commit to build and tag
        required: true
        default: develop
      release_name:
        description: Optional release title
        required: false
      release_notes:
        description: Release notes / body
        required: false
      prerelease:
        description: Mark release as prerelease
        required: false
        default: false
        type: boolean
      draft:
        description: Create release as draft
        required: false
        default: false
        type: boolean

jobs:
  create-release:
    name: Create release
    runs-on: ubuntu-latest
    outputs:
      release_id: ${{ steps.release.outputs.release_id }}
      flavor: ${{ inputs.flavor }}
    steps:
      - name: Install release tooling
        run: |
          sudo apt-get update
          sudo apt-get install -y curl jq

      - name: Create or reuse Gitea release
        id: release
        env:
          MONERO_C_GITEA_PAT: ${{ secrets.MONERO_C_GITEA_PAT }}
          PEYA_GITEA_PAT: ${{ secrets.PEYA_GITEA_PAT }}
          GITEA_PAT: ${{ secrets.GITEA_PAT }}
          GITEA_API: ${{ github.server_url }}/api/v1
          REPO: ${{ github.repository }}
          TAG_NAME: ${{ inputs.tag_name }}
          INPUT_RELEASE_NAME: ${{ inputs.release_name }}
          RELEASE_NOTES: ${{ inputs.release_notes }}
          TARGET_COMMITISH: ${{ inputs.target_ref }}
          INPUT_PRERELEASE: ${{ inputs.prerelease }}
          INPUT_DRAFT: ${{ inputs.draft }}
        run: |
          set -euo pipefail

          GITEA_TOKEN="${MONERO_C_GITEA_PAT:-${PEYA_GITEA_PAT:-${GITEA_PAT:-}}}"
          if [ -z "${GITEA_TOKEN}" ]; then
            echo "Missing Gitea PAT secret for release publishing"
            exit 1
          fi

          if [ -n "${INPUT_RELEASE_NAME}" ]; then
            RELEASE_NAME="${INPUT_RELEASE_NAME}"
          else
            RELEASE_NAME="Release ${TAG_NAME}"
          fi

          get_release_url="${GITEA_API}/repos/${REPO}/releases/tags/${TAG_NAME}"
          create_release_url="${GITEA_API}/repos/${REPO}/releases"

          status="$(curl -sS -o /tmp/release.json -w '%{http_code}' \
            -H "Authorization: token ${GITEA_TOKEN}" \
            "${get_release_url}")"

          if [ "${status}" = "200" ]; then
            echo "release_id=$(jq -r '.id' /tmp/release.json)" >> "$GITHUB_OUTPUT"
            exit 0
          fi

          if [ "${status}" != "404" ]; then
            echo "Unexpected response while checking release: HTTP ${status}"
            cat /tmp/release.json
            exit 1
          fi

          jq -n \
            --arg tag_name "${TAG_NAME}" \
            --arg target_commitish "${TARGET_COMMITISH}" \
            --arg name "${RELEASE_NAME}" \
            --arg body "${RELEASE_NOTES}" \
            --argjson draft "${INPUT_DRAFT}" \
            --argjson prerelease "${INPUT_PRERELEASE}" \
            '{tag_name:$tag_name,target_commitish:$target_commitish,name:$name,body:$body,draft:$draft,prerelease:$prerelease}' \
            > /tmp/release-payload.json

          curl -sS \
            -H "Authorization: token ${GITEA_TOKEN}" \
            -H "Content-Type: application/json" \
            -X POST \
            --data @/tmp/release-payload.json \
            "${create_release_url}" \
            -o /tmp/release.json

          if ! jq -e '.id' /tmp/release.json >/dev/null; then
            cat /tmp/release.json
            exit 1
          fi

          echo "release_id=$(jq -r '.id' /tmp/release.json)" >> "$GITHUB_OUTPUT"

  build-release:
    name: ${{ matrix.target.name }}
    needs: create-release
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        target:
          - name: x86_64 Linux
            host: x86_64-linux-gnu
            packages: automake autotools-dev build-essential ca-certificates ccache clang cmake curl git libssl-dev libtool pkg-config python3
          - name: Win64
            host: x86_64-w64-mingw32
            packages: automake autotools-dev build-essential ca-certificates ccache clang cmake curl git libssl-dev libtool pkg-config python3 gcc-mingw-w64-x86-64 g++-mingw-w64-x86-64

    steps:
      - name: Checkout
        uses: https://github.com/actions/checkout@v4
        with:
          fetch-depth: 1
          submodules: false
          ref: ${{ inputs.target_ref }}

      - name: Configure Gitea auth for private submodules
        env:
          MONERO_C_GITEA_PAT: ${{ secrets.MONERO_C_GITEA_PAT }}
          PEYA_GITEA_PAT: ${{ secrets.PEYA_GITEA_PAT }}
          GITEA_PAT: ${{ secrets.GITEA_PAT }}
          FLAVOR: ${{ needs.create-release.outputs.flavor }}
        run: |
          set -euo pipefail

          AUTH_TOKEN="${MONERO_C_GITEA_PAT:-${PEYA_GITEA_PAT:-${GITEA_PAT:-}}}"

          if [ "${FLAVOR}" != "monero" ] && [ -z "${AUTH_TOKEN}" ]; then
            echo "Missing Gitea PAT secret for private ${FLAVOR} submodule"
            exit 1
          fi

          if [ -n "${AUTH_TOKEN}" ]; then
            git config --global url."http://tiamak:${AUTH_TOKEN}@54.38.205.168:3000/".insteadOf "http://54.38.205.168:3000/"
          fi

          git submodule sync
          git -c protocol.version=2 submodule update --init --force "${FLAVOR}"
          git -C "${FLAVOR}" submodule sync --recursive
          git -C "${FLAVOR}" -c protocol.version=2 submodule update --init --force --recursive

      - name: Install dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y ${{ matrix.target.packages }}

      - name: Prepare MinGW alternatives
        if: ${{ matrix.target.host == 'x86_64-w64-mingw32' }}
        run: |
          sudo update-alternatives --set x86_64-w64-mingw32-g++ "$(which x86_64-w64-mingw32-g++-posix)"
          sudo update-alternatives --set x86_64-w64-mingw32-gcc "$(which x86_64-w64-mingw32-gcc-posix)"

      - name: Apply patches
        run: |
          ./apply_patches.sh "${{ needs.create-release.outputs.flavor }}"

      - name: Build release libraries
        run: |
          ./build_single.sh "${{ needs.create-release.outputs.flavor }}" "${{ matrix.target.host }}" -j"$(nproc)"

      - name: Upload release assets
        env:
          MONERO_C_GITEA_PAT: ${{ secrets.MONERO_C_GITEA_PAT }}
          PEYA_GITEA_PAT: ${{ secrets.PEYA_GITEA_PAT }}
          GITEA_PAT: ${{ secrets.GITEA_PAT }}
          GITEA_API: ${{ github.server_url }}/api/v1
          REPO: ${{ github.repository }}
          RELEASE_ID: ${{ needs.create-release.outputs.release_id }}
          FLAVOR: ${{ needs.create-release.outputs.flavor }}
          HOST: ${{ matrix.target.host }}
        run: |
          set -euo pipefail

          GITEA_TOKEN="${MONERO_C_GITEA_PAT:-${PEYA_GITEA_PAT:-${GITEA_PAT:-}}}"
          if [ -z "${GITEA_TOKEN}" ]; then
            echo "Missing Gitea PAT secret for release publishing"
            exit 1
          fi

          assets_url="${GITEA_API}/repos/${REPO}/releases/${RELEASE_ID}/assets"
          shopt -s nullglob
          files=(release/${FLAVOR}/${HOST}_*.xz)

          if [ "${#files[@]}" -eq 0 ]; then
            echo "No release assets found in release/${FLAVOR} for ${HOST}"
            exit 1
          fi

          curl -sS \
            -H "Authorization: token ${GITEA_TOKEN}" \
            "${assets_url}" \
            -o /tmp/release-assets.json

          for asset in "${files[@]}"; do
            asset_name="$(basename "${asset}")"
            existing_id="$(ASSET_NAME="${asset_name}" python3 - <<'PY'
import json, os
name = os.environ["ASSET_NAME"]
with open("/tmp/release-assets.json", "r", encoding="utf-8") as f:
    assets = json.load(f)
for item in assets:
    if item.get("name") == name:
        print(item["id"])
        break
PY
)"

            if [ -n "${existing_id}" ]; then
              curl -sS \
                -H "Authorization: token ${GITEA_TOKEN}" \
                -X DELETE \
                "${assets_url}/${existing_id}" \
                >/dev/null
            fi

            curl -sS \
              -H "Authorization: token ${GITEA_TOKEN}" \
              -X POST \
              -F "attachment=@${asset}" \
              "${assets_url}?name=${asset_name}" \
              >/dev/null
          done