ci: multi-platform Forgejo Actions pipeline

Build Linux x86_64 (snider-linux) and macOS ARM64 (M3 Ultra) natively via self-hosted forgejo-runner, aggregate into single release. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-14 19:37:35 +00:00 · 2026-02-14 19:37:35 +00:00 · c9ad4de9bb
commit c9ad4de9bb
parent 22c0c5a251
1 changed files with 134 additions and 40 deletions
--- a/.forgejo/workflows/build.yml
+++ b/.forgejo/workflows/build.yml
@ -1,4 +1,5 @@
 name: Build & Release
+
 on:
  workflow_dispatch:
  push:
@ -11,16 +12,20 @@ concurrency:
  cancel-in-progress: true

 env:
-  CPU_CORES: "3"
  FORGEJO_URL: ${{ github.server_url }}

 jobs:
-  build:
-    name: Build ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }}
-    runs-on: ubuntu-latest
+  # ──────────────────────────────────────────────
+  # Linux x86_64 — native build on snider-linux
+  # ──────────────────────────────────────────────
+  build-linux:
+    name: Linux x86_64
+    runs-on: linux-native
+    env:
+      CPU_CORES: "24"
    steps:
      - name: Checkout
-        uses: actions/checkout@v4
+        uses: https://code.forgejo.org/actions/checkout@v4
        with:
          fetch-depth: 0
          fetch-tags: true
@ -28,21 +33,108 @@ jobs:

      - name: Init submodules
        run: |
-          git config --global url."http://claude:${{ secrets.RELEASE_TOKEN }}@forgejo-mock:3000/".insteadOf "http://forge.snider.dev:4000/"
-          git submodule update --init --recursive
+          git config --global url."${{ env.FORGEJO_URL }}/".insteadOf "http://forge.snider.dev:4000/"
+          git -c http.extraHeader="Authorization: token ${{ secrets.RELEASE_TOKEN }}" submodule update --init --recursive
          git submodule foreach --recursive 'git fetch --tags origin 2>/dev/null || true'

-      - name: Install build dependencies
-        run: |
-          apt-get update
-          apt-get install -y build-essential git python3 python3-pip autotools-dev pkg-config rpm
-          pip install cmake --break-system-packages
-
      - name: Build dependencies
-        run: make build-deps CPU_CORES=${{ env.CPU_CORES }} CONAN_URL=${{ env.FORGEJO_URL }}/api/packages/host-uk/conan CONAN_USER=claude CONAN_PASSWORD=${{ secrets.RELEASE_TOKEN }}
+        run: |
+          make build-deps \
+            CPU_CORES=${{ env.CPU_CORES }} \
+            CONAN_URL=${{ env.FORGEJO_URL }}/api/packages/host-uk/conan \
+            CONAN_USER=claude \
+            CONAN_PASSWORD=${{ secrets.RELEASE_TOKEN }}

      - name: Compile
-        run: make ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }} CPU_CORES=${{ env.CPU_CORES }} CONAN_URL=${{ env.FORGEJO_URL }}/api/packages/host-uk/conan CONAN_USER=claude CONAN_PASSWORD=${{ secrets.RELEASE_TOKEN }}
+        run: |
+          make ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }} \
+            CPU_CORES=${{ env.CPU_CORES }} \
+            CONAN_URL=${{ env.FORGEJO_URL }}/api/packages/host-uk/conan \
+            CONAN_USER=claude \
+            CONAN_PASSWORD=${{ secrets.RELEASE_TOKEN }}
+
+      - name: Upload artifacts
+        uses: https://code.forgejo.org/forgejo/upload-artifact@v4
+        with:
+          name: linux-x86_64
+          path: build/packages/lethean-*
+          retention-days: 7
+
+  # ──────────────────────────────────────────────
+  # macOS ARM64 — native build on M3 Ultra
+  # ──────────────────────────────────────────────
+  build-macos:
+    name: macOS ARM64
+    runs-on: macos-native
+    env:
+      CPU_CORES: "24"
+    steps:
+      - name: Checkout
+        uses: https://code.forgejo.org/actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+          submodules: false
+
+      - name: Init submodules
+        run: |
+          git config --global url."${{ env.FORGEJO_URL }}/".insteadOf "http://forge.snider.dev:4000/"
+          git -c http.extraHeader="Authorization: token ${{ secrets.RELEASE_TOKEN }}" submodule update --init --recursive
+          git submodule foreach --recursive 'git fetch --tags origin 2>/dev/null || true'
+
+      - name: Build dependencies
+        run: |
+          export PATH="/opt/homebrew/bin:$PATH"
+          make build-deps \
+            CPU_CORES=${{ env.CPU_CORES }} \
+            CONAN_URL=${{ env.FORGEJO_URL }}/api/packages/host-uk/conan \
+            CONAN_USER=claude \
+            CONAN_PASSWORD=${{ secrets.RELEASE_TOKEN }}
+
+      - name: Compile
+        run: |
+          export PATH="/opt/homebrew/bin:$PATH"
+          make ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }} \
+            CPU_CORES=${{ env.CPU_CORES }} \
+            CONAN_URL=${{ env.FORGEJO_URL }}/api/packages/host-uk/conan \
+            CONAN_USER=claude \
+            CONAN_PASSWORD=${{ secrets.RELEASE_TOKEN }}
+
+      - name: Upload artifacts
+        uses: https://code.forgejo.org/forgejo/upload-artifact@v4
+        with:
+          name: macos-arm64
+          path: build/packages/lethean-*
+          retention-days: 7
+
+  # ──────────────────────────────────────────────
+  # Aggregate artifacts and create release
+  # ──────────────────────────────────────────────
+  release:
+    name: Create Release
+    needs: [build-linux, build-macos]
+    runs-on: linux-native
+    steps:
+      - name: Checkout
+        uses: https://code.forgejo.org/actions/checkout@v4
+        with:
+          fetch-depth: 1
+          submodules: false
+
+      - name: Download Linux artifacts
+        uses: https://code.forgejo.org/forgejo/download-artifact@v4
+        with:
+          name: linux-x86_64
+          path: artifacts/linux
+
+      - name: Download macOS artifacts
+        uses: https://code.forgejo.org/forgejo/download-artifact@v4
+        with:
+          name: macos-arm64
+          path: artifacts/macos
+
+      - name: List artifacts
+        run: find artifacts/ -type f | sort

      - name: Compute release tag
        id: release
@ -66,14 +158,14 @@ jobs:
        id: create_release
        run: |
          RESPONSE=$(curl -s -w "\n%{http_code}" -X POST \
-            "${FORGEJO_URL}/api/v1/repos/${{ github.repository }}/releases" \
+            "${{ env.FORGEJO_URL }}/api/v1/repos/${{ github.repository }}/releases" \
            -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}" \
            -H "Content-Type: application/json" \
            -d "{
              \"tag_name\": \"${{ steps.release.outputs.tag }}\",
              \"target_commitish\": \"${{ github.sha }}\",
              \"name\": \"${{ steps.release.outputs.title }}\",
-              \"body\": \"Automated build from \`${{ github.ref_name }}\` branch (run #${{ github.run_number }})\",
+              \"body\": \"Automated build from \`${{ github.ref_name }}\` branch (run #${{ github.run_number }})\n\n## Platforms\n- Linux x86_64\n- macOS ARM64 (Apple Silicon)\",
              \"draft\": false,
              \"prerelease\": ${{ steps.release.outputs.prerelease }}
            }")
@ -90,20 +182,22 @@ jobs:

      - name: Upload release assets
        run: |
-          for file in build/packages/lethean-*; do
-            [ -f "$file" ] || continue
-            FILENAME=$(basename "$file")
-            echo "Uploading: ${FILENAME}"
-            HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -X POST \
-              "${FORGEJO_URL}/api/v1/repos/${{ github.repository }}/releases/${{ steps.create_release.outputs.id }}/assets?name=${FILENAME}" \
-              -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}" \
-              -H "Content-Type: application/octet-stream" \
-              --data-binary "@${file}")
-            if [ "$HTTP_CODE" -ge 400 ]; then
-              echo "Failed to upload ${FILENAME} (HTTP ${HTTP_CODE})"
-              exit 1
-            fi
-            echo "Uploaded ${FILENAME} (HTTP ${HTTP_CODE})"
+          for dir in artifacts/linux artifacts/macos; do
+            for file in "$dir"/lethean-*; do
+              [ -f "$file" ] || continue
+              FILENAME=$(basename "$file")
+              echo "Uploading: ${FILENAME}"
+              HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -X POST \
+                "${{ env.FORGEJO_URL }}/api/v1/repos/${{ github.repository }}/releases/${{ steps.create_release.outputs.id }}/assets?name=${FILENAME}" \
+                -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}" \
+                -H "Content-Type: application/octet-stream" \
+                --data-binary "@${file}")
+              if [ "$HTTP_CODE" -ge 400 ]; then
+                echo "Failed to upload ${FILENAME} (HTTP ${HTTP_CODE})"
+                exit 1
+              fi
+              echo "Uploaded ${FILENAME} (HTTP ${HTTP_CODE})"
+            done
          done

      - name: Prune old releases
@ -113,7 +207,7 @@ jobs:
          echo "Keeping release ${CURRENT_ID}, pruning older ${TAG_PREFIX} releases..."
          PAGE=1
          while true; do
-            RELEASES=$(curl -s "${FORGEJO_URL}/api/v1/repos/${{ github.repository }}/releases?limit=50&page=${PAGE}" \
+            RELEASES=$(curl -s "${{ env.FORGEJO_URL }}/api/v1/repos/${{ github.repository }}/releases?limit=50&page=${PAGE}" \
              -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}")
            COUNT=$(echo "$RELEASES" | python3 -c "import sys,json; print(len(json.load(sys.stdin)))" 2>/dev/null || echo 0)
            [ "$COUNT" = "0" ] && break
@ -127,14 +221,14 @@ jobs:
              if fnmatch.fnmatch(tag, '${TAG_PREFIX}*'):
                  print(f'{rid} {tag}')
          " | while read -r RID RTAG; do
-              echo "Deleting release ${RTAG} (id=${RID})"
-              curl -s -o /dev/null -X DELETE \
-                "${FORGEJO_URL}/api/v1/repos/${{ github.repository }}/releases/${RID}" \
-                -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}"
-              curl -s -o /dev/null -X DELETE \
-                "${FORGEJO_URL}/api/v1/repos/${{ github.repository }}/tags/${RTAG}" \
-                -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}"
-            done
+                echo "Deleting release ${RTAG} (id=${RID})"
+                curl -s -o /dev/null -X DELETE \
+                  "${{ env.FORGEJO_URL }}/api/v1/repos/${{ github.repository }}/releases/${RID}" \
+                  -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}"
+                curl -s -o /dev/null -X DELETE \
+                  "${{ env.FORGEJO_URL }}/api/v1/repos/${{ github.repository }}/tags/${RTAG}" \
+                  -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}"
+              done
            PAGE=$((PAGE + 1))
          done
          echo "Prune complete"