ci: add Forgejo Actions build & release workflow

Add .forgejo/workflows/build.yml that builds the Lethean blockchain on push to dev/main with workflow_dispatch support. Builds testnet on dev, mainnet on main, creates Forgejo releases with RPM/tar.xz/zip packages and SHA256 checksums. - CPU limited to 3 cores (~10% of 32-thread host) via Docker --cpus cap - Private submodule auth via git credential store with RELEASE_TOKEN - SDK caching with actions/cache for Conan build artifacts - CMake installed via pip for preset version 8 support - Tags fetched for libmdbx git describe version detection - Fix missing contrib/randomx entry in .gitmodules Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 15:02:28 +00:00 · 2026-02-06 15:02:28 +00:00 · 1545a80335
commit 1545a80335
parent 467c64d015
2 changed files with 119 additions and 0 deletions
--- a/.forgejo/workflows/build.yml
+++ b/.forgejo/workflows/build.yml
@ -0,0 +1,116 @@
+name: Build & Release
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - dev
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+env:
+  CPU_CORES: "3"
+  FORGEJO_URL: ${{ github.server_url }}
+
+jobs:
+  build:
+    name: Build ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+          submodules: false
+
+      - name: Init submodules
+        run: |
+          git config --global url."http://claude:${{ secrets.RELEASE_TOKEN }}@forgejo-mock:3000/".insteadOf "http://forge.snider.dev:4000/"
+          git submodule update --init --recursive
+          git submodule foreach --recursive 'git fetch --tags origin 2>/dev/null || true'
+
+      - name: Install build dependencies
+        run: |
+          apt-get update
+          apt-get install -y build-essential git python3 python3-pip autotools-dev pkg-config rpm
+          pip install cmake --break-system-packages
+
+      - name: Restore SDK cache
+        id: cache
+        uses: actions/cache@v4
+        with:
+          path: |
+            ${{ github.workspace }}/build/sdk
+            ${{ github.workspace }}/build/bin
+          key: ${{ runner.os }}-${{ runner.arch }}-sdk
+
+      - name: Build dependencies
+        run: make build-deps CPU_CORES=${{ env.CPU_CORES }}
+
+      - name: Compile
+        run: make ${{ github.ref_name == 'main' && 'mainnet' || 'testnet' }} CPU_CORES=${{ env.CPU_CORES }}
+
+      - name: Compute release tag
+        id: release
+        run: |
+          VERSION=$(grep '^BUILD_VERSION:=' Makefile | cut -d'=' -f2)
+          if [ "${{ github.ref_name }}" = "main" ]; then
+            TAG="v${VERSION}+${{ github.run_number }}"
+            PRERELEASE=false
+            TITLE="v${VERSION} (build ${{ github.run_number }})"
+          else
+            TAG="v${VERSION}-beta+${{ github.run_number }}"
+            PRERELEASE=true
+            TITLE="v${VERSION}-beta (build ${{ github.run_number }})"
+          fi
+          echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
+          echo "prerelease=${PRERELEASE}" >> "$GITHUB_OUTPUT"
+          echo "title=${TITLE}" >> "$GITHUB_OUTPUT"
+          echo "version=${VERSION}" >> "$GITHUB_OUTPUT"
+
+      - name: Create release
+        id: create_release
+        run: |
+          RESPONSE=$(curl -s -w "\n%{http_code}" -X POST \
+            "${FORGEJO_URL}/api/v1/repos/${{ github.repository }}/releases" \
+            -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}" \
+            -H "Content-Type: application/json" \
+            -d "{
+              \"tag_name\": \"${{ steps.release.outputs.tag }}\",
+              \"target_commitish\": \"${{ github.sha }}\",
+              \"name\": \"${{ steps.release.outputs.title }}\",
+              \"body\": \"Automated build from \`${{ github.ref_name }}\` branch (run #${{ github.run_number }})\",
+              \"draft\": false,
+              \"prerelease\": ${{ steps.release.outputs.prerelease }}
+            }")
+          HTTP_CODE=$(echo "$RESPONSE" | tail -1)
+          BODY=$(echo "$RESPONSE" | sed '$d')
+          if [ "$HTTP_CODE" -ge 400 ]; then
+            echo "Failed to create release (HTTP ${HTTP_CODE}):"
+            echo "$BODY"
+            exit 1
+          fi
+          RELEASE_ID=$(echo "$BODY" | python3 -c "import sys,json; print(json.load(sys.stdin)['id'])")
+          echo "id=${RELEASE_ID}" >> "$GITHUB_OUTPUT"
+          echo "Created release ID: ${RELEASE_ID}"
+
+      - name: Upload release assets
+        run: |
+          for file in build/packages/lethean-*; do
+            [ -f "$file" ] || continue
+            FILENAME=$(basename "$file")
+            echo "Uploading: ${FILENAME}"
+            HTTP_CODE=$(curl -s -o /dev/null -w "%{http_code}" -X POST \
+              "${FORGEJO_URL}/api/v1/repos/${{ github.repository }}/releases/${{ steps.create_release.outputs.id }}/assets?name=${FILENAME}" \
+              -H "Authorization: token ${{ secrets.RELEASE_TOKEN }}" \
+              -H "Content-Type: application/octet-stream" \
+              --data-binary "@${file}")
+            if [ "$HTTP_CODE" -ge 400 ]; then
+              echo "Failed to upload ${FILENAME} (HTTP ${HTTP_CODE})"
+              exit 1
+            fi
+            echo "Uploaded ${FILENAME} (HTTP ${HTTP_CODE})"
+          done
--- a/.gitmodules
+++ b/.gitmodules
@ -10,6 +10,9 @@
 [submodule "docs"]
 	path = docs
 	url = https://github.com/letheanVPN/documentation.git
+[submodule "contrib/randomx"]
+	path = contrib/randomx
+	url = https://github.com/tevador/RandomX.git
 [submodule ".core/build"]
 	path = .core/build
 	url = http://forge.snider.dev:4000/host-uk/build.git