Erich Blume
27d8f3cf1f
## Summary - **Doc review:** Reviewed `gandi-operations.md` — added `last-reviewed` frontmatter, verified all wiki-links, confirmed Pulumi state has no drift - **Gandi reference fix:** Added missing `cv.eblu.me` CNAME row to `gandi.md` DNS records table (was present in Pulumi but undocumented) - **Pulumi comment fix:** Updated stale `README.md` reference in `__main__.py` to point to `docs/how-to/gandi-operations.md` - **How-to reorg:** Moved 14 how-to guides into 3 subdirectories (`deployment/`, `configuration/`, `operations/`), collapsed the Documentation and Database index sections into Configuration and Operations respectively ## Verification - `docs-check-links` — all 180 wiki-links valid - `docs-check-filenames` — all 90 filenames unique - `dns-preview` — 5 resources unchanged, no drift - All pre-commit hooks pass ## Test plan - [ ] Verify docs site builds correctly with new paths - [ ] Spot-check a few wiki-links from other pages to moved how-to guides Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/200
2.5 KiB
| title | modified | last-reviewed | tags | |||
|---|---|---|---|---|---|---|
| Create Release Artifact Workflow | 2026-02-15 | 2026-02-15 |
|
Create a Release Artifact Workflow
How to set up a Forgejo Actions workflow that builds an artifact and publishes it to Forgejo generic packages. Uses the CV repo (forge.ops.eblu.me/eblume/cv) workflow as the reference implementation.
Prerequisites
- A Forgejo repo with a build pipeline (Dagger, script, etc.)
- The
FORGE_TOKENsecret provisioned via theforgejo_actions_secretsAnsible role
1. Add the repo to Ansible secrets
In ansible/roles/forgejo_actions_secrets/defaults/main.yml, add an entry under forgejo_actions_secrets_repos:
forgejo_actions_secrets_repos:
- repo: my-repo
secrets:
- name: FORGE_TOKEN
value_var: forgejo_api_token
Then provision: mise run provision-indri -- --tags forgejo_actions_secrets
This is required because Forgejo's built-in GITHUB_TOKEN does not have permissions for the packages API.
2. Create the workflow
Create .forgejo/workflows/<name>-release.yaml with workflow_dispatch and a version input. Use the semver bump pattern (see cv-release.yaml for the full upload flow, or build-blumeops.yaml for the version bump logic only — it uploads to Forgejo releases, not generic packages).
The upload step uses FORGE_TOKEN:
- name: Upload to Forgejo packages
env:
FORGE_TOKEN: ${{ secrets.FORGE_TOKEN }}
run: |
curl -fsSL \
-X PUT \
-H "Authorization: token $FORGE_TOKEN" \
--upload-file "./$TARBALL" \
"https://forge.ops.eblu.me/api/packages/eblume/generic/<package>/${VERSION}/${TARBALL}"
3. Link the package to the repo
After the first successful upload, the package appears under your user-level packages at https://forge.ops.eblu.me/eblume/-/packages but is not yet linked to the repo.
To link it:
- Go to
https://forge.ops.eblu.me/eblume/-/packages - Click the package name
- Click Settings
- Under Link this package to a repository, select the repo
- Click Save
Once linked, the package shows up in the repo's Packages tab and the repo links back to the package.
4. Create a deploy workflow (optional)
If the artifact is consumed by a k8s deployment, create a separate deploy workflow in blumeops (see cv-deploy.yaml). This keeps the build/release concern in the source repo and the deploy concern in blumeops.
Related
- deploy-k8s-service - Deploying the service that consumes the artifact
- add-ansible-role - Adding Ansible roles