mond/.gitea/workflows/ci.yaml

# .gitea/workflows/ci.yaml
name: Build and Release Mond

on:
  push:
    branches: [main, master, develop]
    tags: ['v*']

env:
  DOCKER_BUILDKIT: "1"
  PRODUCT_NAME: "mond"
  MONERO_VERSION: "v0.18.4.4"
  BUILDX_NO_DEFAULT_ATTESTATIONS: "1"

jobs:
  build-and-test:
    runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest-amd64' || 'ubuntu-latest-arm64' }}
    strategy:
      matrix:
        arch: [amd64, arm64]
    steps:
      - uses: actions/checkout@v4

      - name: Setup Docker Buildx
        run: |
          # 创建 buildx builder（原生构建不需要 QEMU）
          docker buildx create --use --name native-builder \
            --driver docker-container \
            --driver-opt network=host \
            --driver-opt env.BUILDKIT_STEP_LOG_MAX_SIZE=50000000 \
            --driver-opt env.BUILDKIT_STEP_LOG_MAX_SPEED=10000000 \
            || true
          docker buildx inspect --bootstrap

      - name: Build binaries
        run: |
          PLATFORM="linux/${{ matrix.arch }}"

          echo "🏗️ Building ${PLATFORM} on native ${{ matrix.arch }} runner"
          echo "📦 Using Ubuntu 20.04 with depends system"
          echo "📦 Monero Version: ${MONERO_VERSION}"
          echo "🔗 Static linking enabled"

          # 设置 BuildKit 优化参数
          export BUILDKIT_PROGRESS=plain

          docker buildx build --pull \
            --platform ${PLATFORM} \
            --build-arg MONERO_VERSION=${MONERO_VERSION} \
            --output type=local,dest=./output \
            -f docker/Dockerfile.ubuntu .

      - name: Verify static linking
        run: |
          DIR="./output/linux_${{ matrix.arch }}"
          BINARY="${DIR}/mond"

          if [ ! -f "$BINARY" ]; then
            echo "❌ 二进制文件不存在: $BINARY"
            exit 1
          fi

          echo "🔍 验证静态链接..."
          if ldd "$BINARY" 2>&1 | grep -q "not a dynamic executable"; then
            echo "✅ 纯静态链接验证成功"
          else
            echo "❌ 静态链接验证失败，发现动态库依赖："
            ldd "$BINARY" || true
            exit 1
          fi

          file "$BINARY"

      - name: Package and test
        run: |
          DIR="./output/linux_${{ matrix.arch }}"
          VERSION=${MONERO_VERSION#v}  # 移除前导 v
          TARGZ="${PRODUCT_NAME}-${{ matrix.arch }}-ubuntu-${VERSION}.tar.gz"

          tar -czf "${TARGZ}" -C "$DIR" .

          echo "📦 Created package: ${TARGZ}"
          ls -lh "${TARGZ}"

          # 快速验证
          mkdir -p test && tar -xzf "${TARGZ}" -C test
          test/mond --version 2>/dev/null || echo "⚠️ 跳过版本检查"
          rm -rf test

      - name: Build Debian package
        run: |
          # 安装 dpkg-deb（如果需要）
          sudo apt-get update && sudo apt-get install -y dpkg-dev

          DIR="./output/linux_${{ matrix.arch }}"
          VERSION=${MONERO_VERSION#v}  # 移除前导 v

          echo "📦 Building Debian package for ${{ matrix.arch }}..."
          chmod +x debian/build-deb.sh
          ./debian/build-deb.sh ${{ matrix.arch }} ${VERSION} "${DIR}"

          ls -lh *.deb

      - uses: https://github.com/ChristopherHX/gitea-upload-artifact@v4
        with:
          name: binaries-${{ matrix.arch }}
          path: |
            *.tar.gz
            *.deb
          retention-days: 1

  release:
    runs-on: ubuntu-latest-amd64
    needs: build-and-test
    if: startsWith(github.ref, 'refs/tags/')
    steps:
      - uses: https://github.com/ChristopherHX/gitea-download-artifact@v4
        with:
          pattern: binaries-*
          path: ./packages
          merge-multiple: true

      - name: Upload packages and create release
        env:
          TOKEN: ${{ secrets.BUILD_TOKEN }}
          TAG: ${{ github.ref_name }}
        run: |
          cd packages

          # 提取仓库信息（移除 https:// 前缀和仓库路径）
          REGISTRY=$(echo "${{ gitea.server_url }}" | sed 's|https\?://||')
          OWNER="${{ gitea.repository_owner }}"
          REPO_NAME=$(echo "${{ gitea.repository }}" | cut -d'/' -f2)

          echo "📦 上传包到 Generic Package Registry..."
          echo "  Registry: ${REGISTRY}"
          echo "  Owner: ${OWNER}"
          echo "  Package: ${PRODUCT_NAME}"
          echo "  Version: ${TAG}"

          # 上传所有 tar.gz 包到 Generic Package Registry
          for file in *.tar.gz; do
            [ ! -f "$file" ] && continue
            echo "  ⬆️  $file"
            curl -fsSL -X PUT \
              -H "Authorization: token ${TOKEN}" \
              --upload-file "$file" \
              "https://${REGISTRY}/api/packages/${OWNER}/generic/${PRODUCT_NAME}/${TAG}/$file" || {
              echo "❌ 上传失败: $file"
              exit 1
            }
          done

          # 上传 Debian 包到 Debian Package Registry (支持多个发行版)
          echo ""
          echo "📦 上传 Debian 包到 Debian Package Registry..."
          for file in *.deb; do
            [ ! -f "$file" ] && continue

            # 上传到 bookworm (Debian 12)
            echo "  ⬆️  $file → bookworm"
            curl -fsSL -X PUT \
              -H "Authorization: token ${TOKEN}" \
              --upload-file "$file" \
              "https://${REGISTRY}/api/packages/${OWNER}/debian/pool/bookworm/main/upload" || {
              echo "❌ Debian 包上传失败: $file (bookworm)"
              exit 1
            }

            # 上传到 trixie (Debian 13)
            echo "  ⬆️  $file → trixie"
            curl -fsSL -X PUT \
              -H "Authorization: token ${TOKEN}" \
              --upload-file "$file" \
              "https://${REGISTRY}/api/packages/${OWNER}/debian/pool/trixie/main/upload" || {
              echo "❌ Debian 包上传失败: $file (trixie)"
              exit 1
            }
          done

          # 生成 Release JSON payload
          echo ""
          echo "📝 生成 Release..."

          export REGISTRY OWNER TAG
          RELEASE_DATA=$(python3 -c 'import json,glob,os;r=os.environ["REGISTRY"];o=os.environ["OWNER"];p=os.environ["PRODUCT_NAME"];t=os.environ["TAG"];b=["## Release "+t,"","Mond is a customized build of Monero daemon (monerod).","","### ✨ Key Features","","- 🔗 **Pure Static Linking** - No dependencies required, runs on any Linux system","- 🏗️ **Multi-Architecture** - Native support for AMD64 and ARM64","- 📦 **Built with Official depends System** - Using Monero official build system for reliability","","### 📥 Download Methods","","#### Method 1: Direct Download (Recommended)","","Click on the file names in the **Assets** section below to download directly.","","**Available Packages:**",""]+[f"- [`{f}`](https://{r}/api/packages/{o}/generic/{p}/{t}/{f})" for f in sorted(glob.glob("*.tar.gz"))]+["","#### Method 2: Generic Package Registry","","Download via command line:",""]+[f"```bash\nwget https://{r}/api/packages/{o}/generic/{p}/{t}/{f}\n```" for f in sorted(glob.glob("*.tar.gz"))[:1]]+["","#### Method 3: Debian Repository","","**Debian 12 (Bookworm):**","","```bash","# Download GPG key",f"sudo curl https://{r}/api/packages/{o}/debian/repository.key -o /etc/apt/keyrings/gitea-{o}.asc","","# Add repository",f"echo \"deb [signed-by=/etc/apt/keyrings/gitea-{o}.asc] https://{r}/api/packages/{o}/debian bookworm main\" | sudo tee -a /etc/apt/sources.list.d/{o}.list","","# Update and install","sudo apt-get update","sudo apt-get install mond","```","","**Debian 13 (Trixie):**","","```bash","# Download GPG key",f"sudo curl https://{r}/api/packages/{o}/debian/repository.key -o /etc/apt/keyrings/gitea-{o}.asc","","# Add repository",f"echo \"deb [signed-by=/etc/apt/keyrings/gitea-{o}.asc] https://{r}/api/packages/{o}/debian trixie main\" | sudo tee -a /etc/apt/sources.list.d/{o}.list","","# Update and install","sudo apt-get update","sudo apt-get install mond","```","","### 🔍 Verify Static Linking","","After downloading, verify the binary is statically linked:","","```bash","ldd mond","# Expected output: \"not a dynamic executable\"","```"];print(json.dumps({"tag_name":t,"name":f"Release {t}","body":"\n".join(b),"draft":False,"prerelease":False}))')

          # 创建 Release
          echo ""
          echo "🎉 创建 Release..."
          RESPONSE=$(curl -fsSL -w "\n%{http_code}" -X POST \
            -H "Authorization: token ${TOKEN}" \
            -H "Content-Type: application/json" \
            "https://${REGISTRY}/api/v1/repos/${{ gitea.repository }}/releases" \
            -d "${RELEASE_DATA}")

          HTTP_CODE=$(echo "$RESPONSE" | tail -n1)
          RESPONSE_BODY=$(echo "$RESPONSE" | head -n-1)

          if [ "$HTTP_CODE" = "201" ]; then
            echo "✅ Release 创建成功"
            RELEASE_ID=$(echo "$RESPONSE_BODY" | grep -o '"id":[0-9]*' | head -1 | cut -d':' -f2)
            echo "  Release ID: ${RELEASE_ID}"
          elif [ "$HTTP_CODE" = "409" ]; then
            echo "⚠️  Release 已存在，获取现有 Release ID..."
            RELEASE_ID=$(curl -fsSL \
              -H "Authorization: token ${TOKEN}" \
              "https://${REGISTRY}/api/v1/repos/${{ gitea.repository }}/releases/tags/${TAG}" | \
              grep -o '"id":[0-9]*' | head -1 | cut -d':' -f2)
            echo "  Release ID: ${RELEASE_ID}"
          else
            echo "❌ 创建 Release 失败 (HTTP ${HTTP_CODE})"
            echo "$RESPONSE_BODY"
            exit 1
          fi

          # 上传文件作为 Release 附件
          echo ""
          echo "📎 上传文件作为 Release 附件..."
          for file in *.tar.gz *.deb; do
            [ ! -f "$file" ] && continue
            echo "  ⬆️  $file"

            # 使用 multipart/form-data 上传附件
            curl -fsSL -X POST \
              -H "Authorization: token ${TOKEN}" \
              -F "attachment=@${file}" \
              "https://${REGISTRY}/api/v1/repos/${{ gitea.repository }}/releases/${RELEASE_ID}/assets?name=${file}" || {
              echo "  ⚠️  附件上传失败: $file（可能已存在）"
            }
          done

          echo ""
          echo "✅ Release 创建完成！"
          echo "🔗 访问: https://${REGISTRY}/${{ gitea.repository }}/releases/tag/${TAG}"

          # 清理临时文件
          rm -f release_body.md