psa-systems/bunyip
8
0
Fork 0
Code Issues Pull requests 1 Projects Releases 2 Packages Wiki Activity Actions

feat(release): attach Linux x86_64 binary artifacts (BUNYIP-25) #9

Merged
nrupard merged 1 commit from feat/release-binaries-BUNYIP-25 into main 2026-05-28 20:19:20 +02:00
Conversation 0 Commits 1 Files changed 5 +199
nrupard commented 2026-05-28 20:13:06 +02:00
Owner
Copy link

Summary

Closes the binary half of BUNYIP-3 (Docker shipped in PR #6, binaries did not). On every Forgejo release, attach bunyip-api (static musl) + bunyip-web static bundle as tarballs so self-hosters can deploy without Docker.

Changes

  • bunyip-api/oci-build/Dockerfile: new FROM scratch AS export stage (placed before the runtime stage so the default-built image stays the alpine runtime) that surfaces the compiled binary + seeds/. Builder stage already produces a statically-linked musl binary (musl-dev + openssl-libs-static + lld), so the extracted artifact runs on any Linux without further dependencies.
  • bunyip-web/oci-build/Dockerfile: same pattern, exporting the dx-built public/ (WASM + assets). Arch-independent.
  • .forgejo/workflows/create-release.yml: new binaries job, needs: tag-and-release. Uses docker buildx build --target export --output type=local,dest=... against each Dockerfile to extract artifacts without dragging in the rest of the builder filesystem. Packages bunyip-api-vX.Y.Z-x86_64-linux-musl.tar.gz, bunyip-web-vX.Y.Z-static.tar.gz, SHA256SUMS and uploads each via Forgejo POST /releases/{id}/assets. Per-asset existence check makes reruns idempotent (a partially failed previous run can re-execute without producing duplicates).
  • README.md: "Self-host" gains a "Without Docker (Linux x86_64)" subsection covering download / verify / extract / run.
  • dev-docs/milestone-1-handoff.md: short follow-up section noting this completes the binary half of BUNYIP-3.

What's NOT in this PR

  • aarch64 binaries (gated on the same native-runner availability that gates multi-arch OCI builds, per the existing handoff note).
  • macOS / Windows binaries (no demand yet).
  • Auto-update of the binary path (operator-applied only, matching the Docker flow).

Test plan

  • CI builds the export stage successfully for both Dockerfiles on next release push.
  • On the first release after merge, confirm bunyip-api-vX.Y.Z-x86_64-linux-musl.tar.gz, bunyip-web-vX.Y.Z-static.tar.gz, and SHA256SUMS are attached to the Forgejo release.
  • sha256sum --check SHA256SUMS against downloaded artifacts passes.
  • Extracted bunyip-api binary runs on a non-Alpine Linux (e.g. Debian) without modification.
  • Extracted public/ dir serves correctly under a plain Caddy / nginx pointing at it.
  • Rerun the binaries job manually after a successful run; verify all uploads skip with "already attached" log lines (no duplicates created).

Refs: BUNYIP-25, BUNYIP-3, PSA-1

## Summary Closes the binary half of BUNYIP-3 (Docker shipped in PR #6, binaries did not). On every Forgejo release, attach `bunyip-api` (static musl) + `bunyip-web` static bundle as tarballs so self-hosters can deploy without Docker. ## Changes - **`bunyip-api/oci-build/Dockerfile`**: new `FROM scratch AS export` stage (placed before the runtime stage so the default-built image stays the alpine runtime) that surfaces the compiled binary + `seeds/`. Builder stage already produces a statically-linked musl binary (musl-dev + openssl-libs-static + lld), so the extracted artifact runs on any Linux without further dependencies. - **`bunyip-web/oci-build/Dockerfile`**: same pattern, exporting the dx-built `public/` (WASM + assets). Arch-independent. - **`.forgejo/workflows/create-release.yml`**: new `binaries` job, `needs: tag-and-release`. Uses `docker buildx build --target export --output type=local,dest=...` against each Dockerfile to extract artifacts without dragging in the rest of the builder filesystem. Packages `bunyip-api-vX.Y.Z-x86_64-linux-musl.tar.gz`, `bunyip-web-vX.Y.Z-static.tar.gz`, `SHA256SUMS` and uploads each via Forgejo `POST /releases/{id}/assets`. Per-asset existence check makes reruns idempotent (a partially failed previous run can re-execute without producing duplicates). - **`README.md`**: "Self-host" gains a "Without Docker (Linux x86_64)" subsection covering download / verify / extract / run. - **`dev-docs/milestone-1-handoff.md`**: short follow-up section noting this completes the binary half of BUNYIP-3. ## What's NOT in this PR - aarch64 binaries (gated on the same native-runner availability that gates multi-arch OCI builds, per the existing handoff note). - macOS / Windows binaries (no demand yet). - Auto-update of the binary path (operator-applied only, matching the Docker flow). ## Test plan - [ ] CI builds the export stage successfully for both Dockerfiles on next release push. - [ ] On the first release after merge, confirm `bunyip-api-vX.Y.Z-x86_64-linux-musl.tar.gz`, `bunyip-web-vX.Y.Z-static.tar.gz`, and `SHA256SUMS` are attached to the Forgejo release. - [ ] `sha256sum --check SHA256SUMS` against downloaded artifacts passes. - [ ] Extracted `bunyip-api` binary runs on a non-Alpine Linux (e.g. Debian) without modification. - [ ] Extracted `public/` dir serves correctly under a plain Caddy / nginx pointing at it. - [ ] Rerun the `binaries` job manually after a successful run; verify all uploads skip with "already attached" log lines (no duplicates created). Refs: BUNYIP-25, BUNYIP-3, PSA-1
feat(release): attach Linux x86_64 binary artifacts (BUNYIP-25)
All checks were successful
build / Build and push OCI images (pull_request) Has been skipped
Details
build / Lint and type-check (pull_request) Successful in 14s
Details
3114692236 
Ship `bunyip-api` (static musl) + `bunyip-web` static bundle as tarballs on every Forgejo release, so self-hosters can deploy without Docker. Closes the binary half of BUNYIP-3 left out of PR #6.

Changes:
- Each oci-build Dockerfile gains a `FROM scratch AS export` stage (placed before the runtime stage so the runtime remains the default). `bunyip-api/oci-build/Dockerfile` exports the compiled binary + `seeds/`; `bunyip-web/oci-build/Dockerfile` exports the dx-built `public/` dir.
- `.forgejo/workflows/create-release.yml` gains a `binaries` job that `needs: tag-and-release`, runs `docker buildx build --target export --output type=local,dest=...` against each Dockerfile, packages the artifacts as `bunyip-api-vX.Y.Z-x86_64-linux-musl.tar.gz` + `bunyip-web-vX.Y.Z-static.tar.gz` + `SHA256SUMS`, and uploads each via the Forgejo `POST /releases/{id}/assets` API. Per-asset existence check makes reruns safely idempotent.
- README "Self-host" gains a "Without Docker (Linux x86_64)" subsection with download + verify + run flow. Milestone handoff notes the BUNYIP-25 follow-up.

aarch64 binaries are deferred to the same native-runner gating as multi-arch OCI builds; macOS/Windows are out of scope.

Refs: BUNYIP-25, BUNYIP-3, PSA-1
nrupard deleted branch feat/release-binaries-BUNYIP-25 2026-05-28 20:19:20 +02:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
psa-systems/bunyip!9
No description provided.