earl-warren/docs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

developer: release: octopuce is not publicly visible

Browse source
This commit is contained in:
Earl Warren 2024-03-21 16:27:33 +01:00 committed by Earl Warren
parent 51a1f2951e
commit 06233a63cd
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
docs/developer/RELEASE.md
View file

@ -150,8 +150,8 @@ The release is built on https://code.forgejo.org/forgejo-integration/runner, whi
The release is published on
https://forgejo.octopuce.forgejo.org/forgejo/runner, which is a mirror
of https://code.forgejo.org/forgejo-integration/runner. It is behind a
VPN and its role is to copy and sign release artifacts.
of https://code.forgejo.org/forgejo-integration/runner. It has no public IP
and its role is to copy and sign release artifacts.
- Binaries are downloaded from https://code.forgejo.org/forgejo-integration/runner, signed and copied to https://code.forgejo.org/forgejo/runner.
- Container images are copied from https://code.forgejo.org/forgejo-integration to https://code.forgejo.org/forgejo
@ -169,7 +169,7 @@ providing the secrets from the command line.
### Securing the release token and cryptographic keys
For both the Forgejo runner and Forgejo itself, copying and signing the release artifacts (container images and binaries) happen on a Forgejo isntance running [behind a VPN](../infrastructure/#octopuce) to safeguard the token that has write access to the Forgejo repository as well as the cryptographic key used to sign the releases.
For both the Forgejo runner and Forgejo itself, copying and signing the release artifacts (container images and binaries) happen on a Forgejo instance [not publicly accessible](../infrastructure/#octopuce) to safeguard the token that has write access to the Forgejo repository as well as the cryptographic key used to sign the releases.
### Website update