actions/forgejo-release
5
0
Fork 0
mirror of https://code.forgejo.org/actions/forgejo-release synced 2025-11-11 20:53:50 +00:00
Code Activity Actions

Compare commits

base: actions:5d73a41e6aa01cec0ff1401740ecec68edd854d2
Branches Tags
actions:main
actions:renovate/https-code.forgejo.org-actions-setup-forgejo-3.x
actions:wip-tea
actions:wip-setup-forgejo
actions:v2
actions:v1
actions:v2.7.3
actions:v2.7.2
actions:v2.7.1
actions:v2.7.0
actions:v2.6.2
actions:v2.6.1
actions:v2.6.0
actions:v2.5.3
actions:v2.5.2
actions:v2.5.1
actions:v2.5.0
actions:v2.4.0
actions:v2.3.1
actions:v2.3.0
actions:v2.2.0
actions:v2.1.0
..
compare: actions:1d79e86315db6951e9ea35afd461f8bce5a1fd62
Branches Tags
actions:renovate/https-code.forgejo.org-actions-setup-forgejo-3.x
actions:main
actions:wip-tea
actions:wip-setup-forgejo
actions:v2
actions:v1
actions:v2.7.3
actions:v2.7.2
actions:v2.7.1
actions:v2.7.0
actions:v2.6.2
actions:v2.6.1
actions:v2.6.0
actions:v2.5.3
actions:v2.5.2
actions:v2.5.1
actions:v2.5.0
actions:v2.4.0
actions:v2.3.1
actions:v2.3.0
actions:v2.2.0
actions:v2.1.0

No commits in common. "5d73a41e6aa01cec0ff1401740ecec68edd854d2" and "1d79e86315db6951e9ea35afd461f8bce5a1fd62" have entirely different histories.
5d73a41e6a ... 1d79e86315

2 changed files with 108 additions and 130 deletions
Show stats Expand all files Collapse all files

149
forgejo-release.sh
View file

@ -1,4 +1,4 @@
#!/usr/bin/env sh #!/bin/bash
# SPDX-License-Identifier: MIT # SPDX-License-Identifier: MIT
set -e set -e
@ -27,7 +27,9 @@ TAG_URL=$(echo "$TAG" | sed 's/\//%2F/g')
export GNUPGHOME export GNUPGHOME
get_arch() { get_arch() {
arch=$(uname -m) local arch
arch="$(uname -m)"
case "$arch" in case "$arch" in
x86_64) arch="amd64" ;; x86_64) arch="amd64" ;;
i386|i686) arch="i386" ;; i386|i686) arch="i386" ;;
@ -42,61 +44,31 @@ get_arch() {
echo "$arch" echo "$arch"
} }
check_dependencies() {
# Expect dependencies to be passed as arguments
if [ "$#" -eq 0 ]; then
echo "check_dependencies: Please make sure to pass in at least one dependency when calling." >&2
return 1
fi
missing=""
for cmd in "$@"; do
if ! command -v "$cmd" >/dev/null 2>&1; then
missing="$missing $cmd"
fi
done
if [ -n "$missing" ]; then
echo "Missing required tools:$missing" >&2
echo "Attempting to install (if supported)..." >&2
if command -v apt-get >/dev/null 2>&1; then
apt-get -qq update && apt-get install -y -qq $missing
elif command -v apk >/dev/null 2>&1; then
apk add --no-cache $missing
else
echo "No supported package manager found; please install manually." >&2
return 1
fi
fi
}
setup_tea() { setup_tea() {
check_dependencies curl
if command -v tea >/dev/null 2>&1; then if command -v tea >/dev/null 2>&1; then
TEA_BIN=$(command -v tea) TEA_BIN=$(command -v tea)
elif ! [ -f "$TEA_BIN" ]; then elif ! test -f $TEA_BIN; then
ARCH=$(get_arch) ARCH=$(get_arch)
curl -sL "https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-$ARCH" >"$TEA_BIN" curl -sL https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-"$ARCH" >$TEA_BIN
chmod +x "$TEA_BIN" chmod +x $TEA_BIN
fi fi
} }
get_tag() { get_tag() {
if ! [ -f "$TAG_FILE" ]; then if ! test -f "$TAG_FILE"; then
if api GET repos/$REPO/tags/"$TAG_URL" >"$TAG_FILE"; then if api GET repos/$REPO/tags/"$TAG_URL" >"$TAG_FILE"; then
echo "tag $TAG exists" echo "tag $TAG exists"
else else
echo "tag $TAG does not exists" echo "tag $TAG does not exists"
fi fi
fi fi
[ -s "$TAG_FILE" ] test -s "$TAG_FILE"
} }
matched_tag() { matched_tag() {
if get_tag; then if get_tag; then
sha=$(jq --raw-output .commit.sha <"$TAG_FILE") local sha=$(jq --raw-output .commit.sha <"$TAG_FILE")
[ "$sha" = "$SHA" ] test "$sha" = "$SHA"
else else
return 1 return 1
fi fi
@ -129,23 +101,22 @@ upload_release() {
# assets is defined as a list of arguments, where values may contain whitespace and need to be quoted like this -a "my file.txt" -a "file.txt". # assets is defined as a list of arguments, where values may contain whitespace and need to be quoted like this -a "my file.txt" -a "file.txt".
# It is expanded using "${assets[@]}" which preserves the separation of arguments and not split whitespace containing values. # It is expanded using "${assets[@]}" which preserves the separation of arguments and not split whitespace containing values.
# For reference, see https://github.com/koalaman/shellcheck/wiki/SC2086#exceptions # For reference, see https://github.com/koalaman/shellcheck/wiki/SC2086#exceptions
set -- local assets=()
for file in "$RELEASE_DIR"/*; do for file in "$RELEASE_DIR"/*; do
set -- "$@" -a "$file" assets=("${assets[@]}" -a "$file")
done done
releaseType="" if $PRERELEASE || echo "${TAG}" | grep -qi '\-rc'; then
if ${PRERELEASE:-false} || echo "$TAG" | grep -qi -- '-rc'; then
releaseType="--prerelease" releaseType="--prerelease"
echo "Uploading as Pre-Release" echo "Uploading as Pre-Release"
else else
echo "Uploading as Stable" echo "Uploading as Stable"
fi fi
ensure_tag ensure_tag
if ! "$TEA_BIN" release create "$@" --repo "$REPO" --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} >"$TMP_DIR"/tea.log 2>&1; then if ! $TEA_BIN release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} >&"$TMP_DIR"/tea.log; then
if grep --quiet 'Unknown API Error: 500' "$TMP_DIR"/tea.log && grep --quiet 'services/release/release.go:194' "$TMP_DIR"/tea.log; then if grep --quiet 'Unknown API Error: 500' "$TMP_DIR"/tea.log && grep --quiet services/release/release.go:194 "$TMP_DIR"/tea.log; then
echo "workaround v1.20 race condition https://codeberg.org/forgejo/forgejo/issues/1370" echo "workaround v1.20 race condition https://codeberg.org/forgejo/forgejo/issues/1370"
sleep 10 sleep 10
"$TEA_BIN" release create "$@" --repo "$REPO" --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} $TEA_BIN release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType}
else else
cat "$TMP_DIR"/tea.log cat "$TMP_DIR"/tea.log
return 1 return 1
@ -156,46 +127,47 @@ upload_release() {
} }
release_draft() { release_draft() {
state="$1" local state="$1"
rid=$(api GET repos/$REPO/releases/tags/"$TAG_URL" | jq --raw-output .id)
api PATCH repos/$REPO/releases/"$rid" --data-raw '{"draft": '"$state"', "hide_archive_links": '"$HIDE_ARCHIVE_LINK"'}' local id=$(api GET repos/$REPO/releases/tags/"$TAG_URL" | jq --raw-output .id)
api PATCH repos/$REPO/releases/"$id" --data-raw '{"draft": '"$state"', "hide_archive_links": '$HIDE_ARCHIVE_LINK'}'
} }
maybe_use_release_note_assistant() { maybe_use_release_note_assistant() {
if ${RELEASE_NOTES_ASSISTANT:-false}; then if "$RELEASE_NOTES_ASSISTANT"; then
curl --fail -s -S -o rna "https://code.forgejo.org/forgejo/release-notes-assistant/releases/download/$RELEASE_NOTES_ASSISTANT_VERSION/release-notes-assistant" curl --fail -s -S -o rna https://code.forgejo.org/forgejo/release-notes-assistant/releases/download/$RELEASE_NOTES_ASSISTANT_VERSION/release-notes-assistant
chmod +x ./rna chmod +x ./rna
mkdir -p "$RELEASE_NOTES_ASSISTANT_WORKDIR" mkdir -p $RELEASE_NOTES_ASSISTANT_WORKDIR
./rna --workdir="$RELEASE_NOTES_ASSISTANT_WORKDIR" --storage release --storage-location "$TAG" --token "$TOKEN" --forgejo-url "$SCHEME://$HOST" --repository "$REPO" --token "$TOKEN" release "$TAG" ./rna --workdir=$RELEASE_NOTES_ASSISTANT_WORKDIR --storage release --storage-location "$TAG" --token "$TOKEN" --forgejo-url "$SCHEME://$HOST" --repository $REPO --token "$TOKEN" release "$TAG"
fi fi
} }
sign_release() { sign_release() {
check_dependencies gpg gpg-agent local passphrase
passphrase="" if test -s "$GPG_PASSPHRASE"; then
if [ -s "$GPG_PASSPHRASE" ]; then
passphrase="--passphrase-file $GPG_PASSPHRASE" passphrase="--passphrase-file $GPG_PASSPHRASE"
fi fi
gpg --import --no-tty --pinentry-mode loopback $passphrase "$GPG_PRIVATE_KEY" gpg --import --no-tty --pinentry-mode loopback $passphrase "$GPG_PRIVATE_KEY"
for asset in "$RELEASE_DIR"/*; do for asset in "$RELEASE_DIR"/*; do
case "$asset" in if [[ $asset =~ .sha256$ ]]; then
*.sha256) continue ;; continue
esac fi
gpg --armor --detach-sign --no-tty --pinentry-mode loopback $passphrase <"$asset" >"$asset".asc gpg --armor --detach-sign --no-tty --pinentry-mode loopback $passphrase <"$asset" >"$asset".asc
done done
} }
maybe_sign_release() { maybe_sign_release() {
if [ -s "$GPG_PRIVATE_KEY" ]; then if test -s "$GPG_PRIVATE_KEY"; then
sign_release sign_release
fi fi
} }
maybe_override() { maybe_override() {
if [ "$OVERRIDE" = "false" ]; then if test "$OVERRIDE" = "false"; then
return return
fi fi
api DELETE repos/$REPO/releases/tags/"$TAG_URL" >/dev/null 2>&1 || true api DELETE repos/$REPO/releases/tags/"$TAG_URL" >&/dev/null || true
if get_tag && ! matched_tag; then if get_tag && ! matched_tag; then
delete_tag delete_tag
fi fi
@ -204,16 +176,29 @@ maybe_override() {
upload() { upload() {
setup_api setup_api
setup_tea setup_tea
rm -f "$HOME/.config/tea/config.yml" rm -f ~/.config/tea/config.yml
GITEA_SERVER_TOKEN=$TOKEN "$TEA_BIN" login add --url "$FORGEJO" GITEA_SERVER_TOKEN=$TOKEN $TEA_BIN login add --url $FORGEJO
maybe_sign_release maybe_sign_release
maybe_override maybe_override
upload_release upload_release
} }
setup_api() { setup_api() {
# Retained for future expansion, but dependency checking now handled globally # Check if jq and curl are available
check_dependencies curl jq if command -v jq >/dev/null 2>&1 && command -v curl >/dev/null 2>&1; then
return 0
fi
echo "jq and/or curl missing, attempting to install..." >&2
if command -v apt-get >/dev/null 2>&1; then
apt-get -qq update && apt-get install -y -qq jq curl
elif command -v apk >/dev/null 2>&1; then
apk add --no-cache jq curl
else
echo "No supported package manager found. Please install jq and curl manually." >&2
return 1
fi
} }
api() { api() {
@ -222,15 +207,14 @@ api() {
path=$1 path=$1
shift shift
curl --fail -X "$method" -sS -H "Content-Type: application/json" -H "Authorization: token $TOKEN" "$@" "$FORGEJO/api/v1/$path" curl --fail -X "$method" -sS -H "Content-Type: application/json" -H "Authorization: token $TOKEN" "$@" $FORGEJO/api/v1/"$path"
} }
wait_release() { wait_release() {
ready=false local ready=false
i=1 for i in $(seq $RETRY); do
while [ "$i" -le "$RETRY" ]; do
if api GET repos/$REPO/releases/tags/"$TAG_URL" | jq --raw-output .draft >"$TMP_DIR"/draft; then if api GET repos/$REPO/releases/tags/"$TAG_URL" | jq --raw-output .draft >"$TMP_DIR"/draft; then
if [ "$(cat "$TMP_DIR"/draft)" = "false" ]; then if test "$(cat "$TMP_DIR"/draft)" = "false"; then
ready=true ready=true
break break
fi fi
@ -239,10 +223,9 @@ wait_release() {
echo "release $TAG does not exist yet" echo "release $TAG does not exist yet"
fi fi
echo "waiting $DELAY seconds" echo "waiting $DELAY seconds"
sleep "$DELAY" sleep $DELAY
i=$((i+1))
done done
if [ "$ready" != "true" ]; then if ! $ready; then
echo "no release for $TAG" echo "no release for $TAG"
return 1 return 1
fi fi
@ -251,17 +234,17 @@ wait_release() {
download() { download() {
setup_api setup_api
( (
mkdir -p "$RELEASE_DIR" mkdir -p $RELEASE_DIR
cd "$RELEASE_DIR" || exit 1 cd $RELEASE_DIR
if [ "${DOWNLOAD_LATEST}" = "true" ]; then if [[ ${DOWNLOAD_LATEST} == "true" ]]; then
echo "Downloading the latest release" echo "Downloading the latest release"
api GET repos/$REPO/releases/latest >"$TMP_DIR"/assets.json api GET repos/$REPO/releases/latest >"$TMP_DIR"/assets.json
elif [ "${DOWNLOAD_LATEST}" = "false" ]; then elif [[ ${DOWNLOAD_LATEST} == "false" ]]; then
wait_release wait_release
echo "Downloading tagged release ${TAG}" echo "Downloading tagged release ${TAG}"
api GET repos/$REPO/releases/tags/"$TAG_URL" >"$TMP_DIR"/assets.json api GET repos/$REPO/releases/tags/"$TAG_URL" >"$TMP_DIR"/assets.json
fi fi
jq --raw-output '.assets[] | "\(.browser_download_url) \(.name)"' <"$TMP_DIR"/assets.json | while read url name; do jq --raw-output '.assets[] | "\(.browser_download_url) \(.name)"' <"$TMP_DIR"/assets.json | while read url name; do # `name` may contain whitespace, therefore, it must be last
url=$(echo "$url" | sed "s#/download/${TAG}/#/download/${TAG_URL}/#") url=$(echo "$url" | sed "s#/download/${TAG}/#/download/${TAG_URL}/#")
curl --fail -H "Authorization: token $TOKEN" -o "$name" -L "$url" curl --fail -H "Authorization: token $TOKEN" -o "$name" -L "$url"
done done
@ -269,12 +252,8 @@ download() {
} }
missing() { missing() {
echo "need upload or download argument got nothing" echo need upload or download argument got nothing
exit 1 exit 1
} }
if [ "$#" -gt 0 ]; then ${@:-missing}
"$@"
else
missing
fi

89
testdata/forgejo-release-test.sh vendored
View file

@ -1,22 +1,21 @@
#!/usr/bin/env sh #!/bin/bash
# SPDX-License-Identifier: MIT # SPDX-License-Identifier: MIT
set -ex set -ex
PS4='${0##*/}:$LINENO: ' PS4='${BASH_SOURCE[0]}:$LINENO: ${FUNCNAME[0]}: '
test_system_tea_bin() { test_system_tea_bin() {
SYSTEM_TEA_BIN=$TMP_DIR/tea SYSTEM_TEA_BIN=$TMP_DIR/tea
: >"$SYSTEM_TEA_BIN" && chmod +x "$SYSTEM_TEA_BIN" touch $SYSTEM_TEA_BIN && chmod +x $SYSTEM_TEA_BIN
PATH=$TMP_DIR:$PATH export PATH=$TMP_DIR:$PATH
export PATH
setup_tea setup_tea
[ "$TEA_BIN" = "$SYSTEM_TEA_BIN" ] test $TEA_BIN == $SYSTEM_TEA_BIN
} }
test_download_tea_bin() { test_download_tea_bin() {
# assume tea is not installed on system # assume tea is not installed on system
setup_tea setup_tea
[ "$TEA_BIN" = "$TMP_DIR/tea" ] test $TEA_BIN == $TMP_DIR/tea
} }
test_teardown() { test_teardown() {
@ -25,23 +24,23 @@ test_teardown() {
api DELETE repos/$REPO/tags/$TAG || true api DELETE repos/$REPO/tags/$TAG || true
rm -fr dist/release rm -fr dist/release
setup_tea setup_tea
"$TEA_BIN" login delete "$DOER" || true $TEA_BIN login delete $DOER || true
} }
test_reset_repo() { test_reset_repo() {
project="$1" local project="$1"
api DELETE repos/$REPO || true api DELETE repos/$REPO || true
api POST user/repos --data-raw '{"name":"'$project'", "auto_init":true}' api POST user/repos --data-raw '{"name":"'$project'", "auto_init":true}'
git clone "$FORGEJO/$REPO" "$TMP_DIR/repo" git clone $FORGEJO/$REPO $TMP_DIR/repo
SHA=$(git -C "$TMP_DIR/repo" rev-parse HEAD) SHA=$(git -C $TMP_DIR/repo rev-parse HEAD)
} }
test_setup() { test_setup() {
project="$1" local project="$1"
test_reset_repo "$project" test_reset_repo $project
mkdir -p "$RELEASE_DIR" mkdir -p $RELEASE_DIR
: >"$RELEASE_DIR/file-one.txt" touch $RELEASE_DIR/file-one.txt
: >"$RELEASE_DIR/file-two.txt" touch $RELEASE_DIR/file-two.txt
} }
test_wait_release_fail() { test_wait_release_fail() {
@ -70,12 +69,12 @@ test_ensure_tag() {
# idempotent # idempotent
# #
ensure_tag ensure_tag
mv "$TAG_FILE" "$TMP_DIR/tag1.json" mv $TAG_FILE $TMP_DIR/tag1.json
ensure_tag ensure_tag
mv "$TAG_FILE" "$TMP_DIR/tag2.json" mv $TAG_FILE $TMP_DIR/tag2.json
diff -u "$TMP_DIR/tag1.json" "$TMP_DIR/tag2.json" diff -u $TMP_DIR/tag[12].json
# #
# sanity check on the SHA of an existing tag # sanity check on the SHA of an existing tag
# #
@ -93,7 +92,7 @@ test_maybe_sign_release_no_gpg() {
GPG_PRIVATE_KEY= GPG_PRIVATE_KEY=
maybe_sign_release maybe_sign_release
! [ -f "$RELEASE_DIR/file-one.txt.asc" ] ! test -f $RELEASE_DIR/file-one.txt.asc
} }
test_maybe_sign_release_gpg_no_passphrase() { test_maybe_sign_release_gpg_no_passphrase() {
@ -118,28 +117,28 @@ test_maybe_sign_release_gpg() {
} }
test_maybe_sign_release_skipped() { test_maybe_sign_release_skipped() {
! [ -f "$RELEASE_DIR/file-one.txt.sha256.asc" ] ! test -f $RELEASE_DIR/file-one.txt.sha256.asc
! [ -f "$RELEASE_DIR/file-two.txt.sha256.asc" ] ! test -f $RELEASE_DIR/file-two.txt.sha256.asc
} }
test_maybe_sign_release_verify() { test_maybe_sign_release_verify() {
for file in "$RELEASE_DIR/file-one.txt" "$RELEASE_DIR/file-two.txt"; do for file in $RELEASE_DIR/file-one.txt $RELEASE_DIR/file-two.txt; do
gpg --verify "$file.asc" "$file" gpg --verify $file.asc $file
done done
} }
test_maybe_sign_release_setup() { test_maybe_sign_release_setup() {
name="$1" local name="$1"
echo "========= maybe_sign_release $name =========" echo "========= maybe_sign_release $name ========="
RELEASE_DIR="$TMP_DIR/$name" RELEASE_DIR=$TMP_DIR/$name
mkdir -p "$RELEASE_DIR" mkdir -p $RELEASE_DIR
GNUPGHOME="$TMP_DIR/$name/.gnupg" GNUPGHOME=$TMP_DIR/$name/.gnupg
mkdir -p "$GNUPGHOME" mkdir -p $GNUPGHOME
: >"$RELEASE_DIR/file-one.txt" touch $RELEASE_DIR/file-one.txt
: >"$RELEASE_DIR/file-one.txt.sha256" touch $RELEASE_DIR/file-one.txt.sha256
: >"$RELEASE_DIR/file-two.txt" touch $RELEASE_DIR/file-two.txt
: >"$RELEASE_DIR/file-two.txt.sha256" touch $RELEASE_DIR/file-two.txt.sha256
} }
test_maybe_sign_release() { test_maybe_sign_release() {
@ -149,31 +148,31 @@ test_maybe_sign_release() {
} }
test_run() { test_run() {
user="$1" local user="$1"
project="$2" local project="$2"
test_teardown test_teardown
to_push="$TMP_DIR/binaries-releases-to-push" to_push=$TMP_DIR/binaries-releases-to-push
pulled="$TMP_DIR/binaries-releases-pulled" pulled=$TMP_DIR/binaries-releases-pulled
RELEASE_DIR="$to_push" RELEASE_DIR=$to_push
REPO="$user/$project" REPO=$user/$project
test_setup "$project" test_setup $project
test_ensure_tag test_ensure_tag
test_create_delete_tag test_create_delete_tag
DELAY=0 DELAY=0
test_wait_release_fail test_wait_release_fail
echo "================================ TEST BEGIN" echo "================================ TEST BEGIN"
upload upload
RELEASE_DIR="$pulled" RELEASE_DIR=$pulled
download download
diff -r "$to_push" "$pulled" diff -r $to_push $pulled
echo "================================ TEST END" echo "================================ TEST END"
test_wait_release test_wait_release
} }
TMP_DIR=$(mktemp -d) TMP_DIR=$(mktemp -d)
trap 'rm -fr "$TMP_DIR"' 0 INT TERM trap "rm -fr $TMP_DIR" EXIT
: ${TAG:=v17.8.20-1} : ${TAG:=v17.8.20-1}
. "$(dirname "$0")/../forgejo-release.sh" . $(dirname $0)/../forgejo-release.sh