actions/forgejo-release
1
0
Fork 0
mirror of https://code.forgejo.org/actions/forgejo-release.git synced 2025-04-22 00:48:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: actions:main
Branches Tags
actions:main
actions:renovate/actions-checkout-4.x
actions:v2
actions:v1
actions:v2.6.0
actions:v2.5.3
actions:v2.5.2
actions:v2.5.1
actions:v2.5.0
actions:v2.4.0
actions:v2.3.1
actions:v2.3.0
actions:v2.2.0
actions:v2.1.0
..
compare: actions:v2.5.0
Branches Tags
actions:main
actions:renovate/actions-checkout-4.x
actions:v2
actions:v1
actions:v2.6.0
actions:v2.5.3
actions:v2.5.2
actions:v2.5.1
actions:v2.5.0
actions:v2.4.0
actions:v2.3.1
actions:v2.3.0
actions:v2.2.0
actions:v2.1.0

No commits in common. "main" and "v2.5.0" have entirely different histories.
main ... v2.5.0

9 changed files with 113 additions and 172 deletions
Show stats Expand all files Collapse all files

2
.forgejo/workflows/integration.yml
View file

@ -6,7 +6,7 @@ jobs:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- id: forgejo - id: forgejo
uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.11 uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.3
with: with:
user: testuser user: testuser
password: admin1234 password: admin1234

1
.gitignore vendored
View file

@ -1,2 +1 @@
*~ *~
.idea

38
README.md
View file

@ -10,12 +10,12 @@ Upload or download the assets of a release to a Forgejo instance.
| name | description | required | default | | name | description | required | default |
| --- | --- | --- | --- | | --- | --- | --- | --- |
| `url` | <p>URL of the Forgejo instance</p> | `false` | `${{ env.GITHUB_SERVER_URL }}` | | `url` | <p>URL of the Forgejo instance</p> | `false` | `""` |
| `repo` | <p>owner/project relative to the URL</p> | `false` | `${{ github.repository }}` | | `repo` | <p>owner/project relative to the URL</p> | `false` | `""` |
| `tag` | <p>Tag of the release</p> | `false` | `${{ github.ref_name }}` | | `tag` | <p>Tag of the release</p> | `false` | `""` |
| `title` | <p>Title of the release (defaults to tag)</p> | `false` | `""` | | `title` | <p>Title of the release (defaults to tag)</p> | `false` | `""` |
| `sha` | <p>SHA of the release</p> | `false` | `${{ github.sha }}` | | `sha` | <p>SHA of the release</p> | `false` | `""` |
| `token` | <p>Forgejo application token</p> | `false` | `${{ secrets.GITHUB_TOKEN }}` | | `token` | <p>Forgejo application token</p> | `true` | `""` |
| `release-dir` | <p>Directory in whichs release assets are uploaded or downloaded</p> | `true` | `""` | | `release-dir` | <p>Directory in whichs release assets are uploaded or downloaded</p> | `true` | `""` |
| `release-notes` | <p>Release notes</p> | `false` | `""` | | `release-notes` | <p>Release notes</p> | `false` | `""` |
| `direction` | <p>Can either be <code>download</code> or <code>upload</code></p> | `true` | `""` | | `direction` | <p>Can either be <code>download</code> or <code>upload</code></p> | `true` | `""` |
@ -37,18 +37,16 @@ Upload or download the assets of a release to a Forgejo instance.
Upload the release located in `release-dir` to the release section of a repository (`url` and `repo`): Upload the release located in `release-dir` to the release section of a repository (`url` and `repo`):
```yaml ```yaml
on: [tag]
jobs: jobs:
upload-release: upload-release:
runs-on: docker runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v3
- uses: actions/forgejo-release@v2.6.0 - uses: actions/forgejo-release@v2
with: with:
direction: upload direction: upload
url: https://my-forgejo-instance.net url: https://code.forgejo.org
repo: myuser/myrepo
token: ${{ secrets.WRITE_TOKEN_TO_MYREPO }}
tag: v1.0.0
release-dir: dist/release release-dir: dist/release
release-notes: "MY RELEASE NOTES" release-notes: "MY RELEASE NOTES"
``` ```
@ -58,24 +56,24 @@ jobs:
Example downloading the forgejo release v1.21.4-0 into the working directory: Example downloading the forgejo release v1.21.4-0 into the working directory:
```yaml ```yaml
on: [tag]
jobs: jobs:
download-release: download-release:
runs-on: docker runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v3
- uses: actions/forgejo-release@v2.6.0 - uses: actions/forgejo-release@v2
with: with:
direction: download direction: download
url: https://my-forgejo-instance.net url: https://code.forgejo.org
repo: myuser/myrepo repo: forgejo/forgejo
token: ${{ secrets.READ_TOKEN_TO_MYREPO }} tag: v1.21.4-0
tag: v1.0.0
release-dir: ./ # by default, files are downloaded into dist/release release-dir: ./ # by default, files are downloaded into dist/release
``` ```
### Real world example ### Real world example
This action is used to [publish](https://code.forgejo.org/forgejo/release-notes-assistant/src/commit/09f2c22d80d5ee655783cfeb2c1d4bab4afec3e4/.forgejo/workflows/release.yml) the release notes assistant assets. This action is used to [publish](https://code.forgejo.org/forgejo/release-notes-assistant/src/branch/main/.forgejo/workflows/release.yml) the release notes assistant assets.
## Update the `input` section of the README ## Update the `input` section of the README

21
action.yml
View file

@ -6,21 +6,17 @@ description: |
inputs: inputs:
url: url:
description: 'URL of the Forgejo instance' description: 'URL of the Forgejo instance'
default: '${{ env.GITHUB_SERVER_URL }}'
repo: repo:
description: 'owner/project relative to the URL' description: 'owner/project relative to the URL'
default: '${{ github.repository }}'
tag: tag:
description: 'Tag of the release' description: 'Tag of the release'
default: '${{ github.ref_name }}'
title: title:
description: 'Title of the release (defaults to tag)' description: 'Title of the release (defaults to tag)'
sha: sha:
description: 'SHA of the release' description: 'SHA of the release'
default: '${{ github.sha }}'
token: token:
description: 'Forgejo application token' description: 'Forgejo application token'
default: '${{ secrets.GITHUB_TOKEN }}' required: true
release-dir: release-dir:
description: 'Directory in whichs release assets are uploaded or downloaded' description: 'Directory in whichs release assets are uploaded or downloaded'
required: true required: true
@ -61,6 +57,9 @@ runs:
shell: bash shell: bash
- run: | - run: |
export FORGEJO="${{ inputs.url }}" export FORGEJO="${{ inputs.url }}"
if test -z "$FORGEJO"; then
export FORGEJO="${{ env.GITHUB_SERVER_URL }}"
fi
# A trailing / will mean http://forgejo//api/v1 is used # A trailing / will mean http://forgejo//api/v1 is used
# and it always 401 as of v1.19, because of the double slash # and it always 401 as of v1.19, because of the double slash
FORGEJO=${FORGEJO%%/} FORGEJO=${FORGEJO%%/}
@ -68,8 +67,17 @@ runs:
export HOST=${FORGEJO#*://} export HOST=${FORGEJO#*://}
export REPO="${{ inputs.repo }}" export REPO="${{ inputs.repo }}"
if test -z "$REPO"; then
export REPO="${{ github.repository }}"
fi
export TAG="${{ inputs.tag }}" export TAG="${{ inputs.tag }}"
if test -z "$TAG"; then
export TAG="${{ github.ref_name }}"
# until https://code.forgejo.org/forgejo/runner/issues/9 is fixed
# trim refs/tags/
TAG=${TAG##refs/tags/}
fi
export TITLE="${{ inputs.title }}" export TITLE="${{ inputs.title }}"
@ -91,6 +99,9 @@ runs:
) )
export SHA="${{ inputs.sha }}" export SHA="${{ inputs.sha }}"
if test -z "$SHA"; then
export SHA="${{ github.sha }}"
fi
export OVERRIDE="${{ inputs.override }}" export OVERRIDE="${{ inputs.override }}"

169
forgejo-release.sh
View file

@ -19,83 +19,46 @@ if ${VERBOSE:-false}; then set -x; fi
: ${RETRY:=1} : ${RETRY:=1}
: ${DELAY:=10} : ${DELAY:=10}
TAG_FILE="$TMP_DIR/tag$$.json"
export GNUPGHOME export GNUPGHOME
setup_tea() { setup_tea() {
if ! test -f "$BIN_DIR"/tea; then if ! test -f $BIN_DIR/tea ; then
ARCH=$(dpkg --print-architecture) ARCH=$(dpkg --print-architecture)
curl -sL https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-"$ARCH" >"$BIN_DIR"/tea curl -sL https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-$ARCH > $BIN_DIR/tea
chmod +x "$BIN_DIR"/tea chmod +x $BIN_DIR/tea
fi
}
get_tag() {
if ! test -f "$TAG_FILE"; then
if api GET repos/$REPO/tags/"$TAG" >"$TAG_FILE"; then
echo "tag $TAG exists"
else
echo "tag $TAG does not exists"
fi
fi
test -s "$TAG_FILE"
}
matched_tag() {
if get_tag; then
local sha=$(jq --raw-output .commit.sha <"$TAG_FILE")
test "$sha" = "$SHA"
else
return 1
fi fi
} }
ensure_tag() { ensure_tag() {
if get_tag; then if api GET repos/$REPO/tags/$TAG > $TMP_DIR/tag.json ; then
if ! matched_tag; then local sha=$(jq --raw-output .commit.sha < $TMP_DIR/tag.json)
cat "$TAG_FILE" if test "$sha" != "$SHA" ; then
echo "the tag SHA in the $REPO repository does not match the tag SHA that triggered the build: $SHA" cat $TMP_DIR/tag.json
return 1 echo "the tag SHA in the $REPO repository does not match the tag SHA that triggered the build: $SHA"
fi false
fi
else else
create_tag api POST repos/$REPO/tags --data-raw '{"tag_name": "'$TAG'", "target": "'$SHA'"}'
fi
}
create_tag() {
api POST repos/$REPO/tags --data-raw '{"tag_name": "'"$TAG"'", "target": "'"$SHA"'"}' >"$TAG_FILE"
}
delete_tag() {
if get_tag; then
api DELETE repos/$REPO/tags/$TAG
rm -f "$TAG_FILE"
fi fi
} }
upload_release() { upload_release() {
# assets is defined as a list of arguments, where values may contain whitespace and need to be quoted like this -a "my file.txt" -a "file.txt". local assets=$(ls $RELEASE_DIR/* | sed -e 's/^/-a /')
# It is expanded using "${assets[@]}" which preserves the separation of arguments and not split whitespace containing values. if $PRERELEASE || echo "${TAG}" | grep -qi '\-rc' ; then
# For reference, see https://github.com/koalaman/shellcheck/wiki/SC2086#exceptions releasetype="--prerelease"
local assets=()
for file in "$RELEASE_DIR"/*; do
assets=("${assets[@]}" -a "$file")
done
if $PRERELEASE || echo "${TAG}" | grep -qi '\-rc'; then
releaseType="--prerelease"
echo "Uploading as Pre-Release" echo "Uploading as Pre-Release"
else else
echo "Uploading as Stable" echo "Uploading as Stable"
fi fi
ensure_tag ensure_tag
if ! "$BIN_DIR"/tea release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} >&"$TMP_DIR"/tea.log; then anchor=$(echo $TAG | sed -e 's/^v//' -e 's/[^a-zA-Z0-9]/-/g')
if grep --quiet 'Unknown API Error: 500' "$TMP_DIR"/tea.log && grep --quiet services/release/release.go:194 "$TMP_DIR"/tea.log; then if ! $BIN_DIR/tea release create $assets --repo $REPO --note "$RELEASENOTES" --tag $TAG --title "$TITLE" --draft ${releasetype} >& $TMP_DIR/tea.log ; then
if grep --quiet 'Unknown API Error: 500' $TMP_DIR/tea.log && grep --quiet services/release/release.go:194 $TMP_DIR/tea.log ; then
echo "workaround v1.20 race condition https://codeberg.org/forgejo/forgejo/issues/1370" echo "workaround v1.20 race condition https://codeberg.org/forgejo/forgejo/issues/1370"
sleep 10 sleep 10
"$BIN_DIR"/tea release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} $BIN_DIR/tea release create $assets --repo $REPO --note "$RELEASENOTES" --tag $TAG --title "$TITLE" --draft ${releasetype}
else else
cat "$TMP_DIR"/tea.log cat $TMP_DIR/tea.log
return 1 return 1
fi fi
fi fi
@ -106,63 +69,61 @@ upload_release() {
release_draft() { release_draft() {
local state="$1" local state="$1"
local id=$(api GET repos/$REPO/releases/tags/"$TAG" | jq --raw-output .id) local id=$(api GET repos/$REPO/releases/tags/$TAG | jq --raw-output .id)
api PATCH repos/$REPO/releases/"$id" --data-raw '{"draft": '"$state"', "hide_archive_links": '$HIDE_ARCHIVE_LINK'}' api PATCH repos/$REPO/releases/$id --data-raw '{"draft": '$state', "hide_archive_links": '$HIDE_ARCHIVE_LINK'}'
} }
maybe_use_release_note_assistant() { maybe_use_release_note_assistant() {
if "$RELEASE_NOTES_ASSISTANT"; then if "$RELEASE_NOTES_ASSISTANT"; then
curl --fail -s -S -o rna https://code.forgejo.org/forgejo/release-notes-assistant/releases/download/v1.2.3/release-notes-assistant curl --fail -s -S -o rna https://code.forgejo.org/forgejo/release-notes-assistant/releases/download/v1.2.3/release-notes-assistant
chmod +x ./rna chmod +x ./rna
./rna --storage release --storage-location "$TAG" --forgejo-url "$SCHEME"://placeholder:"$TOKEN"@"$HOST" --repository $REPO --token "$TOKEN" release "$TAG" ./rna --storage release --storage-location $TAG --forgejo-url $SCHEME://placeholder:$TOKEN@$HOST --repository $REPO --token $TOKEN release $TAG
fi fi
} }
sign_release() { sign_release() {
local passphrase local passphrase
if test -s "$GPG_PASSPHRASE"; then if test -s "$GPG_PASSPHRASE"; then
passphrase="--passphrase-file $GPG_PASSPHRASE" passphrase="--passphrase-file $GPG_PASSPHRASE"
fi fi
gpg --import --no-tty --pinentry-mode loopback $passphrase "$GPG_PRIVATE_KEY" gpg --import --no-tty --pinentry-mode loopback $passphrase "$GPG_PRIVATE_KEY"
for asset in "$RELEASE_DIR"/*; do for asset in $RELEASE_DIR/* ; do
if [[ $asset =~ .sha256$ ]]; then if [[ $asset =~ .sha256$ ]] ; then
continue continue
fi fi
gpg --armor --detach-sign --no-tty --pinentry-mode loopback $passphrase <"$asset" >"$asset".asc gpg --armor --detach-sign --no-tty --pinentry-mode loopback $passphrase < $asset > $asset.asc
done done
} }
maybe_sign_release() { maybe_sign_release() {
if test -s "$GPG_PRIVATE_KEY"; then if test -s "$GPG_PRIVATE_KEY"; then
sign_release sign_release
fi fi
} }
maybe_override() { maybe_override() {
if test "$OVERRIDE" = "false"; then if test "$OVERRIDE" = "false"; then
return return
fi
api DELETE repos/$REPO/releases/tags/"$TAG" >&/dev/null || true
if get_tag && ! matched_tag; then
delete_tag
fi fi
api DELETE repos/$REPO/releases/tags/$TAG >& /dev/null || true
api DELETE repos/$REPO/tags/$TAG >& /dev/null || true
} }
upload() { upload() {
setup_api setup_api
setup_tea setup_tea
rm -f ~/.config/tea/config.yml rm -f ~/.config/tea/config.yml
GITEA_SERVER_TOKEN=$TOKEN "$BIN_DIR"/tea login add --url $FORGEJO GITEA_SERVER_TOKEN=$TOKEN $BIN_DIR/tea login add --url $FORGEJO
maybe_sign_release maybe_sign_release
maybe_override maybe_override
upload_release upload_release
} }
setup_api() { setup_api() {
if ! which jq curl; then if ! which jq curl ; then
apt-get -qq update apt-get -qq update
apt-get install -y -qq jq curl apt-get install -y -qq jq curl
fi fi
} }
@ -172,46 +133,46 @@ api() {
path=$1 path=$1
shift shift
curl --fail -X "$method" -sS -H "Content-Type: application/json" -H "Authorization: token $TOKEN" "$@" $FORGEJO/api/v1/"$path" curl --fail -X $method -sS -H "Content-Type: application/json" -H "Authorization: token $TOKEN" "$@" $FORGEJO/api/v1/$path
} }
wait_release() { wait_release() {
local ready=false local ready=false
for i in $(seq $RETRY); do for i in $(seq $RETRY); do
if api GET repos/$REPO/releases/tags/"$TAG" | jq --raw-output .draft >"$TMP_DIR"/draft; then if api GET repos/$REPO/releases/tags/$TAG | jq --raw-output .draft > $TMP_DIR/draft; then
if test "$(cat "$TMP_DIR"/draft)" = "false"; then if test "$(cat $TMP_DIR/draft)" = "false"; then
ready=true ready=true
break break
fi fi
echo "release $TAG is still a draft" echo "release $TAG is still a draft"
else else
echo "release $TAG does not exist yet" echo "release $TAG does not exist yet"
fi fi
echo "waiting $DELAY seconds" echo "waiting $DELAY seconds"
sleep $DELAY sleep $DELAY
done done
if ! $ready; then if ! $ready ; then
echo "no release for $TAG" echo "no release for $TAG"
return 1 return 1
fi fi
} }
download() { download() {
setup_api setup_api
( (
mkdir -p $RELEASE_DIR mkdir -p $RELEASE_DIR
cd $RELEASE_DIR cd $RELEASE_DIR
if [[ ${DOWNLOAD_LATEST} == "true" ]]; then if [[ ${DOWNLOAD_LATEST} == "true" ]] ; then
echo "Downloading the latest release" echo "Downloading the latest release"
api GET repos/$REPO/releases/latest >"$TMP_DIR"/assets.json api GET repos/$REPO/releases/latest > $TMP_DIR/assets.json
elif [[ ${DOWNLOAD_LATEST} == "false" ]]; then elif [[ ${DOWNLOAD_LATEST} == "false" ]] ; then
wait_release wait_release
echo "Downloading tagged release ${TAG}" echo "Downloading tagged release ${TAG}"
api GET repos/$REPO/releases/tags/"$TAG" >"$TMP_DIR"/assets.json api GET repos/$REPO/releases/tags/$TAG > $TMP_DIR/assets.json
fi fi
jq --raw-output '.assets[] | "\(.browser_download_url) \(.name)"' <"$TMP_DIR"/assets.json | while read url name; do # `name` may contain whitespace, therefore, it must be last jq --raw-output '.assets[] | "\(.name) \(.browser_download_url)"' < $TMP_DIR/assets.json | while read name url ; do
curl --fail -H "Authorization: token $TOKEN" -o "$name" -L "$url" curl --fail -H "Authorization: token $TOKEN" -o $name -L $url
done done
) )
} }

20
renovate.json
View file

@ -1,18 +1,6 @@
{ {
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": ["local>actions/renovate-config"], "extends": [
"customManagers": [ "local>actions/renovate-config"
{ ]
"customType": "regex",
"description": "update example in README.md",
"fileMatch": ["^README.md$"],
"matchStrings": [
"uses: actions/forgejo-release@(?<currentValue>v\\d+\\.\\d+\\.\\d+)"
],
"datasourceTemplate": "gitea-tags",
"depNameTemplate": "actions/forgejo-release",
"versioningTemplate": "semver",
"registryUrlTemplate": "https://code.forgejo.org"
}
]
} }

31
testdata/forgejo-release-test.sh vendored
View file

@ -2,7 +2,6 @@
# SPDX-License-Identifier: MIT # SPDX-License-Identifier: MIT
set -ex set -ex
PS4='${BASH_SOURCE[0]}:$LINENO: ${FUNCNAME[0]}: '
test_teardown() { test_teardown() {
setup_api setup_api
@ -39,37 +38,24 @@ test_wait_release() {
! wait_release ! wait_release
} }
test_create_delete_tag() {
delete_tag
! get_tag
create_tag
get_tag
delete_tag
! get_tag
}
test_ensure_tag() { test_ensure_tag() {
delete_tag api DELETE repos/$REPO/tags/$TAG || true
# #
# idempotent # idempotent
# #
ensure_tag ensure_tag
mv $TAG_FILE $TMP_DIR/tag1.json api GET repos/$REPO/tags/$TAG > $TMP_DIR/tag1.json
ensure_tag ensure_tag
mv $TAG_FILE $TMP_DIR/tag2.json api GET repos/$REPO/tags/$TAG > $TMP_DIR/tag2.json
diff -u $TMP_DIR/tag[12].json diff -u $TMP_DIR/tag[12].json
# #
# sanity check on the SHA of an existing tag # sanity check on the SHA of an existing tag
# #
( (
SHA=12345 SHA=12345
! matched_tag ! ensure_tag
! ensure_tag
) )
delete_tag api DELETE repos/$REPO/tags/$TAG
} }
test_maybe_sign_release_no_gpg() { test_maybe_sign_release_no_gpg() {
@ -108,8 +94,8 @@ test_maybe_sign_release_skipped() {
} }
test_maybe_sign_release_verify() { test_maybe_sign_release_verify() {
for file in $RELEASE_DIR/file-one.txt $RELEASE_DIR/file-two.txt; do for file in $RELEASE_DIR/file-one.txt $RELEASE_DIR/file-two.txt; do
gpg --verify $file.asc $file gpg --verify $file.asc $file
done done
} }
@ -143,7 +129,6 @@ test_run() {
REPO=$user/$project REPO=$user/$project
test_setup $project test_setup $project
test_ensure_tag test_ensure_tag
test_create_delete_tag
DELAY=0 DELAY=0
test_wait_release_fail test_wait_release_fail
echo "================================ TEST BEGIN" echo "================================ TEST BEGIN"

2
testdata/nested-upload-download/.forgejo/workflows/test.yml vendored
View file

@ -12,7 +12,7 @@ jobs:
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- id: forgejo - id: forgejo
uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.11 uses: https://code.forgejo.org/actions/setup-forgejo@v1
with: with:
user: testuser user: testuser
password: admin1234 password: admin1234

1
testdata/upload-download/upload-dir/file 3.txt vendored
View file

@ -1 +0,0 @@
FILE3