Merge pull request 'Update https://code.forgejo.org/actions/setup-forgejo action to v2.0.11' (#49 ) from renovate/https-code.forgejo.org-actions-setup-forgejo-2.x into main

Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/49 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>
Update https://code.forgejo.org/actions/setup-forgejo action to v2.0.11
2025-04-22 09:00:50 +00:00 · 2025-04-13 10:06:09 +00:00 · 2025-04-13 08:31:13 +00:00 · 2025-04-13 06:46:33 +00:00 · 2025-04-12 13:33:43 +02:00 · 2025-04-12 11:28:07 +00:00
11 changed files with 275 additions and 130 deletions
--- a/.editorconfig
+++ b/.editorconfig
@ -0,0 +1,10 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+tab_width = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
--- a/.forgejo/workflows/integration.yml
+++ b/.forgejo/workflows/integration.yml
@ -6,11 +6,11 @@ jobs:
      - uses: actions/checkout@v3

      - id: forgejo
-        uses: https://code.forgejo.org/actions/setup-forgejo@v1
+        uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.11
        with:
          user: testuser
          password: admin1234
-          image-version: 1.20
+          image-version: 9

      - name: push self
        run: |
@ -18,17 +18,38 @@ jobs:

      - name: testdata/upload-download
        run: |
+          export LOOP_DELAY=30
          export FORGEJO_RUNNER_LOGS="${{ steps.forgejo.outputs.runner-logs }}"
          forgejo-test-helper.sh run_workflow testdata/upload-download http://testuser:admin1234@${{ steps.forgejo.outputs.host-port }} testuser upload-download forgejo-release "${{ steps.forgejo.outputs.token }}"

+          set -ex
+          export FORGEJO="${{ steps.forgejo.outputs.url }}"
+          curl --fail -sS $FORGEJO/api/v1/repos/testuser/upload-download/releases/tags/v2.0 > /tmp/v2.json
+          EXPECTED='No shell expansion should on these notes:
+          - $(some_command)
+          - `other_commend`
+          - "double quoted" and '\''single quoted'\'' strings
+          - \backslash escape
+          - !exclamation_mark'
+          test "$EXPECTED" = "$(jq -r .body < /tmp/v2.json)"
+
+          test $(cat /tmp/v2.json | jq -r .hide_archive_links) = false
+
+          curl --fail -sS $FORGEJO/api/v1/repos/testuser/upload-download/releases/tags/v1.0 > /tmp/v1.json
+          cat /tmp/v1.json | jq -r .body | grep '<!--start release-notes-assistant-->'
+
+          test $(cat /tmp/v1.json | jq -r .hide_archive_links) = true
+
      - name: testdata/upload-download-private
        run: |
+          export LOOP_DELAY=30
          export FORGEJO_RUNNER_LOGS="${{ steps.forgejo.outputs.runner-logs }}"
          curl -X 'POST' 'http://testuser:admin1234@${{ steps.forgejo.outputs.host-port }}/api/v1/user/repos' -H 'accept: application/json' -H 'Content-Type: application/json' -d '{"name": "upload-download-private","private": true}'
          forgejo-test-helper.sh run_workflow testdata/upload-download http://testuser:admin1234@${{ steps.forgejo.outputs.host-port }} testuser upload-download-private forgejo-release "${{ steps.forgejo.outputs.token }}"

      - name: testdata/nested-upload-download
        run: |
+          export LOOP_DELAY=30
          export FORGEJO_RUNNER_LOGS="${{ steps.forgejo.outputs.runner-logs }}"
          forgejo-test-helper.sh run_workflow testdata/nested-upload-download http://testuser:admin1234@${{ steps.forgejo.outputs.host-port }} testuser nested-upload-download forgejo-release "${{ steps.forgejo.outputs.token }}"

--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
 *~
+.idea
--- a/README.md
+++ b/README.md
@ -10,39 +10,45 @@ Upload or download the assets of a release to a Forgejo instance.

 | name | description | required | default |
 | --- | --- | --- | --- |
-| `url` | <p>URL of the Forgejo instance</p> | `false` | `""` |
-| `repo` | <p>owner/project relative to the URL</p> | `false` | `""` |
-| `tag` | <p>Tag of the release</p> | `false` | `""` |
-| `title` | <p>Title of the release</p> | `false` | `""` |
-| `sha` | <p>SHA of the release</p> | `false` | `""` |
-| `token` | <p>Forgejo application token</p> | `true` | `""` |
+| `url` | <p>URL of the Forgejo instance</p> | `false` | `${{ env.GITHUB_SERVER_URL }}` |
+| `repo` | <p>owner/project relative to the URL</p> | `false` | `${{ github.repository }}` |
+| `tag` | <p>Tag of the release</p> | `false` | `${{ github.ref_name }}` |
+| `title` | <p>Title of the release (defaults to tag)</p> | `false` | `""` |
+| `sha` | <p>SHA of the release</p> | `false` | `${{ github.sha }}` |
+| `token` | <p>Forgejo application token</p> | `false` | `${{ secrets.GITHUB_TOKEN }}` |
 | `release-dir` | <p>Directory in whichs release assets are uploaded or downloaded</p> | `true` | `""` |
 | `release-notes` | <p>Release notes</p> | `false` | `""` |
-| `direction` | <p>Can either be download or upload</p> | `true` | `""` |
+| `direction` | <p>Can either be <code>download</code> or <code>upload</code></p> | `true` | `""` |
 | `gpg-private-key` | <p>GPG Private Key to sign the release artifacts</p> | `false` | `""` |
 | `gpg-passphrase` | <p>Passphrase of the GPG Private Key</p> | `false` | `""` |
 | `download-retry` | <p>Number of times to retry if the release is not ready (default 1)</p> | `false` | `""` |
 | `download-latest` | <p>Download the latest release</p> | `false` | `false` |
 | `verbose` | <p>Increase the verbosity level</p> | `false` | `false` |
-| `override` | <p>Override an existing release by the same {tag}</p> | `false` | `false` |
+| `override` | <p>Override an existing release by the same <code>{tag}</code></p> | `false` | `false` |
 | `prerelease` | <p>Mark Release as Pre-Release</p> | `false` | `false` |
+| `release-notes-assistant` | <p>Generate release notes with Release Notes Assistant</p> | `false` | `false` |
+| `hide-archive-link` | <p>Hide the archive links</p> | `false` | `false` |
 <!-- action-docs-inputs source="action.yml" -->

-## Example
+## Examples

 ### Upload

+Upload the release located in `release-dir` to the release section of a repository (`url` and `repo`):
+
 ```yaml
-on: [tag]
 jobs:
  upload-release:
-    runs-on: ubuntu-latest
+    runs-on: docker
    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/forgejo-release@v1
+      - uses: actions/checkout@v4
+      - uses: actions/forgejo-release@v2.6.0
        with:
          direction: upload
-          url: https://code.forgejo.org
+          url: https://my-forgejo-instance.net
+          repo: myuser/myrepo
+          token: ${{ secrets.WRITE_TOKEN_TO_MYREPO }}
+          tag: v1.0.0
          release-dir: dist/release
          release-notes: "MY RELEASE NOTES"
 ```
@ -52,21 +58,30 @@ jobs:
 Example downloading the forgejo release v1.21.4-0 into the working directory:

 ```yaml
-on: [tag]
 jobs:
  download-release:
-    runs-on: ubuntu-latest
+    runs-on: docker
    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/forgejo-release@v1
+      - uses: actions/checkout@v4
+      - uses: actions/forgejo-release@v2.6.0
        with:
          direction: download
-          url: https://code.forgejo.org
-          repo: forgejo/forgejo
-          tag: v1.21.4-0
+          url: https://my-forgejo-instance.net
+          repo: myuser/myrepo
+          token: ${{ secrets.READ_TOKEN_TO_MYREPO }}
+          tag: v1.0.0
          release-dir: ./  # by default, files are downloaded into dist/release
 ```

-## Update the README
+### Real world example

-With https://github.com/npalm/action-docs `action-docs --update-readme`
+This action is used to [publish](https://code.forgejo.org/forgejo/release-notes-assistant/src/commit/09f2c22d80d5ee655783cfeb2c1d4bab4afec3e4/.forgejo/workflows/release.yml) the release notes assistant assets.
+
+## Update the `input` section of the README
+
+Using [action-docs](https://github.com/npalm/action-docs):
+
+```shell
+# Edit the action.yml file and run:
+action-docs --update-readme
+```
--- a/action.yml
+++ b/action.yml
@ -6,24 +6,28 @@ description: |
 inputs:
  url:
    description: 'URL of the Forgejo instance'
+    default: '${{ env.GITHUB_SERVER_URL }}'
  repo:
    description: 'owner/project relative to the URL'
+    default: '${{ github.repository }}'
  tag:
    description: 'Tag of the release'
+    default: '${{ github.ref_name }}'
  title:
    description: 'Title of the release (defaults to tag)'
  sha:
    description: 'SHA of the release'
+    default: '${{ github.sha }}'
  token:
    description: 'Forgejo application token'
-    required: true
+    default: '${{ secrets.GITHUB_TOKEN }}'
  release-dir:
    description: 'Directory in whichs release assets are uploaded or downloaded'
    required: true
  release-notes:
    description: 'Release notes'
  direction:
-    description: 'Can either be download or upload'
+    description: 'Can either be `download` or `upload`'
    required: true
  gpg-private-key:
    description: 'GPG Private Key to sign the release artifacts'
@ -33,16 +37,22 @@ inputs:
    description: 'Number of times to retry if the release is not ready (default 1)'
  download-latest:
    description: 'Download the latest release'
-    default: 'false'
+    default: false
  verbose:
    description: 'Increase the verbosity level'
-    default: 'false'
+    default: false
  override:
-    description: 'Override an existing release by the same {tag}'
-    default: 'false'
+    description: 'Override an existing release by the same `{tag}`'
+    default: false
  prerelease:
    description: 'Mark Release as Pre-Release'
-    default: 'false'
+    default: false
+  release-notes-assistant:
+    description: 'Generate release notes with Release Notes Assistant'
+    default: false
+  hide-archive-link:
+    description: 'Hide the archive links'
+    default: false

 runs:
  using: "composite"
@ -51,25 +61,15 @@ runs:
      shell: bash
    - run: |
        export FORGEJO="${{ inputs.url }}"
-        if test -z "$FORGEJO"; then
-          export FORGEJO="${{ env.GITHUB_SERVER_URL }}"
-        fi
        # A trailing / will mean http://forgejo//api/v1 is used
        # and it always 401 as of v1.19, because of the double slash
        FORGEJO=${FORGEJO%%/}
+        export SCHEME=${FORGEJO%://*}
+        export HOST=${FORGEJO#*://}

        export REPO="${{ inputs.repo }}"
-        if test -z "$REPO"; then
-          export REPO="${{ github.repository }}"
-        fi

        export TAG="${{ inputs.tag }}"
-        if test -z "$TAG"; then
-          export TAG="${{ github.ref_name }}"
-          # until https://code.forgejo.org/forgejo/runner/issues/9 is fixed
-          # trim refs/tags/
-          TAG=${TAG##refs/tags/}
-        fi

        export TITLE="${{ inputs.title }}"

@ -77,16 +77,20 @@ runs:

        export PRERELEASE="${{ inputs.prerelease }}"

+        export RELEASE_NOTES_ASSISTANT="${{ inputs.release-notes-assistant }}"
+
+        export HIDE_ARCHIVE_LINK="${{ inputs.hide-archive-link }}"
+
        export TOKEN="${{ inputs.token }}"

        export RELEASE_DIR="${{ inputs.release-dir }}"

-        export RELEASENOTES="${{ inputs.release-notes }}"
+        export RELEASENOTES=$(cat << 'EOF'
+        ${{ inputs.release-notes }}
+        EOF
+        )

        export SHA="${{ inputs.sha }}"
-        if test -z "$SHA"; then
-          export SHA="${{ github.sha }}"
-        fi

        export OVERRIDE="${{ inputs.override }}"

--- a/forgejo-release.sh
+++ b/forgejo-release.sh
@ -15,101 +15,154 @@ if ${VERBOSE:-false}; then set -x; fi
 : ${BIN_DIR:=$TMP_DIR}
 : ${TEA_VERSION:=0.9.0}
 : ${OVERRIDE:=false}
+: ${HIDE_ARCHIVE_LINK:=false}
 : ${RETRY:=1}
 : ${DELAY:=10}

+TAG_FILE="$TMP_DIR/tag$$.json"
+
 export GNUPGHOME

 setup_tea() {
-    if ! test -f $BIN_DIR/tea ; then
-	ARCH=$(dpkg --print-architecture)
-	curl -sL https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-$ARCH > $BIN_DIR/tea
-	chmod +x $BIN_DIR/tea
+    if ! test -f "$BIN_DIR"/tea; then
+        ARCH=$(dpkg --print-architecture)
+        curl -sL https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-"$ARCH" >"$BIN_DIR"/tea
+        chmod +x "$BIN_DIR"/tea
+    fi
+}
+
+get_tag() {
+    if ! test -f "$TAG_FILE"; then
+        if api GET repos/$REPO/tags/"$TAG" >"$TAG_FILE"; then
+            echo "tag $TAG exists"
+        else
+            echo "tag $TAG does not exists"
+        fi
+    fi
+    test -s "$TAG_FILE"
+}
+
+matched_tag() {
+    if get_tag; then
+        local sha=$(jq --raw-output .commit.sha <"$TAG_FILE")
+        test "$sha" = "$SHA"
+    else
+        return 1
    fi
 }

 ensure_tag() {
-    if api GET repos/$REPO/tags/$TAG > $TMP_DIR/tag.json ; then
-	local sha=$(jq --raw-output .commit.sha < $TMP_DIR/tag.json)
-	if test "$sha" != "$SHA" ; then
-	    cat $TMP_DIR/tag.json
-	    echo "the tag SHA in the $REPO repository does not match the tag SHA that triggered the build: $SHA"
-	    false
-	fi
+    if get_tag; then
+        if ! matched_tag; then
+            cat "$TAG_FILE"
+            echo "the tag SHA in the $REPO repository does not match the tag SHA that triggered the build: $SHA"
+            return 1
+        fi
    else
-	api POST repos/$REPO/tags --data-raw '{"tag_name": "'$TAG'", "target": "'$SHA'"}'
+        create_tag
+    fi
+}
+
+create_tag() {
+    api POST repos/$REPO/tags --data-raw '{"tag_name": "'"$TAG"'", "target": "'"$SHA"'"}' >"$TAG_FILE"
+}
+
+delete_tag() {
+    if get_tag; then
+        api DELETE repos/$REPO/tags/$TAG
+        rm -f "$TAG_FILE"
    fi
 }

 upload_release() {
-    local assets=$(ls $RELEASE_DIR/* | sed -e 's/^/-a /')
-    local releasetype
-    ( $PRERELEASE || echo "${TAG}" | grep -qi '\-rc' ) && export releasetype="--prerelease" && echo "Uploading as Pre-Release"
-    test ${releasetype+false} || echo "Uploading as Stable"
-    ensure_tag
-    anchor=$(echo $TAG | sed -e 's/^v//' -e 's/[^a-zA-Z0-9]/-/g')
-    if ! $BIN_DIR/tea release create $assets --repo $REPO --note "$RELEASENOTES" --tag $TAG --title "$TITLE" --draft ${releasetype} >& $TMP_DIR/tea.log ; then
-	if grep --quiet 'Unknown API Error: 500' $TMP_DIR/tea.log && grep --quiet services/release/release.go:194 $TMP_DIR/tea.log ; then
-	    echo "workaround v1.20 race condition https://codeberg.org/forgejo/forgejo/issues/1370"
-	    sleep 10
-	    $BIN_DIR/tea release create $assets --repo $REPO --note "$RELEASENOTES" --tag $TAG --title "$TITLE" --draft ${releasetype}
-	else
-	    cat $TMP_DIR/tea.log
-	    return 1
-	fi
+    # assets is defined as a list of arguments, where values may contain whitespace and need to be quoted like this -a "my file.txt" -a "file.txt".
+    # It is expanded using "${assets[@]}" which preserves the separation of arguments and not split whitespace containing values.
+    # For reference, see https://github.com/koalaman/shellcheck/wiki/SC2086#exceptions
+    local assets=()
+    for file in "$RELEASE_DIR"/*; do
+        assets=("${assets[@]}" -a "$file")
+    done
+    if $PRERELEASE || echo "${TAG}" | grep -qi '\-rc'; then
+        releaseType="--prerelease"
+        echo "Uploading as Pre-Release"
+    else
+        echo "Uploading as Stable"
    fi
+    ensure_tag
+    if ! "$BIN_DIR"/tea release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} >&"$TMP_DIR"/tea.log; then
+        if grep --quiet 'Unknown API Error: 500' "$TMP_DIR"/tea.log && grep --quiet services/release/release.go:194 "$TMP_DIR"/tea.log; then
+            echo "workaround v1.20 race condition https://codeberg.org/forgejo/forgejo/issues/1370"
+            sleep 10
+            "$BIN_DIR"/tea release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType}
+        else
+            cat "$TMP_DIR"/tea.log
+            return 1
+        fi
+    fi
+    maybe_use_release_note_assistant
    release_draft false
 }

 release_draft() {
    local state="$1"

-    local id=$(api GET repos/$REPO/releases/tags/$TAG | jq --raw-output .id)
-    api PATCH repos/$REPO/releases/$id --data-raw '{"draft": '$state'}'
+    local id=$(api GET repos/$REPO/releases/tags/"$TAG" | jq --raw-output .id)
+
+    api PATCH repos/$REPO/releases/"$id" --data-raw '{"draft": '"$state"', "hide_archive_links": '$HIDE_ARCHIVE_LINK'}'
+}
+
+maybe_use_release_note_assistant() {
+    if "$RELEASE_NOTES_ASSISTANT"; then
+        curl --fail -s -S -o rna https://code.forgejo.org/forgejo/release-notes-assistant/releases/download/v1.2.3/release-notes-assistant
+        chmod +x ./rna
+        ./rna --storage release --storage-location "$TAG" --forgejo-url "$SCHEME"://placeholder:"$TOKEN"@"$HOST" --repository $REPO --token "$TOKEN" release "$TAG"
+    fi
 }

 sign_release() {
    local passphrase
    if test -s "$GPG_PASSPHRASE"; then
-	passphrase="--passphrase-file $GPG_PASSPHRASE"
+        passphrase="--passphrase-file $GPG_PASSPHRASE"
    fi
    gpg --import --no-tty --pinentry-mode loopback $passphrase "$GPG_PRIVATE_KEY"
-    for asset in $RELEASE_DIR/* ; do
-	if [[ $asset =~ .sha256$ ]] ; then
-	    continue
-	fi
-	gpg --armor --detach-sign --no-tty --pinentry-mode loopback $passphrase < $asset > $asset.asc
+    for asset in "$RELEASE_DIR"/*; do
+        if [[ $asset =~ .sha256$ ]]; then
+            continue
+        fi
+        gpg --armor --detach-sign --no-tty --pinentry-mode loopback $passphrase <"$asset" >"$asset".asc
    done
 }

 maybe_sign_release() {
    if test -s "$GPG_PRIVATE_KEY"; then
-	sign_release
+        sign_release
    fi
 }

 maybe_override() {
    if test "$OVERRIDE" = "false"; then
-	return
+        return
+    fi
+    api DELETE repos/$REPO/releases/tags/"$TAG" >&/dev/null || true
+    if get_tag && ! matched_tag; then
+        delete_tag
    fi
-    api DELETE repos/$REPO/releases/tags/$TAG >& /dev/null || true
-    api DELETE repos/$REPO/tags/$TAG >& /dev/null || true
 }

 upload() {
    setup_api
    setup_tea
    rm -f ~/.config/tea/config.yml
-    GITEA_SERVER_TOKEN=$TOKEN $BIN_DIR/tea login add --url $FORGEJO
+    GITEA_SERVER_TOKEN=$TOKEN "$BIN_DIR"/tea login add --url $FORGEJO
    maybe_sign_release
    maybe_override
    upload_release
 }

 setup_api() {
-    if ! which jq curl ; then
-	apt-get -qq update
-	apt-get install -y -qq jq curl
+    if ! which jq curl; then
+        apt-get -qq update
+        apt-get install -y -qq jq curl
    fi
 }

@ -119,46 +172,46 @@ api() {
    path=$1
    shift

-    curl --fail -X $method -sS -H "Content-Type: application/json" -H "Authorization: token $TOKEN" "$@" $FORGEJO/api/v1/$path
+    curl --fail -X "$method" -sS -H "Content-Type: application/json" -H "Authorization: token $TOKEN" "$@" $FORGEJO/api/v1/"$path"
 }

 wait_release() {
    local ready=false
    for i in $(seq $RETRY); do
-	if api GET repos/$REPO/releases/tags/$TAG | jq --raw-output .draft > $TMP_DIR/draft; then
-	    if test "$(cat $TMP_DIR/draft)" = "false"; then
-		ready=true
-		break
-	    fi
-	    echo "release $TAG is still a draft"
-	else
-	    echo "release $TAG does not exist yet"
-	fi
-	echo "waiting $DELAY seconds"
-	sleep $DELAY
+        if api GET repos/$REPO/releases/tags/"$TAG" | jq --raw-output .draft >"$TMP_DIR"/draft; then
+            if test "$(cat "$TMP_DIR"/draft)" = "false"; then
+                ready=true
+                break
+            fi
+            echo "release $TAG is still a draft"
+        else
+            echo "release $TAG does not exist yet"
+        fi
+        echo "waiting $DELAY seconds"
+        sleep $DELAY
    done
-    if ! $ready ; then
-	echo "no release for $TAG"
-	return 1
+    if ! $ready; then
+        echo "no release for $TAG"
+        return 1
    fi
 }

 download() {
    setup_api
    (
-	mkdir -p $RELEASE_DIR
-	cd $RELEASE_DIR
-    if [[ ${DOWNLOAD_LATEST} == "true" ]] ; then
-        echo "Downloading the latest release"
-        api GET repos/$REPO/releases/latest > $TMP_DIR/assets.json
-    elif [[ ${DOWNLOAD_LATEST} == "false" ]] ; then
-        wait_release
-        echo "Downloading tagged release ${TAG}"
-	    api GET repos/$REPO/releases/tags/$TAG > $TMP_DIR/assets.json
-    fi
-	jq --raw-output '.assets[] | "\(.name) \(.browser_download_url)"' < $TMP_DIR/assets.json | while read name url ; do
-	    curl --fail -H "Authorization: token $TOKEN" -o $name -L $url
-	done
+        mkdir -p $RELEASE_DIR
+        cd $RELEASE_DIR
+        if [[ ${DOWNLOAD_LATEST} == "true" ]]; then
+            echo "Downloading the latest release"
+            api GET repos/$REPO/releases/latest >"$TMP_DIR"/assets.json
+        elif [[ ${DOWNLOAD_LATEST} == "false" ]]; then
+            wait_release
+            echo "Downloading tagged release ${TAG}"
+            api GET repos/$REPO/releases/tags/"$TAG" >"$TMP_DIR"/assets.json
+        fi
+        jq --raw-output '.assets[] | "\(.browser_download_url) \(.name)"' <"$TMP_DIR"/assets.json | while read url name; do # `name` may contain whitespace, therefore, it must be last
+            curl --fail -H "Authorization: token $TOKEN" -o "$name" -L "$url"
+        done
    )
 }

--- a/renovate.json
+++ b/renovate.json
@ -0,0 +1,18 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": ["local>actions/renovate-config"],
+    "customManagers": [
+        {
+            "customType": "regex",
+            "description": "update example in README.md",
+            "fileMatch": ["^README.md$"],
+            "matchStrings": [
+                "uses: actions/forgejo-release@(?<currentValue>v\\d+\\.\\d+\\.\\d+)"
+            ],
+            "datasourceTemplate": "gitea-tags",
+            "depNameTemplate": "actions/forgejo-release",
+            "versioningTemplate": "semver",
+            "registryUrlTemplate": "https://code.forgejo.org"
+        }
+    ]
+}
--- a/testdata/forgejo-release-test.sh
+++ b/testdata/forgejo-release-test.sh
@ -2,6 +2,7 @@
 # SPDX-License-Identifier: MIT

 set -ex
+PS4='${BASH_SOURCE[0]}:$LINENO: ${FUNCNAME[0]}:  '

 test_teardown() {
    setup_api
@ -38,24 +39,37 @@ test_wait_release() {
    ! wait_release
 }

+test_create_delete_tag() {
+    delete_tag
+
+    ! get_tag
+    create_tag
+    get_tag
+    delete_tag
+    ! get_tag
+}
+
 test_ensure_tag() {
-    api DELETE repos/$REPO/tags/$TAG || true
+    delete_tag
    #
    # idempotent
    #
    ensure_tag
-    api GET repos/$REPO/tags/$TAG > $TMP_DIR/tag1.json
+    mv $TAG_FILE $TMP_DIR/tag1.json
+
    ensure_tag
-    api GET repos/$REPO/tags/$TAG > $TMP_DIR/tag2.json
+    mv $TAG_FILE $TMP_DIR/tag2.json
+
    diff -u $TMP_DIR/tag[12].json
    #
    # sanity check on the SHA of an existing tag
    #
    (
-	SHA=12345
-	! ensure_tag
+        SHA=12345
+        ! matched_tag
+        ! ensure_tag
    )
-    api DELETE repos/$REPO/tags/$TAG
+    delete_tag
 }

 test_maybe_sign_release_no_gpg() {
@ -94,8 +108,8 @@ test_maybe_sign_release_skipped() {
 }

 test_maybe_sign_release_verify() {
-    for file in  $RELEASE_DIR/file-one.txt  $RELEASE_DIR/file-two.txt; do
-	gpg --verify $file.asc $file
+    for file in $RELEASE_DIR/file-one.txt $RELEASE_DIR/file-two.txt; do
+        gpg --verify $file.asc $file
    done
 }

@ -129,6 +143,7 @@ test_run() {
    REPO=$user/$project
    test_setup $project
    test_ensure_tag
+    test_create_delete_tag
    DELAY=0
    test_wait_release_fail
    echo "================================ TEST BEGIN"
--- a/testdata/nested-upload-download/.forgejo/workflows/test.yml
+++ b/testdata/nested-upload-download/.forgejo/workflows/test.yml
@ -12,7 +12,7 @@ jobs:
    steps:
      - uses: actions/checkout@v3
      - id: forgejo
-        uses: https://code.forgejo.org/actions/setup-forgejo@v1
+        uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.11
        with:
          user: testuser
          password: admin1234
--- a/testdata/upload-download/.forgejo/workflows/test.yml
+++ b/testdata/upload-download/.forgejo/workflows/test.yml
@ -25,7 +25,8 @@ jobs:
          tag: v1.0
          token: FORGEJO_TOKEN
          release-dir: upload-dir
-          release-notes: "RELEASE NOTES"
+          release-notes-assistant: true
+          hide-archive-link: true
          override: true
          verbose: true
      - if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
@ -36,7 +37,13 @@ jobs:
          tag: v2.0
          token: FORGEJO_TOKEN
          release-dir: upload-dir-v2
-          release-notes: "RELEASE NOTES V2"
+          release-notes: |-
+            No shell expansion should on these notes:
+            - $(some_command)
+            - `other_commend`
+            - "double quoted" and 'single quoted' strings
+            - \backslash escape
+            - !exclamation_mark
          verbose: true
      - if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
        id: release-download
--- a/testdata/upload-download/upload-dir/file
+++ b/testdata/upload-download/upload-dir/file
@ -0,0 +1 @@
+FILE3
Author	SHA1	Message	Date
earl-warren	cb5b30e358	Merge pull request 'Update https://code.forgejo.org/actions/setup-forgejo action to v2.0.11' (#49 ) from renovate/https-code.forgejo.org-actions-setup-forgejo-2.x into main Some checks failed / integration (push) Has been cancelled Details Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/49 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>	2025-04-13 10:06:09 +00:00
Renovate Bot	f0a9704521	Update https://code.forgejo.org/actions/setup-forgejo action to v2.0.11	2025-04-13 08:31:13 +00:00
earl-warren	73fec07c28	Merge pull request 'chore: teach renovate to update the example version' (#46 ) from earl-warren/forgejo-release:wip-renovate into main Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/46 Reviewed-by: Michael Kriese <michael.kriese@gmx.de>	2025-04-13 06:46:33 +00:00
Earl Warren	dccbd17bd8	chore: teach renovate to update the example version	2025-04-12 13:33:43 +02:00
earl-warren	bc1ca37df0	Merge pull request 'chore: update the example to refer to v2.6.0' (#45 ) from wip-readme into main Some checks are pending / integration (push) Waiting to run Details Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/45	2025-04-12 11:28:07 +00:00
Earl Warren	a198449381	chore: update the example to refer to v2.6.0 and be explicit about the parameters to improve readability	2025-04-12 13:24:33 +02:00
dorianim	a6e3fdb19e	feat: add default token and document default values (#44 ) Some checks failed / integration (push) Has been cancelled Details This PR adds `${{ secrets.GITHUB_TOKEN }}` as the default value for the token and documents all default values in the readme. Fixes #43 Co-authored-by: Dorian Zedler <dorian@itsblue.de> Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/44 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org> Co-authored-by: dorianim <dorianim@noreply.code.forgejo.org> Co-committed-by: dorianim <dorianim@noreply.code.forgejo.org>	2025-04-07 06:35:43 +00:00
earl-warren	73ed2a76a2	Merge pull request 'fix: the tag cache must be deleted when the tag is deleted' (#40 ) from limiting-factor/forgejo-release:wip-delete into main Some checks failed / integration (push) Has been cancelled Details Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/40 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>	2025-02-23 23:11:48 +00:00
limiting-factor	1a6975277b	fix: the tag cache must be deleted when the tag is deleted Otherwise it will linger and potentially create problem when using overrides.	2025-02-23 23:52:48 +01:00
earl-warren	e2af55222e	Merge pull request 'fix: override=true must not needlessly delete a tag' (#39 ) from limiting-factor/forgejo-release:wip-override into main Some checks are pending / integration (push) Waiting to run Details Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/39 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>	2025-02-23 20:43:42 +00:00
limiting-factor	0079bcb471	fix: override=true must not needlessly delete a tag If the tag to be set is exactly the same as the tag that exists, do not delete it. When the tag is recreated although it is not necessary, it may trigger workflows that have already been triggered and send the workflow in a loop. - split `get_tag` & `matched_tag` out of ensure_tag - in case of an override, only delete the tag if it fails `matched_tag` - trace shell lines to help debug - add testing	2025-02-23 21:22:31 +01:00
limiting-factor	9d4ddfbaad	chore(editorconfig): comply with .editorconfig	2025-02-23 19:02:08 +01:00
Michael Kriese	e4b9180780	Merge pull request 'Replace actions/setup-forgejo action with actions/setup-forgejo v1.0.1' (#36 ) from renovate/actions-setup-forgejo-replacement into main Some checks failed / integration (push) Has been cancelled Details Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/36 Reviewed-by: Michael Kriese <michael.kriese@gmx.de>	2024-12-10 05:51:36 +00:00
Renovate Bot	410b453871	Replace actions/setup-forgejo action with actions/setup-forgejo v1.0.1	2024-12-10 00:02:00 +00:00
Crown0815	4d26949b75	Add support for files with spaces in their names (#24 ) Some checks are pending / integration (push) Waiting to run Details So far when uploading files containing spaces, such as `file 3.txt`, the `tea` command will be broken due to incorrectly formatted `tea` arguments. I have been receiving `Remote repository required: Specify ID via --repo or execute from a local git repo.` which was not helpful until I turned on `verbose` and saw the whole command. This fix should resolve this issue and thereby add active support for files with spaces. Co-authored-by: Felix Kröner <felix.kroener@dynamic-biosensors.com> Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/24 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org> Co-authored-by: Crown0815 <crown0815@noreply.code.forgejo.org> Co-committed-by: Crown0815 <crown0815@noreply.code.forgejo.org>	2024-12-09 05:38:35 +00:00
earl-warren	c2742f30c0	Merge pull request 'Update actions/setup-forgejo action to v2.0.4' (#35 ) from renovate/actions-setup-forgejo-2.x into main Some checks are pending / integration (push) Waiting to run Details Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/35 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>	2024-12-08 07:44:30 +00:00
Renovate Bot	4e4edf0d8c	Update actions/setup-forgejo action to v2.0.4	2024-12-08 00:02:10 +00:00
earl-warren	2eb5091236	Merge pull request 'Add hide archive link option' (#34 ) from natct/forgejo-release:add_hide_archive_link_option into main Some checks failed / integration (push) Has been cancelled Details Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/34 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>	2024-12-03 08:57:21 +00:00
natct	5069284121	feat: add an option to hide archive link	2024-12-03 09:48:47 +01:00
natct	e31d55ec37	Merge pull request 'Update actions/setup-forgejo action to v2.0.3' (#33 ) from renovate/actions-setup-forgejo-2.x into main Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/33 Reviewed-by: natct <natct@noreply.code.forgejo.org>	2024-12-03 08:29:13 +00:00
Renovate Bot	cdc4d28dc0	Update actions/setup-forgejo action to v2.0.3	2024-11-28 00:02:39 +00:00
Michael Kriese	799c07b6e7	Merge pull request 'Configure Renovate' (#31 ) from renovate/configure into main Some checks failed / integration (push) Has been cancelled Details Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/31 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org> Reviewed-by: Michael Kriese <michael.kriese@gmx.de>	2024-11-20 15:18:27 +00:00
Renovate Bot	d62b558623	Add renovate.json	2024-11-20 14:01:08 +00:00
earl-warren	4f1c5dce43	Merge pull request 'feat: enable release-notes-assistant' (#28 ) from natct/forgejo-release:use_rna into main Some checks failed / integration (push) Has been cancelled Details Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/28 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>	2024-11-18 15:09:23 +00:00
natct	63e4d05f9d	feat(ci): update `setup-forgejo` version	2024-11-18 15:32:02 +01:00
natct	0ac99a8b42	feat(ci): add test for `rna`	2024-11-18 15:32:02 +01:00
natct	59d006123b	feat(ci): use Release Notes Assistant	2024-11-18 15:32:02 +01:00
earl-warren	f20eaa0c48	Merge pull request 'add `LOOP_DELAY=30`' (#29 ) from natct/forgejo-release:slowly into main Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/29 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>	2024-11-18 13:55:34 +00:00
natct	885d020f46	wip: export var	2024-11-18 11:10:44 +01:00
natct	f194120fa7	wip: add `LOOP_DELAY=30`	2024-11-12 17:38:02 +01:00
earl-warren	a4252003d2	Merge pull request 'Script cleanup' (#27 ) from natct/forgejo-release:cleanup into main Some checks failed / integration (push) Has been cancelled Details Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/27 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>	2024-11-04 10:44:36 +00:00
natct	72f5daf6a7	feat: cleaunp script	2024-11-04 11:07:42 +01:00
natct	c3c6700f17	feat: add `.editorconfig`	2024-11-04 11:07:42 +01:00
earl-warren	d9518fd6b1	Merge pull request 'Update README.md' (#26 ) from natct/forgejo-release:update_readme into main Some checks failed / integration (push) Has been cancelled Details Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/26 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>	2024-10-29 16:18:06 +00:00
natct	f3b5347abf	feat(doc): update `inputs`	2024-10-29 15:41:47 +01:00
natct	e613cff3d5	feat(doc): update `action.yml`	2024-10-29 15:41:47 +01:00
natct	8ebade3458	feat(doc): update `README.md`	2024-10-29 11:59:40 +01:00
earl-warren	3abc683f45	Merge pull request 'Fix release notes not being escaped properly' (#19 ) from paulvt/forgejo-release:fix-escaping-release-notes into main Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/19 Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>	2024-08-18 03:31:03 +00:00
Paul van Tilburg	9c0ac967a9	Add test ensuring no breakage because of shell expansion	2024-08-17 11:24:08 +02:00
Paul van Tilburg	6ab7d41741	Fix release notes being escaped properly The release notes can contain special characters that will be expanded by bash if not escaped properly, such as the dollar sign (`$`) or the backtick (`\``). This PR replaces setting the `RELEASENOTES` environment variable using double quotes by a heredoc that does not perform any shell-related expansion.	2024-08-11 12:14:42 +02:00