Merge pull request 'Update https://code.forgejo.org/actions/setup-forgejo action to v2.0.11' (#49) from renovate/https-code.forgejo.org-actions-setup-forgejo-2.x into main

Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/49
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>

.forgejo/workflows/integration.yml

@@ -6,7 +6,7 @@ jobs:
       - uses: actions/checkout@v3
 
       - id: forgejo
-        uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.2
+        uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.11
         with:
           user: testuser
           password: admin1234
@@ -24,18 +24,22 @@ jobs:
 
           set -ex
           export FORGEJO="${{ steps.forgejo.outputs.url }}"
-          curl --fail -sS $FORGEJO/api/v1/repos/testuser/upload-download/releases/tags/v2.0 > /tmp/release.json
+          curl --fail -sS $FORGEJO/api/v1/repos/testuser/upload-download/releases/tags/v2.0 > /tmp/v2.json
           EXPECTED='No shell expansion should on these notes:
           - $(some_command)
           - `other_commend`
           - "double quoted" and '\''single quoted'\'' strings
           - \backslash escape
           - !exclamation_mark'
-          test "$EXPECTED" = "$(jq -r .body < /tmp/release.json)"
+          test "$EXPECTED" = "$(jq -r .body < /tmp/v2.json)"
+
+          test $(cat /tmp/v2.json | jq -r .hide_archive_links) = false
 
           curl --fail -sS $FORGEJO/api/v1/repos/testuser/upload-download/releases/tags/v1.0 > /tmp/v1.json
           cat /tmp/v1.json | jq -r .body | grep '<!--start release-notes-assistant-->'
 
+          test $(cat /tmp/v1.json | jq -r .hide_archive_links) = true
+
       - name: testdata/upload-download-private
         run: |
           export LOOP_DELAY=30

.gitignore

@@ -1 +1,2 @@
 *~
+.idea

README.md

@@ -10,12 +10,12 @@ Upload or download the assets of a release to a Forgejo instance.
 
 | name | description | required | default |
 | --- | --- | --- | --- |
-| `url` | <p>URL of the Forgejo instance</p> | `false` | `""` |
+| `url` | <p>URL of the Forgejo instance</p> | `false` | `${{ env.GITHUB_SERVER_URL }}` |
-| `repo` | <p>owner/project relative to the URL</p> | `false` | `""` |
+| `repo` | <p>owner/project relative to the URL</p> | `false` | `${{ github.repository }}` |
-| `tag` | <p>Tag of the release</p> | `false` | `""` |
+| `tag` | <p>Tag of the release</p> | `false` | `${{ github.ref_name }}` |
 | `title` | <p>Title of the release (defaults to tag)</p> | `false` | `""` |
-| `sha` | <p>SHA of the release</p> | `false` | `""` |
+| `sha` | <p>SHA of the release</p> | `false` | `${{ github.sha }}` |
-| `token` | <p>Forgejo application token</p> | `true` | `""` |
+| `token` | <p>Forgejo application token</p> | `false` | `${{ secrets.GITHUB_TOKEN }}` |
 | `release-dir` | <p>Directory in whichs release assets are uploaded or downloaded</p> | `true` | `""` |
 | `release-notes` | <p>Release notes</p> | `false` | `""` |
 | `direction` | <p>Can either be <code>download</code> or <code>upload</code></p> | `true` | `""` |
@@ -27,6 +27,7 @@ Upload or download the assets of a release to a Forgejo instance.
 | `override` | <p>Override an existing release by the same <code>{tag}</code></p> | `false` | `false` |
 | `prerelease` | <p>Mark Release as Pre-Release</p> | `false` | `false` |
 | `release-notes-assistant` | <p>Generate release notes with Release Notes Assistant</p> | `false` | `false` |
+| `hide-archive-link` | <p>Hide the archive links</p> | `false` | `false` |
 <!-- action-docs-inputs source="action.yml" -->
 
 ## Examples
@@ -36,16 +37,18 @@ Upload or download the assets of a release to a Forgejo instance.
 Upload the release located in `release-dir` to the release section of a repository (`url` and `repo`):
 
 ```yaml
-on: [tag]
 jobs:
   upload-release:
-    runs-on: ubuntu-latest
+    runs-on: docker
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
-      - uses: actions/forgejo-release@v2
+      - uses: actions/forgejo-release@v2.6.0
         with:
           direction: upload
-          url: https://code.forgejo.org
+          url: https://my-forgejo-instance.net
+          repo: myuser/myrepo
+          token: ${{ secrets.WRITE_TOKEN_TO_MYREPO }}
+          tag: v1.0.0
           release-dir: dist/release
           release-notes: "MY RELEASE NOTES"
 ```
@@ -55,24 +58,24 @@ jobs:
 Example downloading the forgejo release v1.21.4-0 into the working directory:
 
 ```yaml
-on: [tag]
 jobs:
   download-release:
-    runs-on: ubuntu-latest
+    runs-on: docker
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
-      - uses: actions/forgejo-release@v2
+      - uses: actions/forgejo-release@v2.6.0
         with:
           direction: download
-          url: https://code.forgejo.org
+          url: https://my-forgejo-instance.net
-          repo: forgejo/forgejo
+          repo: myuser/myrepo
-          tag: v1.21.4-0
+          token: ${{ secrets.READ_TOKEN_TO_MYREPO }}
+          tag: v1.0.0
           release-dir: ./  # by default, files are downloaded into dist/release
 ```
 
 ### Real world example
 
-This action is used to [publish](https://code.forgejo.org/forgejo/release-notes-assistant/src/branch/main/.forgejo/workflows/release.yml) the release notes assistant assets.
+This action is used to [publish](https://code.forgejo.org/forgejo/release-notes-assistant/src/commit/09f2c22d80d5ee655783cfeb2c1d4bab4afec3e4/.forgejo/workflows/release.yml) the release notes assistant assets.
 
 ## Update the `input` section of the README
 

action.yml

@@ -6,17 +6,21 @@ description: |
 inputs:
   url:
     description: 'URL of the Forgejo instance'
+    default: '${{ env.GITHUB_SERVER_URL }}'
   repo:
     description: 'owner/project relative to the URL'
+    default: '${{ github.repository }}'
   tag:
     description: 'Tag of the release'
+    default: '${{ github.ref_name }}'
   title:
     description: 'Title of the release (defaults to tag)'
   sha:
     description: 'SHA of the release'
+    default: '${{ github.sha }}'
   token:
     description: 'Forgejo application token'
-    required: true
+    default: '${{ secrets.GITHUB_TOKEN }}'
   release-dir:
     description: 'Directory in whichs release assets are uploaded or downloaded'
     required: true
@@ -33,19 +37,22 @@ inputs:
     description: 'Number of times to retry if the release is not ready (default 1)'
   download-latest:
     description: 'Download the latest release'
-    default: 'false'
+    default: false
   verbose:
     description: 'Increase the verbosity level'
-    default: 'false'
+    default: false
   override:
     description: 'Override an existing release by the same `{tag}`'
-    default: 'false'
+    default: false
   prerelease:
     description: 'Mark Release as Pre-Release'
-    default: 'false'
+    default: false
   release-notes-assistant:
     description: 'Generate release notes with Release Notes Assistant'
-    default: 'false'
+    default: false
+  hide-archive-link:
+    description: 'Hide the archive links'
+    default: false
 
 runs:
   using: "composite"
@@ -54,9 +61,6 @@ runs:
       shell: bash
     - run: |
         export FORGEJO="${{ inputs.url }}"
-        if test -z "$FORGEJO"; then
-          export FORGEJO="${{ env.GITHUB_SERVER_URL }}"
-        fi
         # A trailing / will mean http://forgejo//api/v1 is used
         # and it always 401 as of v1.19, because of the double slash
         FORGEJO=${FORGEJO%%/}
@@ -64,17 +68,8 @@ runs:
         export HOST=${FORGEJO#*://}
 
         export REPO="${{ inputs.repo }}"
-        if test -z "$REPO"; then
-          export REPO="${{ github.repository }}"
-        fi
 
         export TAG="${{ inputs.tag }}"
-        if test -z "$TAG"; then
-          export TAG="${{ github.ref_name }}"
-          # until https://code.forgejo.org/forgejo/runner/issues/9 is fixed
-          # trim refs/tags/
-          TAG=${TAG##refs/tags/}
-        fi
 
         export TITLE="${{ inputs.title }}"
 
@@ -84,6 +79,8 @@ runs:
 
         export RELEASE_NOTES_ASSISTANT="${{ inputs.release-notes-assistant }}"
 
+        export HIDE_ARCHIVE_LINK="${{ inputs.hide-archive-link }}"
+
         export TOKEN="${{ inputs.token }}"
 
         export RELEASE_DIR="${{ inputs.release-dir }}"
@@ -94,9 +91,6 @@ runs:
         )
 
         export SHA="${{ inputs.sha }}"
-        if test -z "$SHA"; then
-          export SHA="${{ github.sha }}"
-        fi
 
         export OVERRIDE="${{ inputs.override }}"
 

forgejo-release.sh

@@ -15,49 +15,87 @@ if ${VERBOSE:-false}; then set -x; fi
 : ${BIN_DIR:=$TMP_DIR}
 : ${TEA_VERSION:=0.9.0}
 : ${OVERRIDE:=false}
+: ${HIDE_ARCHIVE_LINK:=false}
 : ${RETRY:=1}
 : ${DELAY:=10}
 
+TAG_FILE="$TMP_DIR/tag$$.json"
+
 export GNUPGHOME
 
 setup_tea() {
-    if ! test -f $BIN_DIR/tea ; then
+    if ! test -f "$BIN_DIR"/tea; then
         ARCH=$(dpkg --print-architecture)
-	curl -sL https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-$ARCH > $BIN_DIR/tea
+        curl -sL https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-"$ARCH" >"$BIN_DIR"/tea
-	chmod +x $BIN_DIR/tea
+        chmod +x "$BIN_DIR"/tea
+    fi
+}
+
+get_tag() {
+    if ! test -f "$TAG_FILE"; then
+        if api GET repos/$REPO/tags/"$TAG" >"$TAG_FILE"; then
+            echo "tag $TAG exists"
+        else
+            echo "tag $TAG does not exists"
+        fi
+    fi
+    test -s "$TAG_FILE"
+}
+
+matched_tag() {
+    if get_tag; then
+        local sha=$(jq --raw-output .commit.sha <"$TAG_FILE")
+        test "$sha" = "$SHA"
+    else
+        return 1
     fi
 }
 
 ensure_tag() {
-    if api GET repos/$REPO/tags/$TAG > $TMP_DIR/tag.json ; then
+    if get_tag; then
-	local sha=$(jq --raw-output .commit.sha < $TMP_DIR/tag.json)
+        if ! matched_tag; then
-	if test "$sha" != "$SHA" ; then
+            cat "$TAG_FILE"
-	    cat $TMP_DIR/tag.json
             echo "the tag SHA in the $REPO repository does not match the tag SHA that triggered the build: $SHA"
-	    false
+            return 1
         fi
     else
-	api POST repos/$REPO/tags --data-raw '{"tag_name": "'$TAG'", "target": "'$SHA'"}'
+        create_tag
+    fi
+}
+
+create_tag() {
+    api POST repos/$REPO/tags --data-raw '{"tag_name": "'"$TAG"'", "target": "'"$SHA"'"}' >"$TAG_FILE"
+}
+
+delete_tag() {
+    if get_tag; then
+        api DELETE repos/$REPO/tags/$TAG
+        rm -f "$TAG_FILE"
     fi
 }
 
 upload_release() {
-    local assets=$(ls $RELEASE_DIR/* | sed -e 's/^/-a /')
+    # assets is defined as a list of arguments, where values may contain whitespace and need to be quoted like this -a "my file.txt" -a "file.txt".
+    # It is expanded using "${assets[@]}" which preserves the separation of arguments and not split whitespace containing values.
+    # For reference, see https://github.com/koalaman/shellcheck/wiki/SC2086#exceptions
+    local assets=()
+    for file in "$RELEASE_DIR"/*; do
+        assets=("${assets[@]}" -a "$file")
+    done
     if $PRERELEASE || echo "${TAG}" | grep -qi '\-rc'; then
-        releasetype="--prerelease"
+        releaseType="--prerelease"
         echo "Uploading as Pre-Release"
     else
         echo "Uploading as Stable"
     fi
     ensure_tag
-    anchor=$(echo $TAG | sed -e 's/^v//' -e 's/[^a-zA-Z0-9]/-/g')
+    if ! "$BIN_DIR"/tea release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} >&"$TMP_DIR"/tea.log; then
-    if ! $BIN_DIR/tea release create $assets --repo $REPO --note "$RELEASENOTES" --tag $TAG --title "$TITLE" --draft ${releasetype} >& $TMP_DIR/tea.log ; then
+        if grep --quiet 'Unknown API Error: 500' "$TMP_DIR"/tea.log && grep --quiet services/release/release.go:194 "$TMP_DIR"/tea.log; then
-        if grep --quiet 'Unknown API Error: 500' $TMP_DIR/tea.log && grep --quiet services/release/release.go:194 $TMP_DIR/tea.log ; then
             echo "workaround v1.20 race condition https://codeberg.org/forgejo/forgejo/issues/1370"
             sleep 10
-            $BIN_DIR/tea release create $assets --repo $REPO --note "$RELEASENOTES" --tag $TAG --title "$TITLE" --draft ${releasetype}
+            "$BIN_DIR"/tea release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType}
         else
-            cat $TMP_DIR/tea.log
+            cat "$TMP_DIR"/tea.log
             return 1
         fi
     fi
@@ -68,15 +106,16 @@ upload_release() {
 release_draft() {
     local state="$1"
 
-    local id=$(api GET repos/$REPO/releases/tags/$TAG | jq --raw-output .id)
+    local id=$(api GET repos/$REPO/releases/tags/"$TAG" | jq --raw-output .id)
-    api PATCH repos/$REPO/releases/$id --data-raw '{"draft": '$state'}'
+
+    api PATCH repos/$REPO/releases/"$id" --data-raw '{"draft": '"$state"', "hide_archive_links": '$HIDE_ARCHIVE_LINK'}'
 }
 
 maybe_use_release_note_assistant() {
     if "$RELEASE_NOTES_ASSISTANT"; then
         curl --fail -s -S -o rna https://code.forgejo.org/forgejo/release-notes-assistant/releases/download/v1.2.3/release-notes-assistant
         chmod +x ./rna
-        ./rna --storage release --storage-location $TAG --forgejo-url $SCHEME://placeholder:$TOKEN@$HOST --repository $REPO --token $TOKEN release $TAG
+        ./rna --storage release --storage-location "$TAG" --forgejo-url "$SCHEME"://placeholder:"$TOKEN"@"$HOST" --repository $REPO --token "$TOKEN" release "$TAG"
     fi
 }
 
@@ -86,11 +125,11 @@ sign_release() {
         passphrase="--passphrase-file $GPG_PASSPHRASE"
     fi
     gpg --import --no-tty --pinentry-mode loopback $passphrase "$GPG_PRIVATE_KEY"
-    for asset in $RELEASE_DIR/* ; do
+    for asset in "$RELEASE_DIR"/*; do
         if [[ $asset =~ .sha256$ ]]; then
             continue
         fi
-	gpg --armor --detach-sign --no-tty --pinentry-mode loopback $passphrase < $asset > $asset.asc
+        gpg --armor --detach-sign --no-tty --pinentry-mode loopback $passphrase <"$asset" >"$asset".asc
     done
 }
 
@@ -104,15 +143,17 @@ maybe_override() {
     if test "$OVERRIDE" = "false"; then
         return
     fi
-    api DELETE repos/$REPO/releases/tags/$TAG >& /dev/null || true
+    api DELETE repos/$REPO/releases/tags/"$TAG" >&/dev/null || true
-    api DELETE repos/$REPO/tags/$TAG >& /dev/null || true
+    if get_tag && ! matched_tag; then
+        delete_tag
+    fi
 }
 
 upload() {
     setup_api
     setup_tea
     rm -f ~/.config/tea/config.yml
-    GITEA_SERVER_TOKEN=$TOKEN $BIN_DIR/tea login add --url $FORGEJO
+    GITEA_SERVER_TOKEN=$TOKEN "$BIN_DIR"/tea login add --url $FORGEJO
     maybe_sign_release
     maybe_override
     upload_release
@@ -131,14 +172,14 @@ api() {
     path=$1
     shift
 
-    curl --fail -X $method -sS -H "Content-Type: application/json" -H "Authorization: token $TOKEN" "$@" $FORGEJO/api/v1/$path
+    curl --fail -X "$method" -sS -H "Content-Type: application/json" -H "Authorization: token $TOKEN" "$@" $FORGEJO/api/v1/"$path"
 }
 
 wait_release() {
     local ready=false
     for i in $(seq $RETRY); do
-	if api GET repos/$REPO/releases/tags/$TAG | jq --raw-output .draft > $TMP_DIR/draft; then
+        if api GET repos/$REPO/releases/tags/"$TAG" | jq --raw-output .draft >"$TMP_DIR"/draft; then
-	    if test "$(cat $TMP_DIR/draft)" = "false"; then
+            if test "$(cat "$TMP_DIR"/draft)" = "false"; then
                 ready=true
                 break
             fi
@@ -162,14 +203,14 @@ download() {
         cd $RELEASE_DIR
         if [[ ${DOWNLOAD_LATEST} == "true" ]]; then
             echo "Downloading the latest release"
-        api GET repos/$REPO/releases/latest > $TMP_DIR/assets.json
+            api GET repos/$REPO/releases/latest >"$TMP_DIR"/assets.json
         elif [[ ${DOWNLOAD_LATEST} == "false" ]]; then
             wait_release
             echo "Downloading tagged release ${TAG}"
-	    api GET repos/$REPO/releases/tags/$TAG > $TMP_DIR/assets.json
+            api GET repos/$REPO/releases/tags/"$TAG" >"$TMP_DIR"/assets.json
         fi
-	jq --raw-output '.assets[] | "\(.name) \(.browser_download_url)"' < $TMP_DIR/assets.json | while read name url ; do
+        jq --raw-output '.assets[] | "\(.browser_download_url) \(.name)"' <"$TMP_DIR"/assets.json | while read url name; do # `name` may contain whitespace, therefore, it must be last
-	    curl --fail -H "Authorization: token $TOKEN" -o $name -L $url
+            curl --fail -H "Authorization: token $TOKEN" -o "$name" -L "$url"
         done
     )
 }

renovate.json

@@ -0,0 +1,18 @@
+{
+    "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+    "extends": ["local>actions/renovate-config"],
+    "customManagers": [
+        {
+            "customType": "regex",
+            "description": "update example in README.md",
+            "fileMatch": ["^README.md$"],
+            "matchStrings": [
+                "uses: actions/forgejo-release@(?<currentValue>v\\d+\\.\\d+\\.\\d+)"
+            ],
+            "datasourceTemplate": "gitea-tags",
+            "depNameTemplate": "actions/forgejo-release",
+            "versioningTemplate": "semver",
+            "registryUrlTemplate": "https://code.forgejo.org"
+        }
+    ]
+}

testdata/forgejo-release-test.sh

@@ -2,6 +2,7 @@
 # SPDX-License-Identifier: MIT
 
 set -ex
+PS4='${BASH_SOURCE[0]}:$LINENO: ${FUNCNAME[0]}:  '
 
 test_teardown() {
     setup_api
@@ -38,24 +39,37 @@ test_wait_release() {
     ! wait_release
 }
 
+test_create_delete_tag() {
+    delete_tag
+
+    ! get_tag
+    create_tag
+    get_tag
+    delete_tag
+    ! get_tag
+}
+
 test_ensure_tag() {
-    api DELETE repos/$REPO/tags/$TAG || true
+    delete_tag
     #
     # idempotent
     #
     ensure_tag
-    api GET repos/$REPO/tags/$TAG > $TMP_DIR/tag1.json
+    mv $TAG_FILE $TMP_DIR/tag1.json
+
     ensure_tag
-    api GET repos/$REPO/tags/$TAG > $TMP_DIR/tag2.json
+    mv $TAG_FILE $TMP_DIR/tag2.json
+
     diff -u $TMP_DIR/tag[12].json
     #
     # sanity check on the SHA of an existing tag
     #
     (
         SHA=12345
+        ! matched_tag
         ! ensure_tag
     )
-    api DELETE repos/$REPO/tags/$TAG
+    delete_tag
 }
 
 test_maybe_sign_release_no_gpg() {
@@ -129,6 +143,7 @@ test_run() {
     REPO=$user/$project
     test_setup $project
     test_ensure_tag
+    test_create_delete_tag
     DELAY=0
     test_wait_release_fail
     echo "================================ TEST BEGIN"

testdata/nested-upload-download/.forgejo/workflows/test.yml

@@ -12,7 +12,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - id: forgejo
-        uses: https://code.forgejo.org/actions/setup-forgejo@v1
+        uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.11
         with:
           user: testuser
           password: admin1234

testdata/upload-download/.forgejo/workflows/test.yml

@@ -26,6 +26,7 @@ jobs:
           token: FORGEJO_TOKEN
           release-dir: upload-dir
           release-notes-assistant: true
+          hide-archive-link: true
           override: true
           verbose: true
       - if: ${{ !startsWith(github.ref, 'refs/tags/v') }}

testdata/upload-download/upload-dir/file 3.txt

@@ -0,0 +1 @@
+FILE3