Merge pull request 'Update https://code.forgejo.org/actions/setup-forgejo action to v2.0.11' (#49) from renovate/https-code.forgejo.org-actions-setup-forgejo-2.x into main

Reviewed-on: https://code.forgejo.org/actions/forgejo-release/pulls/49
Reviewed-by: earl-warren <earl-warren@noreply.code.forgejo.org>

.forgejo/workflows/integration.yml

@@ -6,7 +6,7 @@ jobs:
       - uses: actions/checkout@v3
 
       - id: forgejo
-        uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.4
+        uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.11
         with:
           user: testuser
           password: admin1234

README.md

@@ -10,12 +10,12 @@ Upload or download the assets of a release to a Forgejo instance.
 
 | name | description | required | default |
 | --- | --- | --- | --- |
-| `url` | <p>URL of the Forgejo instance</p> | `false` | `""` |
-| `repo` | <p>owner/project relative to the URL</p> | `false` | `""` |
-| `tag` | <p>Tag of the release</p> | `false` | `""` |
+| `url` | <p>URL of the Forgejo instance</p> | `false` | `${{ env.GITHUB_SERVER_URL }}` |
+| `repo` | <p>owner/project relative to the URL</p> | `false` | `${{ github.repository }}` |
+| `tag` | <p>Tag of the release</p> | `false` | `${{ github.ref_name }}` |
 | `title` | <p>Title of the release (defaults to tag)</p> | `false` | `""` |
-| `sha` | <p>SHA of the release</p> | `false` | `""` |
-| `token` | <p>Forgejo application token</p> | `true` | `""` |
+| `sha` | <p>SHA of the release</p> | `false` | `${{ github.sha }}` |
+| `token` | <p>Forgejo application token</p> | `false` | `${{ secrets.GITHUB_TOKEN }}` |
 | `release-dir` | <p>Directory in whichs release assets are uploaded or downloaded</p> | `true` | `""` |
 | `release-notes` | <p>Release notes</p> | `false` | `""` |
 | `direction` | <p>Can either be <code>download</code> or <code>upload</code></p> | `true` | `""` |
@@ -37,16 +37,18 @@ Upload or download the assets of a release to a Forgejo instance.
 Upload the release located in `release-dir` to the release section of a repository (`url` and `repo`):
 
 ```yaml
-on: [tag]
 jobs:
   upload-release:
-    runs-on: ubuntu-latest
+    runs-on: docker
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/forgejo-release@v2
+      - uses: actions/checkout@v4
+      - uses: actions/forgejo-release@v2.6.0
         with:
           direction: upload
-          url: https://code.forgejo.org
+          url: https://my-forgejo-instance.net
+          repo: myuser/myrepo
+          token: ${{ secrets.WRITE_TOKEN_TO_MYREPO }}
+          tag: v1.0.0
           release-dir: dist/release
           release-notes: "MY RELEASE NOTES"
 ```
@@ -56,24 +58,24 @@ jobs:
 Example downloading the forgejo release v1.21.4-0 into the working directory:
 
 ```yaml
-on: [tag]
 jobs:
   download-release:
-    runs-on: ubuntu-latest
+    runs-on: docker
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/forgejo-release@v2
+      - uses: actions/checkout@v4
+      - uses: actions/forgejo-release@v2.6.0
         with:
           direction: download
-          url: https://code.forgejo.org
-          repo: forgejo/forgejo
-          tag: v1.21.4-0
+          url: https://my-forgejo-instance.net
+          repo: myuser/myrepo
+          token: ${{ secrets.READ_TOKEN_TO_MYREPO }}
+          tag: v1.0.0
           release-dir: ./  # by default, files are downloaded into dist/release
 ```
 
 ### Real world example
 
-This action is used to [publish](https://code.forgejo.org/forgejo/release-notes-assistant/src/branch/main/.forgejo/workflows/release.yml) the release notes assistant assets.
+This action is used to [publish](https://code.forgejo.org/forgejo/release-notes-assistant/src/commit/09f2c22d80d5ee655783cfeb2c1d4bab4afec3e4/.forgejo/workflows/release.yml) the release notes assistant assets.
 
 ## Update the `input` section of the README
 

action.yml

@@ -6,17 +6,21 @@ description: |
 inputs:
   url:
     description: 'URL of the Forgejo instance'
+    default: '${{ env.GITHUB_SERVER_URL }}'
   repo:
     description: 'owner/project relative to the URL'
+    default: '${{ github.repository }}'
   tag:
     description: 'Tag of the release'
+    default: '${{ github.ref_name }}'
   title:
     description: 'Title of the release (defaults to tag)'
   sha:
     description: 'SHA of the release'
+    default: '${{ github.sha }}'
   token:
     description: 'Forgejo application token'
-    required: true
+    default: '${{ secrets.GITHUB_TOKEN }}'
   release-dir:
     description: 'Directory in whichs release assets are uploaded or downloaded'
     required: true
@@ -57,9 +61,6 @@ runs:
       shell: bash
     - run: |
         export FORGEJO="${{ inputs.url }}"
-        if test -z "$FORGEJO"; then
-          export FORGEJO="${{ env.GITHUB_SERVER_URL }}"
-        fi
         # A trailing / will mean http://forgejo//api/v1 is used
         # and it always 401 as of v1.19, because of the double slash
         FORGEJO=${FORGEJO%%/}
@@ -67,17 +68,8 @@ runs:
         export HOST=${FORGEJO#*://}
 
         export REPO="${{ inputs.repo }}"
-        if test -z "$REPO"; then
-          export REPO="${{ github.repository }}"
-        fi
 
         export TAG="${{ inputs.tag }}"
-        if test -z "$TAG"; then
-          export TAG="${{ github.ref_name }}"
-          # until https://code.forgejo.org/forgejo/runner/issues/9 is fixed
-          # trim refs/tags/
-          TAG=${TAG##refs/tags/}
-        fi
 
         export TITLE="${{ inputs.title }}"
 
@@ -99,9 +91,6 @@ runs:
         )
 
         export SHA="${{ inputs.sha }}"
-        if test -z "$SHA"; then
-          export SHA="${{ github.sha }}"
-        fi
 
         export OVERRIDE="${{ inputs.override }}"
 

forgejo-release.sh

@@ -19,26 +19,58 @@ if ${VERBOSE:-false}; then set -x; fi
 : ${RETRY:=1}
 : ${DELAY:=10}
 
+TAG_FILE="$TMP_DIR/tag$$.json"
+
 export GNUPGHOME
 
 setup_tea() {
-    if ! test -f "$BIN_DIR"/tea ; then
+    if ! test -f "$BIN_DIR"/tea; then
         ARCH=$(dpkg --print-architecture)
-    curl -sL https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-"$ARCH" > "$BIN_DIR"/tea
+        curl -sL https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-"$ARCH" >"$BIN_DIR"/tea
         chmod +x "$BIN_DIR"/tea
     fi
 }
 
+get_tag() {
+    if ! test -f "$TAG_FILE"; then
+        if api GET repos/$REPO/tags/"$TAG" >"$TAG_FILE"; then
+            echo "tag $TAG exists"
+        else
+            echo "tag $TAG does not exists"
+        fi
+    fi
+    test -s "$TAG_FILE"
+}
+
+matched_tag() {
+    if get_tag; then
+        local sha=$(jq --raw-output .commit.sha <"$TAG_FILE")
+        test "$sha" = "$SHA"
+    else
+        return 1
+    fi
+}
+
 ensure_tag() {
-    if api GET repos/$REPO/tags/"$TAG" > "$TMP_DIR"/tag.json ; then
-    local sha=$(jq --raw-output .commit.sha < "$TMP_DIR"/tag.json)
-    if test "$sha" != "$SHA" ; then
-        cat "$TMP_DIR"/tag.json
+    if get_tag; then
+        if ! matched_tag; then
+            cat "$TAG_FILE"
             echo "the tag SHA in the $REPO repository does not match the tag SHA that triggered the build: $SHA"
-        false
+            return 1
         fi
     else
-    api POST repos/$REPO/tags --data-raw '{"tag_name": "'"$TAG"'", "target": "'"$SHA"'"}'
+        create_tag
+    fi
+}
+
+create_tag() {
+    api POST repos/$REPO/tags --data-raw '{"tag_name": "'"$TAG"'", "target": "'"$SHA"'"}' >"$TAG_FILE"
+}
+
+delete_tag() {
+    if get_tag; then
+        api DELETE repos/$REPO/tags/$TAG
+        rm -f "$TAG_FILE"
     fi
 }
 
@@ -50,15 +82,15 @@ upload_release() {
     for file in "$RELEASE_DIR"/*; do
         assets=("${assets[@]}" -a "$file")
     done
-    if $PRERELEASE || echo "${TAG}" | grep -qi '\-rc' ; then
+    if $PRERELEASE || echo "${TAG}" | grep -qi '\-rc'; then
         releaseType="--prerelease"
         echo "Uploading as Pre-Release"
     else
         echo "Uploading as Stable"
     fi
     ensure_tag
-    if ! "$BIN_DIR"/tea release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} >& "$TMP_DIR"/tea.log ; then
-        if grep --quiet 'Unknown API Error: 500' "$TMP_DIR"/tea.log && grep --quiet services/release/release.go:194 "$TMP_DIR"/tea.log ; then
+    if ! "$BIN_DIR"/tea release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} >&"$TMP_DIR"/tea.log; then
+        if grep --quiet 'Unknown API Error: 500' "$TMP_DIR"/tea.log && grep --quiet services/release/release.go:194 "$TMP_DIR"/tea.log; then
             echo "workaround v1.20 race condition https://codeberg.org/forgejo/forgejo/issues/1370"
             sleep 10
             "$BIN_DIR"/tea release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType}
@@ -93,11 +125,11 @@ sign_release() {
         passphrase="--passphrase-file $GPG_PASSPHRASE"
     fi
     gpg --import --no-tty --pinentry-mode loopback $passphrase "$GPG_PRIVATE_KEY"
-    for asset in "$RELEASE_DIR"/* ; do
-    if [[ $asset =~ .sha256$ ]] ; then
+    for asset in "$RELEASE_DIR"/*; do
+        if [[ $asset =~ .sha256$ ]]; then
             continue
         fi
-    gpg --armor --detach-sign --no-tty --pinentry-mode loopback $passphrase < "$asset" > "$asset".asc
+        gpg --armor --detach-sign --no-tty --pinentry-mode loopback $passphrase <"$asset" >"$asset".asc
     done
 }
 
@@ -111,8 +143,10 @@ maybe_override() {
     if test "$OVERRIDE" = "false"; then
         return
     fi
-    api DELETE repos/$REPO/releases/tags/"$TAG" >& /dev/null || true
-    api DELETE repos/$REPO/tags/"$TAG" >& /dev/null || true
+    api DELETE repos/$REPO/releases/tags/"$TAG" >&/dev/null || true
+    if get_tag && ! matched_tag; then
+        delete_tag
+    fi
 }
 
 upload() {
@@ -126,7 +160,7 @@ upload() {
 }
 
 setup_api() {
-    if ! which jq curl ; then
+    if ! which jq curl; then
         apt-get -qq update
         apt-get install -y -qq jq curl
     fi
@@ -144,7 +178,7 @@ api() {
 wait_release() {
     local ready=false
     for i in $(seq $RETRY); do
-    if api GET repos/$REPO/releases/tags/"$TAG" | jq --raw-output .draft > "$TMP_DIR"/draft; then
+        if api GET repos/$REPO/releases/tags/"$TAG" | jq --raw-output .draft >"$TMP_DIR"/draft; then
             if test "$(cat "$TMP_DIR"/draft)" = "false"; then
                 ready=true
                 break
@@ -156,7 +190,7 @@ wait_release() {
         echo "waiting $DELAY seconds"
         sleep $DELAY
     done
-    if ! $ready ; then
+    if ! $ready; then
         echo "no release for $TAG"
         return 1
     fi
@@ -167,15 +201,15 @@ download() {
     (
         mkdir -p $RELEASE_DIR
         cd $RELEASE_DIR
-    if [[ ${DOWNLOAD_LATEST} == "true" ]] ; then
+        if [[ ${DOWNLOAD_LATEST} == "true" ]]; then
             echo "Downloading the latest release"
-        api GET repos/$REPO/releases/latest > "$TMP_DIR"/assets.json
-    elif [[ ${DOWNLOAD_LATEST} == "false" ]] ; then
+            api GET repos/$REPO/releases/latest >"$TMP_DIR"/assets.json
+        elif [[ ${DOWNLOAD_LATEST} == "false" ]]; then
             wait_release
             echo "Downloading tagged release ${TAG}"
-        api GET repos/$REPO/releases/tags/"$TAG" > "$TMP_DIR"/assets.json
+            api GET repos/$REPO/releases/tags/"$TAG" >"$TMP_DIR"/assets.json
         fi
-     jq --raw-output '.assets[] | "\(.browser_download_url) \(.name)"' < "$TMP_DIR"/assets.json | while read url name  ; do  # `name` may contain whitespace, therefore, it must be last
+        jq --raw-output '.assets[] | "\(.browser_download_url) \(.name)"' <"$TMP_DIR"/assets.json | while read url name; do # `name` may contain whitespace, therefore, it must be last
             curl --fail -H "Authorization: token $TOKEN" -o "$name" -L "$url"
         done
     )

renovate.json

@@ -1,6 +1,18 @@
 {
     "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "extends": [
-    "local>actions/renovate-config"
+    "extends": ["local>actions/renovate-config"],
+    "customManagers": [
+        {
+            "customType": "regex",
+            "description": "update example in README.md",
+            "fileMatch": ["^README.md$"],
+            "matchStrings": [
+                "uses: actions/forgejo-release@(?<currentValue>v\\d+\\.\\d+\\.\\d+)"
+            ],
+            "datasourceTemplate": "gitea-tags",
+            "depNameTemplate": "actions/forgejo-release",
+            "versioningTemplate": "semver",
+            "registryUrlTemplate": "https://code.forgejo.org"
+        }
     ]
 }

testdata/forgejo-release-test.sh

@@ -2,6 +2,7 @@
 # SPDX-License-Identifier: MIT
 
 set -ex
+PS4='${BASH_SOURCE[0]}:$LINENO: ${FUNCNAME[0]}:  '
 
 test_teardown() {
     setup_api
@@ -38,24 +39,37 @@ test_wait_release() {
     ! wait_release
 }
 
+test_create_delete_tag() {
+    delete_tag
+
+    ! get_tag
+    create_tag
+    get_tag
+    delete_tag
+    ! get_tag
+}
+
 test_ensure_tag() {
-    api DELETE repos/$REPO/tags/$TAG || true
+    delete_tag
     #
     # idempotent
     #
     ensure_tag
-    api GET repos/$REPO/tags/$TAG > $TMP_DIR/tag1.json
+    mv $TAG_FILE $TMP_DIR/tag1.json
+
     ensure_tag
-    api GET repos/$REPO/tags/$TAG > $TMP_DIR/tag2.json
+    mv $TAG_FILE $TMP_DIR/tag2.json
+
     diff -u $TMP_DIR/tag[12].json
     #
     # sanity check on the SHA of an existing tag
     #
     (
         SHA=12345
+        ! matched_tag
         ! ensure_tag
     )
-    api DELETE repos/$REPO/tags/$TAG
+    delete_tag
 }
 
 test_maybe_sign_release_no_gpg() {
@@ -129,6 +143,7 @@ test_run() {
     REPO=$user/$project
     test_setup $project
     test_ensure_tag
+    test_create_delete_tag
     DELAY=0
     test_wait_release_fail
     echo "================================ TEST BEGIN"

testdata/nested-upload-download/.forgejo/workflows/test.yml

@@ -12,7 +12,7 @@ jobs:
     steps:
       - uses: actions/checkout@v3
       - id: forgejo
-        uses: https://code.forgejo.org/actions/setup-forgejo@v1
+        uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.11
         with:
           user: testuser
           password: admin1234