Skynet/actions-forgejo-release
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
actions-forgejo-release/forgejo-release.sh
benniekiss c1d31e18ab exit without output on failed download 
in the case the provided access token doesn't have the appropriate permissions, exit without output. Otherwise, the downloaded files will not have the expected contents.
2024-07-05 19:09:25 +00:00

163 lines
4.2 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
# SPDX-License-Identifier: MIT
set -e
if ${VERBOSE:-false}; then set -x; fi
: ${FORGEJO:=https://codeberg.org}
: ${REPO:=forgejo-integration/forgejo}
: ${RELEASE_DIR:=dist/release}
: ${TMP_DIR:=$(mktemp -d)}
: ${GNUPGHOME:=$TMP_DIR}
: ${BIN_DIR:=$TMP_DIR}
: ${TEA_VERSION:=0.9.0}
: ${OVERRIDE:=false}
: ${RETRY:=1}
: ${DELAY:=10}
export GNUPGHOME
setup_tea() {
if ! test -f $BIN_DIR/tea ; then
ARCH=$(dpkg --print-architecture)
curl -sL https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-$ARCH > $BIN_DIR/tea
chmod +x $BIN_DIR/tea
fi
}
ensure_tag() {
if api GET repos/$REPO/tags/$TAG > $TMP_DIR/tag.json ; then
local sha=$(jq --raw-output .commit.sha < $TMP_DIR/tag.json)
if test "$sha" != "$SHA" ; then
cat $TMP_DIR/tag.json
echo "the tag SHA in the $REPO repository does not match the tag SHA that triggered the build: $SHA"
false
fi
else
api POST repos/$REPO/tags --data-raw '{"tag_name": "'$TAG'", "target": "'$SHA'"}'
fi
}
upload_release() {
local assets=$(ls $RELEASE_DIR/* | sed -e 's/^/-a /')
local releasetype
( $PRERELEASE || echo "${TAG}" | grep -qi '\-rc' ) && export releasetype="--prerelease" && echo "Uploading as Pre-Release"
test ${releasetype+false} || echo "Uploading as Stable"
ensure_tag
anchor=$(echo $TAG | sed -e 's/^v//' -e 's/[^a-zA-Z0-9]/-/g')
if ! $BIN_DIR/tea release create $assets --repo $REPO --note "$RELEASENOTES" --tag $TAG --title $TAG --draft ${releasetype} >& $TMP_DIR/tea.log ; then
if grep --quiet 'Unknown API Error: 500' $TMP_DIR/tea.log && grep --quiet services/release/release.go:194 $TMP_DIR/tea.log ; then
echo "workaround v1.20 race condition https://codeberg.org/forgejo/forgejo/issues/1370"
sleep 10
$BIN_DIR/tea release create $assets --repo $REPO --note "$RELEASENOTES" --tag $TAG --title $TAG --draft ${releasetype}
else
cat $TMP_DIR/tea.log
return 1
fi
fi
release_draft false
}
release_draft() {
local state="$1"
local id=$(api GET repos/$REPO/releases/tags/$TAG | jq --raw-output .id)
api PATCH repos/$REPO/releases/$id --data-raw '{"draft": '$state'}'
}
sign_release() {
local passphrase
if test -s "$GPG_PASSPHRASE"; then
passphrase="--passphrase-file $GPG_PASSPHRASE"
fi
gpg --import --no-tty --pinentry-mode loopback $passphrase "$GPG_PRIVATE_KEY"
for asset in $RELEASE_DIR/* ; do
if [[ $asset =~ .sha256$ ]] ; then
continue
fi
gpg --armor --detach-sign --no-tty --pinentry-mode loopback $passphrase < $asset > $asset.asc
done
}
maybe_sign_release() {
if test -s "$GPG_PRIVATE_KEY"; then
sign_release
fi
}
maybe_override() {
if test "$OVERRIDE" = "false"; then
return
fi
api DELETE repos/$REPO/releases/tags/$TAG >& /dev/null || true
api DELETE repos/$REPO/tags/$TAG >& /dev/null || true
}
upload() {
setup_api
setup_tea
rm -f ~/.config/tea/config.yml
GITEA_SERVER_TOKEN=$TOKEN $BIN_DIR/tea login add --url $FORGEJO
maybe_sign_release
maybe_override
upload_release
}
setup_api() {
if ! which jq curl ; then
apt-get -qq update
apt-get install -y -qq jq curl
fi
}
api() {
method=$1
shift
path=$1
shift
curl --fail -X $method -sS -H "Content-Type: application/json" -H "Authorization: token $TOKEN" "$@" $FORGEJO/api/v1/$path
}
wait_release() {
local ready=false
for i in $(seq $RETRY); do
if api GET repos/$REPO/releases/tags/$TAG | jq --raw-output .draft > $TMP_DIR/draft; then
if test "$(cat $TMP_DIR/draft)" = "false"; then
ready=true
break
fi
echo "release $TAG is still a draft"
else
echo "release $TAG does not exist yet"
fi
echo "waiting $DELAY seconds"
sleep $DELAY
done
if ! $ready ; then
echo "no release for $TAG"
return 1
fi
}
download() {
setup_api
wait_release
(
mkdir -p $RELEASE_DIR
cd $RELEASE_DIR
api GET repos/$REPO/releases/tags/$TAG > $TMP_DIR/assets.json
jq --raw-output '.assets[] | "\(.name) \(.browser_download_url)"' < $TMP_DIR/assets.json | while read name url ; do
curl --fail -H "Authorization: token $TOKEN" -o $name -L $url
done
)
}
missing() {
echo need upload or download argument got nothing
exit 1
}
${@:-missing}
Reference in a new issue View git blame Copy permalink