actions/forgejo-release
0
0
Fork 0
mirror of https://code.forgejo.org/actions/forgejo-release.git synced 2025-09-03 14:51:55 +03:00
Code Issues Projects Releases Packages Wiki Activity

Escape shell variables

Browse source 
I might have faced a problem caused by multiline release notes.
Irrespective of that, this commit fixes most of the shellcheck warnings.

At the tea invocation, `releaseType` may not be quoted to avoid an empty
argument for stable releases.
This commit is contained in:
Mynacol 2025-08-07 17:59:21 +00:00
parent 9f05f9811a
commit 31e2907aa0
2 changed files with 50 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

24
action.yml
View file

@ -69,9 +69,9 @@ runs:
export FORGEJO="${{ inputs.url }}" export FORGEJO="${{ inputs.url }}"
# A trailing / will mean http://forgejo//api/v1 is used # A trailing / will mean http://forgejo//api/v1 is used
# and it always 401 as of v1.19, because of the double slash # and it always 401 as of v1.19, because of the double slash
FORGEJO=${FORGEJO%%/} FORGEJO="${FORGEJO%%/}"
export SCHEME=${FORGEJO%://*} export SCHEME="${FORGEJO%://*}"
export HOST=${FORGEJO#*://} export HOST="${FORGEJO#*://}"
export REPO="${{ inputs.repo }}" export REPO="${{ inputs.repo }}"
@ -84,18 +84,18 @@ runs:
export PRERELEASE="${{ inputs.prerelease }}" export PRERELEASE="${{ inputs.prerelease }}"
export RELEASE_NOTES_ASSISTANT="${{ inputs.release-notes-assistant }}" export RELEASE_NOTES_ASSISTANT="${{ inputs.release-notes-assistant }}"
export RELEASE_NOTES_ASSISTANT_WORKDIR=${{ forge.action_path }}/rna export RELEASE_NOTES_ASSISTANT_WORKDIR="${{ forge.action_path }}/rna"
export HIDE_ARCHIVE_LINK="${{ inputs.hide-archive-link }}" export HIDE_ARCHIVE_LINK="${{ inputs.hide-archive-link }}"
export TOKEN=${{ inputs.token }} export TOKEN="${{ inputs.token }}"
export RELEASE_DIR="${{ inputs.release-dir }}" export RELEASE_DIR="${{ inputs.release-dir }}"
export RELEASENOTES=$(cat << 'EOF' export RELEASENOTES="$(cat << 'EOF'
${{ inputs.release-notes }} ${{ inputs.release-notes }}
EOF EOF
) )"
export SHA="${{ inputs.sha }}" export SHA="${{ inputs.sha }}"
@ -105,12 +105,12 @@ runs:
export RETRY="${{ inputs.download-retry }}" export RETRY="${{ inputs.download-retry }}"
export TMP_DIR=$(mktemp -d) export TMP_DIR="$(mktemp -d)"
trap "rm -fr $TMP_DIR" EXIT trap "rm -fr '$TMP_DIR'" EXIT
echo -n "${{ inputs.gpg-private-key }}" > $TMP_DIR/gpg-private-key echo -n "${{ inputs.gpg-private-key }}" > "$TMP_DIR/gpg-private-key"
export GPG_PRIVATE_KEY=$TMP_DIR/gpg-private-key export GPG_PRIVATE_KEY="$TMP_DIR/gpg-private-key"
echo -n "${{ inputs.gpg-passphrase }}" > $TMP_DIR/gpg-passphrase echo -n "${{ inputs.gpg-passphrase }}" > "$TMP_DIR/gpg-passphrase"
export GPG_PASSPHRASE="$TMP_DIR/gpg-passphrase" export GPG_PASSPHRASE="$TMP_DIR/gpg-passphrase"
forgejo-release.sh ${{ inputs.direction }} forgejo-release.sh ${{ inputs.direction }}

76
forgejo-release.sh
View file

@ -5,19 +5,19 @@ set -e
if ${VERBOSE:-false}; then set -x; fi if ${VERBOSE:-false}; then set -x; fi
: ${FORGEJO:=https://codeberg.org} : "${FORGEJO:=https://codeberg.org}"
: ${REPO:=forgejo-integration/forgejo} : "${REPO:=forgejo-integration/forgejo}"
: ${TITLE:=$TAG} : "${TITLE:=$TAG}"
: ${RELEASE_DIR:=dist/release} : "${RELEASE_DIR:=dist/release}"
: ${DOWNLOAD_LATEST:=false} : "${DOWNLOAD_LATEST:=false}"
: ${TMP_DIR:=$(mktemp -d)} : "${TMP_DIR:=$(mktemp -d)}"
: ${GNUPGHOME:=$TMP_DIR} : "${GNUPGHOME:=$TMP_DIR}"
: ${TEA_BIN:=$TMP_DIR/tea} : "${TEA_BIN:=$TMP_DIR/tea}"
: ${TEA_VERSION:=0.9.0} : "${TEA_VERSION:=0.9.0}"
: ${OVERRIDE:=false} : "${OVERRIDE:=false}"
: ${HIDE_ARCHIVE_LINK:=false} : "${HIDE_ARCHIVE_LINK:=false}"
: ${RETRY:=1} : "${RETRY:=1}"
: ${DELAY:=10} : "${DELAY:=10}"
RELEASE_NOTES_ASSISTANT_VERSION=v1.4.0 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org RELEASE_NOTES_ASSISTANT_VERSION=v1.4.0 # renovate: datasource=forgejo-releases depName=forgejo/release-notes-assistant registryUrl=https://code.forgejo.org
@ -29,16 +29,16 @@ export GNUPGHOME
setup_tea() { setup_tea() {
if which tea 2>/dev/null; then if which tea 2>/dev/null; then
TEA_BIN=$(which tea) TEA_BIN=$(which tea)
elif ! test -f $TEA_BIN; then elif ! test -f "$TEA_BIN"; then
ARCH=$(dpkg --print-architecture) ARCH=$(dpkg --print-architecture)
curl -sL https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-"$ARCH" >$TEA_BIN curl -sL "https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-$ARCH" >"$TEA_BIN"
chmod +x $TEA_BIN chmod +x "$TEA_BIN"
fi fi
} }
get_tag() { get_tag() {
if ! test -f "$TAG_FILE"; then if ! test -f "$TAG_FILE"; then
if api GET repos/$REPO/tags/"$TAG_URL" >"$TAG_FILE"; then if api GET "repos/$REPO/tags/$TAG_URL" >"$TAG_FILE"; then
echo "tag $TAG exists" echo "tag $TAG exists"
else else
echo "tag $TAG does not exists" echo "tag $TAG does not exists"
@ -69,12 +69,12 @@ ensure_tag() {
} }
create_tag() { create_tag() {
api POST repos/$REPO/tags --data-raw '{"tag_name": "'"$TAG"'", "target": "'"$SHA"'"}' >"$TAG_FILE" api POST "repos/$REPO/tags" --data-raw '{"tag_name": "'"$TAG"'", "target": "'"$SHA"'"}' >"$TAG_FILE"
} }
delete_tag() { delete_tag() {
if get_tag; then if get_tag; then
api DELETE repos/$REPO/tags/"$TAG_URL" api DELETE "repos/$REPO/tags/$TAG_URL"
rm -f "$TAG_FILE" rm -f "$TAG_FILE"
fi fi
} }
@ -94,11 +94,11 @@ upload_release() {
echo "Uploading as Stable" echo "Uploading as Stable"
fi fi
ensure_tag ensure_tag
if ! $TEA_BIN release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} >&"$TMP_DIR"/tea.log; then if ! $TEA_BIN release create "${assets[@]}" --repo "$REPO" --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} >&"$TMP_DIR"/tea.log; then
if grep --quiet 'Unknown API Error: 500' "$TMP_DIR"/tea.log && grep --quiet services/release/release.go:194 "$TMP_DIR"/tea.log; then if grep --quiet 'Unknown API Error: 500' "$TMP_DIR"/tea.log && grep --quiet services/release/release.go:194 "$TMP_DIR"/tea.log; then
echo "workaround v1.20 race condition https://codeberg.org/forgejo/forgejo/issues/1370" echo "workaround v1.20 race condition https://codeberg.org/forgejo/forgejo/issues/1370"
sleep 10 sleep 10
$TEA_BIN release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} $TEA_BIN release create "${assets[@]}" --repo "$REPO" --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType}
else else
cat "$TMP_DIR"/tea.log cat "$TMP_DIR"/tea.log
return 1 return 1
@ -111,17 +111,17 @@ upload_release() {
release_draft() { release_draft() {
local state="$1" local state="$1"
local id=$(api GET repos/$REPO/releases/tags/"$TAG_URL" | jq --raw-output .id) local id=$(api GET "repos/$REPO/releases/tags/$TAG_URL" | jq --raw-output .id)
api PATCH repos/$REPO/releases/"$id" --data-raw '{"draft": '"$state"', "hide_archive_links": '$HIDE_ARCHIVE_LINK'}' api PATCH "repos/$REPO/releases/$id" --data-raw '{"draft": '"$state"', "hide_archive_links": '"$HIDE_ARCHIVE_LINK"'}'
} }
maybe_use_release_note_assistant() { maybe_use_release_note_assistant() {
if "$RELEASE_NOTES_ASSISTANT"; then if "$RELEASE_NOTES_ASSISTANT"; then
curl --fail -s -S -o rna https://code.forgejo.org/forgejo/release-notes-assistant/releases/download/$RELEASE_NOTES_ASSISTANT_VERSION/release-notes-assistant curl --fail -s -S -o rna "https://code.forgejo.org/forgejo/release-notes-assistant/releases/download/$RELEASE_NOTES_ASSISTANT_VERSION/release-notes-assistant"
chmod +x ./rna chmod +x ./rna
mkdir -p $RELEASE_NOTES_ASSISTANT_WORKDIR mkdir -p "$RELEASE_NOTES_ASSISTANT_WORKDIR"
./rna --workdir=$RELEASE_NOTES_ASSISTANT_WORKDIR --storage release --storage-location "$TAG" --token "$TOKEN" --forgejo-url "$SCHEME://$HOST" --repository $REPO --token "$TOKEN" release "$TAG" ./rna --workdir="$RELEASE_NOTES_ASSISTANT_WORKDIR" --storage release --storage-location "$TAG" --token "$TOKEN" --forgejo-url "$SCHEME://$HOST" --repository "$REPO" --token "$TOKEN" release "$TAG"
fi fi
} }
@ -130,12 +130,12 @@ sign_release() {
if test -s "$GPG_PASSPHRASE"; then if test -s "$GPG_PASSPHRASE"; then
passphrase="--passphrase-file $GPG_PASSPHRASE" passphrase="--passphrase-file $GPG_PASSPHRASE"
fi fi
gpg --import --no-tty --pinentry-mode loopback $passphrase "$GPG_PRIVATE_KEY" gpg --import --no-tty --pinentry-mode loopback "$passphrase" "$GPG_PRIVATE_KEY"
for asset in "$RELEASE_DIR"/*; do for asset in "$RELEASE_DIR"/*; do
if [[ $asset =~ .sha256$ ]]; then if [[ $asset =~ .sha256$ ]]; then
continue continue
fi fi
gpg --armor --detach-sign --no-tty --pinentry-mode loopback $passphrase <"$asset" >"$asset".asc gpg --armor --detach-sign --no-tty --pinentry-mode loopback "$passphrase" <"$asset" >"$asset".asc
done done
} }
@ -149,7 +149,7 @@ maybe_override() {
if test "$OVERRIDE" = "false"; then if test "$OVERRIDE" = "false"; then
return return
fi fi
api DELETE repos/$REPO/releases/tags/"$TAG_URL" >&/dev/null || true api DELETE "repos/$REPO/releases/tags/$TAG_URL" >&/dev/null || true
if get_tag && ! matched_tag; then if get_tag && ! matched_tag; then
delete_tag delete_tag
fi fi
@ -159,7 +159,7 @@ upload() {
setup_api setup_api
setup_tea setup_tea
rm -f ~/.config/tea/config.yml rm -f ~/.config/tea/config.yml
GITEA_SERVER_TOKEN=$TOKEN $TEA_BIN login add --url $FORGEJO GITEA_SERVER_TOKEN=$TOKEN $TEA_BIN login add --url "$FORGEJO"
maybe_sign_release maybe_sign_release
maybe_override maybe_override
upload_release upload_release
@ -178,13 +178,13 @@ api() {
path=$1 path=$1
shift shift
curl --fail -X "$method" -sS -H "Content-Type: application/json" -H "Authorization: token $TOKEN" "$@" $FORGEJO/api/v1/"$path" curl --fail -X "$method" -sS -H "Content-Type: application/json" -H "Authorization: token $TOKEN" "$@" "$FORGEJO/api/v1/$path"
} }
wait_release() { wait_release() {
local ready=false local ready=false
for i in $(seq $RETRY); do for i in $(seq "$RETRY"); do
if api GET repos/$REPO/releases/tags/"$TAG_URL" | jq --raw-output .draft >"$TMP_DIR"/draft; then if api GET "repos/$REPO/releases/tags/$TAG_URL" | jq --raw-output .draft >"$TMP_DIR"/draft; then
if test "$(cat "$TMP_DIR"/draft)" = "false"; then if test "$(cat "$TMP_DIR"/draft)" = "false"; then
ready=true ready=true
break break
@ -194,7 +194,7 @@ wait_release() {
echo "release $TAG does not exist yet" echo "release $TAG does not exist yet"
fi fi
echo "waiting $DELAY seconds" echo "waiting $DELAY seconds"
sleep $DELAY sleep "$DELAY"
done done
if ! $ready; then if ! $ready; then
echo "no release for $TAG" echo "no release for $TAG"
@ -205,15 +205,15 @@ wait_release() {
download() { download() {
setup_api setup_api
( (
mkdir -p $RELEASE_DIR mkdir -p "$RELEASE_DIR"
cd $RELEASE_DIR cd "$RELEASE_DIR"
if [[ ${DOWNLOAD_LATEST} == "true" ]]; then if [[ ${DOWNLOAD_LATEST} == "true" ]]; then
echo "Downloading the latest release" echo "Downloading the latest release"
api GET repos/$REPO/releases/latest >"$TMP_DIR"/assets.json api GET "repos/$REPO/releases/latest" >"$TMP_DIR"/assets.json
elif [[ ${DOWNLOAD_LATEST} == "false" ]]; then elif [[ ${DOWNLOAD_LATEST} == "false" ]]; then
wait_release wait_release
echo "Downloading tagged release ${TAG}" echo "Downloading tagged release ${TAG}"
api GET repos/$REPO/releases/tags/"$TAG_URL" >"$TMP_DIR"/assets.json api GET "repos/$REPO/releases/tags/$TAG_URL" >"$TMP_DIR"/assets.json
fi fi
jq --raw-output '.assets[] | "\(.browser_download_url) \(.name)"' <"$TMP_DIR"/assets.json | while read url name; do # `name` may contain whitespace, therefore, it must be last jq --raw-output '.assets[] | "\(.browser_download_url) \(.name)"' <"$TMP_DIR"/assets.json | while read url name; do # `name` may contain whitespace, therefore, it must be last
url=$(echo "$url" | sed "s#/download/${TAG}/#/download/${TAG_URL}/#") url=$(echo "$url" | sed "s#/download/${TAG}/#/download/${TAG_URL}/#")