diff --git a/forgejo-release.sh b/forgejo-release.sh index 01001a2..12c34e9 100755 --- a/forgejo-release.sh +++ b/forgejo-release.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env sh # SPDX-License-Identifier: MIT set -e @@ -27,9 +27,7 @@ TAG_URL=$(echo "$TAG" | sed 's/\//%2F/g') export GNUPGHOME get_arch() { - local arch - arch="$(uname -m)" - + arch=$(uname -m) case "$arch" in x86_64) arch="amd64" ;; i386|i686) arch="i386" ;; @@ -47,28 +45,28 @@ get_arch() { setup_tea() { if command -v tea >/dev/null 2>&1; then TEA_BIN=$(command -v tea) - elif ! test -f $TEA_BIN; then + elif ! [ -f "$TEA_BIN" ]; then ARCH=$(get_arch) - curl -sL https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-"$ARCH" >$TEA_BIN - chmod +x $TEA_BIN + curl -sL "https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-$ARCH" >"$TEA_BIN" + chmod +x "$TEA_BIN" fi } get_tag() { - if ! test -f "$TAG_FILE"; then + if ! [ -f "$TAG_FILE" ]; then if api GET repos/$REPO/tags/"$TAG_URL" >"$TAG_FILE"; then echo "tag $TAG exists" else echo "tag $TAG does not exists" fi fi - test -s "$TAG_FILE" + [ -s "$TAG_FILE" ] } matched_tag() { if get_tag; then - local sha=$(jq --raw-output .commit.sha <"$TAG_FILE") - test "$sha" = "$SHA" + sha=$(jq --raw-output .commit.sha <"$TAG_FILE") + [ "$sha" = "$SHA" ] else return 1 fi @@ -101,22 +99,23 @@ upload_release() { # assets is defined as a list of arguments, where values may contain whitespace and need to be quoted like this -a "my file.txt" -a "file.txt". # It is expanded using "${assets[@]}" which preserves the separation of arguments and not split whitespace containing values. # For reference, see https://github.com/koalaman/shellcheck/wiki/SC2086#exceptions - local assets=() + set -- for file in "$RELEASE_DIR"/*; do - assets=("${assets[@]}" -a "$file") + set -- "$@" -a "$file" done - if $PRERELEASE || echo "${TAG}" | grep -qi '\-rc'; then + releaseType="" + if ${PRERELEASE:-false} || echo "$TAG" | grep -qi -- '-rc'; then releaseType="--prerelease" echo "Uploading as Pre-Release" else echo "Uploading as Stable" fi ensure_tag - if ! $TEA_BIN release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} >&"$TMP_DIR"/tea.log; then - if grep --quiet 'Unknown API Error: 500' "$TMP_DIR"/tea.log && grep --quiet services/release/release.go:194 "$TMP_DIR"/tea.log; then + if ! "$TEA_BIN" release create "$@" --repo "$REPO" --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} >"$TMP_DIR"/tea.log 2>&1; then + if grep --quiet 'Unknown API Error: 500' "$TMP_DIR"/tea.log && grep --quiet 'services/release/release.go:194' "$TMP_DIR"/tea.log; then echo "workaround v1.20 race condition https://codeberg.org/forgejo/forgejo/issues/1370" sleep 10 - $TEA_BIN release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} + "$TEA_BIN" release create "$@" --repo "$REPO" --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} else cat "$TMP_DIR"/tea.log return 1 @@ -127,47 +126,45 @@ upload_release() { } release_draft() { - local state="$1" - - local id=$(api GET repos/$REPO/releases/tags/"$TAG_URL" | jq --raw-output .id) - - api PATCH repos/$REPO/releases/"$id" --data-raw '{"draft": '"$state"', "hide_archive_links": '$HIDE_ARCHIVE_LINK'}' + state="$1" + rid=$(api GET repos/$REPO/releases/tags/"$TAG_URL" | jq --raw-output .id) + api PATCH repos/$REPO/releases/"$rid" --data-raw '{"draft": '"$state"', "hide_archive_links": '"$HIDE_ARCHIVE_LINK"'}' } maybe_use_release_note_assistant() { - if "$RELEASE_NOTES_ASSISTANT"; then - curl --fail -s -S -o rna https://code.forgejo.org/forgejo/release-notes-assistant/releases/download/$RELEASE_NOTES_ASSISTANT_VERSION/release-notes-assistant + if ${RELEASE_NOTES_ASSISTANT:-false}; then + curl --fail -s -S -o rna "https://code.forgejo.org/forgejo/release-notes-assistant/releases/download/$RELEASE_NOTES_ASSISTANT_VERSION/release-notes-assistant" chmod +x ./rna - mkdir -p $RELEASE_NOTES_ASSISTANT_WORKDIR - ./rna --workdir=$RELEASE_NOTES_ASSISTANT_WORKDIR --storage release --storage-location "$TAG" --token "$TOKEN" --forgejo-url "$SCHEME://$HOST" --repository $REPO --token "$TOKEN" release "$TAG" + mkdir -p "$RELEASE_NOTES_ASSISTANT_WORKDIR" + ./rna --workdir="$RELEASE_NOTES_ASSISTANT_WORKDIR" --storage release --storage-location "$TAG" --token "$TOKEN" --forgejo-url "$SCHEME://$HOST" --repository "$REPO" --token "$TOKEN" release "$TAG" fi } sign_release() { - local passphrase - if test -s "$GPG_PASSPHRASE"; then + passphrase="" + if [ -s "$GPG_PASSPHRASE" ]; then passphrase="--passphrase-file $GPG_PASSPHRASE" fi gpg --import --no-tty --pinentry-mode loopback $passphrase "$GPG_PRIVATE_KEY" for asset in "$RELEASE_DIR"/*; do - if [[ $asset =~ .sha256$ ]]; then - continue - fi + case "$asset" in + *.sha256) continue ;; + esac gpg --armor --detach-sign --no-tty --pinentry-mode loopback $passphrase <"$asset" >"$asset".asc done } maybe_sign_release() { - if test -s "$GPG_PRIVATE_KEY"; then + if [ -s "$GPG_PRIVATE_KEY" ]; then sign_release fi } maybe_override() { - if test "$OVERRIDE" = "false"; then + if [ "$OVERRIDE" = "false" ]; then return fi - api DELETE repos/$REPO/releases/tags/"$TAG_URL" >&/dev/null || true + api DELETE repos/$REPO/releases/tags/"$TAG_URL" >/dev/null 2>&1 || true if get_tag && ! matched_tag; then delete_tag fi @@ -176,8 +173,8 @@ maybe_override() { upload() { setup_api setup_tea - rm -f ~/.config/tea/config.yml - GITEA_SERVER_TOKEN=$TOKEN $TEA_BIN login add --url $FORGEJO + rm -f "$HOME/.config/tea/config.yml" + GITEA_SERVER_TOKEN=$TOKEN "$TEA_BIN" login add --url "$FORGEJO" maybe_sign_release maybe_override upload_release @@ -207,14 +204,15 @@ api() { path=$1 shift - curl --fail -X "$method" -sS -H "Content-Type: application/json" -H "Authorization: token $TOKEN" "$@" $FORGEJO/api/v1/"$path" + curl --fail -X "$method" -sS -H "Content-Type: application/json" -H "Authorization: token $TOKEN" "$@" "$FORGEJO/api/v1/$path" } wait_release() { - local ready=false - for i in $(seq $RETRY); do + ready=false + i=1 + while [ "$i" -le "$RETRY" ]; do if api GET repos/$REPO/releases/tags/"$TAG_URL" | jq --raw-output .draft >"$TMP_DIR"/draft; then - if test "$(cat "$TMP_DIR"/draft)" = "false"; then + if [ "$(cat "$TMP_DIR"/draft)" = "false" ]; then ready=true break fi @@ -223,9 +221,10 @@ wait_release() { echo "release $TAG does not exist yet" fi echo "waiting $DELAY seconds" - sleep $DELAY + sleep "$DELAY" + i=$((i+1)) done - if ! $ready; then + if [ "$ready" != "true" ]; then echo "no release for $TAG" return 1 fi @@ -234,17 +233,17 @@ wait_release() { download() { setup_api ( - mkdir -p $RELEASE_DIR - cd $RELEASE_DIR - if [[ ${DOWNLOAD_LATEST} == "true" ]]; then + mkdir -p "$RELEASE_DIR" + cd "$RELEASE_DIR" || exit 1 + if [ "${DOWNLOAD_LATEST}" = "true" ]; then echo "Downloading the latest release" api GET repos/$REPO/releases/latest >"$TMP_DIR"/assets.json - elif [[ ${DOWNLOAD_LATEST} == "false" ]]; then + elif [ "${DOWNLOAD_LATEST}" = "false" ]; then wait_release echo "Downloading tagged release ${TAG}" api GET repos/$REPO/releases/tags/"$TAG_URL" >"$TMP_DIR"/assets.json fi - jq --raw-output '.assets[] | "\(.browser_download_url) \(.name)"' <"$TMP_DIR"/assets.json | while read url name; do # `name` may contain whitespace, therefore, it must be last + jq --raw-output '.assets[] | "\(.browser_download_url) \(.name)"' <"$TMP_DIR"/assets.json | while read url name; do url=$(echo "$url" | sed "s#/download/${TAG}/#/download/${TAG_URL}/#") curl --fail -H "Authorization: token $TOKEN" -o "$name" -L "$url" done @@ -252,8 +251,12 @@ download() { } missing() { - echo need upload or download argument got nothing + echo "need upload or download argument got nothing" exit 1 } -${@:-missing} +if [ "$#" -gt 0 ]; then + "$@" +else + missing +fi diff --git a/testdata/forgejo-release-test.sh b/testdata/forgejo-release-test.sh index 7fe332b..ebd63de 100755 --- a/testdata/forgejo-release-test.sh +++ b/testdata/forgejo-release-test.sh @@ -1,21 +1,22 @@ -#!/bin/bash +#!/usr/bin/env sh # SPDX-License-Identifier: MIT set -ex -PS4='${BASH_SOURCE[0]}:$LINENO: ${FUNCNAME[0]}: ' +PS4='${0##*/}:$LINENO: ' test_system_tea_bin() { - SYSTEM_TEA_BIN=$TMP_DIR/tea - touch $SYSTEM_TEA_BIN && chmod +x $SYSTEM_TEA_BIN - export PATH=$TMP_DIR:$PATH + SYSTEM_TEA_BIN=$TMP_DIR/tea + : >"$SYSTEM_TEA_BIN" && chmod +x "$SYSTEM_TEA_BIN" + PATH=$TMP_DIR:$PATH + export PATH setup_tea - test $TEA_BIN == $SYSTEM_TEA_BIN + [ "$TEA_BIN" = "$SYSTEM_TEA_BIN" ] } test_download_tea_bin() { # assume tea is not installed on system setup_tea - test $TEA_BIN == $TMP_DIR/tea + [ "$TEA_BIN" = "$TMP_DIR/tea" ] } test_teardown() { @@ -24,23 +25,23 @@ test_teardown() { api DELETE repos/$REPO/tags/$TAG || true rm -fr dist/release setup_tea - $TEA_BIN login delete $DOER || true + "$TEA_BIN" login delete "$DOER" || true } test_reset_repo() { - local project="$1" + project="$1" api DELETE repos/$REPO || true api POST user/repos --data-raw '{"name":"'$project'", "auto_init":true}' - git clone $FORGEJO/$REPO $TMP_DIR/repo - SHA=$(git -C $TMP_DIR/repo rev-parse HEAD) + git clone "$FORGEJO/$REPO" "$TMP_DIR/repo" + SHA=$(git -C "$TMP_DIR/repo" rev-parse HEAD) } test_setup() { - local project="$1" - test_reset_repo $project - mkdir -p $RELEASE_DIR - touch $RELEASE_DIR/file-one.txt - touch $RELEASE_DIR/file-two.txt + project="$1" + test_reset_repo "$project" + mkdir -p "$RELEASE_DIR" + : >"$RELEASE_DIR/file-one.txt" + : >"$RELEASE_DIR/file-two.txt" } test_wait_release_fail() { @@ -69,12 +70,12 @@ test_ensure_tag() { # idempotent # ensure_tag - mv $TAG_FILE $TMP_DIR/tag1.json + mv "$TAG_FILE" "$TMP_DIR/tag1.json" ensure_tag - mv $TAG_FILE $TMP_DIR/tag2.json + mv "$TAG_FILE" "$TMP_DIR/tag2.json" - diff -u $TMP_DIR/tag[12].json + diff -u "$TMP_DIR/tag1.json" "$TMP_DIR/tag2.json" # # sanity check on the SHA of an existing tag # @@ -92,7 +93,7 @@ test_maybe_sign_release_no_gpg() { GPG_PRIVATE_KEY= maybe_sign_release - ! test -f $RELEASE_DIR/file-one.txt.asc + ! [ -f "$RELEASE_DIR/file-one.txt.asc" ] } test_maybe_sign_release_gpg_no_passphrase() { @@ -117,28 +118,28 @@ test_maybe_sign_release_gpg() { } test_maybe_sign_release_skipped() { - ! test -f $RELEASE_DIR/file-one.txt.sha256.asc - ! test -f $RELEASE_DIR/file-two.txt.sha256.asc + ! [ -f "$RELEASE_DIR/file-one.txt.sha256.asc" ] + ! [ -f "$RELEASE_DIR/file-two.txt.sha256.asc" ] } test_maybe_sign_release_verify() { - for file in $RELEASE_DIR/file-one.txt $RELEASE_DIR/file-two.txt; do - gpg --verify $file.asc $file + for file in "$RELEASE_DIR/file-one.txt" "$RELEASE_DIR/file-two.txt"; do + gpg --verify "$file.asc" "$file" done } test_maybe_sign_release_setup() { - local name="$1" + name="$1" echo "========= maybe_sign_release $name =========" - RELEASE_DIR=$TMP_DIR/$name - mkdir -p $RELEASE_DIR - GNUPGHOME=$TMP_DIR/$name/.gnupg - mkdir -p $GNUPGHOME - touch $RELEASE_DIR/file-one.txt - touch $RELEASE_DIR/file-one.txt.sha256 - touch $RELEASE_DIR/file-two.txt - touch $RELEASE_DIR/file-two.txt.sha256 + RELEASE_DIR="$TMP_DIR/$name" + mkdir -p "$RELEASE_DIR" + GNUPGHOME="$TMP_DIR/$name/.gnupg" + mkdir -p "$GNUPGHOME" + : >"$RELEASE_DIR/file-one.txt" + : >"$RELEASE_DIR/file-one.txt.sha256" + : >"$RELEASE_DIR/file-two.txt" + : >"$RELEASE_DIR/file-two.txt.sha256" } test_maybe_sign_release() { @@ -148,31 +149,31 @@ test_maybe_sign_release() { } test_run() { - local user="$1" - local project="$2" + user="$1" + project="$2" test_teardown - to_push=$TMP_DIR/binaries-releases-to-push - pulled=$TMP_DIR/binaries-releases-pulled - RELEASE_DIR=$to_push - REPO=$user/$project - test_setup $project + to_push="$TMP_DIR/binaries-releases-to-push" + pulled="$TMP_DIR/binaries-releases-pulled" + RELEASE_DIR="$to_push" + REPO="$user/$project" + test_setup "$project" test_ensure_tag test_create_delete_tag DELAY=0 test_wait_release_fail echo "================================ TEST BEGIN" upload - RELEASE_DIR=$pulled + RELEASE_DIR="$pulled" download - diff -r $to_push $pulled + diff -r "$to_push" "$pulled" echo "================================ TEST END" test_wait_release } TMP_DIR=$(mktemp -d) -trap "rm -fr $TMP_DIR" EXIT +trap 'rm -fr "$TMP_DIR"' 0 INT TERM : ${TAG:=v17.8.20-1} -. $(dirname $0)/../forgejo-release.sh +. "$(dirname "$0")/../forgejo-release.sh"