From 8fd044737f26507ee9cba2306216b6ddc2372f12 Mon Sep 17 00:00:00 2001 From: crueter Date: Fri, 21 Nov 2025 11:13:52 -0500 Subject: [PATCH] better locals names, POSIX compliant action.yml Signed-off-by: crueter --- action.yml | 18 +++++++++--------- forgejo-release.sh | 21 ++++++++------------- 2 files changed, 17 insertions(+), 22 deletions(-) diff --git a/action.yml b/action.yml index f6725c7..5dcc60f 100644 --- a/action.yml +++ b/action.yml @@ -64,14 +64,14 @@ runs: path: ${{ forge.action_path }}/rna - run: echo "${{ forge.action_path }}" >> $FORGEJO_PATH - shell: bash + shell: sh - run: | export FORGEJO="${{ inputs.url }}" # A trailing / will mean http://forgejo//api/v1 is used # and it always 401 as of v1.19, because of the double slash FORGEJO=${FORGEJO%%/} - export SCHEME=${FORGEJO%://*} - export HOST=${FORGEJO#*://} + export SCHEME="${FORGEJO%://*}" + export HOST="${FORGEJO#*://}" export REPO="${{ inputs.repo }}" @@ -84,7 +84,7 @@ runs: export PRERELEASE="${{ inputs.prerelease }}" export RELEASE_NOTES_ASSISTANT="${{ inputs.release-notes-assistant }}" - export RELEASE_NOTES_ASSISTANT_WORKDIR=${{ forge.action_path }}/rna + export RELEASE_NOTES_ASSISTANT_WORKDIR="${{ forge.action_path }}/rna" export HIDE_ARCHIVE_LINK="${{ inputs.hide-archive-link }}" @@ -105,13 +105,13 @@ runs: export RETRY="${{ inputs.download-retry }}" - export TMP_DIR=$(mktemp -d) - trap "rm -fr $TMP_DIR" EXIT + export TMP_DIR="$(mktemp -d)" + trap 'rm -fr $TMP_DIR' EXIT - echo -n "${{ inputs.gpg-private-key }}" > $TMP_DIR/gpg-private-key + printf "${{ inputs.gpg-private-key }}" > $TMP_DIR/gpg-private-key export GPG_PRIVATE_KEY=$TMP_DIR/gpg-private-key - echo -n "${{ inputs.gpg-passphrase }}" > $TMP_DIR/gpg-passphrase + printf "${{ inputs.gpg-passphrase }}" > $TMP_DIR/gpg-passphrase export GPG_PASSPHRASE="$TMP_DIR/gpg-passphrase" - forgejo-release.sh ${{ inputs.direction }} + forgejo-release.sh "${{ inputs.direction }}" shell: bash diff --git a/forgejo-release.sh b/forgejo-release.sh index a4522fa..e697fb8 100755 --- a/forgejo-release.sh +++ b/forgejo-release.sh @@ -50,12 +50,7 @@ get_tag() { } matched_tag() { - if get_tag; then - sha=$(jq --raw-output .commit.sha <"$TAG_FILE") - [ "$sha" = "$SHA" ] - else - return 1 - fi + get_tag && [ "$(jq --raw-output .commit.sha <"$TAG_FILE")" = "$SHA" ] } ensure_tag() { @@ -114,12 +109,11 @@ upload_release() { release_draft false } +# $1 is the state release_draft() { - state="$1" + _release_draft_id=$(api GET "repos/$REPO/releases/tags/$TAG_URL" | jq --raw-output .id) - id=$(api GET "repos/$REPO/releases/tags/$TAG_URL" | jq --raw-output .id) - - api PATCH "repos/$REPO/releases/$id" --data-raw '{"draft": '"$state"', "hide_archive_links": '"$HIDE_ARCHIVE_LINK"'}' + api PATCH "repos/$REPO/releases/$_release_draft_id" --data-raw '{"draft": '"$1"', "hide_archive_links": '"$HIDE_ARCHIVE_LINK"'}' } maybe_use_release_note_assistant() { @@ -134,15 +128,15 @@ maybe_use_release_note_assistant() { sign_release() { if [ -s "$GPG_PASSPHRASE" ]; then - passphrase="--passphrase-file $GPG_PASSPHRASE" + _sign_release_passphrase="--passphrase-file $GPG_PASSPHRASE" fi - gpg --import --no-tty --pinentry-mode loopback "$passphrase" "$GPG_PRIVATE_KEY" + gpg --import --no-tty --pinentry-mode loopback "$_sign_release_passphrase" "$GPG_PRIVATE_KEY" for asset in "$RELEASE_DIR"/*; do case "$asset" in *.sha256) continue ;; esac - gpg --armor --detach-sign --no-tty --pinentry-mode loopback "$passphrase" <"$asset" >"$asset".asc + gpg --armor --detach-sign --no-tty --pinentry-mode loopback "$_sign_release_passphrase" <"$asset" >"$asset".asc done } @@ -206,6 +200,7 @@ api() { wait_release() { ready=false for _ in $(seq "$RETRY"); do + # TODO: this is probably unnecessary; a direct comparison on the jq call is *probably* enough. if api GET "repos/$REPO/releases/tags/$TAG_URL" | jq --raw-output .draft >"$TMP_DIR"/draft; then if [ "$(cat "$TMP_DIR"/draft)" = "false" ]; then ready=true