better locals names, POSIX compliant action.yml

Signed-off-by: crueter <crueter@eden-emu.dev>

action.yml

@@ -64,14 +64,14 @@ runs:
         path: ${{ forge.action_path }}/rna
 
     - run: echo "${{ forge.action_path }}" >> $FORGEJO_PATH
-      shell: bash
+      shell: sh
     - run: |
         export FORGEJO="${{ inputs.url }}"
         # A trailing / will mean http://forgejo//api/v1 is used
         # and it always 401 as of v1.19, because of the double slash
         FORGEJO=${FORGEJO%%/}
-        export SCHEME=${FORGEJO%://*}
-        export HOST=${FORGEJO#*://}
+        export SCHEME="${FORGEJO%://*}"
+        export HOST="${FORGEJO#*://}"
 
         export REPO="${{ inputs.repo }}"
 
@@ -84,7 +84,7 @@ runs:
         export PRERELEASE="${{ inputs.prerelease }}"
 
         export RELEASE_NOTES_ASSISTANT="${{ inputs.release-notes-assistant }}"
-        export RELEASE_NOTES_ASSISTANT_WORKDIR=${{ forge.action_path }}/rna
+        export RELEASE_NOTES_ASSISTANT_WORKDIR="${{ forge.action_path }}/rna"
 
         export HIDE_ARCHIVE_LINK="${{ inputs.hide-archive-link }}"
 
@@ -105,13 +105,13 @@ runs:
 
         export RETRY="${{ inputs.download-retry }}"
 
-        export TMP_DIR=$(mktemp -d)
-        trap "rm -fr $TMP_DIR" EXIT
+        export TMP_DIR="$(mktemp -d)"
+        trap 'rm -fr $TMP_DIR' EXIT
 
-        echo -n "${{ inputs.gpg-private-key }}" > $TMP_DIR/gpg-private-key
+        printf "${{ inputs.gpg-private-key }}" > $TMP_DIR/gpg-private-key
         export GPG_PRIVATE_KEY=$TMP_DIR/gpg-private-key
-        echo -n "${{ inputs.gpg-passphrase }}" > $TMP_DIR/gpg-passphrase
+        printf "${{ inputs.gpg-passphrase }}" > $TMP_DIR/gpg-passphrase
         export GPG_PASSPHRASE="$TMP_DIR/gpg-passphrase"
 
-        forgejo-release.sh ${{ inputs.direction }}
+        forgejo-release.sh "${{ inputs.direction }}"
       shell: bash

forgejo-release.sh

@@ -50,12 +50,7 @@ get_tag() {
 }
 
 matched_tag() {
-    if get_tag; then
-        sha=$(jq --raw-output .commit.sha <"$TAG_FILE")
-        [ "$sha" = "$SHA" ]
-    else
-        return 1
-    fi
+    get_tag && [ "$(jq --raw-output .commit.sha <"$TAG_FILE")" = "$SHA" ]
 }
 
 ensure_tag() {
@@ -114,12 +109,11 @@ upload_release() {
     release_draft false
 }
 
+# $1 is the state
 release_draft() {
-    state="$1"
+    _release_draft_id=$(api GET "repos/$REPO/releases/tags/$TAG_URL" | jq --raw-output .id)
 
-    id=$(api GET "repos/$REPO/releases/tags/$TAG_URL" | jq --raw-output .id)
-
-    api PATCH "repos/$REPO/releases/$id" --data-raw '{"draft": '"$state"', "hide_archive_links": '"$HIDE_ARCHIVE_LINK"'}'
+    api PATCH "repos/$REPO/releases/$_release_draft_id" --data-raw '{"draft": '"$1"', "hide_archive_links": '"$HIDE_ARCHIVE_LINK"'}'
 }
 
 maybe_use_release_note_assistant() {
@@ -134,15 +128,15 @@ maybe_use_release_note_assistant() {
 
 sign_release() {
     if [ -s "$GPG_PASSPHRASE" ]; then
-        passphrase="--passphrase-file $GPG_PASSPHRASE"
+        _sign_release_passphrase="--passphrase-file $GPG_PASSPHRASE"
     fi
-    gpg --import --no-tty --pinentry-mode loopback "$passphrase" "$GPG_PRIVATE_KEY"
+    gpg --import --no-tty --pinentry-mode loopback "$_sign_release_passphrase" "$GPG_PRIVATE_KEY"
     for asset in "$RELEASE_DIR"/*; do
         case "$asset" in
             *.sha256) continue ;;
         esac
 
-        gpg --armor --detach-sign --no-tty --pinentry-mode loopback "$passphrase" <"$asset" >"$asset".asc
+        gpg --armor --detach-sign --no-tty --pinentry-mode loopback "$_sign_release_passphrase" <"$asset" >"$asset".asc
     done
 }
 
@@ -206,6 +200,7 @@ api() {
 wait_release() {
     ready=false
     for _ in $(seq "$RETRY"); do
+        # TODO: this is probably unnecessary; a direct comparison on the jq call is *probably* enough.
         if api GET "repos/$REPO/releases/tags/$TAG_URL" | jq --raw-output .draft >"$TMP_DIR"/draft; then
             if [ "$(cat "$TMP_DIR"/draft)" = "false" ]; then
                 ready=true