diff --git a/forgejo-release.sh b/forgejo-release.sh index 424fba0..1c310f1 100755 --- a/forgejo-release.sh +++ b/forgejo-release.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh -e # SPDX-License-Identifier: MIT set -e @@ -27,9 +27,9 @@ TAG_URL=$(echo "$TAG" | sed 's/\//%2F/g') export GNUPGHOME setup_tea() { - if which tea 2>/dev/null; then - TEA_BIN=$(which tea) - elif ! test -f "$TEA_BIN"; then + if command -v tea >/dev/null 2>&1; then + TEA_BIN=$(command -v tea) + elif [ ! -f "$TEA_BIN" ]; then ARCH=$(dpkg --print-architecture) curl -sL "https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-$ARCH" >"$TEA_BIN" chmod +x "$TEA_BIN" @@ -83,22 +83,25 @@ upload_release() { # assets is defined as a list of arguments, where values may contain whitespace and need to be quoted like this -a "my file.txt" -a "file.txt". # It is expanded using "${assets[@]}" which preserves the separation of arguments and not split whitespace containing values. # For reference, see https://github.com/koalaman/shellcheck/wiki/SC2086#exceptions - local assets=() for file in "$RELEASE_DIR"/*; do - assets=("${assets[@]}" -a "$file") + assets="$assets -a $file" done + if $PRERELEASE || echo "${TAG}" | grep -qi '\-rc'; then releaseType="--prerelease" echo "Uploading as Pre-Release" else echo "Uploading as Stable" fi + ensure_tag - if ! $TEA_BIN release create "${assets[@]}" --repo "$REPO" --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft "$releaseType" >&"$TMP_DIR"/tea.log; then + + # shellcheck disable=SC2086 + if ! $TEA_BIN release create $assets --repo "$REPO" --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft "$releaseType" > "$TMP_DIR"/tea.log 2>&1; then if grep --quiet 'Unknown API Error: 500' "$TMP_DIR"/tea.log && grep --quiet services/release/release.go:194 "$TMP_DIR"/tea.log; then echo "workaround v1.20 race condition https://codeberg.org/forgejo/forgejo/issues/1370" sleep 10 - $TEA_BIN release create "${assets[@]}" --repo "$REPO" --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft "$releaseType" + $TEA_BIN release create $assets --repo "$REPO" --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft "$releaseType" else cat "$TMP_DIR"/tea.log return 1 @@ -109,7 +112,7 @@ upload_release() { } release_draft() { - local state="$1" + state="$1" id=$(api GET "repos/$REPO/releases/tags/$TAG_URL" | jq --raw-output .id) @@ -127,15 +130,15 @@ maybe_use_release_note_assistant() { } sign_release() { - local passphrase if test -s "$GPG_PASSPHRASE"; then passphrase="--passphrase-file $GPG_PASSPHRASE" fi gpg --import --no-tty --pinentry-mode loopback "$passphrase" "$GPG_PRIVATE_KEY" for asset in "$RELEASE_DIR"/*; do - if [[ $asset =~ .sha256$ ]]; then - continue - fi + case "$asset" in + *.sha256) continue ;; + esac + gpg --armor --detach-sign --no-tty --pinentry-mode loopback "$passphrase" <"$asset" >"$asset".asc done } @@ -150,7 +153,7 @@ maybe_override() { if test "$OVERRIDE" = "false"; then return fi - api DELETE "repos/$REPO/releases/tags/$TAG_URL" >&/dev/null || true + api DELETE "repos/$REPO/releases/tags/$TAG_URL" > /dev/null 2>&1 || true if get_tag && ! matched_tag; then delete_tag fi @@ -183,7 +186,7 @@ api() { } wait_release() { - local ready=false + ready=false for _ in $(seq "$RETRY"); do if api GET "repos/$REPO/releases/tags/$TAG_URL" | jq --raw-output .draft >"$TMP_DIR"/draft; then if test "$(cat "$TMP_DIR"/draft)" = "false"; then @@ -208,10 +211,10 @@ download() { ( mkdir -p "$RELEASE_DIR" cd "$RELEASE_DIR" - if [[ ${DOWNLOAD_LATEST} == "true" ]]; then + if [ "${DOWNLOAD_LATEST}" = "true" ]; then echo "Downloading the latest release" api GET "repos/$REPO/releases/latest" >"$TMP_DIR"/assets.json - elif [[ ${DOWNLOAD_LATEST} == "false" ]]; then + elif [ "${DOWNLOAD_LATEST}" = "false" ]; then wait_release echo "Downloading tagged release ${TAG}" api GET "repos/$REPO/releases/tags/$TAG_URL" >"$TMP_DIR"/assets.json