diff --git a/.forgejo/workflows/integration.yml b/.forgejo/workflows/integration.yml index 1c1a520..343fa7b 100644 --- a/.forgejo/workflows/integration.yml +++ b/.forgejo/workflows/integration.yml @@ -6,7 +6,7 @@ jobs: - uses: actions/checkout@v3 - id: forgejo - uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.2 + uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.11 with: user: testuser password: admin1234 @@ -24,18 +24,22 @@ jobs: set -ex export FORGEJO="${{ steps.forgejo.outputs.url }}" - curl --fail -sS $FORGEJO/api/v1/repos/testuser/upload-download/releases/tags/v2.0 > /tmp/release.json + curl --fail -sS $FORGEJO/api/v1/repos/testuser/upload-download/releases/tags/v2.0 > /tmp/v2.json EXPECTED='No shell expansion should on these notes: - $(some_command) - `other_commend` - "double quoted" and '\''single quoted'\'' strings - \backslash escape - !exclamation_mark' - test "$EXPECTED" = "$(jq -r .body < /tmp/release.json)" + test "$EXPECTED" = "$(jq -r .body < /tmp/v2.json)" + + test $(cat /tmp/v2.json | jq -r .hide_archive_links) = false curl --fail -sS $FORGEJO/api/v1/repos/testuser/upload-download/releases/tags/v1.0 > /tmp/v1.json cat /tmp/v1.json | jq -r .body | grep '' + test $(cat /tmp/v1.json | jq -r .hide_archive_links) = true + - name: testdata/upload-download-private run: | export LOOP_DELAY=30 diff --git a/.gitignore b/.gitignore index b25c15b..f166652 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,2 @@ *~ +.idea diff --git a/README.md b/README.md index eb2cd79..f532c6b 100644 --- a/README.md +++ b/README.md @@ -10,12 +10,12 @@ Upload or download the assets of a release to a Forgejo instance. | name | description | required | default | | --- | --- | --- | --- | -| `url` |

URL of the Forgejo instance

| `false` | `""` | -| `repo` |

owner/project relative to the URL

| `false` | `""` | -| `tag` |

Tag of the release

| `false` | `""` | +| `url` |

URL of the Forgejo instance

| `false` | `${{ env.GITHUB_SERVER_URL }}` | +| `repo` |

owner/project relative to the URL

| `false` | `${{ github.repository }}` | +| `tag` |

Tag of the release

| `false` | `${{ github.ref_name }}` | | `title` |

Title of the release (defaults to tag)

| `false` | `""` | -| `sha` |

SHA of the release

| `false` | `""` | -| `token` |

Forgejo application token

| `true` | `""` | +| `sha` |

SHA of the release

| `false` | `${{ github.sha }}` | +| `token` |

Forgejo application token

| `false` | `${{ secrets.GITHUB_TOKEN }}` | | `release-dir` |

Directory in whichs release assets are uploaded or downloaded

| `true` | `""` | | `release-notes` |

Release notes

| `false` | `""` | | `direction` |

Can either be download or upload

| `true` | `""` | @@ -27,6 +27,7 @@ Upload or download the assets of a release to a Forgejo instance. | `override` |

Override an existing release by the same {tag}

| `false` | `false` | | `prerelease` |

Mark Release as Pre-Release

| `false` | `false` | | `release-notes-assistant` |

Generate release notes with Release Notes Assistant

| `false` | `false` | +| `hide-archive-link` |

Hide the archive links

| `false` | `false` | ## Examples @@ -36,16 +37,18 @@ Upload or download the assets of a release to a Forgejo instance. Upload the release located in `release-dir` to the release section of a repository (`url` and `repo`): ```yaml -on: [tag] jobs: upload-release: - runs-on: ubuntu-latest + runs-on: docker steps: - - uses: actions/checkout@v3 - - uses: actions/forgejo-release@v2 + - uses: actions/checkout@v4 + - uses: actions/forgejo-release@v2.6.0 with: direction: upload - url: https://code.forgejo.org + url: https://my-forgejo-instance.net + repo: myuser/myrepo + token: ${{ secrets.WRITE_TOKEN_TO_MYREPO }} + tag: v1.0.0 release-dir: dist/release release-notes: "MY RELEASE NOTES" ``` @@ -55,24 +58,24 @@ jobs: Example downloading the forgejo release v1.21.4-0 into the working directory: ```yaml -on: [tag] jobs: download-release: - runs-on: ubuntu-latest + runs-on: docker steps: - - uses: actions/checkout@v3 - - uses: actions/forgejo-release@v2 + - uses: actions/checkout@v4 + - uses: actions/forgejo-release@v2.6.0 with: direction: download - url: https://code.forgejo.org - repo: forgejo/forgejo - tag: v1.21.4-0 + url: https://my-forgejo-instance.net + repo: myuser/myrepo + token: ${{ secrets.READ_TOKEN_TO_MYREPO }} + tag: v1.0.0 release-dir: ./ # by default, files are downloaded into dist/release ``` ### Real world example -This action is used to [publish](https://code.forgejo.org/forgejo/release-notes-assistant/src/branch/main/.forgejo/workflows/release.yml) the release notes assistant assets. +This action is used to [publish](https://code.forgejo.org/forgejo/release-notes-assistant/src/commit/09f2c22d80d5ee655783cfeb2c1d4bab4afec3e4/.forgejo/workflows/release.yml) the release notes assistant assets. ## Update the `input` section of the README diff --git a/action.yml b/action.yml index f903b1c..7e09788 100644 --- a/action.yml +++ b/action.yml @@ -6,17 +6,21 @@ description: | inputs: url: description: 'URL of the Forgejo instance' + default: '${{ env.GITHUB_SERVER_URL }}' repo: description: 'owner/project relative to the URL' + default: '${{ github.repository }}' tag: description: 'Tag of the release' + default: '${{ github.ref_name }}' title: description: 'Title of the release (defaults to tag)' sha: description: 'SHA of the release' + default: '${{ github.sha }}' token: description: 'Forgejo application token' - required: true + default: '${{ secrets.GITHUB_TOKEN }}' release-dir: description: 'Directory in whichs release assets are uploaded or downloaded' required: true @@ -33,19 +37,22 @@ inputs: description: 'Number of times to retry if the release is not ready (default 1)' download-latest: description: 'Download the latest release' - default: 'false' + default: false verbose: description: 'Increase the verbosity level' - default: 'false' + default: false override: description: 'Override an existing release by the same `{tag}`' - default: 'false' + default: false prerelease: description: 'Mark Release as Pre-Release' - default: 'false' + default: false release-notes-assistant: description: 'Generate release notes with Release Notes Assistant' - default: 'false' + default: false + hide-archive-link: + description: 'Hide the archive links' + default: false runs: using: "composite" @@ -54,9 +61,6 @@ runs: shell: bash - run: | export FORGEJO="${{ inputs.url }}" - if test -z "$FORGEJO"; then - export FORGEJO="${{ env.GITHUB_SERVER_URL }}" - fi # A trailing / will mean http://forgejo//api/v1 is used # and it always 401 as of v1.19, because of the double slash FORGEJO=${FORGEJO%%/} @@ -64,17 +68,8 @@ runs: export HOST=${FORGEJO#*://} export REPO="${{ inputs.repo }}" - if test -z "$REPO"; then - export REPO="${{ github.repository }}" - fi export TAG="${{ inputs.tag }}" - if test -z "$TAG"; then - export TAG="${{ github.ref_name }}" - # until https://code.forgejo.org/forgejo/runner/issues/9 is fixed - # trim refs/tags/ - TAG=${TAG##refs/tags/} - fi export TITLE="${{ inputs.title }}" @@ -84,6 +79,8 @@ runs: export RELEASE_NOTES_ASSISTANT="${{ inputs.release-notes-assistant }}" + export HIDE_ARCHIVE_LINK="${{ inputs.hide-archive-link }}" + export TOKEN="${{ inputs.token }}" export RELEASE_DIR="${{ inputs.release-dir }}" @@ -94,9 +91,6 @@ runs: ) export SHA="${{ inputs.sha }}" - if test -z "$SHA"; then - export SHA="${{ github.sha }}" - fi export OVERRIDE="${{ inputs.override }}" diff --git a/forgejo-release.sh b/forgejo-release.sh index 13c9493..38aa100 100755 --- a/forgejo-release.sh +++ b/forgejo-release.sh @@ -15,49 +15,87 @@ if ${VERBOSE:-false}; then set -x; fi : ${BIN_DIR:=$TMP_DIR} : ${TEA_VERSION:=0.9.0} : ${OVERRIDE:=false} +: ${HIDE_ARCHIVE_LINK:=false} : ${RETRY:=1} : ${DELAY:=10} +TAG_FILE="$TMP_DIR/tag$$.json" + export GNUPGHOME setup_tea() { - if ! test -f $BIN_DIR/tea ; then - ARCH=$(dpkg --print-architecture) - curl -sL https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-$ARCH > $BIN_DIR/tea - chmod +x $BIN_DIR/tea + if ! test -f "$BIN_DIR"/tea; then + ARCH=$(dpkg --print-architecture) + curl -sL https://dl.gitea.io/tea/$TEA_VERSION/tea-$TEA_VERSION-linux-"$ARCH" >"$BIN_DIR"/tea + chmod +x "$BIN_DIR"/tea + fi +} + +get_tag() { + if ! test -f "$TAG_FILE"; then + if api GET repos/$REPO/tags/"$TAG" >"$TAG_FILE"; then + echo "tag $TAG exists" + else + echo "tag $TAG does not exists" + fi + fi + test -s "$TAG_FILE" +} + +matched_tag() { + if get_tag; then + local sha=$(jq --raw-output .commit.sha <"$TAG_FILE") + test "$sha" = "$SHA" + else + return 1 fi } ensure_tag() { - if api GET repos/$REPO/tags/$TAG > $TMP_DIR/tag.json ; then - local sha=$(jq --raw-output .commit.sha < $TMP_DIR/tag.json) - if test "$sha" != "$SHA" ; then - cat $TMP_DIR/tag.json - echo "the tag SHA in the $REPO repository does not match the tag SHA that triggered the build: $SHA" - false - fi + if get_tag; then + if ! matched_tag; then + cat "$TAG_FILE" + echo "the tag SHA in the $REPO repository does not match the tag SHA that triggered the build: $SHA" + return 1 + fi else - api POST repos/$REPO/tags --data-raw '{"tag_name": "'$TAG'", "target": "'$SHA'"}' + create_tag + fi +} + +create_tag() { + api POST repos/$REPO/tags --data-raw '{"tag_name": "'"$TAG"'", "target": "'"$SHA"'"}' >"$TAG_FILE" +} + +delete_tag() { + if get_tag; then + api DELETE repos/$REPO/tags/$TAG + rm -f "$TAG_FILE" fi } upload_release() { - local assets=$(ls $RELEASE_DIR/* | sed -e 's/^/-a /') - if $PRERELEASE || echo "${TAG}" | grep -qi '\-rc' ; then - releasetype="--prerelease" + # assets is defined as a list of arguments, where values may contain whitespace and need to be quoted like this -a "my file.txt" -a "file.txt". + # It is expanded using "${assets[@]}" which preserves the separation of arguments and not split whitespace containing values. + # For reference, see https://github.com/koalaman/shellcheck/wiki/SC2086#exceptions + local assets=() + for file in "$RELEASE_DIR"/*; do + assets=("${assets[@]}" -a "$file") + done + if $PRERELEASE || echo "${TAG}" | grep -qi '\-rc'; then + releaseType="--prerelease" echo "Uploading as Pre-Release" else echo "Uploading as Stable" fi ensure_tag - anchor=$(echo $TAG | sed -e 's/^v//' -e 's/[^a-zA-Z0-9]/-/g') - if ! $BIN_DIR/tea release create $assets --repo $REPO --note "$RELEASENOTES" --tag $TAG --title "$TITLE" --draft ${releasetype} >& $TMP_DIR/tea.log ; then - if grep --quiet 'Unknown API Error: 500' $TMP_DIR/tea.log && grep --quiet services/release/release.go:194 $TMP_DIR/tea.log ; then + if ! "$BIN_DIR"/tea release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} >&"$TMP_DIR"/tea.log; then + if grep --quiet 'Unknown API Error: 500' "$TMP_DIR"/tea.log && grep --quiet services/release/release.go:194 "$TMP_DIR"/tea.log; then echo "workaround v1.20 race condition https://codeberg.org/forgejo/forgejo/issues/1370" sleep 10 - $BIN_DIR/tea release create $assets --repo $REPO --note "$RELEASENOTES" --tag $TAG --title "$TITLE" --draft ${releasetype} + "$BIN_DIR"/tea release create "${assets[@]}" --repo $REPO --note "$RELEASENOTES" --tag "$TAG" --title "$TITLE" --draft ${releaseType} else - cat $TMP_DIR/tea.log + cat "$TMP_DIR"/tea.log return 1 fi fi @@ -68,60 +106,63 @@ upload_release() { release_draft() { local state="$1" - local id=$(api GET repos/$REPO/releases/tags/$TAG | jq --raw-output .id) - api PATCH repos/$REPO/releases/$id --data-raw '{"draft": '$state'}' + local id=$(api GET repos/$REPO/releases/tags/"$TAG" | jq --raw-output .id) + + api PATCH repos/$REPO/releases/"$id" --data-raw '{"draft": '"$state"', "hide_archive_links": '$HIDE_ARCHIVE_LINK'}' } maybe_use_release_note_assistant() { if "$RELEASE_NOTES_ASSISTANT"; then curl --fail -s -S -o rna https://code.forgejo.org/forgejo/release-notes-assistant/releases/download/v1.2.3/release-notes-assistant chmod +x ./rna - ./rna --storage release --storage-location $TAG --forgejo-url $SCHEME://placeholder:$TOKEN@$HOST --repository $REPO --token $TOKEN release $TAG + ./rna --storage release --storage-location "$TAG" --forgejo-url "$SCHEME"://placeholder:"$TOKEN"@"$HOST" --repository $REPO --token "$TOKEN" release "$TAG" fi } sign_release() { local passphrase if test -s "$GPG_PASSPHRASE"; then - passphrase="--passphrase-file $GPG_PASSPHRASE" + passphrase="--passphrase-file $GPG_PASSPHRASE" fi gpg --import --no-tty --pinentry-mode loopback $passphrase "$GPG_PRIVATE_KEY" - for asset in $RELEASE_DIR/* ; do - if [[ $asset =~ .sha256$ ]] ; then - continue - fi - gpg --armor --detach-sign --no-tty --pinentry-mode loopback $passphrase < $asset > $asset.asc + for asset in "$RELEASE_DIR"/*; do + if [[ $asset =~ .sha256$ ]]; then + continue + fi + gpg --armor --detach-sign --no-tty --pinentry-mode loopback $passphrase <"$asset" >"$asset".asc done } maybe_sign_release() { if test -s "$GPG_PRIVATE_KEY"; then - sign_release + sign_release fi } maybe_override() { if test "$OVERRIDE" = "false"; then - return + return + fi + api DELETE repos/$REPO/releases/tags/"$TAG" >&/dev/null || true + if get_tag && ! matched_tag; then + delete_tag fi - api DELETE repos/$REPO/releases/tags/$TAG >& /dev/null || true - api DELETE repos/$REPO/tags/$TAG >& /dev/null || true } upload() { setup_api setup_tea rm -f ~/.config/tea/config.yml - GITEA_SERVER_TOKEN=$TOKEN $BIN_DIR/tea login add --url $FORGEJO + GITEA_SERVER_TOKEN=$TOKEN "$BIN_DIR"/tea login add --url $FORGEJO maybe_sign_release maybe_override upload_release } setup_api() { - if ! which jq curl ; then - apt-get -qq update - apt-get install -y -qq jq curl + if ! which jq curl; then + apt-get -qq update + apt-get install -y -qq jq curl fi } @@ -131,46 +172,46 @@ api() { path=$1 shift - curl --fail -X $method -sS -H "Content-Type: application/json" -H "Authorization: token $TOKEN" "$@" $FORGEJO/api/v1/$path + curl --fail -X "$method" -sS -H "Content-Type: application/json" -H "Authorization: token $TOKEN" "$@" $FORGEJO/api/v1/"$path" } wait_release() { local ready=false for i in $(seq $RETRY); do - if api GET repos/$REPO/releases/tags/$TAG | jq --raw-output .draft > $TMP_DIR/draft; then - if test "$(cat $TMP_DIR/draft)" = "false"; then - ready=true - break - fi - echo "release $TAG is still a draft" - else - echo "release $TAG does not exist yet" - fi - echo "waiting $DELAY seconds" - sleep $DELAY + if api GET repos/$REPO/releases/tags/"$TAG" | jq --raw-output .draft >"$TMP_DIR"/draft; then + if test "$(cat "$TMP_DIR"/draft)" = "false"; then + ready=true + break + fi + echo "release $TAG is still a draft" + else + echo "release $TAG does not exist yet" + fi + echo "waiting $DELAY seconds" + sleep $DELAY done - if ! $ready ; then - echo "no release for $TAG" - return 1 + if ! $ready; then + echo "no release for $TAG" + return 1 fi } download() { setup_api ( - mkdir -p $RELEASE_DIR - cd $RELEASE_DIR - if [[ ${DOWNLOAD_LATEST} == "true" ]] ; then - echo "Downloading the latest release" - api GET repos/$REPO/releases/latest > $TMP_DIR/assets.json - elif [[ ${DOWNLOAD_LATEST} == "false" ]] ; then - wait_release - echo "Downloading tagged release ${TAG}" - api GET repos/$REPO/releases/tags/$TAG > $TMP_DIR/assets.json - fi - jq --raw-output '.assets[] | "\(.name) \(.browser_download_url)"' < $TMP_DIR/assets.json | while read name url ; do - curl --fail -H "Authorization: token $TOKEN" -o $name -L $url - done + mkdir -p $RELEASE_DIR + cd $RELEASE_DIR + if [[ ${DOWNLOAD_LATEST} == "true" ]]; then + echo "Downloading the latest release" + api GET repos/$REPO/releases/latest >"$TMP_DIR"/assets.json + elif [[ ${DOWNLOAD_LATEST} == "false" ]]; then + wait_release + echo "Downloading tagged release ${TAG}" + api GET repos/$REPO/releases/tags/"$TAG" >"$TMP_DIR"/assets.json + fi + jq --raw-output '.assets[] | "\(.browser_download_url) \(.name)"' <"$TMP_DIR"/assets.json | while read url name; do # `name` may contain whitespace, therefore, it must be last + curl --fail -H "Authorization: token $TOKEN" -o "$name" -L "$url" + done ) } diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..b676ef6 --- /dev/null +++ b/renovate.json @@ -0,0 +1,18 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": ["local>actions/renovate-config"], + "customManagers": [ + { + "customType": "regex", + "description": "update example in README.md", + "fileMatch": ["^README.md$"], + "matchStrings": [ + "uses: actions/forgejo-release@(?v\\d+\\.\\d+\\.\\d+)" + ], + "datasourceTemplate": "gitea-tags", + "depNameTemplate": "actions/forgejo-release", + "versioningTemplate": "semver", + "registryUrlTemplate": "https://code.forgejo.org" + } + ] +} diff --git a/testdata/forgejo-release-test.sh b/testdata/forgejo-release-test.sh index 4e84498..156fb6b 100755 --- a/testdata/forgejo-release-test.sh +++ b/testdata/forgejo-release-test.sh @@ -2,6 +2,7 @@ # SPDX-License-Identifier: MIT set -ex +PS4='${BASH_SOURCE[0]}:$LINENO: ${FUNCNAME[0]}: ' test_teardown() { setup_api @@ -38,24 +39,37 @@ test_wait_release() { ! wait_release } +test_create_delete_tag() { + delete_tag + + ! get_tag + create_tag + get_tag + delete_tag + ! get_tag +} + test_ensure_tag() { - api DELETE repos/$REPO/tags/$TAG || true + delete_tag # # idempotent # ensure_tag - api GET repos/$REPO/tags/$TAG > $TMP_DIR/tag1.json + mv $TAG_FILE $TMP_DIR/tag1.json + ensure_tag - api GET repos/$REPO/tags/$TAG > $TMP_DIR/tag2.json + mv $TAG_FILE $TMP_DIR/tag2.json + diff -u $TMP_DIR/tag[12].json # # sanity check on the SHA of an existing tag # ( - SHA=12345 - ! ensure_tag + SHA=12345 + ! matched_tag + ! ensure_tag ) - api DELETE repos/$REPO/tags/$TAG + delete_tag } test_maybe_sign_release_no_gpg() { @@ -94,8 +108,8 @@ test_maybe_sign_release_skipped() { } test_maybe_sign_release_verify() { - for file in $RELEASE_DIR/file-one.txt $RELEASE_DIR/file-two.txt; do - gpg --verify $file.asc $file + for file in $RELEASE_DIR/file-one.txt $RELEASE_DIR/file-two.txt; do + gpg --verify $file.asc $file done } @@ -129,6 +143,7 @@ test_run() { REPO=$user/$project test_setup $project test_ensure_tag + test_create_delete_tag DELAY=0 test_wait_release_fail echo "================================ TEST BEGIN" diff --git a/testdata/nested-upload-download/.forgejo/workflows/test.yml b/testdata/nested-upload-download/.forgejo/workflows/test.yml index 4c6bd91..293fa40 100644 --- a/testdata/nested-upload-download/.forgejo/workflows/test.yml +++ b/testdata/nested-upload-download/.forgejo/workflows/test.yml @@ -12,7 +12,7 @@ jobs: steps: - uses: actions/checkout@v3 - id: forgejo - uses: https://code.forgejo.org/actions/setup-forgejo@v1 + uses: https://code.forgejo.org/actions/setup-forgejo@v2.0.11 with: user: testuser password: admin1234 diff --git a/testdata/upload-download/.forgejo/workflows/test.yml b/testdata/upload-download/.forgejo/workflows/test.yml index be2a6a8..a88867a 100644 --- a/testdata/upload-download/.forgejo/workflows/test.yml +++ b/testdata/upload-download/.forgejo/workflows/test.yml @@ -26,6 +26,7 @@ jobs: token: FORGEJO_TOKEN release-dir: upload-dir release-notes-assistant: true + hide-archive-link: true override: true verbose: true - if: ${{ !startsWith(github.ref, 'refs/tags/v') }} diff --git a/testdata/upload-download/upload-dir/file 3.txt b/testdata/upload-download/upload-dir/file 3.txt new file mode 100644 index 0000000..9eeba5f --- /dev/null +++ b/testdata/upload-download/upload-dir/file 3.txt @@ -0,0 +1 @@ +FILE3