chore(ci): add preflight token and API checks
This commit is contained in:
Micheal Wilkinson
@@ -52,6 +52,40 @@ jobs:
|
|||||||
cache: true
|
cache: true
|
||||||
cache-dependency-path: go.sum
|
cache-dependency-path: go.sum
|
||||||
|
|
||||||
|
- name: Preflight release API access
|
||||||
|
env:
|
||||||
|
REQUESTED_TAG: ${{ inputs.tag }}
|
||||||
|
run: |
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
if [[ -z "${RELEASE_TOKEN:-}" ]]; then
|
||||||
|
echo "No release token available. Set GITEA_TOKEN (or GITHUB_TOKEN on GitHub)." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
api_base="${GITHUB_API_URL:-${GITHUB_SERVER_URL%/}/api/v1}"
|
||||||
|
repo_api="${api_base}/repos/${GITHUB_REPOSITORY}"
|
||||||
|
|
||||||
|
curl --fail-with-body -sS \
|
||||||
|
-H "Authorization: token ${RELEASE_TOKEN}" \
|
||||||
|
-H "Content-Type: application/json" \
|
||||||
|
"${repo_api}" >/dev/null
|
||||||
|
|
||||||
|
curl --fail-with-body -sS \
|
||||||
|
-H "Authorization: token ${RELEASE_TOKEN}" \
|
||||||
|
-H "Content-Type: application/json" \
|
||||||
|
"${repo_api}/releases?limit=1" >/dev/null
|
||||||
|
|
||||||
|
requested_tag="$(printf '%s' "${REQUESTED_TAG:-}" | sed 's/^[[:space:]]\+//; s/[[:space:]]\+$//')"
|
||||||
|
if [[ -n "$requested_tag" ]]; then
|
||||||
|
normalized_tag="${requested_tag#v}"
|
||||||
|
tag_ref="refs/tags/v${normalized_tag}"
|
||||||
|
if ! git rev-parse --verify --quiet "$tag_ref" >/dev/null; then
|
||||||
|
echo "Requested tag ${tag_ref#refs/tags/} was not found in the checked out repository." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
- name: Create or update release
|
- name: Create or update release
|
||||||
id: publish
|
id: publish
|
||||||
uses: ./publish
|
uses: ./publish
|
||||||
@@ -177,7 +211,7 @@ jobs:
|
|||||||
|
|
||||||
- name: Download released binary
|
- name: Download released binary
|
||||||
env:
|
env:
|
||||||
TOKEN: ${{ github.token }}
|
TOKEN: ${{ secrets.GITHUB_TOKEN || secrets.GITEA_TOKEN }}
|
||||||
TAG_NAME: ${{ needs.release.outputs.tag }}
|
TAG_NAME: ${{ needs.release.outputs.tag }}
|
||||||
RELEASE_VERSION: ${{ needs.release.outputs.version }}
|
RELEASE_VERSION: ${{ needs.release.outputs.version }}
|
||||||
ASSET_ARCH: ${{ matrix.asset_arch }}
|
ASSET_ARCH: ${{ matrix.asset_arch }}
|
||||||
|
|||||||
@@ -64,6 +64,34 @@ runs:
|
|||||||
|
|
||||||
printf 'pr_number=%s\n' "$PR_NUMBER" >> "$GITHUB_OUTPUT"
|
printf 'pr_number=%s\n' "$PR_NUMBER" >> "$GITHUB_OUTPUT"
|
||||||
|
|
||||||
|
- name: Preflight comment API access
|
||||||
|
id: preflight
|
||||||
|
shell: bash
|
||||||
|
env:
|
||||||
|
AUTH_TOKEN: ${{ inputs.token != '' && inputs.token || github.token }}
|
||||||
|
PR_NUMBER: ${{ steps.validate.outputs.pr_number }}
|
||||||
|
SERVER_URL: ${{ github.server_url }}
|
||||||
|
REPOSITORY: ${{ github.repository }}
|
||||||
|
run: |
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
if [[ -z "$AUTH_TOKEN" ]]; then
|
||||||
|
echo "No token available for PR comment API calls. Set input token or provide workflow token." >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
api_url="${SERVER_URL}/api/v1"
|
||||||
|
if [[ "$SERVER_URL" == *"github.com"* ]]; then
|
||||||
|
api_url="https://api.github.com"
|
||||||
|
fi
|
||||||
|
|
||||||
|
comments_url="${api_url}/repos/${REPOSITORY}/issues/${PR_NUMBER}/comments"
|
||||||
|
|
||||||
|
curl --fail-with-body -sS \
|
||||||
|
-H "Authorization: Bearer ${AUTH_TOKEN}" \
|
||||||
|
-H "Content-Type: application/json" \
|
||||||
|
"$comments_url" >/dev/null
|
||||||
|
|
||||||
- name: Extract changelog unreleased entries
|
- name: Extract changelog unreleased entries
|
||||||
id: extract-changelog
|
id: extract-changelog
|
||||||
shell: bash
|
shell: bash
|
||||||
|
|||||||
Reference in New Issue
Block a user