aether/vociferate
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 7 Wiki Activity

Compare commits

base: aether:dda898868f7968efe82c3861ffdea0063aa5351d
Branches Tags
aether:main
aether:v1.2.0 aether:v1.1.0 aether:v1.0.2 aether:v1.0.1 aether:v1.0.0 aether:v0.2.0 aether:v0.1.0
...
compare: aether:1b7281c168009d0406ec407b9052529cb3668089
Branches Tags
aether:main
aether:v1.2.0 aether:v1.1.0 aether:v1.0.2 aether:v1.0.1 aether:v1.0.0 aether:v0.2.0 aether:v0.1.0

2 Commits
dda898868f ... 1b7281c168

Author SHA1 Message Date
Micheal Wilkinson
1b7281c168 docs: update changelog for cache token scoping
All checks were successful
Push Validation / validate (push) Successful in 54s
Details
2026-03-20 20:40:59 +00:00
Micheal Wilkinson
011cca2334 feat: add repository-scoped cache token for action binaries 
Add a new optional cache-token input to both published actions.

- Default cache key token is now action_repository + release_tag.
- Cache key uses this token plus runner architecture.
- prepare-release workflow passes github.sha as a fixed token.

This prevents cross-repository cache collisions when consumers pull
vociferate binaries produced by this repository.
 2026-03-20 20:40:56 +00:00
4 changed files with 36 additions and 2 deletions
Expand all files Collapse all files

1
.gitea/workflows/prepare-release.yml
View File

@@ -44,6 +44,7 @@ jobs:
with: with:
version: ${{ inputs.version }} version: ${{ inputs.version }}
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITHUB_TOKEN }}
cache-token: ${{ github.sha }}
- name: Summarize prepared release - name: Summarize prepared release
run: | run: |

18
action.yml
View File

@@ -25,6 +25,12 @@ inputs:
description: If true, print recommended next release tag. description: If true, print recommended next release tag.
required: false required: false
default: 'false' default: 'false'
cache-token:
description: >
Optional fixed cache token used for the downloaded binary cache key.
Defaults to action repository plus release tag.
required: false
default: ''
outputs: outputs:
version: version:
@@ -41,6 +47,8 @@ runs:
shell: bash shell: bash
env: env:
ACTION_REF: ${{ github.action_ref }} ACTION_REF: ${{ github.action_ref }}
ACTION_REPOSITORY: ${{ github.action_repository }}
CACHE_TOKEN_INPUT: ${{ inputs.cache-token }}
SERVER_URL: ${{ github.server_url }} SERVER_URL: ${{ github.server_url }}
API_URL: ${{ github.api_url }} API_URL: ${{ github.api_url }}
TOKEN: ${{ inputs.token != '' && inputs.token || github.token }} TOKEN: ${{ inputs.token != '' && inputs.token || github.token }}
@@ -70,10 +78,18 @@ runs:
binary_path="${cache_dir}/vociferate" binary_path="${cache_dir}/vociferate"
asset_url="${SERVER_URL}/aether/vociferate/releases/download/${release_tag}/${asset_name}" asset_url="${SERVER_URL}/aether/vociferate/releases/download/${release_tag}/${asset_name}"
provided_cache_token="$(printf '%s' "${CACHE_TOKEN_INPUT:-}" | sed 's/^[[:space:]]\+//; s/[[:space:]]\+$//')"
if [[ -n "$provided_cache_token" ]]; then
cache_token="$provided_cache_token"
else
cache_token="${ACTION_REPOSITORY:-aether/vociferate}-${release_tag}"
fi
mkdir -p "$cache_dir" mkdir -p "$cache_dir"
echo "use_binary=true" >> "$GITHUB_OUTPUT" echo "use_binary=true" >> "$GITHUB_OUTPUT"
echo "release_tag=$release_tag" >> "$GITHUB_OUTPUT" echo "release_tag=$release_tag" >> "$GITHUB_OUTPUT"
echo "cache_token=$cache_token" >> "$GITHUB_OUTPUT"
echo "asset_name=$asset_name" >> "$GITHUB_OUTPUT" echo "asset_name=$asset_name" >> "$GITHUB_OUTPUT"
echo "asset_url=$asset_url" >> "$GITHUB_OUTPUT" echo "asset_url=$asset_url" >> "$GITHUB_OUTPUT"
echo "cache_dir=$cache_dir" >> "$GITHUB_OUTPUT" echo "cache_dir=$cache_dir" >> "$GITHUB_OUTPUT"
@@ -96,7 +112,7 @@ runs:
uses: actions/cache@v4 uses: actions/cache@v4
with: with:
path: ${{ steps.resolve-binary.outputs.cache_dir }} path: ${{ steps.resolve-binary.outputs.cache_dir }}
key: vociferate-${{ steps.resolve-binary.outputs.release_tag }}-linux-${{ runner.arch }} key: vociferate-${{ steps.resolve-binary.outputs.cache_token }}-linux-${{ runner.arch }}
- name: Download vociferate binary - name: Download vociferate binary
if: steps.resolve-binary.outputs.use_binary == 'true' && steps.cache-vociferate.outputs.cache-hit != 'true' if: steps.resolve-binary.outputs.use_binary == 'true' && steps.cache-vociferate.outputs.cache-hit != 'true'

1
changelog.md
View File

@@ -18,6 +18,7 @@ A `### Breaking` section is used in addition to Keep a Changelog's standard sect
- `prepare/action.yml` accepts a `git-add-files` input so repositories using a custom `version-file` can stage the correct set of files for the release commit. - `prepare/action.yml` accepts a `git-add-files` input so repositories using a custom `version-file` can stage the correct set of files for the release commit.
- The `prepare-release.yml` and `do-release.yml` vociferate workflows now use the local `./prepare` and `./publish` actions, validating the actions in the self-release pipeline. - The `prepare-release.yml` and `do-release.yml` vociferate workflows now use the local `./prepare` and `./publish` actions, validating the actions in the self-release pipeline.
- `prepare/action.yml` and `action.yml` use `go run ./cmd/vociferate` directly from the action source (via `GITHUB_ACTION_PATH`) when invoked at `@main`, and download a prebuilt binary when invoked at a semver tag. This makes development and CI on `main` self-contained without requiring a published release. - `prepare/action.yml` and `action.yml` use `go run ./cmd/vociferate` directly from the action source (via `GITHUB_ACTION_PATH`) when invoked at `@main`, and download a prebuilt binary when invoked at a semver tag. This makes development and CI on `main` self-contained without requiring a published release.
- Binary download cache keys in published actions are now repository-scoped and support a fixed `cache-token` override. The local prepare-release workflow passes `github.sha` as the cache token, ensuring cache entries track this repository's produced binaries rather than colliding with similarly keyed caches from other repositories.
- Release version recommendation now reads the current version from the most recent released section in the changelog instead of requiring a separate version file. When no prior releases exist the version defaults to `0.0.0`, yielding `v1.0.0` as the first recommended tag. - Release version recommendation now reads the current version from the most recent released section in the changelog instead of requiring a separate version file. When no prior releases exist the version defaults to `0.0.0`, yielding `v1.0.0` as the first recommended tag.
- `vociferate prepare` creates the `release-version` file if it does not already exist, removing the need to pre-seed it in new repositories. - `vociferate prepare` creates the `release-version` file if it does not already exist, removing the need to pre-seed it in new repositories.

18
prepare/action.yml
View File

@@ -48,6 +48,12 @@ inputs:
custom version-file. custom version-file.
required: false required: false
default: 'changelog.md release-version' default: 'changelog.md release-version'
cache-token:
description: >
Optional fixed cache token used for the downloaded binary cache key.
Defaults to action repository plus release tag.
required: false
default: ''
outputs: outputs:
version: version:
@@ -63,6 +69,8 @@ runs:
shell: bash shell: bash
env: env:
ACTION_REF: ${{ github.action_ref }} ACTION_REF: ${{ github.action_ref }}
ACTION_REPOSITORY: ${{ github.action_repository }}
CACHE_TOKEN_INPUT: ${{ inputs.cache-token }}
SERVER_URL: ${{ github.server_url }} SERVER_URL: ${{ github.server_url }}
API_URL: ${{ github.api_url }} API_URL: ${{ github.api_url }}
TOKEN: ${{ inputs.token != '' && inputs.token || github.token }} TOKEN: ${{ inputs.token != '' && inputs.token || github.token }}
@@ -88,10 +96,18 @@ runs:
binary_path="${cache_dir}/vociferate" binary_path="${cache_dir}/vociferate"
asset_url="${SERVER_URL}/aether/vociferate/releases/download/${release_tag}/${asset_name}" asset_url="${SERVER_URL}/aether/vociferate/releases/download/${release_tag}/${asset_name}"
provided_cache_token="$(printf '%s' "${CACHE_TOKEN_INPUT:-}" | sed 's/^[[:space:]]\+//; s/[[:space:]]\+$//')"
if [[ -n "$provided_cache_token" ]]; then
cache_token="$provided_cache_token"
else
cache_token="${ACTION_REPOSITORY:-aether/vociferate}-${release_tag}"
fi
mkdir -p "$cache_dir" mkdir -p "$cache_dir"
echo "use_binary=true" >> "$GITHUB_OUTPUT" echo "use_binary=true" >> "$GITHUB_OUTPUT"
echo "release_tag=$release_tag" >> "$GITHUB_OUTPUT" echo "release_tag=$release_tag" >> "$GITHUB_OUTPUT"
echo "cache_token=$cache_token" >> "$GITHUB_OUTPUT"
echo "asset_name=$asset_name" >> "$GITHUB_OUTPUT" echo "asset_name=$asset_name" >> "$GITHUB_OUTPUT"
echo "asset_url=$asset_url" >> "$GITHUB_OUTPUT" echo "asset_url=$asset_url" >> "$GITHUB_OUTPUT"
echo "cache_dir=$cache_dir" >> "$GITHUB_OUTPUT" echo "cache_dir=$cache_dir" >> "$GITHUB_OUTPUT"
@@ -114,7 +130,7 @@ runs:
uses: actions/cache@v4 uses: actions/cache@v4
with: with:
path: ${{ steps.resolve-binary.outputs.cache_dir }} path: ${{ steps.resolve-binary.outputs.cache_dir }}
key: vociferate-${{ steps.resolve-binary.outputs.release_tag }}-linux-${{ runner.arch }} key: vociferate-${{ steps.resolve-binary.outputs.cache_token }}-linux-${{ runner.arch }}
- name: Download vociferate binary - name: Download vociferate binary
if: steps.resolve-binary.outputs.use_binary == 'true' && steps.cache-vociferate.outputs.cache-hit != 'true' if: steps.resolve-binary.outputs.use_binary == 'true' && steps.cache-vociferate.outputs.cache-hit != 'true'