aether/vociferate
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 7 Wiki Activity
Files
1b7281c168009d0406ec407b9052529cb3668089
vociferate/prepare/action.yml
Micheal Wilkinson 011cca2334 feat: add repository-scoped cache token for action binaries 
Add a new optional cache-token input to both published actions.

- Default cache key token is now action_repository + release_tag.
- Cache key uses this token plus runner architecture.
- prepare-release workflow passes github.sha as a fixed token.

This prevents cross-repository cache collisions when consumers pull
vociferate binaries produced by this repository.
2026-03-20 20:40:56 +00:00

237 lines
8.1 KiB
YAML
Raw Blame History

name: vociferate/prepare
description: >
Download vociferate, prepare release files, then commit, tag, and push.
The repository must be checked out before this action runs.
inputs:
token:
description: >
Token used to download the vociferate binary and to push the release
commit and tag. Defaults to the workflow token.
required: false
default: ''
version:
description: >
Optional semantic version override (with or without leading v). When
omitted, the recommended next version is derived from the changelog.
required: false
default: ''
version-file:
description: >
Path to version file relative to repository root. When omitted, the
current version is derived from the most recent released section in
the changelog.
required: false
default: ''
version-pattern:
description: >
Regular expression with one capture group containing the version value.
Only required when version-file is set.
required: false
default: ''
changelog:
description: Path to changelog file relative to repository root.
required: false
default: changelog.md
git-user-name:
description: Name for the release commit author.
required: false
default: 'gitea-actions[bot]'
git-user-email:
description: Email for the release commit author.
required: false
default: 'gitea-actions[bot]@users.noreply.local'
git-add-files:
description: >
Space-separated list of file paths to stage for the release commit.
Defaults to changelog.md and release-version. Adjust when using a
custom version-file.
required: false
default: 'changelog.md release-version'
cache-token:
description: >
Optional fixed cache token used for the downloaded binary cache key.
Defaults to action repository plus release tag.
required: false
default: ''
outputs:
version:
description: >
The resolved version tag (e.g. v1.2.3) that was committed and pushed.
value: ${{ steps.run-vociferate.outputs.version }}
runs:
using: composite
steps:
- name: Resolve vociferate binary metadata
id: resolve-binary
shell: bash
env:
ACTION_REF: ${{ github.action_ref }}
ACTION_REPOSITORY: ${{ github.action_repository }}
CACHE_TOKEN_INPUT: ${{ inputs.cache-token }}
SERVER_URL: ${{ github.server_url }}
API_URL: ${{ github.api_url }}
TOKEN: ${{ inputs.token != '' && inputs.token || github.token }}
RUNNER_ARCH: ${{ runner.arch }}
RUNNER_TEMP: ${{ runner.temp }}
run: |
set -euo pipefail
case "$RUNNER_ARCH" in
X64) arch="amd64" ;;
ARM64) arch="arm64" ;;
*)
echo "Unsupported runner architecture: $RUNNER_ARCH" >&2
exit 1
;;
esac
if [[ "$ACTION_REF" == v* ]]; then
release_tag="$ACTION_REF"
normalized_version="${release_tag#v}"
asset_name="vociferate_${normalized_version}_linux_${arch}"
cache_dir="${RUNNER_TEMP}/vociferate/${release_tag}/linux-${arch}"
binary_path="${cache_dir}/vociferate"
asset_url="${SERVER_URL}/aether/vociferate/releases/download/${release_tag}/${asset_name}"
provided_cache_token="$(printf '%s' "${CACHE_TOKEN_INPUT:-}" | sed 's/^[[:space:]]\+//; s/[[:space:]]\+$//')"
if [[ -n "$provided_cache_token" ]]; then
cache_token="$provided_cache_token"
else
cache_token="${ACTION_REPOSITORY:-aether/vociferate}-${release_tag}"
fi
mkdir -p "$cache_dir"
echo "use_binary=true" >> "$GITHUB_OUTPUT"
echo "release_tag=$release_tag" >> "$GITHUB_OUTPUT"
echo "cache_token=$cache_token" >> "$GITHUB_OUTPUT"
echo "asset_name=$asset_name" >> "$GITHUB_OUTPUT"
echo "asset_url=$asset_url" >> "$GITHUB_OUTPUT"
echo "cache_dir=$cache_dir" >> "$GITHUB_OUTPUT"
echo "binary_path=$binary_path" >> "$GITHUB_OUTPUT"
else
echo "use_binary=false" >> "$GITHUB_OUTPUT"
fi
- name: Setup Go
if: steps.resolve-binary.outputs.use_binary != 'true'
uses: actions/setup-go@v5
with:
go-version: '1.26.1'
cache: true
cache-dependency-path: ${{ github.action_path }}/../go.sum
- name: Restore cached vociferate binary
id: cache-vociferate
if: steps.resolve-binary.outputs.use_binary == 'true'
uses: actions/cache@v4
with:
path: ${{ steps.resolve-binary.outputs.cache_dir }}
key: vociferate-${{ steps.resolve-binary.outputs.cache_token }}-linux-${{ runner.arch }}
- name: Download vociferate binary
if: steps.resolve-binary.outputs.use_binary == 'true' && steps.cache-vociferate.outputs.cache-hit != 'true'
shell: bash
env:
TOKEN: ${{ inputs.token != '' && inputs.token || github.token }}
ASSET_URL: ${{ steps.resolve-binary.outputs.asset_url }}
BINARY_PATH: ${{ steps.resolve-binary.outputs.binary_path }}
run: |
set -euo pipefail
curl --fail --location \
-H "Authorization: token ${TOKEN}" \
-o "$BINARY_PATH" \
"$ASSET_URL"
chmod +x "$BINARY_PATH"
- name: Run vociferate
id: run-vociferate
shell: bash
env:
VOCIFERATE_BIN: ${{ steps.resolve-binary.outputs.binary_path }}
USE_BINARY: ${{ steps.resolve-binary.outputs.use_binary }}
INPUT_VERSION: ${{ inputs.version }}
run: |
set -euo pipefail
if [[ "$USE_BINARY" == "true" ]]; then
run_vociferate() { "$VOCIFERATE_BIN" "$@"; }
else
action_root="$(realpath "$GITHUB_ACTION_PATH/..")"
run_vociferate() { (cd "$action_root" && go run ./cmd/vociferate "$@"); }
fi
common_args=(--root "$GITHUB_WORKSPACE")
if [[ -n "${{ inputs.version-file }}" ]]; then
common_args+=(--version-file "${{ inputs.version-file }}")
fi
if [[ -n "${{ inputs.version-pattern }}" ]]; then
common_args+=(--version-pattern "${{ inputs.version-pattern }}")
fi
if [[ -n "${{ inputs.changelog }}" ]]; then
common_args+=(--changelog "${{ inputs.changelog }}")
fi
provided_version="$(printf '%s' "${INPUT_VERSION:-}" | sed 's/^[[:space:]]\+//; s/[[:space:]]\+$//')"
if [[ -z "$provided_version" ]]; then
provided_version="$(run_vociferate "${common_args[@]}" --recommend)"
fi
normalized_version="${provided_version#v}"
tag="v${normalized_version}"
run_vociferate "${common_args[@]}" --version "$provided_version" --date "$(date -u +%F)"
echo "version=$tag" >> "$GITHUB_OUTPUT"
- name: Commit and push release
shell: bash
env:
TOKEN: ${{ inputs.token != '' && inputs.token || github.token }}
GIT_USER_NAME: ${{ inputs.git-user-name }}
GIT_USER_EMAIL: ${{ inputs.git-user-email }}
GIT_ADD_FILES: ${{ inputs.git-add-files }}
RELEASE_TAG: ${{ steps.run-vociferate.outputs.version }}
GITHUB_SERVER_URL: ${{ github.server_url }}
GITHUB_REPOSITORY: ${{ github.repository }}
run: |
set -euo pipefail
if git rev-parse "$RELEASE_TAG" >/dev/null 2>&1; then
echo "Tag ${RELEASE_TAG} already exists" >&2
exit 1
fi
case "$GITHUB_SERVER_URL" in
https://*)
authed_remote="https://oauth2:${TOKEN}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git"
;;
http://*)
authed_remote="http://oauth2:${TOKEN}@${GITHUB_SERVER_URL#http://}/${GITHUB_REPOSITORY}.git"
;;
*)
echo "Unsupported GITHUB_SERVER_URL: ${GITHUB_SERVER_URL}" >&2
exit 1
;;
esac
git config user.name "$GIT_USER_NAME"
git config user.email "$GIT_USER_EMAIL"
git remote set-url origin "$authed_remote"
for f in $GIT_ADD_FILES; do
git add "$f"
done
git commit -m "release: prepare ${RELEASE_TAG}"
git tag "$RELEASE_TAG"
git push origin HEAD
git push origin "$RELEASE_TAG"
Reference in New Issue View Git Blame Copy Permalink