bab7b74da8
- Remove token and cache-token from public action inputs - Always use github.token internally for downloads/push - Read fixed cache token from VOCIFERATE_CACHE_TOKEN env - Add explicit 'Resolve cache token' step before prepare/tag in prepare-release workflow and pass it via env
225 lines
7.6 KiB
YAML
225 lines
7.6 KiB
YAML
name: vociferate/prepare
|
|
description: >
|
|
Download vociferate, prepare release files, then commit, tag, and push.
|
|
The repository must be checked out before this action runs.
|
|
|
|
inputs:
|
|
version:
|
|
description: >
|
|
Optional semantic version override (with or without leading v). When
|
|
omitted, the recommended next version is derived from the changelog.
|
|
required: false
|
|
default: ''
|
|
version-file:
|
|
description: >
|
|
Path to version file relative to repository root. When omitted, the
|
|
current version is derived from the most recent released section in
|
|
the changelog.
|
|
required: false
|
|
default: ''
|
|
version-pattern:
|
|
description: >
|
|
Regular expression with one capture group containing the version value.
|
|
Only required when version-file is set.
|
|
required: false
|
|
default: ''
|
|
changelog:
|
|
description: Path to changelog file relative to repository root.
|
|
required: false
|
|
default: changelog.md
|
|
git-user-name:
|
|
description: Name for the release commit author.
|
|
required: false
|
|
default: 'gitea-actions[bot]'
|
|
git-user-email:
|
|
description: Email for the release commit author.
|
|
required: false
|
|
default: 'gitea-actions[bot]@users.noreply.local'
|
|
git-add-files:
|
|
description: >
|
|
Space-separated list of file paths to stage for the release commit.
|
|
Defaults to changelog.md and release-version. Adjust when using a
|
|
custom version-file.
|
|
required: false
|
|
default: 'changelog.md release-version'
|
|
|
|
outputs:
|
|
version:
|
|
description: >
|
|
The resolved version tag (e.g. v1.2.3) that was committed and pushed.
|
|
value: ${{ steps.run-vociferate.outputs.version }}
|
|
|
|
runs:
|
|
using: composite
|
|
steps:
|
|
- name: Resolve vociferate binary metadata
|
|
id: resolve-binary
|
|
shell: bash
|
|
env:
|
|
ACTION_REF: ${{ github.action_ref }}
|
|
ACTION_REPOSITORY: ${{ github.action_repository }}
|
|
CACHE_TOKEN: ${{ env.VOCIFERATE_CACHE_TOKEN }}
|
|
SERVER_URL: ${{ github.server_url }}
|
|
API_URL: ${{ github.api_url }}
|
|
TOKEN: ${{ github.token }}
|
|
RUNNER_ARCH: ${{ runner.arch }}
|
|
RUNNER_TEMP: ${{ runner.temp }}
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
case "$RUNNER_ARCH" in
|
|
X64) arch="amd64" ;;
|
|
ARM64) arch="arm64" ;;
|
|
*)
|
|
echo "Unsupported runner architecture: $RUNNER_ARCH" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
if [[ "$ACTION_REF" == v* ]]; then
|
|
release_tag="$ACTION_REF"
|
|
normalized_version="${release_tag#v}"
|
|
asset_name="vociferate_${normalized_version}_linux_${arch}"
|
|
cache_dir="${RUNNER_TEMP}/vociferate/${release_tag}/linux-${arch}"
|
|
binary_path="${cache_dir}/vociferate"
|
|
asset_url="${SERVER_URL}/aether/vociferate/releases/download/${release_tag}/${asset_name}"
|
|
|
|
provided_cache_token="$(printf '%s' "${CACHE_TOKEN:-}" | sed 's/^[[:space:]]\+//; s/[[:space:]]\+$//')"
|
|
if [[ -n "$provided_cache_token" ]]; then
|
|
cache_token="$provided_cache_token"
|
|
else
|
|
cache_token="${ACTION_REPOSITORY:-aether/vociferate}-${release_tag}"
|
|
fi
|
|
|
|
mkdir -p "$cache_dir"
|
|
|
|
echo "use_binary=true" >> "$GITHUB_OUTPUT"
|
|
echo "release_tag=$release_tag" >> "$GITHUB_OUTPUT"
|
|
echo "cache_token=$cache_token" >> "$GITHUB_OUTPUT"
|
|
echo "asset_name=$asset_name" >> "$GITHUB_OUTPUT"
|
|
echo "asset_url=$asset_url" >> "$GITHUB_OUTPUT"
|
|
echo "cache_dir=$cache_dir" >> "$GITHUB_OUTPUT"
|
|
echo "binary_path=$binary_path" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "use_binary=false" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
- name: Setup Go
|
|
if: steps.resolve-binary.outputs.use_binary != 'true'
|
|
uses: actions/setup-go@v5
|
|
with:
|
|
go-version: '1.26.1'
|
|
cache: true
|
|
cache-dependency-path: ${{ github.action_path }}/../go.sum
|
|
|
|
- name: Restore cached vociferate binary
|
|
id: cache-vociferate
|
|
if: steps.resolve-binary.outputs.use_binary == 'true'
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: ${{ steps.resolve-binary.outputs.cache_dir }}
|
|
key: vociferate-${{ steps.resolve-binary.outputs.cache_token }}-linux-${{ runner.arch }}
|
|
|
|
- name: Download vociferate binary
|
|
if: steps.resolve-binary.outputs.use_binary == 'true' && steps.cache-vociferate.outputs.cache-hit != 'true'
|
|
shell: bash
|
|
env:
|
|
TOKEN: ${{ github.token }}
|
|
ASSET_URL: ${{ steps.resolve-binary.outputs.asset_url }}
|
|
BINARY_PATH: ${{ steps.resolve-binary.outputs.binary_path }}
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
curl --fail --location \
|
|
-H "Authorization: token ${TOKEN}" \
|
|
-o "$BINARY_PATH" \
|
|
"$ASSET_URL"
|
|
chmod +x "$BINARY_PATH"
|
|
|
|
- name: Run vociferate
|
|
id: run-vociferate
|
|
shell: bash
|
|
env:
|
|
VOCIFERATE_BIN: ${{ steps.resolve-binary.outputs.binary_path }}
|
|
USE_BINARY: ${{ steps.resolve-binary.outputs.use_binary }}
|
|
INPUT_VERSION: ${{ inputs.version }}
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
if [[ "$USE_BINARY" == "true" ]]; then
|
|
run_vociferate() { "$VOCIFERATE_BIN" "$@"; }
|
|
else
|
|
action_root="$(realpath "$GITHUB_ACTION_PATH/..")"
|
|
run_vociferate() { (cd "$action_root" && go run ./cmd/vociferate "$@"); }
|
|
fi
|
|
|
|
common_args=(--root "$GITHUB_WORKSPACE")
|
|
|
|
if [[ -n "${{ inputs.version-file }}" ]]; then
|
|
common_args+=(--version-file "${{ inputs.version-file }}")
|
|
fi
|
|
|
|
if [[ -n "${{ inputs.version-pattern }}" ]]; then
|
|
common_args+=(--version-pattern "${{ inputs.version-pattern }}")
|
|
fi
|
|
|
|
if [[ -n "${{ inputs.changelog }}" ]]; then
|
|
common_args+=(--changelog "${{ inputs.changelog }}")
|
|
fi
|
|
|
|
provided_version="$(printf '%s' "${INPUT_VERSION:-}" | sed 's/^[[:space:]]\+//; s/[[:space:]]\+$//')"
|
|
if [[ -z "$provided_version" ]]; then
|
|
provided_version="$(run_vociferate "${common_args[@]}" --recommend)"
|
|
fi
|
|
|
|
normalized_version="${provided_version#v}"
|
|
tag="v${normalized_version}"
|
|
|
|
run_vociferate "${common_args[@]}" --version "$provided_version" --date "$(date -u +%F)"
|
|
|
|
echo "version=$tag" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Commit and push release
|
|
shell: bash
|
|
env:
|
|
TOKEN: ${{ github.token }}
|
|
GIT_USER_NAME: ${{ inputs.git-user-name }}
|
|
GIT_USER_EMAIL: ${{ inputs.git-user-email }}
|
|
GIT_ADD_FILES: ${{ inputs.git-add-files }}
|
|
RELEASE_TAG: ${{ steps.run-vociferate.outputs.version }}
|
|
GITHUB_SERVER_URL: ${{ github.server_url }}
|
|
GITHUB_REPOSITORY: ${{ github.repository }}
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
if git rev-parse "$RELEASE_TAG" >/dev/null 2>&1; then
|
|
echo "Tag ${RELEASE_TAG} already exists" >&2
|
|
exit 1
|
|
fi
|
|
|
|
case "$GITHUB_SERVER_URL" in
|
|
https://*)
|
|
authed_remote="https://oauth2:${TOKEN}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git"
|
|
;;
|
|
http://*)
|
|
authed_remote="http://oauth2:${TOKEN}@${GITHUB_SERVER_URL#http://}/${GITHUB_REPOSITORY}.git"
|
|
;;
|
|
*)
|
|
echo "Unsupported GITHUB_SERVER_URL: ${GITHUB_SERVER_URL}" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
git config user.name "$GIT_USER_NAME"
|
|
git config user.email "$GIT_USER_EMAIL"
|
|
git remote set-url origin "$authed_remote"
|
|
|
|
for f in $GIT_ADD_FILES; do
|
|
git add "$f"
|
|
done
|
|
|
|
git commit -m "release: prepare ${RELEASE_TAG}"
|
|
git tag "$RELEASE_TAG"
|
|
git push origin HEAD
|
|
git push origin "$RELEASE_TAG"
|