From db1f4c1563781bde9a1e283660e5950d13f58529 Mon Sep 17 00:00:00 2001 From: Joakim Olsson Date: Fri, 9 Jan 2026 04:42:53 +0100 Subject: [PATCH] fix: remove containers from workflow to fix Node.js compatibility - Run directly on ubuntu-latest instead of custom containers - Download git-cliff binary from GitHub releases - Add Renovate custom manager for automatic git-cliff updates --- .gitea/workflows/Release.yml | 34 +++++++++++++--------------------- CLAUDE.md | 4 ++-- renovate.json | 11 +++++++++++ 3 files changed, 26 insertions(+), 23 deletions(-) diff --git a/.gitea/workflows/Release.yml b/.gitea/workflows/Release.yml index 03614fa..45535b8 100644 --- a/.gitea/workflows/Release.yml +++ b/.gitea/workflows/Release.yml @@ -12,13 +12,12 @@ on: env: GITEA_URL: https://git.unbound.se RELEASE_TOKEN_FILE: /runner-secrets/release-token + GIT_CLIFF_VERSION: "2.10.1" jobs: preconditions: name: Check Preconditions runs-on: ubuntu-latest - container: - image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90 steps: - name: Validate token run: | @@ -38,8 +37,6 @@ jobs: runs-on: ubuntu-latest needs: preconditions if: github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch - container: - image: orhunp/git-cliff:2.10.1@sha256:6ba0d1fcb051bd7b154cfb19c4b2b3bfa2c22c475f5285fc30606777b6573119 outputs: version: ${{ steps.version.outputs.version }} has_changes: ${{ steps.check.outputs.has_changes }} @@ -49,6 +46,12 @@ jobs: with: fetch-depth: 0 + - name: Install git-cliff + run: | + curl -sSfL "https://github.com/orhun/git-cliff/releases/download/v${GIT_CLIFF_VERSION}/git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-gnu.tar.gz" | tar xz + sudo mv "git-cliff-${GIT_CLIFF_VERSION}/git-cliff" /usr/local/bin/ + git-cliff --version + - name: Generate changelog run: | git-cliff --bump --unreleased --strip header > CHANGES.md @@ -86,12 +89,7 @@ jobs: runs-on: ubuntu-latest needs: changelog if: needs.changelog.outputs.has_changes == 'true' - container: - image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90 steps: - - name: Install dependencies - run: apk add --no-cache git jq curl - - name: Download artifacts uses: actions/download-artifact@v4 with: @@ -253,8 +251,6 @@ jobs: if: | (github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch) || github.ref_type == 'tag' - container: - image: orhunp/git-cliff:2.10.1@sha256:6ba0d1fcb051bd7b154cfb19c4b2b3bfa2c22c475f5285fc30606777b6573119 outputs: version: ${{ steps.version.outputs.version }} steps: @@ -263,6 +259,12 @@ jobs: with: fetch-depth: 0 + - name: Install git-cliff + run: | + curl -sSfL "https://github.com/orhun/git-cliff/releases/download/v${GIT_CLIFF_VERSION}/git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-gnu.tar.gz" | tar xz + sudo mv "git-cliff-${GIT_CLIFF_VERSION}/git-cliff" /usr/local/bin/ + git-cliff --version + - name: Generate changelog run: | if [ "${{ github.ref_type }}" = "tag" ]; then @@ -294,17 +296,12 @@ jobs: github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch && inputs.tag_only != true - container: - image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90 steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Install dependencies - run: apk add --no-cache git jq curl - - name: Download artifacts uses: actions/download-artifact@v4 with: @@ -357,17 +354,12 @@ jobs: github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch && inputs.tag_only == true - container: - image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90 steps: - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Install dependencies - run: apk add --no-cache git jq curl - - name: Download artifacts uses: actions/download-artifact@v4 with: diff --git a/CLAUDE.md b/CLAUDE.md index ee2fe6d..a9b29f8 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -10,7 +10,8 @@ This repository contains reusable Gitea Actions workflows for Unbound Software r - **Location**: Workflows are stored in `.gitea/workflows/` (not `.github/workflows/`) - **Platform**: Gitea Actions (compatible with GitHub Actions syntax but runs on Gitea) -- **Base images**: Uses pinned Alpine and git-cliff images with SHA256 digests for reproducibility +- **Runner**: Uses `ubuntu-latest` runner directly (no containers) +- **git-cliff**: Downloaded as binary from GitHub releases, version controlled via `GIT_CLIFF_VERSION` env var ### Release.yml Workflow @@ -29,4 +30,3 @@ Version tracking uses a `.version` JSON file containing `{"version":"vX.Y.Z"}`. - No build/test commands exist - this is a workflow-only repository - Workflows use Gitea API directly via curl (not gh CLI) - Authentication reads from file-based token at `/runner-secrets/release-token` -- Container images should include SHA256 digests for security diff --git a/renovate.json b/renovate.json index 5db72dd..4e5abdd 100644 --- a/renovate.json +++ b/renovate.json @@ -2,5 +2,16 @@ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ "config:recommended" + ], + "customManagers": [ + { + "customType": "regex", + "fileMatch": ["^\\.gitea/workflows/.*\\.ya?ml$"], + "matchStrings": [ + "GIT_CLIFF_VERSION:\\s*[\"']?(?[^\"'\\s]+)[\"']?" + ], + "depNameTemplate": "orhun/git-cliff", + "datasourceTemplate": "github-releases" + } ] }