unboundsoftware/shared-workflows
6
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Activity

fix: remove containers from workflow to fix Node.js compatibility

Browse Source 
- Run directly on ubuntu-latest instead of custom containers
- Download git-cliff binary from GitHub releases
- Add Renovate custom manager for automatic git-cliff updates
This commit is contained in:
Joakim Olsson
2026-01-09 04:42:53 +01:00
parent 1e799eccc0
commit db1f4c1563
3 changed files with 26 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/workflows/Release.yml
+13 -21
View File
@@ -12,13 +12,12 @@ on:
env: env:
GITEA_URL: https://git.unbound.se GITEA_URL: https://git.unbound.se
RELEASE_TOKEN_FILE: /runner-secrets/release-token RELEASE_TOKEN_FILE: /runner-secrets/release-token
GIT_CLIFF_VERSION: "2.10.1"
jobs: jobs:
preconditions: preconditions:
name: Check Preconditions name: Check Preconditions
runs-on: ubuntu-latest runs-on: ubuntu-latest
container:
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
steps: steps:
- name: Validate token - name: Validate token
run: | run: |
@@ -38,8 +37,6 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: preconditions needs: preconditions
if: github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch if: github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch
container:
image: orhunp/git-cliff:2.10.1@sha256:6ba0d1fcb051bd7b154cfb19c4b2b3bfa2c22c475f5285fc30606777b6573119
outputs: outputs:
version: ${{ steps.version.outputs.version }} version: ${{ steps.version.outputs.version }}
has_changes: ${{ steps.check.outputs.has_changes }} has_changes: ${{ steps.check.outputs.has_changes }}
@@ -49,6 +46,12 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Install git-cliff
run: |
curl -sSfL "https://github.com/orhun/git-cliff/releases/download/v${GIT_CLIFF_VERSION}/git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-gnu.tar.gz" | tar xz
sudo mv "git-cliff-${GIT_CLIFF_VERSION}/git-cliff" /usr/local/bin/
git-cliff --version
- name: Generate changelog - name: Generate changelog
run: | run: |
git-cliff --bump --unreleased --strip header > CHANGES.md git-cliff --bump --unreleased --strip header > CHANGES.md
@@ -86,12 +89,7 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: changelog needs: changelog
if: needs.changelog.outputs.has_changes == 'true' if: needs.changelog.outputs.has_changes == 'true'
container:
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
steps: steps:
- name: Install dependencies
run: apk add --no-cache git jq curl
- name: Download artifacts - name: Download artifacts
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
with: with:
@@ -253,8 +251,6 @@ jobs:
if: | if: |
(github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch) || (github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch) ||
github.ref_type == 'tag' github.ref_type == 'tag'
container:
image: orhunp/git-cliff:2.10.1@sha256:6ba0d1fcb051bd7b154cfb19c4b2b3bfa2c22c475f5285fc30606777b6573119
outputs: outputs:
version: ${{ steps.version.outputs.version }} version: ${{ steps.version.outputs.version }}
steps: steps:
@@ -263,6 +259,12 @@ jobs:
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Install git-cliff
run: |
curl -sSfL "https://github.com/orhun/git-cliff/releases/download/v${GIT_CLIFF_VERSION}/git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-gnu.tar.gz" | tar xz
sudo mv "git-cliff-${GIT_CLIFF_VERSION}/git-cliff" /usr/local/bin/
git-cliff --version
- name: Generate changelog - name: Generate changelog
run: | run: |
if [ "${{ github.ref_type }}" = "tag" ]; then if [ "${{ github.ref_type }}" = "tag" ]; then
@@ -294,17 +296,12 @@ jobs:
github.ref_type == 'branch' && github.ref_type == 'branch' &&
github.ref_name == github.event.repository.default_branch && github.ref_name == github.event.repository.default_branch &&
inputs.tag_only != true inputs.tag_only != true
container:
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Install dependencies
run: apk add --no-cache git jq curl
- name: Download artifacts - name: Download artifacts
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
with: with:
@@ -357,17 +354,12 @@ jobs:
github.ref_type == 'branch' && github.ref_type == 'branch' &&
github.ref_name == github.event.repository.default_branch && github.ref_name == github.event.repository.default_branch &&
inputs.tag_only == true inputs.tag_only == true
container:
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Install dependencies
run: apk add --no-cache git jq curl
- name: Download artifacts - name: Download artifacts
uses: actions/download-artifact@v4 uses: actions/download-artifact@v4
with: with:
CLAUDE.md
+2 -2
View File
@@ -10,7 +10,8 @@ This repository contains reusable Gitea Actions workflows for Unbound Software r
- **Location**: Workflows are stored in `.gitea/workflows/` (not `.github/workflows/`) - **Location**: Workflows are stored in `.gitea/workflows/` (not `.github/workflows/`)
- **Platform**: Gitea Actions (compatible with GitHub Actions syntax but runs on Gitea) - **Platform**: Gitea Actions (compatible with GitHub Actions syntax but runs on Gitea)
- **Base images**: Uses pinned Alpine and git-cliff images with SHA256 digests for reproducibility - **Runner**: Uses `ubuntu-latest` runner directly (no containers)
- **git-cliff**: Downloaded as binary from GitHub releases, version controlled via `GIT_CLIFF_VERSION` env var
### Release.yml Workflow ### Release.yml Workflow
@@ -29,4 +30,3 @@ Version tracking uses a `.version` JSON file containing `{"version":"vX.Y.Z"}`.
- No build/test commands exist - this is a workflow-only repository - No build/test commands exist - this is a workflow-only repository
- Workflows use Gitea API directly via curl (not gh CLI) - Workflows use Gitea API directly via curl (not gh CLI)
- Authentication reads from file-based token at `/runner-secrets/release-token` - Authentication reads from file-based token at `/runner-secrets/release-token`
- Container images should include SHA256 digests for security
renovate.json
+11
View File
@@ -2,5 +2,16 @@
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [ "extends": [
"config:recommended" "config:recommended"
],
"customManagers": [
{
"customType": "regex",
"fileMatch": ["^\\.gitea/workflows/.*\\.ya?ml$"],
"matchStrings": [
"GIT_CLIFF_VERSION:\\s*[\"']?(?<currentValue>[^\"'\\s]+)[\"']?"
],
"depNameTemplate": "orhun/git-cliff",
"datasourceTemplate": "github-releases"
}
] ]
} }