Compare commits
35 Commits
0ab0aa8bba
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
| bb12bac945 | |||
| 8f0e3978b9 | |||
| 1f9d754f61 | |||
| 51b3b980a3 | |||
| c39f11fda7 | |||
| 0a42bcebe0 | |||
| ac96359966 | |||
| 3bc3f4790d | |||
| e3c17ceaa0 | |||
| 068c6ef686 | |||
|
d5623bdf9c
|
|||
| e3f1ba4e0a | |||
|
4688810928
|
|||
| 646d0e4e0c | |||
| c564063d20 | |||
|
a9458d03dd
|
|||
| 7802e99a9c | |||
|
dafe37343f
|
|||
| 33b839e26e | |||
|
4b25f5864d
|
|||
| 91f60440e8 | |||
| 4f7694d9e1 | |||
|
2b2dba8c2b
|
|||
| 8b0d478f72 | |||
|
5c4e1828de
|
|||
| ce44701d56 | |||
| 0beb7b8490 | |||
|
4ba5d96d75
|
|||
| a195ff5a36 | |||
| f39240e9ff | |||
|
db1f4c1563
|
|||
| 1e799eccc0 | |||
| 2977a1b0c4 | |||
|
1502bb6b05
|
|||
|
ca333a2500
|
@@ -0,0 +1,12 @@
|
|||||||
|
{
|
||||||
|
"permissions": {
|
||||||
|
"allow": [
|
||||||
|
"Bash(but --help:*)",
|
||||||
|
"Bash(but rub --help:*)",
|
||||||
|
"WebSearch",
|
||||||
|
"WebFetch(domain:docs.gitea.com)",
|
||||||
|
"WebFetch(domain:gitea.com)",
|
||||||
|
"Bash(but status:*)"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
+232
-247
@@ -8,47 +8,51 @@ on:
|
|||||||
required: false
|
required: false
|
||||||
default: false
|
default: false
|
||||||
type: boolean
|
type: boolean
|
||||||
secrets:
|
|
||||||
UNBOUND_RELEASE_TOKEN:
|
concurrency:
|
||||||
description: 'Token with API access to create PRs and releases'
|
group: release-${{ github.repository }}
|
||||||
required: true
|
cancel-in-progress: false
|
||||||
|
|
||||||
env:
|
env:
|
||||||
GITEA_URL: https://git.unbound.se
|
GITEA_URL: http://gitea-http.gitea.svc.cluster.local:3000
|
||||||
|
RELEASE_TOKEN_FILE: /runner-secrets/release-token
|
||||||
|
GIT_CLIFF_VERSION: "2.13.1"
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
preconditions:
|
preconditions:
|
||||||
name: Check Preconditions
|
name: Check Preconditions
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
container:
|
|
||||||
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
|
|
||||||
steps:
|
steps:
|
||||||
- name: Validate token
|
- name: Validate token
|
||||||
if: ${{ secrets.UNBOUND_RELEASE_TOKEN == '' }}
|
|
||||||
run: |
|
run: |
|
||||||
echo "To use Unbound Release, a UNBOUND_RELEASE_TOKEN secret needs to be defined."
|
if [ ! -r "${RELEASE_TOKEN_FILE}" ]; then
|
||||||
echo "It needs API access to write repository files, create PRs and releases."
|
echo "Release token file not found at ${RELEASE_TOKEN_FILE}"
|
||||||
echo " "
|
echo "This workflow requires the runner to have RELEASE_TOKEN configured."
|
||||||
echo "Create a token in Gitea: Settings -> Applications -> Generate New Token"
|
|
||||||
echo "Required scopes: repository (read/write), issue (read/write)"
|
|
||||||
exit 1
|
exit 1
|
||||||
|
fi
|
||||||
|
if [ ! -s "${RELEASE_TOKEN_FILE}" ]; then
|
||||||
|
echo "Release token file is empty"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
echo "Release token found"
|
||||||
|
|
||||||
changelog:
|
changelog-and-pr:
|
||||||
name: Generate Changelog
|
name: Generate Changelog and Handle PR
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs: preconditions
|
needs: preconditions
|
||||||
if: github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch
|
if: github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch
|
||||||
container:
|
|
||||||
image: orhunp/git-cliff:2.10.1@sha256:6ba0d1fcb051bd7b154cfb19c4b2b3bfa2c22c475f5285fc30606777b6573119
|
|
||||||
outputs:
|
|
||||||
version: ${{ steps.version.outputs.version }}
|
|
||||||
has_changes: ${{ steps.check.outputs.has_changes }}
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v7
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
|
- name: Install git-cliff
|
||||||
|
run: |
|
||||||
|
curl -sSfL "https://github.com/orhun/git-cliff/releases/download/v${GIT_CLIFF_VERSION}/git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-gnu.tar.gz" | tar xz
|
||||||
|
sudo mv "git-cliff-${GIT_CLIFF_VERSION}/git-cliff" /usr/local/bin/
|
||||||
|
git-cliff --version
|
||||||
|
|
||||||
- name: Generate changelog
|
- name: Generate changelog
|
||||||
run: |
|
run: |
|
||||||
git-cliff --bump --unreleased --strip header > CHANGES.md
|
git-cliff --bump --unreleased --strip header > CHANGES.md
|
||||||
@@ -72,260 +76,242 @@ jobs:
|
|||||||
echo "has_changes=true" >> $GITHUB_OUTPUT
|
echo "has_changes=true" >> $GITHUB_OUTPUT
|
||||||
fi
|
fi
|
||||||
|
|
||||||
- name: Upload artifacts
|
|
||||||
uses: actions/upload-artifact@v4
|
|
||||||
with:
|
|
||||||
name: changelog-artifacts
|
|
||||||
path: |
|
|
||||||
CHANGES.md
|
|
||||||
CHANGELOG.md
|
|
||||||
VERSION
|
|
||||||
|
|
||||||
handle-pr:
|
|
||||||
name: Handle Release PR
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
needs: changelog
|
|
||||||
if: needs.changelog.outputs.has_changes == 'true'
|
|
||||||
container:
|
|
||||||
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
|
|
||||||
steps:
|
|
||||||
- name: Install dependencies
|
|
||||||
run: apk add --no-cache git jq curl
|
|
||||||
|
|
||||||
- name: Download artifacts
|
|
||||||
uses: actions/download-artifact@v4
|
|
||||||
with:
|
|
||||||
name: changelog-artifacts
|
|
||||||
|
|
||||||
- name: Create or update release PR
|
- name: Create or update release PR
|
||||||
|
if: steps.check.outputs.has_changes == 'true'
|
||||||
env:
|
env:
|
||||||
TOKEN: ${{ secrets.UNBOUND_RELEASE_TOKEN }}
|
|
||||||
REPOSITORY: ${{ github.repository }}
|
REPOSITORY: ${{ github.repository }}
|
||||||
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
|
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
|
||||||
run: |
|
run: |
|
||||||
|
TOKEN=$(cat "${RELEASE_TOKEN_FILE}")
|
||||||
VERSION=$(cat VERSION)
|
VERSION=$(cat VERSION)
|
||||||
OWNER=$(echo "${REPOSITORY}" | cut -d'/' -f1)
|
OWNER=$(echo "${REPOSITORY}" | cut -d'/' -f1)
|
||||||
REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2)
|
REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2)
|
||||||
API_URL="${GITEA_URL}/api/v1/repos/${OWNER}/${REPO}"
|
API_URL="${GITEA_URL}/api/v1/repos/${OWNER}/${REPO}"
|
||||||
|
BASE_BRANCH="${DEFAULT_BRANCH:-main}"
|
||||||
|
echo "Using base branch: ${BASE_BRANCH}"
|
||||||
|
|
||||||
TITLE="chore(release): prepare for ${VERSION}"
|
TITLE="chore(release): prepare for ${VERSION}"
|
||||||
# Read CHANGES.md and escape for JSON
|
CHANGES_CONTENT=$(cat CHANGES.md)
|
||||||
DESCRIPTION=$(cat CHANGES.md | jq -Rs .)
|
PR_NOTE="**Note:** Please use **Squash Merge** when merging this PR."
|
||||||
DESCRIPTION="${DESCRIPTION:1:-1}" # Remove surrounding quotes from jq
|
DESCRIPTION="${CHANGES_CONTENT}"$'\n\n---\n\n'"${PR_NOTE}"
|
||||||
|
|
||||||
# Add squash merge reminder
|
|
||||||
DESCRIPTION="${DESCRIPTION}
|
|
||||||
|
|
||||||
---
|
|
||||||
**Note:** Please use **Squash Merge** when merging this PR."
|
|
||||||
|
|
||||||
echo "Checking for existing release PRs..."
|
|
||||||
PRS=$(curl -sf \
|
|
||||||
-H "Authorization: token ${TOKEN}" \
|
|
||||||
"${API_URL}/pulls?state=open" | jq '[.[] | select(.head.ref == "next-release")]')
|
|
||||||
PR_INDEX=$(echo "${PRS}" | jq -r '.[0].number // empty')
|
|
||||||
|
|
||||||
echo "Checking for existing next-release branch..."
|
|
||||||
BRANCH_EXISTS=$(curl -sf \
|
|
||||||
-H "Authorization: token ${TOKEN}" \
|
|
||||||
"${API_URL}/branches/next-release" 2>/dev/null && echo "true" || echo "false")
|
|
||||||
|
|
||||||
# Prepare CHANGELOG.md content
|
|
||||||
CHANGELOG_CONTENT=$(base64 -w0 < CHANGELOG.md)
|
CHANGELOG_CONTENT=$(base64 -w0 < CHANGELOG.md)
|
||||||
|
VERSION_CONTENT=$(jq -n --arg v "${VERSION}" '{"version":$v}' | base64 -w0)
|
||||||
|
|
||||||
# Prepare .version content
|
# api_call METHOD PATH [JSON_BODY]
|
||||||
VERSION_JSON=$(jq -n --arg v "${VERSION}" '{"version":$v}')
|
# Stdout: first line "<http_code>|<curl_rc>", then response body.
|
||||||
VERSION_CONTENT=$(echo "${VERSION_JSON}" | base64 -w0)
|
# Never returns non-zero so callers must inspect http_code; this
|
||||||
|
# prevents curl exit codes (e.g. CURLE_WRITE_ERROR / 23) from
|
||||||
|
# killing the script via `set -e` inside command substitutions.
|
||||||
|
api_call() {
|
||||||
|
local method="$1" path="$2" data="${3:-}"
|
||||||
|
local body_file http_code rc=0
|
||||||
|
body_file=$(mktemp)
|
||||||
|
local args=(-sS --retry 3 --retry-delay 2 --retry-all-errors
|
||||||
|
-w '%{http_code}'
|
||||||
|
-o "${body_file}"
|
||||||
|
-X "${method}"
|
||||||
|
-H "Authorization: token ${TOKEN}")
|
||||||
|
if [ -n "${data}" ]; then
|
||||||
|
args+=(-H "Content-Type: application/json" --data "${data}")
|
||||||
|
fi
|
||||||
|
http_code=$(curl "${args[@]}" "${API_URL}${path}" 2>/dev/null) || rc=$?
|
||||||
|
printf '%s|%s\n' "${http_code:-000}" "${rc}"
|
||||||
|
cat "${body_file}"
|
||||||
|
rm -f "${body_file}"
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
if [ "${BRANCH_EXISTS}" = "true" ]; then
|
# Extract first-line meta and remaining body from api_call output.
|
||||||
echo "Updating existing next-release branch..."
|
meta_line() { printf '%s\n' "$1" | head -n1; }
|
||||||
|
body_lines() { printf '%s\n' "$1" | tail -n +2; }
|
||||||
|
http_of() { local m; m=$(meta_line "$1"); printf '%s' "${m%%|*}"; }
|
||||||
|
ok_code() { [ -n "$1" ] && [ "$1" -ge 200 ] 2>/dev/null && [ "$1" -lt 400 ]; }
|
||||||
|
|
||||||
# Get SHA of existing CHANGELOG.md
|
# Delete existing next-release branch if it exists (auto-closes any open PR)
|
||||||
CHANGELOG_SHA=$(curl -sf \
|
echo "Checking for existing next-release branch..."
|
||||||
-H "Authorization: token ${TOKEN}" \
|
OUT=$(api_call GET "/branches/next-release")
|
||||||
"${API_URL}/contents/CHANGELOG.md?ref=next-release" | jq -r '.sha // empty')
|
CODE=$(http_of "${OUT}")
|
||||||
|
if [ "${CODE}" = "200" ]; then
|
||||||
# Update or create CHANGELOG.md
|
echo "Deleting existing next-release branch..."
|
||||||
if [ -n "${CHANGELOG_SHA}" ]; then
|
OUT=$(api_call DELETE "/branches/next-release")
|
||||||
curl -sf -X PUT \
|
echo " delete result: $(meta_line "${OUT}")"
|
||||||
-H "Authorization: token ${TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
--data "$(jq -n \
|
|
||||||
--arg content "${CHANGELOG_CONTENT}" \
|
|
||||||
--arg sha "${CHANGELOG_SHA}" \
|
|
||||||
--arg message "${TITLE}" \
|
|
||||||
--arg branch "next-release" \
|
|
||||||
'{content: $content, sha: $sha, message: $message, branch: $branch}')" \
|
|
||||||
"${API_URL}/contents/CHANGELOG.md"
|
|
||||||
else
|
else
|
||||||
curl -sf -X POST \
|
echo " no existing branch (HTTP ${CODE})"
|
||||||
-H "Authorization: token ${TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
--data "$(jq -n \
|
|
||||||
--arg content "${CHANGELOG_CONTENT}" \
|
|
||||||
--arg message "${TITLE}" \
|
|
||||||
--arg branch "next-release" \
|
|
||||||
'{content: $content, message: $message, branch: $branch, new_branch: $branch}')" \
|
|
||||||
"${API_URL}/contents/CHANGELOG.md"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Get SHA of existing .version
|
# Explicitly create next-release branch from base
|
||||||
VERSION_SHA=$(curl -sf \
|
echo "Creating next-release branch from ${BASE_BRANCH}..."
|
||||||
-H "Authorization: token ${TOKEN}" \
|
BRANCH_PAYLOAD=$(jq -n --arg new "next-release" --arg old "${BASE_BRANCH}" \
|
||||||
"${API_URL}/contents/.version?ref=next-release" | jq -r '.sha // empty')
|
'{new_branch_name: $new, old_branch_name: $old}')
|
||||||
|
for i in $(seq 1 5); do
|
||||||
# Update or create .version
|
OUT=$(api_call POST "/branches" "${BRANCH_PAYLOAD}")
|
||||||
if [ -n "${VERSION_SHA}" ]; then
|
META=$(meta_line "${OUT}"); BODY=$(body_lines "${OUT}"); CODE="${META%%|*}"
|
||||||
curl -sf -X PUT \
|
if ok_code "${CODE}"; then
|
||||||
-H "Authorization: token ${TOKEN}" \
|
echo "Branch created (${META})"
|
||||||
-H "Content-Type: application/json" \
|
break
|
||||||
--data "$(jq -n \
|
|
||||||
--arg content "${VERSION_CONTENT}" \
|
|
||||||
--arg sha "${VERSION_SHA}" \
|
|
||||||
--arg message "${TITLE}" \
|
|
||||||
--arg branch "next-release" \
|
|
||||||
'{content: $content, sha: $sha, message: $message, branch: $branch}')" \
|
|
||||||
"${API_URL}/contents/.version"
|
|
||||||
else
|
|
||||||
curl -sf -X POST \
|
|
||||||
-H "Authorization: token ${TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
--data "$(jq -n \
|
|
||||||
--arg content "${VERSION_CONTENT}" \
|
|
||||||
--arg message "${TITLE}" \
|
|
||||||
--arg branch "next-release" \
|
|
||||||
'{content: $content, message: $message, branch: $branch}')" \
|
|
||||||
"${API_URL}/contents/.version"
|
|
||||||
fi
|
fi
|
||||||
else
|
if [ "${i}" = "5" ]; then
|
||||||
echo "Creating new next-release branch with CHANGELOG.md..."
|
echo "Branch create failed after 5 attempts (${META}): ${BODY}"
|
||||||
curl -sf -X POST \
|
exit 1
|
||||||
-H "Authorization: token ${TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
--data "$(jq -n \
|
|
||||||
--arg content "${CHANGELOG_CONTENT}" \
|
|
||||||
--arg message "${TITLE}" \
|
|
||||||
--arg branch "next-release" \
|
|
||||||
--arg new_branch "next-release" \
|
|
||||||
'{content: $content, message: $message, branch: $branch, new_branch: $new_branch}')" \
|
|
||||||
"${API_URL}/contents/CHANGELOG.md"
|
|
||||||
|
|
||||||
echo "Adding .version to next-release branch..."
|
|
||||||
curl -sf -X POST \
|
|
||||||
-H "Authorization: token ${TOKEN}" \
|
|
||||||
-H "Content-Type: application/json" \
|
|
||||||
--data "$(jq -n \
|
|
||||||
--arg content "${VERSION_CONTENT}" \
|
|
||||||
--arg message "${TITLE}" \
|
|
||||||
--arg branch "next-release" \
|
|
||||||
'{content: $content, message: $message, branch: $branch}')" \
|
|
||||||
"${API_URL}/contents/.version"
|
|
||||||
fi
|
fi
|
||||||
|
echo " attempt ${i}/5 (${META}): ${BODY} — retrying..."
|
||||||
|
sleep 3
|
||||||
|
done
|
||||||
|
|
||||||
if [ -n "${PR_INDEX}" ]; then
|
# Poll until branch is readable
|
||||||
echo "Updating existing PR #${PR_INDEX}..."
|
echo "Waiting for branch readiness..."
|
||||||
curl -sf -X PATCH \
|
for i in $(seq 1 10); do
|
||||||
-H "Authorization: token ${TOKEN}" \
|
OUT=$(api_call GET "/branches/next-release")
|
||||||
-H "Content-Type: application/json" \
|
META=$(meta_line "${OUT}"); CODE="${META%%|*}"
|
||||||
--data "$(jq -n \
|
if [ "${CODE}" = "200" ]; then
|
||||||
--arg title "${TITLE}" \
|
echo "Branch ready after ${i} attempt(s)"
|
||||||
--arg body "${DESCRIPTION}" \
|
break
|
||||||
'{title: $title, body: $body}')" \
|
fi
|
||||||
"${API_URL}/pulls/${PR_INDEX}"
|
if [ "${i}" = "10" ]; then
|
||||||
|
echo "Branch not ready after 10 attempts (last: ${META})"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
echo " attempt ${i}/10 (${META}) — waiting..."
|
||||||
|
sleep 2
|
||||||
|
done
|
||||||
|
|
||||||
|
# Fetch file blob SHA from BASE_BRANCH. next-release was just forked
|
||||||
|
# from base so the blob SHA matches; querying base avoids racing
|
||||||
|
# Gitea's per-endpoint propagation for the new branch (the /contents
|
||||||
|
# endpoint can still 500/404 after /branches reports 200). Returns
|
||||||
|
# empty only when the file genuinely does not exist on base.
|
||||||
|
fetch_sha() {
|
||||||
|
local path="$1" out meta code body
|
||||||
|
for i in $(seq 1 5); do
|
||||||
|
out=$(api_call GET "/contents/${path}?ref=${BASE_BRANCH}")
|
||||||
|
meta=$(meta_line "${out}"); code="${meta%%|*}"; body=$(body_lines "${out}")
|
||||||
|
if [ "${code}" = "200" ]; then
|
||||||
|
printf '%s' "${body}" | jq -r '.sha // empty'
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
if [ "${code}" = "404" ]; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
if [ "${i}" = "5" ]; then
|
||||||
|
echo "fetch_sha ${path} failed after 5 attempts (${meta}): ${body}" >&2
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
sleep 2
|
||||||
|
done
|
||||||
|
}
|
||||||
|
CHANGELOG_SHA=$(fetch_sha "CHANGELOG.md")
|
||||||
|
VERSION_SHA=$(fetch_sha ".version")
|
||||||
|
|
||||||
|
# Write file with retry. Args: PATH CONTENT_B64 [SHA]
|
||||||
|
write_file() {
|
||||||
|
local path="$1" content="$2" sha="${3:-}"
|
||||||
|
local method payload out meta body code
|
||||||
|
if [ -n "${sha}" ]; then
|
||||||
|
method=PUT
|
||||||
|
payload=$(jq -n \
|
||||||
|
--arg content "${content}" \
|
||||||
|
--arg sha "${sha}" \
|
||||||
|
--arg message "${TITLE}" \
|
||||||
|
--arg branch "next-release" \
|
||||||
|
'{content: $content, sha: $sha, message: $message, branch: $branch}')
|
||||||
else
|
else
|
||||||
echo "Creating new PR..."
|
method=POST
|
||||||
curl -sf -X POST \
|
payload=$(jq -n \
|
||||||
-H "Authorization: token ${TOKEN}" \
|
--arg content "${content}" \
|
||||||
-H "Content-Type: application/json" \
|
--arg message "${TITLE}" \
|
||||||
--data "$(jq -n \
|
--arg branch "next-release" \
|
||||||
|
'{content: $content, message: $message, branch: $branch}')
|
||||||
|
fi
|
||||||
|
for i in $(seq 1 5); do
|
||||||
|
out=$(api_call "${method}" "/contents/${path}" "${payload}")
|
||||||
|
meta=$(meta_line "${out}"); body=$(body_lines "${out}"); code="${meta%%|*}"
|
||||||
|
if ok_code "${code}"; then
|
||||||
|
echo "${path} write succeeded (${meta})"
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
if [ "${i}" = "5" ]; then
|
||||||
|
echo "${path} write failed after 5 attempts (${meta}): ${body}"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
echo " ${path} attempt ${i}/5 (${meta}): ${body} — retrying..."
|
||||||
|
sleep 3
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
echo "Writing CHANGELOG.md to next-release..."
|
||||||
|
write_file "CHANGELOG.md" "${CHANGELOG_CONTENT}" "${CHANGELOG_SHA}"
|
||||||
|
echo "Writing .version to next-release..."
|
||||||
|
write_file ".version" "${VERSION_CONTENT}" "${VERSION_SHA}"
|
||||||
|
|
||||||
|
# Create PR
|
||||||
|
echo "Creating PR..."
|
||||||
|
PR_DATA=$(jq -n \
|
||||||
--arg title "${TITLE}" \
|
--arg title "${TITLE}" \
|
||||||
--arg body "${DESCRIPTION}" \
|
--arg body "${DESCRIPTION}" \
|
||||||
--arg head "next-release" \
|
--arg head "next-release" \
|
||||||
--arg base "${DEFAULT_BRANCH}" \
|
--arg base "${BASE_BRANCH}" \
|
||||||
'{title: $title, body: $body, head: $head, base: $base}')" \
|
'{title: $title, body: $body, head: $head, base: $base}')
|
||||||
"${API_URL}/pulls"
|
for i in $(seq 1 5); do
|
||||||
|
OUT=$(api_call POST "/pulls" "${PR_DATA}")
|
||||||
|
META=$(meta_line "${OUT}"); BODY=$(body_lines "${OUT}"); CODE="${META%%|*}"
|
||||||
|
if ok_code "${CODE}"; then
|
||||||
|
echo "PR created (${META})"
|
||||||
|
break
|
||||||
fi
|
fi
|
||||||
|
if [ "${i}" = "5" ]; then
|
||||||
|
echo "PR creation failed after 5 attempts (${META}): ${BODY}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
echo " PR attempt ${i}/5 (${META}): ${BODY} — retrying..."
|
||||||
|
sleep 3
|
||||||
|
done
|
||||||
|
|
||||||
prepare-release:
|
create-release:
|
||||||
name: Prepare Release
|
name: Create Release
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs: preconditions
|
needs: preconditions
|
||||||
if: |
|
if: |
|
||||||
(github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch) ||
|
github.ref_type == 'branch' &&
|
||||||
github.ref_type == 'tag'
|
github.ref_name == github.event.repository.default_branch &&
|
||||||
container:
|
inputs.tag_only != true
|
||||||
image: orhunp/git-cliff:2.10.1@sha256:6ba0d1fcb051bd7b154cfb19c4b2b3bfa2c22c475f5285fc30606777b6573119
|
|
||||||
outputs:
|
|
||||||
version: ${{ steps.version.outputs.version }}
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v7
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
- name: Generate changelog
|
- name: Install git-cliff
|
||||||
run: |
|
run: |
|
||||||
if [ "${{ github.ref_type }}" = "tag" ]; then
|
curl -sSfL "https://github.com/orhun/git-cliff/releases/download/v${GIT_CLIFF_VERSION}/git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-gnu.tar.gz" | tar xz
|
||||||
git-cliff --bump --latest --strip header > CHANGES.md
|
sudo mv "git-cliff-${GIT_CLIFF_VERSION}/git-cliff" /usr/local/bin/
|
||||||
else
|
git-cliff --version
|
||||||
git-cliff --bump --unreleased --strip header > CHANGES.md
|
|
||||||
fi
|
- name: Generate changelog
|
||||||
|
run: git-cliff --bump --unreleased --strip header > CHANGES.md
|
||||||
|
|
||||||
- name: Get version
|
- name: Get version
|
||||||
id: version
|
id: version
|
||||||
run: |
|
run: |
|
||||||
VERSION=$(git-cliff --bumped-version 2>/dev/null || echo "")
|
VERSION=$(git-cliff --bumped-version 2>/dev/null || echo "")
|
||||||
echo "version=${VERSION}" >> $GITHUB_OUTPUT
|
echo "version=${VERSION}" >> $GITHUB_OUTPUT
|
||||||
echo "${VERSION}" > VERSION
|
|
||||||
|
|
||||||
- name: Upload artifacts
|
|
||||||
uses: actions/upload-artifact@v4
|
|
||||||
with:
|
|
||||||
name: release-artifacts
|
|
||||||
path: |
|
|
||||||
CHANGES.md
|
|
||||||
VERSION
|
|
||||||
|
|
||||||
create-release:
|
|
||||||
name: Create Release
|
|
||||||
runs-on: ubuntu-latest
|
|
||||||
needs: prepare-release
|
|
||||||
if: |
|
|
||||||
github.ref_type == 'branch' &&
|
|
||||||
github.ref_name == github.event.repository.default_branch &&
|
|
||||||
inputs.tag_only != true
|
|
||||||
container:
|
|
||||||
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
|
|
||||||
steps:
|
|
||||||
- name: Checkout
|
|
||||||
uses: actions/checkout@v4
|
|
||||||
with:
|
|
||||||
fetch-depth: 0
|
|
||||||
|
|
||||||
- name: Install dependencies
|
|
||||||
run: apk add --no-cache git jq curl
|
|
||||||
|
|
||||||
- name: Download artifacts
|
|
||||||
uses: actions/download-artifact@v4
|
|
||||||
with:
|
|
||||||
name: release-artifacts
|
|
||||||
|
|
||||||
- name: Create release
|
- name: Create release
|
||||||
env:
|
env:
|
||||||
TOKEN: ${{ secrets.UNBOUND_RELEASE_TOKEN }}
|
|
||||||
REPOSITORY: ${{ github.repository }}
|
REPOSITORY: ${{ github.repository }}
|
||||||
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
|
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
|
||||||
|
VERSION: ${{ steps.version.outputs.version }}
|
||||||
run: |
|
run: |
|
||||||
|
TOKEN=$(cat "${RELEASE_TOKEN_FILE}")
|
||||||
if [ ! -r .version ]; then
|
if [ ! -r .version ]; then
|
||||||
echo "Version file not found"
|
echo "Version file not found"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
VERSION=$(cat .version 2>/dev/null | jq -r '.version')
|
CURRENT_VERSION=$(cat .version 2>/dev/null | jq -r '.version')
|
||||||
LATEST=$(git describe --abbrev=0 --tags 2>/dev/null || echo '')
|
LATEST=$(git describe --abbrev=0 --tags 2>/dev/null || echo '')
|
||||||
|
|
||||||
if [ -n "${LATEST}" ] && [ "${VERSION}" = "${LATEST}" ]; then
|
if [ -n "${LATEST}" ] && [ "${CURRENT_VERSION}" = "${LATEST}" ]; then
|
||||||
echo "Version ${VERSION} already exists"
|
echo "Version ${CURRENT_VERSION} already exists"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -333,17 +319,15 @@ jobs:
|
|||||||
REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2)
|
REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2)
|
||||||
API_URL="${GITEA_URL}/api/v1/repos/${OWNER}/${REPO}"
|
API_URL="${GITEA_URL}/api/v1/repos/${OWNER}/${REPO}"
|
||||||
|
|
||||||
NAME=$(cat VERSION)
|
MESSAGE=$(cat CHANGES.md)
|
||||||
MESSAGE=$(cat CHANGES.md | jq -Rs .)
|
|
||||||
MESSAGE="${MESSAGE:1:-1}" # Remove surrounding quotes
|
|
||||||
|
|
||||||
echo "Creating release ${NAME}..."
|
echo "Creating release ${VERSION}..."
|
||||||
curl -sf -X POST \
|
curl -sf --retry 3 --retry-delay 2 --retry-connrefused -X POST \
|
||||||
-H "Authorization: token ${TOKEN}" \
|
-H "Authorization: token ${TOKEN}" \
|
||||||
-H "Content-Type: application/json" \
|
-H "Content-Type: application/json" \
|
||||||
--data "$(jq -n \
|
--data "$(jq -n \
|
||||||
--arg tag_name "${NAME}" \
|
--arg tag_name "${VERSION}" \
|
||||||
--arg name "${NAME}" \
|
--arg name "${VERSION}" \
|
||||||
--arg body "${MESSAGE}" \
|
--arg body "${MESSAGE}" \
|
||||||
--arg target "${DEFAULT_BRANCH}" \
|
--arg target "${DEFAULT_BRANCH}" \
|
||||||
'{tag_name: $tag_name, name: $name, body: $body, target_commitish: $target}')" \
|
'{tag_name: $tag_name, name: $name, body: $body, target_commitish: $target}')" \
|
||||||
@@ -352,43 +336,46 @@ jobs:
|
|||||||
create-tag:
|
create-tag:
|
||||||
name: Create Tag
|
name: Create Tag
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
needs: prepare-release
|
needs: preconditions
|
||||||
if: |
|
if: |
|
||||||
github.ref_type == 'branch' &&
|
github.ref_type == 'branch' &&
|
||||||
github.ref_name == github.event.repository.default_branch &&
|
github.ref_name == github.event.repository.default_branch &&
|
||||||
inputs.tag_only == true
|
inputs.tag_only == true
|
||||||
container:
|
|
||||||
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
|
|
||||||
steps:
|
steps:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v4
|
uses: actions/checkout@v7
|
||||||
with:
|
with:
|
||||||
fetch-depth: 0
|
fetch-depth: 0
|
||||||
|
|
||||||
- name: Install dependencies
|
- name: Install git-cliff
|
||||||
run: apk add --no-cache git jq curl
|
run: |
|
||||||
|
curl -sSfL "https://github.com/orhun/git-cliff/releases/download/v${GIT_CLIFF_VERSION}/git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-gnu.tar.gz" | tar xz
|
||||||
|
sudo mv "git-cliff-${GIT_CLIFF_VERSION}/git-cliff" /usr/local/bin/
|
||||||
|
git-cliff --version
|
||||||
|
|
||||||
- name: Download artifacts
|
- name: Get version
|
||||||
uses: actions/download-artifact@v4
|
id: version
|
||||||
with:
|
run: |
|
||||||
name: release-artifacts
|
VERSION=$(git-cliff --bumped-version 2>/dev/null || echo "")
|
||||||
|
echo "version=${VERSION}" >> $GITHUB_OUTPUT
|
||||||
|
|
||||||
- name: Create tag
|
- name: Create tag
|
||||||
env:
|
env:
|
||||||
TOKEN: ${{ secrets.UNBOUND_RELEASE_TOKEN }}
|
|
||||||
REPOSITORY: ${{ github.repository }}
|
REPOSITORY: ${{ github.repository }}
|
||||||
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
|
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
|
||||||
|
VERSION: ${{ steps.version.outputs.version }}
|
||||||
run: |
|
run: |
|
||||||
|
TOKEN=$(cat "${RELEASE_TOKEN_FILE}")
|
||||||
if [ ! -r .version ]; then
|
if [ ! -r .version ]; then
|
||||||
echo "Version file not found"
|
echo "Version file not found"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
VERSION=$(cat .version 2>/dev/null | jq -r '.version')
|
CURRENT_VERSION=$(cat .version 2>/dev/null | jq -r '.version')
|
||||||
LATEST=$(git describe --abbrev=0 --tags 2>/dev/null || echo '')
|
LATEST=$(git describe --abbrev=0 --tags 2>/dev/null || echo '')
|
||||||
|
|
||||||
if [ -n "${LATEST}" ] && [ "${VERSION}" = "${LATEST}" ]; then
|
if [ -n "${LATEST}" ] && [ "${CURRENT_VERSION}" = "${LATEST}" ]; then
|
||||||
echo "Version ${VERSION} already exists"
|
echo "Version ${CURRENT_VERSION} already exists"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -396,15 +383,13 @@ jobs:
|
|||||||
REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2)
|
REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2)
|
||||||
API_URL="${GITEA_URL}/api/v1/repos/${OWNER}/${REPO}"
|
API_URL="${GITEA_URL}/api/v1/repos/${OWNER}/${REPO}"
|
||||||
|
|
||||||
NAME=$(cat VERSION)
|
echo "Creating tag ${VERSION}..."
|
||||||
|
curl -sf --retry 3 --retry-delay 2 --retry-connrefused -X POST \
|
||||||
echo "Creating tag ${NAME}..."
|
|
||||||
curl -sf -X POST \
|
|
||||||
-H "Authorization: token ${TOKEN}" \
|
-H "Authorization: token ${TOKEN}" \
|
||||||
-H "Content-Type: application/json" \
|
-H "Content-Type: application/json" \
|
||||||
--data "$(jq -n \
|
--data "$(jq -n \
|
||||||
--arg tag_name "${NAME}" \
|
--arg tag_name "${VERSION}" \
|
||||||
--arg target "${DEFAULT_BRANCH}" \
|
--arg target "${DEFAULT_BRANCH}" \
|
||||||
--arg message "${NAME}" \
|
--arg message "${VERSION}" \
|
||||||
'{tag_name: $tag_name, target: $target, message: $message}')" \
|
'{tag_name: $tag_name, target: $target, message: $message}')" \
|
||||||
"${API_URL}/tags"
|
"${API_URL}/tags"
|
||||||
|
|||||||
@@ -0,0 +1,32 @@
|
|||||||
|
# CLAUDE.md
|
||||||
|
|
||||||
|
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
|
||||||
|
|
||||||
|
## Repository Overview
|
||||||
|
|
||||||
|
This repository contains reusable Gitea Actions workflows for Unbound Software repositories. These workflows are called from other repositories using Gitea's `workflow_call` trigger.
|
||||||
|
|
||||||
|
## Architecture
|
||||||
|
|
||||||
|
- **Location**: Workflows are stored in `.gitea/workflows/` (not `.github/workflows/`)
|
||||||
|
- **Platform**: Gitea Actions (compatible with GitHub Actions syntax but runs on Gitea)
|
||||||
|
- **Runner**: Uses `ubuntu-latest` runner directly (no containers)
|
||||||
|
- **git-cliff**: Downloaded as binary from GitHub releases, version controlled via `GIT_CLIFF_VERSION` env var
|
||||||
|
|
||||||
|
### Release.yml Workflow
|
||||||
|
|
||||||
|
The main workflow automates semantic versioning releases using git-cliff for changelog generation:
|
||||||
|
|
||||||
|
1. **preconditions**: Validates release token exists at `/runner-secrets/release-token`
|
||||||
|
2. **changelog**: Generates changelog, determines version bump, checks for changes
|
||||||
|
3. **handle-pr**: Creates/updates a `next-release` branch and PR with CHANGELOG.md and .version
|
||||||
|
4. **prepare-release**: Prepares release artifacts when triggered
|
||||||
|
5. **create-release** or **create-tag**: Creates Gitea release or tag based on `tag_only` input
|
||||||
|
|
||||||
|
Version tracking uses a `.version` JSON file containing `{"version":"vX.Y.Z"}`.
|
||||||
|
|
||||||
|
## Development Notes
|
||||||
|
|
||||||
|
- No build/test commands exist - this is a workflow-only repository
|
||||||
|
- Workflows use Gitea API directly via curl (not gh CLI)
|
||||||
|
- Authentication reads from file-based token at `/runner-secrets/release-token`
|
||||||
@@ -20,21 +20,19 @@ on:
|
|||||||
jobs:
|
jobs:
|
||||||
release:
|
release:
|
||||||
uses: unboundsoftware/shared-workflows/.gitea/workflows/Release.yml@main
|
uses: unboundsoftware/shared-workflows/.gitea/workflows/Release.yml@main
|
||||||
secrets:
|
|
||||||
UNBOUND_RELEASE_TOKEN: ${{ secrets.GIT_API_TOKEN }}
|
|
||||||
```
|
```
|
||||||
|
|
||||||
**Inputs:**
|
**Inputs:**
|
||||||
|
|
||||||
- `tag_only` (boolean, default: `false`): Set to `true` to only create tags without full releases
|
- `tag_only` (boolean, default: `false`): Set to `true` to only create tags without full releases
|
||||||
|
|
||||||
**Secrets:**
|
**Requirements:**
|
||||||
|
|
||||||
- `UNBOUND_RELEASE_TOKEN` (required): Token with API access to create PRs and releases. Required scopes: `repository` (read/write), `issue` (read/write)
|
This workflow reads the release token from `/runner-secrets/release-token`, which is automatically available on Unbound's Gitea runners. No repository secrets need to be configured.
|
||||||
|
|
||||||
**How it works:**
|
**How it works:**
|
||||||
|
|
||||||
1. On each push to the default branch, generates a changelog using git-cliff
|
1. On each push to the default branch, generates a changelog using git-cliff
|
||||||
2. Creates or updates a `next-release` branch with the updated CHANGELOG.md and .version file
|
2. Creates or updates a `next-release` branch with the updated CHANGELOG.md and .version file
|
||||||
3. Opens or updates a PR titled "chore(release): prepare for vX.Y.Z"
|
3. Opens or updates a PR titled "chore(release): prepare for vX.Y.Z"
|
||||||
4. When the .version file exists (after merging the release PR), creates a GitHub release with the changelog
|
4. When the .version file exists (after merging the release PR), creates a Gitea release with the changelog
|
||||||
|
|||||||
@@ -2,5 +2,18 @@
|
|||||||
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
|
||||||
"extends": [
|
"extends": [
|
||||||
"config:recommended"
|
"config:recommended"
|
||||||
|
],
|
||||||
|
"customManagers": [
|
||||||
|
{
|
||||||
|
"customType": "regex",
|
||||||
|
"managerFilePatterns": [
|
||||||
|
"/^\\.gitea/workflows/.*\\.ya?ml$/"
|
||||||
|
],
|
||||||
|
"matchStrings": [
|
||||||
|
"GIT_CLIFF_VERSION:\\s*[\"']?(?<currentValue>[^\"'\\s]+)[\"']?"
|
||||||
|
],
|
||||||
|
"depNameTemplate": "orhun/git-cliff",
|
||||||
|
"datasourceTemplate": "github-releases"
|
||||||
|
}
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user