unboundsoftware/shared-workflows
6
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Activity

Compare commits

base: unboundsoftware/shared-workflows:f2f0b694793e8db08b1f5e30c6976854caa89005
Branches Tags
unboundsoftware/shared-workflows:main
...
compare: unboundsoftware/shared-workflows:0ab0aa8bbade2d7a49eb446e4e44a1c8f60976f9
Branches Tags
unboundsoftware/shared-workflows:main

2 Commits
f2f0b69479 ... 0ab0aa8bba

Author SHA1 Message Date
argoyle 0ab0aa8bba feat: use file-based release token instead of secret 2026-01-08 20:58:11 +01:00
GitButler 96e4a1eaa2 GitButler Workspace Commit 
This is placeholder commit and will be replaced by a merge of your virtual branches.

Due to GitButler managing multiple virtual branches, you cannot switch back and
forth between git branches and virtual branches easily. 

If you switch to another branch, GitButler will need to be reinitialized.
If you commit on this branch, GitButler will throw it away.

For more information about what we're doing here, check out our docs:
https://docs.gitbutler.com/features/branch-management/integration-branch
 2026-01-08 20:58:11 +01:00
2 changed files with 17 additions and 19 deletions
Expand all files Collapse all files
.gitea/workflows/Release.yml
+14 -14
View File
@@ -8,13 +8,10 @@ on:
required: false
default: false
type: boolean
secrets:
UNBOUND_RELEASE_TOKEN:
description: 'Token with API access to create PRs and releases'
required: true
env:
GITEA_URL: https://git.unbound.se
RELEASE_TOKEN_FILE: /runner-secrets/release-token
jobs:
preconditions:
@@ -24,14 +21,17 @@ jobs:
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
steps:
- name: Validate token
if: ${{ secrets.UNBOUND_RELEASE_TOKEN == '' }}
run: |
echo "To use Unbound Release, a UNBOUND_RELEASE_TOKEN secret needs to be defined."
echo "It needs API access to write repository files, create PRs and releases."
echo " "
echo "Create a token in Gitea: Settings -> Applications -> Generate New Token"
echo "Required scopes: repository (read/write), issue (read/write)"
exit 1
if [ ! -r "${RELEASE_TOKEN_FILE}" ]; then
echo "Release token file not found at ${RELEASE_TOKEN_FILE}"
echo "This workflow requires the runner to have RELEASE_TOKEN configured."
exit 1
fi
if [ ! -s "${RELEASE_TOKEN_FILE}" ]; then
echo "Release token file is empty"
exit 1
fi
echo "Release token found"
changelog:
name: Generate Changelog
@@ -99,10 +99,10 @@ jobs:
- name: Create or update release PR
env:
TOKEN: ${{ secrets.UNBOUND_RELEASE_TOKEN }}
REPOSITORY: ${{ github.repository }}
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
run: |
TOKEN=$(cat "${RELEASE_TOKEN_FILE}")
VERSION=$(cat VERSION)
OWNER=$(echo "${REPOSITORY}" | cut -d'/' -f1)
REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2)
@@ -312,10 +312,10 @@ jobs:
- name: Create release
env:
TOKEN: ${{ secrets.UNBOUND_RELEASE_TOKEN }}
REPOSITORY: ${{ github.repository }}
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
run: |
TOKEN=$(cat "${RELEASE_TOKEN_FILE}")
if [ ! -r .version ]; then
echo "Version file not found"
exit 0
@@ -375,10 +375,10 @@ jobs:
- name: Create tag
env:
TOKEN: ${{ secrets.UNBOUND_RELEASE_TOKEN }}
REPOSITORY: ${{ github.repository }}
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
run: |
TOKEN=$(cat "${RELEASE_TOKEN_FILE}")
if [ ! -r .version ]; then
echo "Version file not found"
exit 0
README.md
+3 -5
View File
@@ -20,21 +20,19 @@ on:
jobs:
release:
uses: unboundsoftware/shared-workflows/.gitea/workflows/Release.yml@main
secrets:
UNBOUND_RELEASE_TOKEN: ${{ secrets.GIT_API_TOKEN }}
```
**Inputs:**
- `tag_only` (boolean, default: `false`): Set to `true` to only create tags without full releases
**Secrets:**
**Requirements:**
- `UNBOUND_RELEASE_TOKEN` (required): Token with API access to create PRs and releases. Required scopes: `repository` (read/write), `issue` (read/write)
This workflow reads the release token from `/runner-secrets/release-token`, which is automatically available on Unbound's Gitea runners. No repository secrets need to be configured.
**How it works:**
1. On each push to the default branch, generates a changelog using git-cliff
2. Creates or updates a `next-release` branch with the updated CHANGELOG.md and .version file
3. Opens or updates a PR titled "chore(release): prepare for vX.Y.Z"
4. When the .version file exists (after merging the release PR), creates a GitHub release with the changelog
4. When the .version file exists (after merging the release PR), creates a Gitea release with the changelog