Compare commits

..

3 Commits

Author SHA1 Message Date
argoyle 0ab0aa8bba feat: use file-based release token instead of secret 2026-01-08 20:58:11 +01:00
GitButler 96e4a1eaa2 GitButler Workspace Commit
This is placeholder commit and will be replaced by a merge of your virtual branches.

Due to GitButler managing multiple virtual branches, you cannot switch back and
forth between git branches and virtual branches easily. 

If you switch to another branch, GitButler will need to be reinitialized.
If you commit on this branch, GitButler will throw it away.

For more information about what we're doing here, check out our docs:
https://docs.gitbutler.com/features/branch-management/integration-branch
2026-01-08 20:58:11 +01:00
argoyle f2f0b69479 Merge pull request 'chore: Configure Renovate' (#1) from renovate/configure into main
Reviewed-on: #1
2026-01-08 19:20:36 +00:00
4 changed files with 242 additions and 284 deletions
-12
View File
@@ -1,12 +0,0 @@
{
"permissions": {
"allow": [
"Bash(but --help:*)",
"Bash(but rub --help:*)",
"WebSearch",
"WebFetch(domain:docs.gitea.com)",
"WebFetch(domain:gitea.com)",
"Bash(but status:*)"
]
}
}
+242 -227
View File
@@ -9,19 +9,16 @@ on:
default: false default: false
type: boolean type: boolean
concurrency:
group: release-${{ github.repository }}
cancel-in-progress: false
env: env:
GITEA_URL: http://gitea-http.gitea.svc.cluster.local:3000 GITEA_URL: https://git.unbound.se
RELEASE_TOKEN_FILE: /runner-secrets/release-token RELEASE_TOKEN_FILE: /runner-secrets/release-token
GIT_CLIFF_VERSION: "2.13.1"
jobs: jobs:
preconditions: preconditions:
name: Check Preconditions name: Check Preconditions
runs-on: ubuntu-latest runs-on: ubuntu-latest
container:
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
steps: steps:
- name: Validate token - name: Validate token
run: | run: |
@@ -36,23 +33,22 @@ jobs:
fi fi
echo "Release token found" echo "Release token found"
changelog-and-pr: changelog:
name: Generate Changelog and Handle PR name: Generate Changelog
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: preconditions needs: preconditions
if: github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch if: github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch
container:
image: orhunp/git-cliff:2.10.1@sha256:6ba0d1fcb051bd7b154cfb19c4b2b3bfa2c22c475f5285fc30606777b6573119
outputs:
version: ${{ steps.version.outputs.version }}
has_changes: ${{ steps.check.outputs.has_changes }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v7 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Install git-cliff
run: |
curl -sSfL "https://github.com/orhun/git-cliff/releases/download/v${GIT_CLIFF_VERSION}/git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-gnu.tar.gz" | tar xz
sudo mv "git-cliff-${GIT_CLIFF_VERSION}/git-cliff" /usr/local/bin/
git-cliff --version
- name: Generate changelog - name: Generate changelog
run: | run: |
git-cliff --bump --unreleased --strip header > CHANGES.md git-cliff --bump --unreleased --strip header > CHANGES.md
@@ -76,8 +72,32 @@ jobs:
echo "has_changes=true" >> $GITHUB_OUTPUT echo "has_changes=true" >> $GITHUB_OUTPUT
fi fi
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: changelog-artifacts
path: |
CHANGES.md
CHANGELOG.md
VERSION
handle-pr:
name: Handle Release PR
runs-on: ubuntu-latest
needs: changelog
if: needs.changelog.outputs.has_changes == 'true'
container:
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
steps:
- name: Install dependencies
run: apk add --no-cache git jq curl
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: changelog-artifacts
- name: Create or update release PR - name: Create or update release PR
if: steps.check.outputs.has_changes == 'true'
env: env:
REPOSITORY: ${{ github.repository }} REPOSITORY: ${{ github.repository }}
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
@@ -87,219 +107,213 @@ jobs:
OWNER=$(echo "${REPOSITORY}" | cut -d'/' -f1) OWNER=$(echo "${REPOSITORY}" | cut -d'/' -f1)
REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2) REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2)
API_URL="${GITEA_URL}/api/v1/repos/${OWNER}/${REPO}" API_URL="${GITEA_URL}/api/v1/repos/${OWNER}/${REPO}"
BASE_BRANCH="${DEFAULT_BRANCH:-main}"
echo "Using base branch: ${BASE_BRANCH}"
TITLE="chore(release): prepare for ${VERSION}" TITLE="chore(release): prepare for ${VERSION}"
CHANGES_CONTENT=$(cat CHANGES.md) # Read CHANGES.md and escape for JSON
PR_NOTE="**Note:** Please use **Squash Merge** when merging this PR." DESCRIPTION=$(cat CHANGES.md | jq -Rs .)
DESCRIPTION="${CHANGES_CONTENT}"$'\n\n---\n\n'"${PR_NOTE}" DESCRIPTION="${DESCRIPTION:1:-1}" # Remove surrounding quotes from jq
CHANGELOG_CONTENT=$(base64 -w0 < CHANGELOG.md)
VERSION_CONTENT=$(jq -n --arg v "${VERSION}" '{"version":$v}' | base64 -w0)
# api_call METHOD PATH [JSON_BODY] # Add squash merge reminder
# Stdout: first line "<http_code>|<curl_rc>", then response body. DESCRIPTION="${DESCRIPTION}
# Never returns non-zero so callers must inspect http_code; this
# prevents curl exit codes (e.g. CURLE_WRITE_ERROR / 23) from
# killing the script via `set -e` inside command substitutions.
api_call() {
local method="$1" path="$2" data="${3:-}"
local body_file http_code rc=0
body_file=$(mktemp)
local args=(-sS --retry 3 --retry-delay 2 --retry-all-errors
-w '%{http_code}'
-o "${body_file}"
-X "${method}"
-H "Authorization: token ${TOKEN}")
if [ -n "${data}" ]; then
args+=(-H "Content-Type: application/json" --data "${data}")
fi
http_code=$(curl "${args[@]}" "${API_URL}${path}" 2>/dev/null) || rc=$?
printf '%s|%s\n' "${http_code:-000}" "${rc}"
cat "${body_file}"
rm -f "${body_file}"
return 0
}
# Extract first-line meta and remaining body from api_call output. ---
meta_line() { printf '%s\n' "$1" | head -n1; } **Note:** Please use **Squash Merge** when merging this PR."
body_lines() { printf '%s\n' "$1" | tail -n +2; }
http_of() { local m; m=$(meta_line "$1"); printf '%s' "${m%%|*}"; } echo "Checking for existing release PRs..."
ok_code() { [ -n "$1" ] && [ "$1" -ge 200 ] 2>/dev/null && [ "$1" -lt 400 ]; } PRS=$(curl -sf \
-H "Authorization: token ${TOKEN}" \
"${API_URL}/pulls?state=open" | jq '[.[] | select(.head.ref == "next-release")]')
PR_INDEX=$(echo "${PRS}" | jq -r '.[0].number // empty')
# Delete existing next-release branch if it exists (auto-closes any open PR)
echo "Checking for existing next-release branch..." echo "Checking for existing next-release branch..."
OUT=$(api_call GET "/branches/next-release") BRANCH_EXISTS=$(curl -sf \
CODE=$(http_of "${OUT}") -H "Authorization: token ${TOKEN}" \
if [ "${CODE}" = "200" ]; then "${API_URL}/branches/next-release" 2>/dev/null && echo "true" || echo "false")
echo "Deleting existing next-release branch..."
OUT=$(api_call DELETE "/branches/next-release") # Prepare CHANGELOG.md content
echo " delete result: $(meta_line "${OUT}")" CHANGELOG_CONTENT=$(base64 -w0 < CHANGELOG.md)
# Prepare .version content
VERSION_JSON=$(jq -n --arg v "${VERSION}" '{"version":$v}')
VERSION_CONTENT=$(echo "${VERSION_JSON}" | base64 -w0)
if [ "${BRANCH_EXISTS}" = "true" ]; then
echo "Updating existing next-release branch..."
# Get SHA of existing CHANGELOG.md
CHANGELOG_SHA=$(curl -sf \
-H "Authorization: token ${TOKEN}" \
"${API_URL}/contents/CHANGELOG.md?ref=next-release" | jq -r '.sha // empty')
# Update or create CHANGELOG.md
if [ -n "${CHANGELOG_SHA}" ]; then
curl -sf -X PUT \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
--data "$(jq -n \
--arg content "${CHANGELOG_CONTENT}" \
--arg sha "${CHANGELOG_SHA}" \
--arg message "${TITLE}" \
--arg branch "next-release" \
'{content: $content, sha: $sha, message: $message, branch: $branch}')" \
"${API_URL}/contents/CHANGELOG.md"
else
curl -sf -X POST \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
--data "$(jq -n \
--arg content "${CHANGELOG_CONTENT}" \
--arg message "${TITLE}" \
--arg branch "next-release" \
'{content: $content, message: $message, branch: $branch, new_branch: $branch}')" \
"${API_URL}/contents/CHANGELOG.md"
fi
# Get SHA of existing .version
VERSION_SHA=$(curl -sf \
-H "Authorization: token ${TOKEN}" \
"${API_URL}/contents/.version?ref=next-release" | jq -r '.sha // empty')
# Update or create .version
if [ -n "${VERSION_SHA}" ]; then
curl -sf -X PUT \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
--data "$(jq -n \
--arg content "${VERSION_CONTENT}" \
--arg sha "${VERSION_SHA}" \
--arg message "${TITLE}" \
--arg branch "next-release" \
'{content: $content, sha: $sha, message: $message, branch: $branch}')" \
"${API_URL}/contents/.version"
else
curl -sf -X POST \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
--data "$(jq -n \
--arg content "${VERSION_CONTENT}" \
--arg message "${TITLE}" \
--arg branch "next-release" \
'{content: $content, message: $message, branch: $branch}')" \
"${API_URL}/contents/.version"
fi
else else
echo " no existing branch (HTTP ${CODE})" echo "Creating new next-release branch with CHANGELOG.md..."
curl -sf -X POST \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
--data "$(jq -n \
--arg content "${CHANGELOG_CONTENT}" \
--arg message "${TITLE}" \
--arg branch "next-release" \
--arg new_branch "next-release" \
'{content: $content, message: $message, branch: $branch, new_branch: $new_branch}')" \
"${API_URL}/contents/CHANGELOG.md"
echo "Adding .version to next-release branch..."
curl -sf -X POST \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
--data "$(jq -n \
--arg content "${VERSION_CONTENT}" \
--arg message "${TITLE}" \
--arg branch "next-release" \
'{content: $content, message: $message, branch: $branch}')" \
"${API_URL}/contents/.version"
fi fi
# Explicitly create next-release branch from base if [ -n "${PR_INDEX}" ]; then
echo "Creating next-release branch from ${BASE_BRANCH}..." echo "Updating existing PR #${PR_INDEX}..."
BRANCH_PAYLOAD=$(jq -n --arg new "next-release" --arg old "${BASE_BRANCH}" \ curl -sf -X PATCH \
'{new_branch_name: $new, old_branch_name: $old}') -H "Authorization: token ${TOKEN}" \
for i in $(seq 1 5); do -H "Content-Type: application/json" \
OUT=$(api_call POST "/branches" "${BRANCH_PAYLOAD}") --data "$(jq -n \
META=$(meta_line "${OUT}"); BODY=$(body_lines "${OUT}"); CODE="${META%%|*}" --arg title "${TITLE}" \
if ok_code "${CODE}"; then --arg body "${DESCRIPTION}" \
echo "Branch created (${META})" '{title: $title, body: $body}')" \
break "${API_URL}/pulls/${PR_INDEX}"
fi else
if [ "${i}" = "5" ]; then echo "Creating new PR..."
echo "Branch create failed after 5 attempts (${META}): ${BODY}" curl -sf -X POST \
exit 1 -H "Authorization: token ${TOKEN}" \
fi -H "Content-Type: application/json" \
echo " attempt ${i}/5 (${META}): ${BODY} — retrying..." --data "$(jq -n \
sleep 3 --arg title "${TITLE}" \
done --arg body "${DESCRIPTION}" \
--arg head "next-release" \
--arg base "${DEFAULT_BRANCH}" \
'{title: $title, body: $body, head: $head, base: $base}')" \
"${API_URL}/pulls"
fi
# Poll until branch is readable prepare-release:
echo "Waiting for branch readiness..." name: Prepare Release
for i in $(seq 1 10); do
OUT=$(api_call GET "/branches/next-release")
META=$(meta_line "${OUT}"); CODE="${META%%|*}"
if [ "${CODE}" = "200" ]; then
echo "Branch ready after ${i} attempt(s)"
break
fi
if [ "${i}" = "10" ]; then
echo "Branch not ready after 10 attempts (last: ${META})"
exit 1
fi
echo " attempt ${i}/10 (${META}) — waiting..."
sleep 2
done
# Fetch file blob SHA from BASE_BRANCH. next-release was just forked
# from base so the blob SHA matches; querying base avoids racing
# Gitea's per-endpoint propagation for the new branch (the /contents
# endpoint can still 500/404 after /branches reports 200). Returns
# empty only when the file genuinely does not exist on base.
fetch_sha() {
local path="$1" out meta code body
for i in $(seq 1 5); do
out=$(api_call GET "/contents/${path}?ref=${BASE_BRANCH}")
meta=$(meta_line "${out}"); code="${meta%%|*}"; body=$(body_lines "${out}")
if [ "${code}" = "200" ]; then
printf '%s' "${body}" | jq -r '.sha // empty'
return 0
fi
if [ "${code}" = "404" ]; then
return 0
fi
if [ "${i}" = "5" ]; then
echo "fetch_sha ${path} failed after 5 attempts (${meta}): ${body}" >&2
return 0
fi
sleep 2
done
}
CHANGELOG_SHA=$(fetch_sha "CHANGELOG.md")
VERSION_SHA=$(fetch_sha ".version")
# Write file with retry. Args: PATH CONTENT_B64 [SHA]
write_file() {
local path="$1" content="$2" sha="${3:-}"
local method payload out meta body code
if [ -n "${sha}" ]; then
method=PUT
payload=$(jq -n \
--arg content "${content}" \
--arg sha "${sha}" \
--arg message "${TITLE}" \
--arg branch "next-release" \
'{content: $content, sha: $sha, message: $message, branch: $branch}')
else
method=POST
payload=$(jq -n \
--arg content "${content}" \
--arg message "${TITLE}" \
--arg branch "next-release" \
'{content: $content, message: $message, branch: $branch}')
fi
for i in $(seq 1 5); do
out=$(api_call "${method}" "/contents/${path}" "${payload}")
meta=$(meta_line "${out}"); body=$(body_lines "${out}"); code="${meta%%|*}"
if ok_code "${code}"; then
echo "${path} write succeeded (${meta})"
return 0
fi
if [ "${i}" = "5" ]; then
echo "${path} write failed after 5 attempts (${meta}): ${body}"
return 1
fi
echo " ${path} attempt ${i}/5 (${meta}): ${body} — retrying..."
sleep 3
done
}
echo "Writing CHANGELOG.md to next-release..."
write_file "CHANGELOG.md" "${CHANGELOG_CONTENT}" "${CHANGELOG_SHA}"
echo "Writing .version to next-release..."
write_file ".version" "${VERSION_CONTENT}" "${VERSION_SHA}"
# Create PR
echo "Creating PR..."
PR_DATA=$(jq -n \
--arg title "${TITLE}" \
--arg body "${DESCRIPTION}" \
--arg head "next-release" \
--arg base "${BASE_BRANCH}" \
'{title: $title, body: $body, head: $head, base: $base}')
for i in $(seq 1 5); do
OUT=$(api_call POST "/pulls" "${PR_DATA}")
META=$(meta_line "${OUT}"); BODY=$(body_lines "${OUT}"); CODE="${META%%|*}"
if ok_code "${CODE}"; then
echo "PR created (${META})"
break
fi
if [ "${i}" = "5" ]; then
echo "PR creation failed after 5 attempts (${META}): ${BODY}"
exit 1
fi
echo " PR attempt ${i}/5 (${META}): ${BODY} — retrying..."
sleep 3
done
create-release:
name: Create Release
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: preconditions needs: preconditions
if: | if: |
github.ref_type == 'branch' && (github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch) ||
github.ref_name == github.event.repository.default_branch && github.ref_type == 'tag'
inputs.tag_only != true container:
image: orhunp/git-cliff:2.10.1@sha256:6ba0d1fcb051bd7b154cfb19c4b2b3bfa2c22c475f5285fc30606777b6573119
outputs:
version: ${{ steps.version.outputs.version }}
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v7 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Install git-cliff
run: |
curl -sSfL "https://github.com/orhun/git-cliff/releases/download/v${GIT_CLIFF_VERSION}/git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-gnu.tar.gz" | tar xz
sudo mv "git-cliff-${GIT_CLIFF_VERSION}/git-cliff" /usr/local/bin/
git-cliff --version
- name: Generate changelog - name: Generate changelog
run: git-cliff --bump --unreleased --strip header > CHANGES.md run: |
if [ "${{ github.ref_type }}" = "tag" ]; then
git-cliff --bump --latest --strip header > CHANGES.md
else
git-cliff --bump --unreleased --strip header > CHANGES.md
fi
- name: Get version - name: Get version
id: version id: version
run: | run: |
VERSION=$(git-cliff --bumped-version 2>/dev/null || echo "") VERSION=$(git-cliff --bumped-version 2>/dev/null || echo "")
echo "version=${VERSION}" >> $GITHUB_OUTPUT echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "${VERSION}" > VERSION
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: release-artifacts
path: |
CHANGES.md
VERSION
create-release:
name: Create Release
runs-on: ubuntu-latest
needs: prepare-release
if: |
github.ref_type == 'branch' &&
github.ref_name == github.event.repository.default_branch &&
inputs.tag_only != true
container:
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install dependencies
run: apk add --no-cache git jq curl
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: release-artifacts
- name: Create release - name: Create release
env: env:
REPOSITORY: ${{ github.repository }} REPOSITORY: ${{ github.repository }}
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
VERSION: ${{ steps.version.outputs.version }}
run: | run: |
TOKEN=$(cat "${RELEASE_TOKEN_FILE}") TOKEN=$(cat "${RELEASE_TOKEN_FILE}")
if [ ! -r .version ]; then if [ ! -r .version ]; then
@@ -307,11 +321,11 @@ jobs:
exit 0 exit 0
fi fi
CURRENT_VERSION=$(cat .version 2>/dev/null | jq -r '.version') VERSION=$(cat .version 2>/dev/null | jq -r '.version')
LATEST=$(git describe --abbrev=0 --tags 2>/dev/null || echo '') LATEST=$(git describe --abbrev=0 --tags 2>/dev/null || echo '')
if [ -n "${LATEST}" ] && [ "${CURRENT_VERSION}" = "${LATEST}" ]; then if [ -n "${LATEST}" ] && [ "${VERSION}" = "${LATEST}" ]; then
echo "Version ${CURRENT_VERSION} already exists" echo "Version ${VERSION} already exists"
exit 0 exit 0
fi fi
@@ -319,15 +333,17 @@ jobs:
REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2) REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2)
API_URL="${GITEA_URL}/api/v1/repos/${OWNER}/${REPO}" API_URL="${GITEA_URL}/api/v1/repos/${OWNER}/${REPO}"
MESSAGE=$(cat CHANGES.md) NAME=$(cat VERSION)
MESSAGE=$(cat CHANGES.md | jq -Rs .)
MESSAGE="${MESSAGE:1:-1}" # Remove surrounding quotes
echo "Creating release ${VERSION}..." echo "Creating release ${NAME}..."
curl -sf --retry 3 --retry-delay 2 --retry-connrefused -X POST \ curl -sf -X POST \
-H "Authorization: token ${TOKEN}" \ -H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
--data "$(jq -n \ --data "$(jq -n \
--arg tag_name "${VERSION}" \ --arg tag_name "${NAME}" \
--arg name "${VERSION}" \ --arg name "${NAME}" \
--arg body "${MESSAGE}" \ --arg body "${MESSAGE}" \
--arg target "${DEFAULT_BRANCH}" \ --arg target "${DEFAULT_BRANCH}" \
'{tag_name: $tag_name, name: $name, body: $body, target_commitish: $target}')" \ '{tag_name: $tag_name, name: $name, body: $body, target_commitish: $target}')" \
@@ -336,34 +352,31 @@ jobs:
create-tag: create-tag:
name: Create Tag name: Create Tag
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: preconditions needs: prepare-release
if: | if: |
github.ref_type == 'branch' && github.ref_type == 'branch' &&
github.ref_name == github.event.repository.default_branch && github.ref_name == github.event.repository.default_branch &&
inputs.tag_only == true inputs.tag_only == true
container:
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
steps: steps:
- name: Checkout - name: Checkout
uses: actions/checkout@v7 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Install git-cliff - name: Install dependencies
run: | run: apk add --no-cache git jq curl
curl -sSfL "https://github.com/orhun/git-cliff/releases/download/v${GIT_CLIFF_VERSION}/git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-gnu.tar.gz" | tar xz
sudo mv "git-cliff-${GIT_CLIFF_VERSION}/git-cliff" /usr/local/bin/
git-cliff --version
- name: Get version - name: Download artifacts
id: version uses: actions/download-artifact@v4
run: | with:
VERSION=$(git-cliff --bumped-version 2>/dev/null || echo "") name: release-artifacts
echo "version=${VERSION}" >> $GITHUB_OUTPUT
- name: Create tag - name: Create tag
env: env:
REPOSITORY: ${{ github.repository }} REPOSITORY: ${{ github.repository }}
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
VERSION: ${{ steps.version.outputs.version }}
run: | run: |
TOKEN=$(cat "${RELEASE_TOKEN_FILE}") TOKEN=$(cat "${RELEASE_TOKEN_FILE}")
if [ ! -r .version ]; then if [ ! -r .version ]; then
@@ -371,11 +384,11 @@ jobs:
exit 0 exit 0
fi fi
CURRENT_VERSION=$(cat .version 2>/dev/null | jq -r '.version') VERSION=$(cat .version 2>/dev/null | jq -r '.version')
LATEST=$(git describe --abbrev=0 --tags 2>/dev/null || echo '') LATEST=$(git describe --abbrev=0 --tags 2>/dev/null || echo '')
if [ -n "${LATEST}" ] && [ "${CURRENT_VERSION}" = "${LATEST}" ]; then if [ -n "${LATEST}" ] && [ "${VERSION}" = "${LATEST}" ]; then
echo "Version ${CURRENT_VERSION} already exists" echo "Version ${VERSION} already exists"
exit 0 exit 0
fi fi
@@ -383,13 +396,15 @@ jobs:
REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2) REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2)
API_URL="${GITEA_URL}/api/v1/repos/${OWNER}/${REPO}" API_URL="${GITEA_URL}/api/v1/repos/${OWNER}/${REPO}"
echo "Creating tag ${VERSION}..." NAME=$(cat VERSION)
curl -sf --retry 3 --retry-delay 2 --retry-connrefused -X POST \
echo "Creating tag ${NAME}..."
curl -sf -X POST \
-H "Authorization: token ${TOKEN}" \ -H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
--data "$(jq -n \ --data "$(jq -n \
--arg tag_name "${VERSION}" \ --arg tag_name "${NAME}" \
--arg target "${DEFAULT_BRANCH}" \ --arg target "${DEFAULT_BRANCH}" \
--arg message "${VERSION}" \ --arg message "${NAME}" \
'{tag_name: $tag_name, target: $target, message: $message}')" \ '{tag_name: $tag_name, target: $target, message: $message}')" \
"${API_URL}/tags" "${API_URL}/tags"
-32
View File
@@ -1,32 +0,0 @@
# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Repository Overview
This repository contains reusable Gitea Actions workflows for Unbound Software repositories. These workflows are called from other repositories using Gitea's `workflow_call` trigger.
## Architecture
- **Location**: Workflows are stored in `.gitea/workflows/` (not `.github/workflows/`)
- **Platform**: Gitea Actions (compatible with GitHub Actions syntax but runs on Gitea)
- **Runner**: Uses `ubuntu-latest` runner directly (no containers)
- **git-cliff**: Downloaded as binary from GitHub releases, version controlled via `GIT_CLIFF_VERSION` env var
### Release.yml Workflow
The main workflow automates semantic versioning releases using git-cliff for changelog generation:
1. **preconditions**: Validates release token exists at `/runner-secrets/release-token`
2. **changelog**: Generates changelog, determines version bump, checks for changes
3. **handle-pr**: Creates/updates a `next-release` branch and PR with CHANGELOG.md and .version
4. **prepare-release**: Prepares release artifacts when triggered
5. **create-release** or **create-tag**: Creates Gitea release or tag based on `tag_only` input
Version tracking uses a `.version` JSON file containing `{"version":"vX.Y.Z"}`.
## Development Notes
- No build/test commands exist - this is a workflow-only repository
- Workflows use Gitea API directly via curl (not gh CLI)
- Authentication reads from file-based token at `/runner-secrets/release-token`
-13
View File
@@ -2,18 +2,5 @@
"$schema": "https://docs.renovatebot.com/renovate-schema.json", "$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [ "extends": [
"config:recommended" "config:recommended"
],
"customManagers": [
{
"customType": "regex",
"managerFilePatterns": [
"/^\\.gitea/workflows/.*\\.ya?ml$/"
],
"matchStrings": [
"GIT_CLIFF_VERSION:\\s*[\"']?(?<currentValue>[^\"'\\s]+)[\"']?"
],
"depNameTemplate": "orhun/git-cliff",
"datasourceTemplate": "github-releases"
}
] ]
} }