Compare commits

..

3 Commits

Author SHA1 Message Date
argoyle 0ab0aa8bba feat: use file-based release token instead of secret 2026-01-08 20:58:11 +01:00
GitButler 96e4a1eaa2 GitButler Workspace Commit
This is placeholder commit and will be replaced by a merge of your virtual branches.

Due to GitButler managing multiple virtual branches, you cannot switch back and
forth between git branches and virtual branches easily. 

If you switch to another branch, GitButler will need to be reinitialized.
If you commit on this branch, GitButler will throw it away.

For more information about what we're doing here, check out our docs:
https://docs.gitbutler.com/features/branch-management/integration-branch
2026-01-08 20:58:11 +01:00
argoyle f2f0b69479 Merge pull request 'chore: Configure Renovate' (#1) from renovate/configure into main
Reviewed-on: #1
2026-01-08 19:20:36 +00:00
4 changed files with 242 additions and 284 deletions
-12
View File
@@ -1,12 +0,0 @@
{
"permissions": {
"allow": [
"Bash(but --help:*)",
"Bash(but rub --help:*)",
"WebSearch",
"WebFetch(domain:docs.gitea.com)",
"WebFetch(domain:gitea.com)",
"Bash(but status:*)"
]
}
}
+229 -214
View File
@@ -9,19 +9,16 @@ on:
default: false
type: boolean
concurrency:
group: release-${{ github.repository }}
cancel-in-progress: false
env:
GITEA_URL: http://gitea-http.gitea.svc.cluster.local:3000
GITEA_URL: https://git.unbound.se
RELEASE_TOKEN_FILE: /runner-secrets/release-token
GIT_CLIFF_VERSION: "2.13.1"
jobs:
preconditions:
name: Check Preconditions
runs-on: ubuntu-latest
container:
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
steps:
- name: Validate token
run: |
@@ -36,23 +33,22 @@ jobs:
fi
echo "Release token found"
changelog-and-pr:
name: Generate Changelog and Handle PR
changelog:
name: Generate Changelog
runs-on: ubuntu-latest
needs: preconditions
if: github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch
container:
image: orhunp/git-cliff:2.10.1@sha256:6ba0d1fcb051bd7b154cfb19c4b2b3bfa2c22c475f5285fc30606777b6573119
outputs:
version: ${{ steps.version.outputs.version }}
has_changes: ${{ steps.check.outputs.has_changes }}
steps:
- name: Checkout
uses: actions/checkout@v7
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install git-cliff
run: |
curl -sSfL "https://github.com/orhun/git-cliff/releases/download/v${GIT_CLIFF_VERSION}/git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-gnu.tar.gz" | tar xz
sudo mv "git-cliff-${GIT_CLIFF_VERSION}/git-cliff" /usr/local/bin/
git-cliff --version
- name: Generate changelog
run: |
git-cliff --bump --unreleased --strip header > CHANGES.md
@@ -76,8 +72,32 @@ jobs:
echo "has_changes=true" >> $GITHUB_OUTPUT
fi
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: changelog-artifacts
path: |
CHANGES.md
CHANGELOG.md
VERSION
handle-pr:
name: Handle Release PR
runs-on: ubuntu-latest
needs: changelog
if: needs.changelog.outputs.has_changes == 'true'
container:
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
steps:
- name: Install dependencies
run: apk add --no-cache git jq curl
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: changelog-artifacts
- name: Create or update release PR
if: steps.check.outputs.has_changes == 'true'
env:
REPOSITORY: ${{ github.repository }}
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
@@ -87,219 +107,213 @@ jobs:
OWNER=$(echo "${REPOSITORY}" | cut -d'/' -f1)
REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2)
API_URL="${GITEA_URL}/api/v1/repos/${OWNER}/${REPO}"
BASE_BRANCH="${DEFAULT_BRANCH:-main}"
echo "Using base branch: ${BASE_BRANCH}"
TITLE="chore(release): prepare for ${VERSION}"
CHANGES_CONTENT=$(cat CHANGES.md)
PR_NOTE="**Note:** Please use **Squash Merge** when merging this PR."
DESCRIPTION="${CHANGES_CONTENT}"$'\n\n---\n\n'"${PR_NOTE}"
CHANGELOG_CONTENT=$(base64 -w0 < CHANGELOG.md)
VERSION_CONTENT=$(jq -n --arg v "${VERSION}" '{"version":$v}' | base64 -w0)
# Read CHANGES.md and escape for JSON
DESCRIPTION=$(cat CHANGES.md | jq -Rs .)
DESCRIPTION="${DESCRIPTION:1:-1}" # Remove surrounding quotes from jq
# api_call METHOD PATH [JSON_BODY]
# Stdout: first line "<http_code>|<curl_rc>", then response body.
# Never returns non-zero so callers must inspect http_code; this
# prevents curl exit codes (e.g. CURLE_WRITE_ERROR / 23) from
# killing the script via `set -e` inside command substitutions.
api_call() {
local method="$1" path="$2" data="${3:-}"
local body_file http_code rc=0
body_file=$(mktemp)
local args=(-sS --retry 3 --retry-delay 2 --retry-all-errors
-w '%{http_code}'
-o "${body_file}"
-X "${method}"
-H "Authorization: token ${TOKEN}")
if [ -n "${data}" ]; then
args+=(-H "Content-Type: application/json" --data "${data}")
fi
http_code=$(curl "${args[@]}" "${API_URL}${path}" 2>/dev/null) || rc=$?
printf '%s|%s\n' "${http_code:-000}" "${rc}"
cat "${body_file}"
rm -f "${body_file}"
return 0
}
# Add squash merge reminder
DESCRIPTION="${DESCRIPTION}
# Extract first-line meta and remaining body from api_call output.
meta_line() { printf '%s\n' "$1" | head -n1; }
body_lines() { printf '%s\n' "$1" | tail -n +2; }
http_of() { local m; m=$(meta_line "$1"); printf '%s' "${m%%|*}"; }
ok_code() { [ -n "$1" ] && [ "$1" -ge 200 ] 2>/dev/null && [ "$1" -lt 400 ]; }
---
**Note:** Please use **Squash Merge** when merging this PR."
echo "Checking for existing release PRs..."
PRS=$(curl -sf \
-H "Authorization: token ${TOKEN}" \
"${API_URL}/pulls?state=open" | jq '[.[] | select(.head.ref == "next-release")]')
PR_INDEX=$(echo "${PRS}" | jq -r '.[0].number // empty')
# Delete existing next-release branch if it exists (auto-closes any open PR)
echo "Checking for existing next-release branch..."
OUT=$(api_call GET "/branches/next-release")
CODE=$(http_of "${OUT}")
if [ "${CODE}" = "200" ]; then
echo "Deleting existing next-release branch..."
OUT=$(api_call DELETE "/branches/next-release")
echo " delete result: $(meta_line "${OUT}")"
else
echo " no existing branch (HTTP ${CODE})"
fi
BRANCH_EXISTS=$(curl -sf \
-H "Authorization: token ${TOKEN}" \
"${API_URL}/branches/next-release" 2>/dev/null && echo "true" || echo "false")
# Explicitly create next-release branch from base
echo "Creating next-release branch from ${BASE_BRANCH}..."
BRANCH_PAYLOAD=$(jq -n --arg new "next-release" --arg old "${BASE_BRANCH}" \
'{new_branch_name: $new, old_branch_name: $old}')
for i in $(seq 1 5); do
OUT=$(api_call POST "/branches" "${BRANCH_PAYLOAD}")
META=$(meta_line "${OUT}"); BODY=$(body_lines "${OUT}"); CODE="${META%%|*}"
if ok_code "${CODE}"; then
echo "Branch created (${META})"
break
fi
if [ "${i}" = "5" ]; then
echo "Branch create failed after 5 attempts (${META}): ${BODY}"
exit 1
fi
echo " attempt ${i}/5 (${META}): ${BODY} — retrying..."
sleep 3
done
# Prepare CHANGELOG.md content
CHANGELOG_CONTENT=$(base64 -w0 < CHANGELOG.md)
# Poll until branch is readable
echo "Waiting for branch readiness..."
for i in $(seq 1 10); do
OUT=$(api_call GET "/branches/next-release")
META=$(meta_line "${OUT}"); CODE="${META%%|*}"
if [ "${CODE}" = "200" ]; then
echo "Branch ready after ${i} attempt(s)"
break
fi
if [ "${i}" = "10" ]; then
echo "Branch not ready after 10 attempts (last: ${META})"
exit 1
fi
echo " attempt ${i}/10 (${META}) — waiting..."
sleep 2
done
# Prepare .version content
VERSION_JSON=$(jq -n --arg v "${VERSION}" '{"version":$v}')
VERSION_CONTENT=$(echo "${VERSION_JSON}" | base64 -w0)
# Fetch file blob SHA from BASE_BRANCH. next-release was just forked
# from base so the blob SHA matches; querying base avoids racing
# Gitea's per-endpoint propagation for the new branch (the /contents
# endpoint can still 500/404 after /branches reports 200). Returns
# empty only when the file genuinely does not exist on base.
fetch_sha() {
local path="$1" out meta code body
for i in $(seq 1 5); do
out=$(api_call GET "/contents/${path}?ref=${BASE_BRANCH}")
meta=$(meta_line "${out}"); code="${meta%%|*}"; body=$(body_lines "${out}")
if [ "${code}" = "200" ]; then
printf '%s' "${body}" | jq -r '.sha // empty'
return 0
fi
if [ "${code}" = "404" ]; then
return 0
fi
if [ "${i}" = "5" ]; then
echo "fetch_sha ${path} failed after 5 attempts (${meta}): ${body}" >&2
return 0
fi
sleep 2
done
}
CHANGELOG_SHA=$(fetch_sha "CHANGELOG.md")
VERSION_SHA=$(fetch_sha ".version")
if [ "${BRANCH_EXISTS}" = "true" ]; then
echo "Updating existing next-release branch..."
# Write file with retry. Args: PATH CONTENT_B64 [SHA]
write_file() {
local path="$1" content="$2" sha="${3:-}"
local method payload out meta body code
if [ -n "${sha}" ]; then
method=PUT
payload=$(jq -n \
--arg content "${content}" \
--arg sha "${sha}" \
# Get SHA of existing CHANGELOG.md
CHANGELOG_SHA=$(curl -sf \
-H "Authorization: token ${TOKEN}" \
"${API_URL}/contents/CHANGELOG.md?ref=next-release" | jq -r '.sha // empty')
# Update or create CHANGELOG.md
if [ -n "${CHANGELOG_SHA}" ]; then
curl -sf -X PUT \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
--data "$(jq -n \
--arg content "${CHANGELOG_CONTENT}" \
--arg sha "${CHANGELOG_SHA}" \
--arg message "${TITLE}" \
--arg branch "next-release" \
'{content: $content, sha: $sha, message: $message, branch: $branch}')
'{content: $content, sha: $sha, message: $message, branch: $branch}')" \
"${API_URL}/contents/CHANGELOG.md"
else
method=POST
payload=$(jq -n \
--arg content "${content}" \
curl -sf -X POST \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
--data "$(jq -n \
--arg content "${CHANGELOG_CONTENT}" \
--arg message "${TITLE}" \
--arg branch "next-release" \
'{content: $content, message: $message, branch: $branch}')
'{content: $content, message: $message, branch: $branch, new_branch: $branch}')" \
"${API_URL}/contents/CHANGELOG.md"
fi
for i in $(seq 1 5); do
out=$(api_call "${method}" "/contents/${path}" "${payload}")
meta=$(meta_line "${out}"); body=$(body_lines "${out}"); code="${meta%%|*}"
if ok_code "${code}"; then
echo "${path} write succeeded (${meta})"
return 0
fi
if [ "${i}" = "5" ]; then
echo "${path} write failed after 5 attempts (${meta}): ${body}"
return 1
fi
echo " ${path} attempt ${i}/5 (${meta}): ${body} — retrying..."
sleep 3
done
}
echo "Writing CHANGELOG.md to next-release..."
write_file "CHANGELOG.md" "${CHANGELOG_CONTENT}" "${CHANGELOG_SHA}"
echo "Writing .version to next-release..."
write_file ".version" "${VERSION_CONTENT}" "${VERSION_SHA}"
# Get SHA of existing .version
VERSION_SHA=$(curl -sf \
-H "Authorization: token ${TOKEN}" \
"${API_URL}/contents/.version?ref=next-release" | jq -r '.sha // empty')
# Create PR
echo "Creating PR..."
PR_DATA=$(jq -n \
# Update or create .version
if [ -n "${VERSION_SHA}" ]; then
curl -sf -X PUT \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
--data "$(jq -n \
--arg content "${VERSION_CONTENT}" \
--arg sha "${VERSION_SHA}" \
--arg message "${TITLE}" \
--arg branch "next-release" \
'{content: $content, sha: $sha, message: $message, branch: $branch}')" \
"${API_URL}/contents/.version"
else
curl -sf -X POST \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
--data "$(jq -n \
--arg content "${VERSION_CONTENT}" \
--arg message "${TITLE}" \
--arg branch "next-release" \
'{content: $content, message: $message, branch: $branch}')" \
"${API_URL}/contents/.version"
fi
else
echo "Creating new next-release branch with CHANGELOG.md..."
curl -sf -X POST \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
--data "$(jq -n \
--arg content "${CHANGELOG_CONTENT}" \
--arg message "${TITLE}" \
--arg branch "next-release" \
--arg new_branch "next-release" \
'{content: $content, message: $message, branch: $branch, new_branch: $new_branch}')" \
"${API_URL}/contents/CHANGELOG.md"
echo "Adding .version to next-release branch..."
curl -sf -X POST \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
--data "$(jq -n \
--arg content "${VERSION_CONTENT}" \
--arg message "${TITLE}" \
--arg branch "next-release" \
'{content: $content, message: $message, branch: $branch}')" \
"${API_URL}/contents/.version"
fi
if [ -n "${PR_INDEX}" ]; then
echo "Updating existing PR #${PR_INDEX}..."
curl -sf -X PATCH \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
--data "$(jq -n \
--arg title "${TITLE}" \
--arg body "${DESCRIPTION}" \
'{title: $title, body: $body}')" \
"${API_URL}/pulls/${PR_INDEX}"
else
echo "Creating new PR..."
curl -sf -X POST \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
--data "$(jq -n \
--arg title "${TITLE}" \
--arg body "${DESCRIPTION}" \
--arg head "next-release" \
--arg base "${BASE_BRANCH}" \
'{title: $title, body: $body, head: $head, base: $base}')
for i in $(seq 1 5); do
OUT=$(api_call POST "/pulls" "${PR_DATA}")
META=$(meta_line "${OUT}"); BODY=$(body_lines "${OUT}"); CODE="${META%%|*}"
if ok_code "${CODE}"; then
echo "PR created (${META})"
break
--arg base "${DEFAULT_BRANCH}" \
'{title: $title, body: $body, head: $head, base: $base}')" \
"${API_URL}/pulls"
fi
if [ "${i}" = "5" ]; then
echo "PR creation failed after 5 attempts (${META}): ${BODY}"
exit 1
fi
echo " PR attempt ${i}/5 (${META}): ${BODY} — retrying..."
sleep 3
done
create-release:
name: Create Release
prepare-release:
name: Prepare Release
runs-on: ubuntu-latest
needs: preconditions
if: |
github.ref_type == 'branch' &&
github.ref_name == github.event.repository.default_branch &&
inputs.tag_only != true
(github.ref_type == 'branch' && github.ref_name == github.event.repository.default_branch) ||
github.ref_type == 'tag'
container:
image: orhunp/git-cliff:2.10.1@sha256:6ba0d1fcb051bd7b154cfb19c4b2b3bfa2c22c475f5285fc30606777b6573119
outputs:
version: ${{ steps.version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v7
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install git-cliff
run: |
curl -sSfL "https://github.com/orhun/git-cliff/releases/download/v${GIT_CLIFF_VERSION}/git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-gnu.tar.gz" | tar xz
sudo mv "git-cliff-${GIT_CLIFF_VERSION}/git-cliff" /usr/local/bin/
git-cliff --version
- name: Generate changelog
run: git-cliff --bump --unreleased --strip header > CHANGES.md
run: |
if [ "${{ github.ref_type }}" = "tag" ]; then
git-cliff --bump --latest --strip header > CHANGES.md
else
git-cliff --bump --unreleased --strip header > CHANGES.md
fi
- name: Get version
id: version
run: |
VERSION=$(git-cliff --bumped-version 2>/dev/null || echo "")
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "${VERSION}" > VERSION
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: release-artifacts
path: |
CHANGES.md
VERSION
create-release:
name: Create Release
runs-on: ubuntu-latest
needs: prepare-release
if: |
github.ref_type == 'branch' &&
github.ref_name == github.event.repository.default_branch &&
inputs.tag_only != true
container:
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install dependencies
run: apk add --no-cache git jq curl
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: release-artifacts
- name: Create release
env:
REPOSITORY: ${{ github.repository }}
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
VERSION: ${{ steps.version.outputs.version }}
run: |
TOKEN=$(cat "${RELEASE_TOKEN_FILE}")
if [ ! -r .version ]; then
@@ -307,11 +321,11 @@ jobs:
exit 0
fi
CURRENT_VERSION=$(cat .version 2>/dev/null | jq -r '.version')
VERSION=$(cat .version 2>/dev/null | jq -r '.version')
LATEST=$(git describe --abbrev=0 --tags 2>/dev/null || echo '')
if [ -n "${LATEST}" ] && [ "${CURRENT_VERSION}" = "${LATEST}" ]; then
echo "Version ${CURRENT_VERSION} already exists"
if [ -n "${LATEST}" ] && [ "${VERSION}" = "${LATEST}" ]; then
echo "Version ${VERSION} already exists"
exit 0
fi
@@ -319,15 +333,17 @@ jobs:
REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2)
API_URL="${GITEA_URL}/api/v1/repos/${OWNER}/${REPO}"
MESSAGE=$(cat CHANGES.md)
NAME=$(cat VERSION)
MESSAGE=$(cat CHANGES.md | jq -Rs .)
MESSAGE="${MESSAGE:1:-1}" # Remove surrounding quotes
echo "Creating release ${VERSION}..."
curl -sf --retry 3 --retry-delay 2 --retry-connrefused -X POST \
echo "Creating release ${NAME}..."
curl -sf -X POST \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
--data "$(jq -n \
--arg tag_name "${VERSION}" \
--arg name "${VERSION}" \
--arg tag_name "${NAME}" \
--arg name "${NAME}" \
--arg body "${MESSAGE}" \
--arg target "${DEFAULT_BRANCH}" \
'{tag_name: $tag_name, name: $name, body: $body, target_commitish: $target}')" \
@@ -336,34 +352,31 @@ jobs:
create-tag:
name: Create Tag
runs-on: ubuntu-latest
needs: preconditions
needs: prepare-release
if: |
github.ref_type == 'branch' &&
github.ref_name == github.event.repository.default_branch &&
inputs.tag_only == true
container:
image: amd64/alpine:3.22.2@sha256:b687e78c6e2785808446f45b52f1540a1e58adc07bdcffea354933b18c613d90
steps:
- name: Checkout
uses: actions/checkout@v7
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install git-cliff
run: |
curl -sSfL "https://github.com/orhun/git-cliff/releases/download/v${GIT_CLIFF_VERSION}/git-cliff-${GIT_CLIFF_VERSION}-x86_64-unknown-linux-gnu.tar.gz" | tar xz
sudo mv "git-cliff-${GIT_CLIFF_VERSION}/git-cliff" /usr/local/bin/
git-cliff --version
- name: Install dependencies
run: apk add --no-cache git jq curl
- name: Get version
id: version
run: |
VERSION=$(git-cliff --bumped-version 2>/dev/null || echo "")
echo "version=${VERSION}" >> $GITHUB_OUTPUT
- name: Download artifacts
uses: actions/download-artifact@v4
with:
name: release-artifacts
- name: Create tag
env:
REPOSITORY: ${{ github.repository }}
DEFAULT_BRANCH: ${{ github.event.repository.default_branch }}
VERSION: ${{ steps.version.outputs.version }}
run: |
TOKEN=$(cat "${RELEASE_TOKEN_FILE}")
if [ ! -r .version ]; then
@@ -371,11 +384,11 @@ jobs:
exit 0
fi
CURRENT_VERSION=$(cat .version 2>/dev/null | jq -r '.version')
VERSION=$(cat .version 2>/dev/null | jq -r '.version')
LATEST=$(git describe --abbrev=0 --tags 2>/dev/null || echo '')
if [ -n "${LATEST}" ] && [ "${CURRENT_VERSION}" = "${LATEST}" ]; then
echo "Version ${CURRENT_VERSION} already exists"
if [ -n "${LATEST}" ] && [ "${VERSION}" = "${LATEST}" ]; then
echo "Version ${VERSION} already exists"
exit 0
fi
@@ -383,13 +396,15 @@ jobs:
REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2)
API_URL="${GITEA_URL}/api/v1/repos/${OWNER}/${REPO}"
echo "Creating tag ${VERSION}..."
curl -sf --retry 3 --retry-delay 2 --retry-connrefused -X POST \
NAME=$(cat VERSION)
echo "Creating tag ${NAME}..."
curl -sf -X POST \
-H "Authorization: token ${TOKEN}" \
-H "Content-Type: application/json" \
--data "$(jq -n \
--arg tag_name "${VERSION}" \
--arg tag_name "${NAME}" \
--arg target "${DEFAULT_BRANCH}" \
--arg message "${VERSION}" \
--arg message "${NAME}" \
'{tag_name: $tag_name, target: $target, message: $message}')" \
"${API_URL}/tags"
-32
View File
@@ -1,32 +0,0 @@
# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Repository Overview
This repository contains reusable Gitea Actions workflows for Unbound Software repositories. These workflows are called from other repositories using Gitea's `workflow_call` trigger.
## Architecture
- **Location**: Workflows are stored in `.gitea/workflows/` (not `.github/workflows/`)
- **Platform**: Gitea Actions (compatible with GitHub Actions syntax but runs on Gitea)
- **Runner**: Uses `ubuntu-latest` runner directly (no containers)
- **git-cliff**: Downloaded as binary from GitHub releases, version controlled via `GIT_CLIFF_VERSION` env var
### Release.yml Workflow
The main workflow automates semantic versioning releases using git-cliff for changelog generation:
1. **preconditions**: Validates release token exists at `/runner-secrets/release-token`
2. **changelog**: Generates changelog, determines version bump, checks for changes
3. **handle-pr**: Creates/updates a `next-release` branch and PR with CHANGELOG.md and .version
4. **prepare-release**: Prepares release artifacts when triggered
5. **create-release** or **create-tag**: Creates Gitea release or tag based on `tag_only` input
Version tracking uses a `.version` JSON file containing `{"version":"vX.Y.Z"}`.
## Development Notes
- No build/test commands exist - this is a workflow-only repository
- Workflows use Gitea API directly via curl (not gh CLI)
- Authentication reads from file-based token at `/runner-secrets/release-token`
-13
View File
@@ -2,18 +2,5 @@
"$schema": "https://docs.renovatebot.com/renovate-schema.json",
"extends": [
"config:recommended"
],
"customManagers": [
{
"customType": "regex",
"managerFilePatterns": [
"/^\\.gitea/workflows/.*\\.ya?ml$/"
],
"matchStrings": [
"GIT_CLIFF_VERSION:\\s*[\"']?(?<currentValue>[^\"'\\s]+)[\"']?"
],
"depNameTemplate": "orhun/git-cliff",
"datasourceTemplate": "github-releases"
}
]
}