From 9435cc506efa943c8608e6e0f0844f2ada97f02e Mon Sep 17 00:00:00 2001 From: Joakim Olsson Date: Wed, 13 May 2026 12:52:27 +0200 Subject: [PATCH] fix(release): make Release.yml robust to curl exit codes The previous fix moved the branch-readiness poll before the .version write, but on at least one runner the poll's curl returned CURLE_WRITE_ERROR (exit 23) immediately. With `set -e`, any non-zero status from a command substitution (`VAR=$(curl ...)`) aborts the script before the retry/echo path runs, so the failure was both deterministic and silent. Refactor the step around an `api_call` helper that wraps curl with `|| rc=$?` and emits `|` plus body, so curl exits never propagate through `set -e`. Other changes: - Create the `next-release` branch explicitly via `POST /branches` instead of relying on the `new_branch` parameter of the CHANGELOG.md PUT. Eliminates the race between branch creation and subsequent writes. - Poll branch readiness after explicit creation. - Fetch file blob SHAs from `next-release` directly (not base). - Every write (CHANGELOG.md, .version, PR) retries 5x with HTTP code, curl exit code, and response body logged on failure. --- .gitea/workflows/Release.yml | 245 +++++++++++++++++------------------ 1 file changed, 122 insertions(+), 123 deletions(-) diff --git a/.gitea/workflows/Release.yml b/.gitea/workflows/Release.yml index 99e3e73..c963488 100644 --- a/.gitea/workflows/Release.yml +++ b/.gitea/workflows/Release.yml @@ -87,168 +87,167 @@ jobs: OWNER=$(echo "${REPOSITORY}" | cut -d'/' -f1) REPO=$(echo "${REPOSITORY}" | cut -d'/' -f2) API_URL="${GITEA_URL}/api/v1/repos/${OWNER}/${REPO}" - - # Fallback to main if DEFAULT_BRANCH is empty BASE_BRANCH="${DEFAULT_BRANCH:-main}" echo "Using base branch: ${BASE_BRANCH}" TITLE="chore(release): prepare for ${VERSION}" - # Read CHANGES.md content and add note (jq --arg will handle JSON escaping) CHANGES_CONTENT=$(cat CHANGES.md) PR_NOTE="**Note:** Please use **Squash Merge** when merging this PR." DESCRIPTION="${CHANGES_CONTENT}"$'\n\n---\n\n'"${PR_NOTE}" - - # Delete existing next-release branch to start fresh (auto-closes any open PR) - echo "Checking for existing next-release branch..." - BRANCH_CHECK=$(curl -s --retry 3 --retry-delay 2 --retry-connrefused -w "%{http_code}" -o /dev/null \ - -H "Authorization: token ${TOKEN}" \ - "${API_URL}/branches/next-release") - if [ "${BRANCH_CHECK}" = "200" ]; then - echo "Deleting existing next-release branch..." - curl -sf --retry 3 --retry-delay 2 --retry-connrefused -X DELETE \ - -H "Authorization: token ${TOKEN}" \ - "${API_URL}/branches/next-release" - echo "Branch deleted" - fi - - # Prepare CHANGELOG.md content CHANGELOG_CONTENT=$(base64 -w0 < CHANGELOG.md) + VERSION_CONTENT=$(jq -n --arg v "${VERSION}" '{"version":$v}' | base64 -w0) - # Prepare .version content - VERSION_JSON=$(jq -n --arg v "${VERSION}" '{"version":$v}') - VERSION_CONTENT=$(echo "${VERSION_JSON}" | base64 -w0) + # api_call METHOD PATH [JSON_BODY] + # Stdout: first line "|", then response body. + # Never returns non-zero so callers must inspect http_code; this + # prevents curl exit codes (e.g. CURLE_WRITE_ERROR / 23) from + # killing the script via `set -e` inside command substitutions. + api_call() { + local method="$1" path="$2" data="${3:-}" + local body_file http_code rc=0 + body_file=$(mktemp) + local args=(-sS --retry 3 --retry-delay 2 --retry-all-errors + -w '%{http_code}' + -o "${body_file}" + -X "${method}" + -H "Authorization: token ${TOKEN}") + if [ -n "${data}" ]; then + args+=(-H "Content-Type: application/json" --data "${data}") + fi + http_code=$(curl "${args[@]}" "${API_URL}${path}" 2>/dev/null) || rc=$? + printf '%s|%s\n' "${http_code:-000}" "${rc}" + cat "${body_file}" + rm -f "${body_file}" + return 0 + } - echo "Creating new next-release branch from ${BASE_BRANCH}..." + # Extract first-line meta and remaining body from api_call output. + meta_line() { printf '%s\n' "$1" | head -n1; } + body_lines() { printf '%s\n' "$1" | tail -n +2; } + http_of() { local m; m=$(meta_line "$1"); printf '%s' "${m%%|*}"; } + ok_code() { [ -n "$1" ] && [ "$1" -ge 200 ] 2>/dev/null && [ "$1" -lt 400 ]; } - # Check if CHANGELOG.md exists on base branch to determine create vs update - CHANGELOG_SHA=$(curl -sf --retry 3 --retry-delay 2 --retry-connrefused \ - -H "Authorization: token ${TOKEN}" \ - "${API_URL}/contents/CHANGELOG.md?ref=${BASE_BRANCH}" | jq -r '.sha // empty') - - if [ -n "${CHANGELOG_SHA}" ]; then - echo "Updating CHANGELOG.md (exists on ${BASE_BRANCH}) on new branch..." - RESPONSE=$(curl -s --retry 3 --retry-delay 2 --retry-connrefused -w "\n%{http_code}" -X PUT \ - -H "Authorization: token ${TOKEN}" \ - -H "Content-Type: application/json" \ - --data "$(jq -n \ - --arg content "${CHANGELOG_CONTENT}" \ - --arg sha "${CHANGELOG_SHA}" \ - --arg message "${TITLE}" \ - --arg branch "${BASE_BRANCH}" \ - --arg new_branch "next-release" \ - '{content: $content, sha: $sha, message: $message, branch: $branch, new_branch: $new_branch}')" \ - "${API_URL}/contents/CHANGELOG.md") + # Delete existing next-release branch if it exists (auto-closes any open PR) + echo "Checking for existing next-release branch..." + OUT=$(api_call GET "/branches/next-release") + CODE=$(http_of "${OUT}") + if [ "${CODE}" = "200" ]; then + echo "Deleting existing next-release branch..." + OUT=$(api_call DELETE "/branches/next-release") + echo " delete result: $(meta_line "${OUT}")" else - echo "Creating CHANGELOG.md on new branch..." - RESPONSE=$(curl -s --retry 3 --retry-delay 2 --retry-connrefused -w "\n%{http_code}" -X POST \ - -H "Authorization: token ${TOKEN}" \ - -H "Content-Type: application/json" \ - --data "$(jq -n \ - --arg content "${CHANGELOG_CONTENT}" \ - --arg message "${TITLE}" \ - --arg branch "${BASE_BRANCH}" \ - --arg new_branch "next-release" \ - '{content: $content, message: $message, branch: $branch, new_branch: $new_branch}')" \ - "${API_URL}/contents/CHANGELOG.md") - fi - HTTP_CODE=$(echo "${RESPONSE}" | tail -1) - BODY=$(echo "${RESPONSE}" | sed '$d') - if [ "${HTTP_CODE}" -ge 400 ]; then - echo "Error with CHANGELOG.md: ${BODY}" - exit 1 + echo " no existing branch (HTTP ${CODE})" fi - # Wait for next-release branch to be indexed by Gitea before subsequent writes - echo "Waiting for next-release branch to be ready..." + # Explicitly create next-release branch from base + echo "Creating next-release branch from ${BASE_BRANCH}..." + BRANCH_PAYLOAD=$(jq -n --arg new "next-release" --arg old "${BASE_BRANCH}" \ + '{new_branch_name: $new, old_branch_name: $old}') + for i in $(seq 1 5); do + OUT=$(api_call POST "/branches" "${BRANCH_PAYLOAD}") + META=$(meta_line "${OUT}"); BODY=$(body_lines "${OUT}"); CODE="${META%%|*}" + if ok_code "${CODE}"; then + echo "Branch created (${META})" + break + fi + if [ "${i}" = "5" ]; then + echo "Branch create failed after 5 attempts (${META}): ${BODY}" + exit 1 + fi + echo " attempt ${i}/5 (${META}): ${BODY} — retrying..." + sleep 3 + done + + # Poll until branch is readable + echo "Waiting for branch readiness..." for i in $(seq 1 10); do - BRANCH_STATUS=$(curl -s --retry 3 --retry-delay 2 --retry-connrefused \ - -w "%{http_code}" -o /dev/null \ - -H "Authorization: token ${TOKEN}" \ - "${API_URL}/branches/next-release") - if [ "${BRANCH_STATUS}" = "200" ]; then + OUT=$(api_call GET "/branches/next-release") + META=$(meta_line "${OUT}"); CODE="${META%%|*}" + if [ "${CODE}" = "200" ]; then echo "Branch ready after ${i} attempt(s)" break fi if [ "${i}" = "10" ]; then - echo "Branch next-release not found after 10 attempts, giving up" + echo "Branch not ready after 10 attempts (last: ${META})" exit 1 fi - echo "Branch not ready yet (attempt ${i}/10), waiting..." - sleep 3 + echo " attempt ${i}/10 (${META}) — waiting..." + sleep 2 done - # Check if .version exists on base branch - VERSION_SHA=$(curl -sf --retry 3 --retry-delay 2 --retry-connrefused \ - -H "Authorization: token ${TOKEN}" \ - "${API_URL}/contents/.version?ref=${BASE_BRANCH}" | jq -r '.sha // empty') - - if [ -n "${VERSION_SHA}" ]; then - echo "Updating .version on next-release branch..." - VERSION_PAYLOAD=$(jq -n \ - --arg content "${VERSION_CONTENT}" \ - --arg sha "${VERSION_SHA}" \ - --arg message "${TITLE}" \ - --arg branch "next-release" \ - '{content: $content, sha: $sha, message: $message, branch: $branch}') - VERSION_METHOD=PUT - else - echo "Creating .version on next-release branch..." - VERSION_PAYLOAD=$(jq -n \ - --arg content "${VERSION_CONTENT}" \ - --arg message "${TITLE}" \ - --arg branch "next-release" \ - '{content: $content, message: $message, branch: $branch}') - VERSION_METHOD=POST - fi - - for i in $(seq 1 5); do - RESPONSE=$(curl -s --retry 3 --retry-delay 2 --retry-connrefused \ - -w "\n%{http_code}" -X "${VERSION_METHOD}" \ - -H "Authorization: token ${TOKEN}" \ - -H "Content-Type: application/json" \ - --data "${VERSION_PAYLOAD}" \ - "${API_URL}/contents/.version") - HTTP_CODE=$(echo "${RESPONSE}" | tail -1) - BODY=$(echo "${RESPONSE}" | sed '$d') - if [ "${HTTP_CODE}" -lt 400 ]; then - echo ".version write succeeded" - break + # Fetch file blob SHAs from next-release (inherited from base on creation) + fetch_sha() { + local path="$1" out meta code body + out=$(api_call GET "/contents/${path}?ref=next-release") + meta=$(meta_line "${out}"); code="${meta%%|*}"; body=$(body_lines "${out}") + if [ "${code}" = "200" ]; then + printf '%s' "${body}" | jq -r '.sha // empty' fi - if [ "${i}" = "5" ]; then - echo "Error writing .version after 5 attempts (HTTP ${HTTP_CODE}): ${BODY}" - exit 1 + } + CHANGELOG_SHA=$(fetch_sha "CHANGELOG.md") + VERSION_SHA=$(fetch_sha ".version") + + # Write file with retry. Args: PATH CONTENT_B64 [SHA] + write_file() { + local path="$1" content="$2" sha="${3:-}" + local method payload out meta body code + if [ -n "${sha}" ]; then + method=PUT + payload=$(jq -n \ + --arg content "${content}" \ + --arg sha "${sha}" \ + --arg message "${TITLE}" \ + --arg branch "next-release" \ + '{content: $content, sha: $sha, message: $message, branch: $branch}') + else + method=POST + payload=$(jq -n \ + --arg content "${content}" \ + --arg message "${TITLE}" \ + --arg branch "next-release" \ + '{content: $content, message: $message, branch: $branch}') fi - echo ".version write attempt ${i}/5 failed (HTTP ${HTTP_CODE}): ${BODY} — retrying..." - sleep 3 - done + for i in $(seq 1 5); do + out=$(api_call "${method}" "/contents/${path}" "${payload}") + meta=$(meta_line "${out}"); body=$(body_lines "${out}"); code="${meta%%|*}" + if ok_code "${code}"; then + echo "${path} write succeeded (${meta})" + return 0 + fi + if [ "${i}" = "5" ]; then + echo "${path} write failed after 5 attempts (${meta}): ${body}" + return 1 + fi + echo " ${path} attempt ${i}/5 (${meta}): ${body} — retrying..." + sleep 3 + done + } - echo "Creating new PR..." + echo "Writing CHANGELOG.md to next-release..." + write_file "CHANGELOG.md" "${CHANGELOG_CONTENT}" "${CHANGELOG_SHA}" + echo "Writing .version to next-release..." + write_file ".version" "${VERSION_CONTENT}" "${VERSION_SHA}" + # Create PR + echo "Creating PR..." PR_DATA=$(jq -n \ --arg title "${TITLE}" \ --arg body "${DESCRIPTION}" \ --arg head "next-release" \ --arg base "${BASE_BRANCH}" \ '{title: $title, body: $body, head: $head, base: $base}') - for i in $(seq 1 5); do - RESPONSE=$(curl -s --retry 3 --retry-delay 2 --retry-connrefused \ - -w "\n%{http_code}" -X POST \ - -H "Authorization: token ${TOKEN}" \ - -H "Content-Type: application/json" \ - --data "${PR_DATA}" \ - "${API_URL}/pulls") - HTTP_CODE=$(echo "${RESPONSE}" | tail -1) - BODY=$(echo "${RESPONSE}" | sed '$d') - if [ "${HTTP_CODE}" -lt 400 ]; then - echo "PR created successfully" + OUT=$(api_call POST "/pulls" "${PR_DATA}") + META=$(meta_line "${OUT}"); BODY=$(body_lines "${OUT}"); CODE="${META%%|*}" + if ok_code "${CODE}"; then + echo "PR created (${META})" break fi if [ "${i}" = "5" ]; then - echo "Error creating PR after 5 attempts (HTTP ${HTTP_CODE}): ${BODY}" + echo "PR creation failed after 5 attempts (${META}): ${BODY}" exit 1 fi - echo "PR creation attempt ${i}/5 failed (HTTP ${HTTP_CODE}), retrying..." + echo " PR attempt ${i}/5 (${META}): ${BODY} — retrying..." sleep 3 done -- 2.52.0