generated from eblume/project-template
Erich Blume
598dc59580
Some checks failed
Build / validate (pull_request) Has been cancelled
heph-core gains a build.rs that captures the short git SHA and a
`heph_core::VERSION` const ("<crate-version> (<sha>)"); heph and hephd use it
for clap's --version. The crate version stays sourced from Cargo.toml.
release.yaml now bumps the workspace version into Cargo.toml + Cargo.lock on a
commit that only the tag points at, tags it manually, and pushes just the tag —
so cargo install --git --tag vX.Y.Z reports the real version while main stays at
0.0.0. The changelog commit moved ahead of the tag so the release includes its
own changelog.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
334 lines
12 KiB
YAML
334 lines
12 KiB
YAML
# Release Workflow
|
|
#
|
|
# Creates a versioned Forgejo release for template-based repositories.
|
|
# By default this includes:
|
|
# - Documentation site bundle (Quartz static build via Dagger)
|
|
# - Changelog section built from towncrier fragments, when present
|
|
#
|
|
# Projects can optionally attach additional release artifacts by providing
|
|
# an executable hook at `.forgejo/scripts/release`. That hook should place
|
|
# any extra files under `release-assets/` for upload to the release.
|
|
#
|
|
# Usage:
|
|
# 1. Go to Actions > Release > Run workflow
|
|
# 2. Select version bump type (patch/minor/major) or choose specific version
|
|
# 3. The workflow creates a release with the docs bundle and optional extras
|
|
|
|
name: Release
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
version_type:
|
|
description: "Version bump type"
|
|
required: true
|
|
default: "BUMP_PATCH"
|
|
type: choice
|
|
options:
|
|
- BUMP_PATCH
|
|
- BUMP_MINOR
|
|
- BUMP_MAJOR
|
|
- SPECIFIC_VERSION
|
|
specific_version:
|
|
description: "Specific version (only used when version_type is SPECIFIC_VERSION, e.g., v1.2.0)"
|
|
required: false
|
|
default: ""
|
|
type: string
|
|
|
|
jobs:
|
|
release:
|
|
runs-on: k8s
|
|
steps:
|
|
- name: Resolve version
|
|
id: version
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
set -euo pipefail
|
|
VERSION_TYPE="${{ inputs.version_type }}"
|
|
SPECIFIC_VERSION="${{ inputs.specific_version }}"
|
|
|
|
FORGE_URL="${{ github.server_url }}/api/v1/repos/${{ github.repository }}"
|
|
echo "Fetching latest release..."
|
|
# Private repos return 404 to unauthenticated callers, so the auth
|
|
# header is required even though "latest release" reads like public
|
|
# info. Without it the curl 404s, falls back to v0.0.0, and a
|
|
# BUMP_PATCH on top of v1.x.y silently produces v0.0.1.
|
|
LATEST_STATUS=$(curl -s -o /tmp/latest.json -w "%{http_code}" \
|
|
-H "Authorization: token $GITHUB_TOKEN" \
|
|
"${FORGE_URL}/releases/latest")
|
|
|
|
if [ "$LATEST_STATUS" = "200" ]; then
|
|
LATEST=$(jq -r '.tag_name' < /tmp/latest.json)
|
|
echo "Latest release: $LATEST"
|
|
elif [ "$LATEST_STATUS" = "404" ]; then
|
|
LATEST="v0.0.0"
|
|
echo "No previous releases found, using base version: $LATEST"
|
|
else
|
|
echo "Error: unexpected HTTP $LATEST_STATUS fetching latest release"
|
|
cat /tmp/latest.json
|
|
exit 1
|
|
fi
|
|
|
|
CURRENT="${LATEST#v}"
|
|
MAJOR=$(echo "$CURRENT" | cut -d. -f1)
|
|
MINOR=$(echo "$CURRENT" | cut -d. -f2)
|
|
PATCH=$(echo "$CURRENT" | cut -d. -f3)
|
|
|
|
case "$VERSION_TYPE" in
|
|
BUMP_MAJOR)
|
|
VERSION="v$((MAJOR + 1)).0.0"
|
|
echo "Bumping major: $LATEST -> $VERSION"
|
|
;;
|
|
BUMP_MINOR)
|
|
VERSION="v${MAJOR}.$((MINOR + 1)).0"
|
|
echo "Bumping minor: $LATEST -> $VERSION"
|
|
;;
|
|
BUMP_PATCH)
|
|
VERSION="v${MAJOR}.${MINOR}.$((PATCH + 1))"
|
|
echo "Bumping patch: $LATEST -> $VERSION"
|
|
;;
|
|
SPECIFIC_VERSION)
|
|
if [ -z "$SPECIFIC_VERSION" ]; then
|
|
echo "Error: specific_version is required when version_type is SPECIFIC_VERSION"
|
|
exit 1
|
|
fi
|
|
if [[ ! "$SPECIFIC_VERSION" =~ ^v[0-9]+\.[0-9]+\.[0-9]+$ ]]; then
|
|
echo "Error: Version must be in format vX.Y.Z (e.g., v1.0.0)"
|
|
exit 1
|
|
fi
|
|
VERSION="$SPECIFIC_VERSION"
|
|
echo "Using specific version: $VERSION"
|
|
;;
|
|
*)
|
|
echo "Error: Unknown version_type: $VERSION_TYPE"
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
# Same auth requirement: on a private repo, an unauthenticated
|
|
# curl always 404s here, which would silently disable the
|
|
# "release already exists" guard.
|
|
EXISTS_STATUS=$(curl -s -o /dev/null -w "%{http_code}" \
|
|
-H "Authorization: token $GITHUB_TOKEN" \
|
|
"${FORGE_URL}/releases/tags/$VERSION")
|
|
if [ "$EXISTS_STATUS" = "200" ]; then
|
|
echo "Error: Release $VERSION already exists"
|
|
exit 1
|
|
elif [ "$EXISTS_STATUS" != "404" ]; then
|
|
echo "Error: unexpected HTTP $EXISTS_STATUS checking for existing release"
|
|
exit 1
|
|
fi
|
|
|
|
echo "version=$VERSION" >> "$GITHUB_OUTPUT"
|
|
echo "Building release: $VERSION"
|
|
|
|
- name: Checkout
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Build changelog
|
|
id: changelog
|
|
run: |
|
|
VERSION="${{ steps.version.outputs.version }}"
|
|
|
|
FRAGMENTS=$(find docs/changelog.d -name "*.md" -not -name ".gitkeep" 2>/dev/null | wc -l)
|
|
|
|
if [ "$FRAGMENTS" -gt 0 ]; then
|
|
echo "Found $FRAGMENTS changelog fragments, building changelog..."
|
|
uvx towncrier build --version "$VERSION" --yes
|
|
echo "changelog_updated=true" >> "$GITHUB_OUTPUT"
|
|
|
|
RELEASE_NOTES=$(awk -v ver="$VERSION" '
|
|
/^## \[/ {
|
|
if (found) exit
|
|
if (index($0, "[" ver "]")) found=1
|
|
}
|
|
found {print}
|
|
' CHANGELOG.md | tail -n +2)
|
|
|
|
echo "$RELEASE_NOTES" > /tmp/release_notes.md
|
|
echo "Release notes extracted for $VERSION"
|
|
else
|
|
echo "No changelog fragments found, skipping towncrier"
|
|
echo "changelog_updated=false" >> "$GITHUB_OUTPUT"
|
|
echo "" > /tmp/release_notes.md
|
|
fi
|
|
|
|
- name: Commit changelog to main
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
VERSION="${{ steps.version.outputs.version }}"
|
|
CHANGELOG_UPDATED="${{ steps.changelog.outputs.changelog_updated }}"
|
|
|
|
git config user.name "Forgejo Actions"
|
|
git config user.email "actions@forge.eblu.me"
|
|
|
|
if [ "$CHANGELOG_UPDATED" != "true" ]; then
|
|
echo "No changelog changes to commit"
|
|
exit 0
|
|
fi
|
|
|
|
# Consumed towncrier fragments must land on main so the next release
|
|
# does not re-process them. main stays at version 0.0.0; the version
|
|
# bump lives only on the release tag (see "Bump version and tag
|
|
# release" below, whose commit is a child of this one).
|
|
git add CHANGELOG.md docs/changelog.d/
|
|
if git diff --cached --quiet; then
|
|
echo "No changes to commit"
|
|
else
|
|
git commit -m "Update changelog for $VERSION [skip ci]"
|
|
git push origin HEAD:main
|
|
echo "Changelog changes committed and pushed to main"
|
|
fi
|
|
|
|
- name: Build docs
|
|
run: |
|
|
VERSION="${{ steps.version.outputs.version }}"
|
|
TARBALL="docs-${VERSION}.tar.gz"
|
|
echo "Building docs via Dagger..."
|
|
dagger call build-docs --src=. --version="$VERSION" \
|
|
export --path="./$TARBALL"
|
|
echo "Build complete!"
|
|
ls -lh "$TARBALL"
|
|
|
|
- name: Build project-specific release artifacts
|
|
run: |
|
|
rm -rf release-assets
|
|
mkdir -p release-assets
|
|
|
|
if [ -x .forgejo/scripts/release ]; then
|
|
echo "Running project-specific release hook..."
|
|
./.forgejo/scripts/release "${{ steps.version.outputs.version }}"
|
|
else
|
|
echo "No .forgejo/scripts/release hook found; docs-only release."
|
|
fi
|
|
|
|
echo "Release asset inventory:"
|
|
find release-assets -maxdepth 1 -type f -print | sort || true
|
|
|
|
- name: Bump version and tag release
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
set -euo pipefail
|
|
VERSION="${{ steps.version.outputs.version }}" # vX.Y.Z
|
|
BARE="${VERSION#v}" # X.Y.Z
|
|
|
|
git config user.name "Forgejo Actions"
|
|
git config user.email "actions@forge.eblu.me"
|
|
|
|
# Bake the release version into the manifests on a commit that ONLY
|
|
# the tag will point at. main deliberately stays at 0.0.0; this is the
|
|
# version that `cargo install --git --tag <VERSION>` compiles into
|
|
# `--version`. Cargo.lock must match Cargo.toml for `--locked`
|
|
# installs: exactly the five workspace crates are at 0.0.0, so the
|
|
# anchored substitution is unambiguous (verified — no third-party
|
|
# dependency is pinned to 0.0.0).
|
|
sed -i 's/^version = "0.0.0"$/version = "'"$BARE"'"/' Cargo.toml Cargo.lock
|
|
git add Cargo.toml Cargo.lock
|
|
git commit -m "Release $VERSION [skip ci]"
|
|
|
|
# Tag the bump commit and push ONLY the tag, so the versioned commit
|
|
# is reachable via the tag without advancing main. The Create release
|
|
# step below then attaches a release to this existing tag.
|
|
git tag "$VERSION"
|
|
git push origin "refs/tags/$VERSION"
|
|
echo "Tagged $VERSION at $(git rev-parse --short HEAD); main left at 0.0.0"
|
|
|
|
- name: Create release
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
VERSION="${{ steps.version.outputs.version }}"
|
|
TARBALL="docs-${VERSION}.tar.gz"
|
|
CHANGELOG_UPDATED="${{ steps.changelog.outputs.changelog_updated }}"
|
|
FORGE_URL="${{ github.server_url }}/api/v1/repos/${{ github.repository }}"
|
|
|
|
# The tag was already created and pushed by "Bump version and tag
|
|
# release"; this attaches a Forgejo release to that existing tag.
|
|
echo "Creating release $VERSION..."
|
|
|
|
{
|
|
echo "Release $VERSION"
|
|
echo ""
|
|
|
|
if [ "$CHANGELOG_UPDATED" = "true" ] && [ -s /tmp/release_notes.md ]; then
|
|
echo "## What's Changed"
|
|
echo ""
|
|
cat /tmp/release_notes.md
|
|
echo ""
|
|
fi
|
|
|
|
echo "## Assets"
|
|
echo ""
|
|
echo "- \`$TARBALL\` contains the static docs site."
|
|
|
|
EXTRA_ASSET_COUNT=$(find release-assets -maxdepth 1 -type f | wc -l | tr -d ' ')
|
|
if [ "$EXTRA_ASSET_COUNT" -gt 0 ]; then
|
|
echo "- Additional project-specific artifacts are attached to this release."
|
|
fi
|
|
} > /tmp/release_body.txt
|
|
|
|
RELEASE_DATA=$(jq -n \
|
|
--arg tag "$VERSION" \
|
|
--arg name "Release $VERSION" \
|
|
--rawfile body /tmp/release_body.txt \
|
|
'{tag_name: $tag, name: $name, body: $body, draft: false, prerelease: false}')
|
|
|
|
RELEASE_RESPONSE=$(curl -s \
|
|
-X POST \
|
|
-H "Content-Type: application/json" \
|
|
-H "Authorization: token $GITHUB_TOKEN" \
|
|
-d "$RELEASE_DATA" \
|
|
"${FORGE_URL}/releases")
|
|
|
|
echo "API Response: $RELEASE_RESPONSE"
|
|
|
|
RELEASE_ID=$(echo "$RELEASE_RESPONSE" | jq -r '.id')
|
|
|
|
if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then
|
|
echo "Error: Failed to create release"
|
|
exit 1
|
|
fi
|
|
|
|
echo "Created release ID: $RELEASE_ID"
|
|
|
|
echo "Uploading $TARBALL..."
|
|
curl -s \
|
|
-X POST \
|
|
-H "Content-Type: application/gzip" \
|
|
-H "Authorization: token $GITHUB_TOKEN" \
|
|
--data-binary "@$TARBALL" \
|
|
"${FORGE_URL}/releases/$RELEASE_ID/assets?name=$TARBALL"
|
|
|
|
for artifact in release-assets/*; do
|
|
if [ ! -f "$artifact" ]; then
|
|
continue
|
|
fi
|
|
|
|
FILENAME=$(basename "$artifact")
|
|
echo "Uploading $FILENAME..."
|
|
curl -s \
|
|
-X POST \
|
|
-H "Content-Type: application/octet-stream" \
|
|
-H "Authorization: token $GITHUB_TOKEN" \
|
|
--data-binary "@$artifact" \
|
|
"${FORGE_URL}/releases/$RELEASE_ID/assets?name=$FILENAME"
|
|
done
|
|
|
|
echo ""
|
|
echo "Release created successfully!"
|
|
|
|
- name: Summary
|
|
run: |
|
|
VERSION="${{ steps.version.outputs.version }}"
|
|
EXTRA_ASSET_COUNT=$(find release-assets -maxdepth 1 -type f | wc -l | tr -d ' ')
|
|
|
|
echo "================================================"
|
|
echo "Release: $VERSION"
|
|
echo "================================================"
|
|
echo "Docs bundle: docs-${VERSION}.tar.gz"
|
|
echo "Extra project assets: $EXTRA_ASSET_COUNT"
|