mirror of
https://github.com/zhom/donutbrowser.git
synced 2026-07-01 10:55:30 +02:00
828a604c9d
Bumps the github-actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [pnpm/action-setup](https://github.com/pnpm/action-setup) and [anomalyco/opencode](https://github.com/anomalyco/opencode). Updates `actions/checkout` from 6.0.3 to 7.0.0 - [Release notes](https://github.com/actions/checkout/releases) - [Commits](https://github.com/actions/checkout/compare/v6.0.3...v7) Updates `pnpm/action-setup` from 6.0.8 to 6.0.9 - [Release notes](https://github.com/pnpm/action-setup/releases) - [Commits](https://github.com/pnpm/action-setup/compare/0e279bb959325dab635dd2c09392533439d90093...0ebf47130e4866e96fce0953f49152a61190b271) Updates `anomalyco/opencode` from 1.17.4 to 1.17.8 - [Release notes](https://github.com/anomalyco/opencode/releases) - [Commits](https://github.com/anomalyco/opencode/compare/abda3515f444c4d28a98953d153c5a3e1892d3d4...11e47f91496005aab4d7c5a2d0a7da5d2651b4ac) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: github-actions - dependency-name: pnpm/action-setup dependency-version: 6.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions - dependency-name: anomalyco/opencode dependency-version: 1.17.8 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: github-actions ... Signed-off-by: dependabot[bot] <support@github.com>
78 lines
3.2 KiB
YAML
78 lines
3.2 KiB
YAML
name: Publish Linux Repos
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
tag:
|
|
description: "Release tag (e.g. v0.18.1). Leave empty for latest."
|
|
required: false
|
|
type: string
|
|
workflow_run:
|
|
workflows: ["Release"]
|
|
types:
|
|
- completed
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
publish-repos:
|
|
if: >
|
|
github.repository == 'zhom/donutbrowser' &&
|
|
(github.event_name == 'workflow_dispatch' ||
|
|
github.event.workflow_run.conclusion == 'success')
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 #v7.0.0
|
|
|
|
- name: Determine release tag
|
|
id: tag
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
INPUT_TAG: ${{ inputs.tag }}
|
|
run: |
|
|
if [[ -n "${INPUT_TAG:-}" ]]; then
|
|
echo "tag=${INPUT_TAG}" >> "$GITHUB_OUTPUT"
|
|
elif [[ "${{ github.event_name }}" == "workflow_run" ]]; then
|
|
# The Release workflow is triggered by a tag push (v*),
|
|
# so head_branch is the tag name
|
|
echo "tag=${{ github.event.workflow_run.head_branch }}" >> "$GITHUB_OUTPUT"
|
|
else
|
|
TAG=$(gh release view --repo "${{ github.repository }}" --json tagName -q .tagName)
|
|
echo "tag=${TAG}" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
- name: Install tools
|
|
run: |
|
|
# Mirror the local/Docker setup from CLAUDE.md exactly: the same apt
|
|
# packages and the same pip-installed awscli the working local run uses.
|
|
sudo apt-get update
|
|
sudo apt-get install -y dpkg-dev createrepo-c python3-pip
|
|
pip3 install --break-system-packages awscli
|
|
echo "$HOME/.local/bin" >> "$GITHUB_PATH"
|
|
|
|
- name: Publish DEB & RPM repositories to R2
|
|
env:
|
|
R2_ACCESS_KEY_ID: ${{ secrets.R2_ACCESS_KEY_ID }}
|
|
R2_SECRET_ACCESS_KEY: ${{ secrets.R2_SECRET_ACCESS_KEY }}
|
|
R2_ENDPOINT_URL: ${{ secrets.R2_ENDPOINT_URL }}
|
|
R2_BUCKET_NAME: ${{ secrets.R2_BUCKET_NAME }}
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
# GitHub injects secrets verbatim. If a value was pasted with
|
|
# surrounding quotes or a trailing newline — the local .env wraps all
|
|
# four R2_* values in double quotes — it reaches the script malformed:
|
|
# e.g. an endpoint of https://"host" yields
|
|
# `Could not connect to the endpoint URL`, and a quoted key yields
|
|
# `Unauthorized`. The local run is unaffected because publish-repo.sh
|
|
# sources .env through bash, which strips the quotes; CI has no .env,
|
|
# so strip here. No-op when the secrets are already clean. The script
|
|
# itself is intentionally left untouched.
|
|
strip() { printf '%s' "$1" | tr -d '\r\n' | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//' -e 's/^"\(.*\)"$/\1/' -e "s/^'\(.*\)'\$/\1/"; }
|
|
export R2_ACCESS_KEY_ID="$(strip "$R2_ACCESS_KEY_ID")"
|
|
export R2_SECRET_ACCESS_KEY="$(strip "$R2_SECRET_ACCESS_KEY")"
|
|
export R2_ENDPOINT_URL="$(strip "$R2_ENDPOINT_URL")"
|
|
export R2_BUCKET_NAME="$(strip "$R2_BUCKET_NAME")"
|
|
bash scripts/publish-repo.sh "${{ steps.tag.outputs.tag }}"
|