Refactor GitHub Actions workflow for Gitea Packages: update to use RELEASE_TOKEN for authentication, enhance server URL normalization, and improve error handling for HTTP responses during uploads.
Some checks failed
Build linux_amd64 extension and upload to Packages / build-linux-amd64 (push) Has been cancelled
Some checks failed
Build linux_amd64 extension and upload to Packages / build-linux-amd64 (push) Has been cancelled
This commit is contained in:
28
.github/workflows/build-linux-amd64.yml
vendored
28
.github/workflows/build-linux-amd64.yml
vendored
@@ -55,7 +55,7 @@ jobs:
|
||||
libssl-dev curl git ca-certificates jq
|
||||
- name: Preflight Gitea upload (fast-fail)
|
||||
env:
|
||||
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
||||
GITEA_TOKEN: ${{ secrets.RELEASE_TOKEN }}
|
||||
run: |
|
||||
set -euo pipefail
|
||||
: "${GITEA_TOKEN:?GITEA_TOKEN secret is required}"
|
||||
@@ -87,6 +87,10 @@ jobs:
|
||||
echo "Validating token via /api/v1/user:"
|
||||
curl -sS -L -o /dev/null -w " auth check -> HTTP %{http_code}\n" \
|
||||
-H "Authorization: token ${GITEA_TOKEN}" "$server/api/v1/user" || true
|
||||
whoami_json=$(curl -sS -L -H "Authorization: token ${GITEA_TOKEN}" "$server/api/v1/user" || echo "")
|
||||
auth_user=$(echo "$whoami_json" | jq -r '.login // empty')
|
||||
if [ -z "$auth_user" ]; then auth_user="$owner"; fi
|
||||
echo " auth user=$auth_user"
|
||||
echo "Attempting preflight upload"
|
||||
tmpdir_pf="$(mktemp -d)"
|
||||
resp_headers_pf="$tmpdir_pf/headers.txt"
|
||||
@@ -108,7 +112,7 @@ jobs:
|
||||
esac
|
||||
if [ "$http_code" = "401" ] || [ "$http_code" = "301" ] || [ "$http_code" = "302" ] || [ "$http_code" = "303" ] || [ "$http_code" = "307" ] || [ "$http_code" = "308" ]; then
|
||||
http_code=$(curl -sS -L -i -X PUT \
|
||||
-u "$owner:${GITEA_TOKEN}" \
|
||||
-u "$auth_user:${GITEA_TOKEN}" \
|
||||
-H "Content-Type: application/octet-stream" \
|
||||
--upload-file "$tmpfile" "$url" \
|
||||
-D "$resp_headers_pf" -o "$resp_body_pf" -w "%{http_code}" || true)
|
||||
@@ -203,6 +207,17 @@ jobs:
|
||||
[ -n "$pkg" ] || { echo "pkg not set" >&2; exit 1; }
|
||||
[ -n "$version" ] || { echo "version not set" >&2; exit 1; }
|
||||
[ -n "$file" ] || { echo "file not set" >&2; exit 1; }
|
||||
# Normalize server using effective URL of /api/v1/version (handles http->https)
|
||||
base_no_trail="$(echo "$server" | sed 's#/*$##')"
|
||||
effective_version_url=$(curl -sS -L -o /dev/null -w '%{url_effective}' "$base_no_trail/api/v1/version" || echo "")
|
||||
normalized_server=$(echo "$effective_version_url" | sed -E 's#^(https?://[^/]+).*$#\1#')
|
||||
if [ -n "$normalized_server" ]; then
|
||||
server="$normalized_server"
|
||||
fi
|
||||
# Determine authenticated username for Basic auth fallback
|
||||
whoami_json=$(curl -sS -L -H "Authorization: token ${GITEA_TOKEN}" "$server/api/v1/user" || echo "")
|
||||
auth_user=$(echo "$whoami_json" | jq -r '.login // empty')
|
||||
if [ -z "$auth_user" ]; then auth_user="$owner"; fi
|
||||
name="$(basename "$file")"
|
||||
url="$server/api/packages/$owner/generic/$pkg/$version/$name?replace=1"
|
||||
# Debug helpers (avoid leaking secrets)
|
||||
@@ -224,8 +239,9 @@ jobs:
|
||||
curl -sS -L -o /dev/null -w " /api/v1/version -> HTTP %{http_code}\n" "$server/api/v1/version" || true
|
||||
|
||||
echo "Validating token via /api/v1/user:"
|
||||
curl -sS -o /dev/null -w " auth check -> HTTP %{http_code}\n" \
|
||||
curl -sS -L -o /dev/null -w " auth check -> HTTP %{http_code}\n" \
|
||||
-H "Authorization: token ${GITEA_TOKEN}" "$server/api/v1/user" || true
|
||||
echo " auth user=$auth_user"
|
||||
|
||||
echo "Uploading $file to $url"
|
||||
# Perform upload and capture response details without exposing token
|
||||
@@ -245,10 +261,10 @@ jobs:
|
||||
fi
|
||||
|
||||
# If unauthorized or redirected, retry once using HTTP Basic auth (per Gitea docs)
|
||||
if [ "$http_code" = "401" ] || [ "$http_code" = "301" ] || [ "$http_code" = "302" ] || [ "$http_code" = "303" ] || [ "$http_code" = "307" ] || [ "$http_code" = "308" ]; then
|
||||
echo "HTTP $http_code; retrying with HTTP Basic auth (owner:token)"
|
||||
if [ "$http_code" = "401" ] || [ "$http_code" = "403" ] || [ "$http_code" = "301" ] || [ "$http_code" = "302" ] || [ "$http_code" = "303" ] || [ "$http_code" = "307" ] || [ "$http_code" = "308" ]; then
|
||||
echo "HTTP $http_code; retrying with HTTP Basic auth (auth_user:token)"
|
||||
http_code=$(curl -sS -L -i -X PUT \
|
||||
-u "$owner:${GITEA_TOKEN}" \
|
||||
-u "$auth_user:${GITEA_TOKEN}" \
|
||||
-H "Content-Type: application/octet-stream" \
|
||||
--retry 2 --retry-delay 2 --max-time 300 \
|
||||
--upload-file "$file" "$url" \
|
||||
|
||||
Reference in New Issue
Block a user