sarman/tftsr-devops_investigation
1
1
Fork 0
Code Issues 4 Pull Requests Actions 34 Packages Projects 3 Releases 6 Wiki Activity

fix(ci): consolidate all auto-tag changelog fixes
All checks were successful
Test / rust-fmt-check (pull_request) Successful in 1m25s
Details
Test / frontend-typecheck (pull_request) Successful in 1m53s
Details
Test / frontend-tests (pull_request) Successful in 1m53s
Details
Test / rust-clippy (pull_request) Successful in 3m12s
Details
PR Review Automation / review (pull_request) Successful in 4m24s
Details
Test / rust-tests (pull_request) Successful in 4m37s
Details

Browse Source 
Three issues addressed together:

1. Race condition (was PR #56): changelog job now CREATES the Gitea
   release rather than assuming build jobs have already created it.
   Build jobs continue to use create-or-skip + upload unchanged.

2. Detached HEAD push: 'git push origin master' fails when HEAD is
   detached (no local branch named master). Changed to 'HEAD:master'.

3. git-cliff tag guard: verify tag is present locally before running
   git-cliff, to fail fast with a clear message rather than silently
   generating a wrong changelog.

4. git commit idiom: replaced 'git commit || echo' (swallows all
   non-zero exit codes including real failures) with an explicit
   'git diff --staged --quiet' guard so set -euo pipefail is not
   undermined.
This commit is contained in:
Shaun Arman 2026-05-31 16:26:31 -05:00
parent f90c76911a
commit 34a69620f5
1 changed files with 14 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
.gitea/workflows/auto-tag.yml
View File

@ -125,11 +125,10 @@ jobs:
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
run: | run: |
set -eu set -eu
# Use the tag output from autotag — never rely on git describe
CURRENT_TAG="${RELEASE_TAG}" CURRENT_TAG="${RELEASE_TAG}"
echo "Building changelog for $CURRENT_TAG" echo "Building changelog for $CURRENT_TAG"
# Verify the tag is present locally after fetch before running git-cliff # Verify the tag is present locally after fetch
if ! git rev-parse "refs/tags/${CURRENT_TAG}" >/dev/null 2>&1; then if ! git rev-parse "refs/tags/${CURRENT_TAG}" >/dev/null 2>&1; then
echo "ERROR: tag ${CURRENT_TAG} not found locally after fetch" echo "ERROR: tag ${CURRENT_TAG} not found locally after fetch"
exit 1 exit 1
@ -141,7 +140,7 @@ jobs:
if [ -n "$PREV_TAG" ]; then if [ -n "$PREV_TAG" ]; then
git-cliff --config cliff.toml --tag "$CURRENT_TAG" --strip all > /tmp/release_body.md || true git-cliff --config cliff.toml --tag "$CURRENT_TAG" --strip all > /tmp/release_body.md || true
else else
echo "=== No previous tag found, generating from git commits ===" echo "No previous tag found, generating from git commits"
git log --pretty=format:"- %s" > /tmp/release_body.md || true git log --pretty=format:"- %s" > /tmp/release_body.md || true
fi fi
echo "=== Release body preview ===" echo "=== Release body preview ==="
@ -155,16 +154,14 @@ jobs:
set -eu set -eu
TAG="${RELEASE_TAG}" TAG="${RELEASE_TAG}"
API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY" API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY"
RELEASE_BODY=$(cat /tmp/release_body.md)
# Try to find an existing release for this tag # Try to find an existing release for this tag
RELEASE_ID=$(curl -s "$API/releases/tags/$TAG" \ RELEASE_ID=$(curl -s "$API/releases/tags/$TAG" \
-H "Authorization: token $RELEASE_TOKEN" | jq -r '.id // empty') -H "Authorization: token $RELEASE_TOKEN" | jq -r '.id // empty')
if [ -z "$RELEASE_ID" ]; then if [ -z "$RELEASE_ID" ]; then
# Release doesn't exist yet — create it with the changelog body. # First run: changelog job owns release creation so build jobs
# Build jobs run in parallel and rely on the release existing; # never race against a missing release object
# creating it here ensures no race condition.
echo "Creating release $TAG..." echo "Creating release $TAG..."
RELEASE_ID=$(jq -n \ RELEASE_ID=$(jq -n \
--arg tag "$TAG" \ --arg tag "$TAG" \
@ -178,7 +175,7 @@ jobs:
| jq -r '.id') | jq -r '.id')
echo "✓ Release created (id=$RELEASE_ID)" echo "✓ Release created (id=$RELEASE_ID)"
else else
# Release already exists (e.g. re-run) — patch the body only # Re-run: patch the body only
echo "Updating existing release $TAG (id=$RELEASE_ID)..." echo "Updating existing release $TAG (id=$RELEASE_ID)..."
jq -n --rawfile body /tmp/release_body.md '{body: $body}' \ jq -n --rawfile body /tmp/release_body.md '{body: $body}' \
| curl -sf -X PATCH "$API/releases/$RELEASE_ID" \ | curl -sf -X PATCH "$API/releases/$RELEASE_ID" \
@ -199,13 +196,20 @@ jobs:
run: | run: |
set -euo pipefail set -euo pipefail
TAG="${RELEASE_TAG}" TAG="${RELEASE_TAG}"
# Validate tag format to prevent shell injection in commit message / JSON
if ! echo "$TAG" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+$'; then if ! echo "$TAG" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+$'; then
echo "ERROR: Unexpected tag format: $TAG" echo "ERROR: Unexpected tag format: $TAG"
exit 1 exit 1
fi fi
git add CHANGELOG.md git add CHANGELOG.md
git commit -m "chore: update CHANGELOG.md for ${TAG} [skip ci]" || echo "No changes to commit" # Only commit if CHANGELOG.md actually changed — avoids ambiguous
# exit-code handling from 'git commit || echo' with set -e
if git diff --staged --quiet; then
echo "No CHANGELOG.md changes to commit"
else
git commit -m "chore: update CHANGELOG.md for ${TAG} [skip ci]"
fi
# HEAD:master works in detached HEAD state; 'git push origin master'
# would fail because there is no local branch named master
git push origin HEAD:master git push origin HEAD:master
echo "✓ CHANGELOG.md committed to master" echo "✓ CHANGELOG.md committed to master"