sarman/tftsr-devops_investigation
1
1
Fork 0
Code Issues 4 Pull Requests Actions 34 Packages Projects 3 Releases 6 Wiki Activity

Merge pull request 'fix(ci): push detached HEAD to master using HEAD:master refspec' (#57) from fix/auto-tag-push-master into master
All checks were successful
Auto Tag / autotag (push) Successful in 7s
Details
Auto Tag / wiki-sync (push) Successful in 6s
Details
Test / rust-fmt-check (push) Successful in 1m36s
Details
Test / frontend-tests (push) Successful in 2m14s
Details
Test / frontend-typecheck (push) Successful in 2m15s
Details
Auto Tag / changelog (push) Successful in 2m14s
Details
Auto Tag / build-macos-arm64 (push) Successful in 3m9s
Details
Test / rust-clippy (push) Successful in 4m58s
Details
Test / rust-tests (push) Successful in 6m24s
Details
Auto Tag / build-linux-amd64 (push) Successful in 8m52s
Details
Auto Tag / build-windows-amd64 (push) Successful in 10m51s
Details
Auto Tag / build-linux-arm64 (push) Successful in 11m1s
Details

Browse Source 
Reviewed-on: #57
This commit is contained in:
sarman 2026-05-31 21:43:18 +00:00
commit 3fe06ce498
1 changed files with 15 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
.gitea/workflows/auto-tag.yml
View File

@ -125,11 +125,10 @@ jobs:
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }} RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
run: | run: |
set -eu set -eu
# Use the tag output from autotag — never rely on git describe
CURRENT_TAG="${RELEASE_TAG}" CURRENT_TAG="${RELEASE_TAG}"
echo "Building changelog for $CURRENT_TAG" echo "Building changelog for $CURRENT_TAG"
# Verify the tag is present locally after fetch before running git-cliff # Verify the tag is present locally after fetch
if ! git rev-parse "refs/tags/${CURRENT_TAG}" >/dev/null 2>&1; then if ! git rev-parse "refs/tags/${CURRENT_TAG}" >/dev/null 2>&1; then
echo "ERROR: tag ${CURRENT_TAG} not found locally after fetch" echo "ERROR: tag ${CURRENT_TAG} not found locally after fetch"
exit 1 exit 1
@ -141,7 +140,7 @@ jobs:
if [ -n "$PREV_TAG" ]; then if [ -n "$PREV_TAG" ]; then
git-cliff --config cliff.toml --tag "$CURRENT_TAG" --strip all > /tmp/release_body.md || true git-cliff --config cliff.toml --tag "$CURRENT_TAG" --strip all > /tmp/release_body.md || true
else else
echo "=== No previous tag found, generating from git commits ===" echo "No previous tag found, generating from git commits"
git log --pretty=format:"- %s" > /tmp/release_body.md || true git log --pretty=format:"- %s" > /tmp/release_body.md || true
fi fi
echo "=== Release body preview ===" echo "=== Release body preview ==="
@ -155,16 +154,14 @@ jobs:
set -eu set -eu
TAG="${RELEASE_TAG}" TAG="${RELEASE_TAG}"
API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY" API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY"
RELEASE_BODY=$(cat /tmp/release_body.md)
# Try to find an existing release for this tag # Try to find an existing release for this tag
RELEASE_ID=$(curl -s "$API/releases/tags/$TAG" \ RELEASE_ID=$(curl -s "$API/releases/tags/$TAG" \
-H "Authorization: token $RELEASE_TOKEN" | jq -r '.id // empty') -H "Authorization: token $RELEASE_TOKEN" | jq -r '.id // empty')
if [ -z "$RELEASE_ID" ]; then if [ -z "$RELEASE_ID" ]; then
# Release doesn't exist yet — create it with the changelog body. # First run: changelog job owns release creation so build jobs
# Build jobs run in parallel and rely on the release existing; # never race against a missing release object
# creating it here ensures no race condition.
echo "Creating release $TAG..." echo "Creating release $TAG..."
RELEASE_ID=$(jq -n \ RELEASE_ID=$(jq -n \
--arg tag "$TAG" \ --arg tag "$TAG" \
@ -178,7 +175,7 @@ jobs:
| jq -r '.id') | jq -r '.id')
echo "✓ Release created (id=$RELEASE_ID)" echo "✓ Release created (id=$RELEASE_ID)"
else else
# Release already exists (e.g. re-run) — patch the body only # Re-run: patch the body only
echo "Updating existing release $TAG (id=$RELEASE_ID)..." echo "Updating existing release $TAG (id=$RELEASE_ID)..."
jq -n --rawfile body /tmp/release_body.md '{body: $body}' \ jq -n --rawfile body /tmp/release_body.md '{body: $body}' \
| curl -sf -X PATCH "$API/releases/$RELEASE_ID" \ | curl -sf -X PATCH "$API/releases/$RELEASE_ID" \
@ -199,14 +196,21 @@ jobs:
run: | run: |
set -euo pipefail set -euo pipefail
TAG="${RELEASE_TAG}" TAG="${RELEASE_TAG}"
# Validate tag format to prevent shell injection in commit message / JSON
if ! echo "$TAG" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+$'; then if ! echo "$TAG" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+$'; then
echo "ERROR: Unexpected tag format: $TAG" echo "ERROR: Unexpected tag format: $TAG"
exit 1 exit 1
fi fi
git add CHANGELOG.md git add CHANGELOG.md
git commit -m "chore: update CHANGELOG.md for ${TAG} [skip ci]" || echo "No changes to commit" # Only commit if CHANGELOG.md actually changed — avoids ambiguous
git push origin master # exit-code handling from 'git commit || echo' with set -e
if git diff --staged --quiet; then
echo "No CHANGELOG.md changes to commit"
else
git commit -m "chore: update CHANGELOG.md for ${TAG} [skip ci]"
fi
# HEAD:master works in detached HEAD state; 'git push origin master'
# would fail because there is no local branch named master
git push origin HEAD:master
echo "✓ CHANGELOG.md committed to master" echo "✓ CHANGELOG.md committed to master"
- name: Upload CHANGELOG.md as release asset - name: Upload CHANGELOG.md as release asset