sarman/tftsr-devops_investigation
1
1
Fork 0
Code Issues 4 Pull Requests Actions 34 Packages Projects 3 Releases 6 Wiki Activity

Compare commits

base: sarman:6d8263c5b56e37483e87432b8871f25a1d99aabc
Branches Tags
sarman:beta
sarman:fix/env-u-sodium
sarman:master
sarman:fix/resolve-libsodium-merge-conflict
sarman:v1.2.4-beta.13
sarman:v1.2.4-beta.12
sarman:v1.2.4-beta.11
sarman:v1.2.3
sarman:v1.2.4-beta.10
sarman:v1.2.4-beta.9
sarman:v1.2.4-beta.8
sarman:v1.2.4-beta.7
sarman:v1.2.4-beta.6
sarman:v1.2.4-beta.5
sarman:v1.2.4-beta.4
sarman:v1.2.4-beta.3
sarman:v1.2.4-beta.2
sarman:v1.2.4-beta.1
sarman:v1.2.3-beta.1
sarman:v1.2.2
sarman:v1.2.1
sarman:v1.2.0
sarman:v1.1.0
sarman:v1.0.8
sarman:v0.3.12
sarman:v0.3.11
sarman:v0.3.10
sarman:v0.3.9
sarman:v0.3.8
sarman:v0.3.7
sarman:v0.3.6
sarman:v0.3.5
sarman:v0.3.4
sarman:v0.3.3
sarman:v0.3.2
sarman:v0.3.1
sarman:v0.1.22
...
compare: sarman:34a69620f52dd40cfccb5daa6d05a619ffc3e949
Branches Tags
sarman:beta
sarman:fix/env-u-sodium
sarman:master
sarman:fix/resolve-libsodium-merge-conflict
sarman:v1.2.4-beta.13
sarman:v1.2.4-beta.12
sarman:v1.2.4-beta.11
sarman:v1.2.3
sarman:v1.2.4-beta.10
sarman:v1.2.4-beta.9
sarman:v1.2.4-beta.8
sarman:v1.2.4-beta.7
sarman:v1.2.4-beta.6
sarman:v1.2.4-beta.5
sarman:v1.2.4-beta.4
sarman:v1.2.4-beta.3
sarman:v1.2.4-beta.2
sarman:v1.2.4-beta.1
sarman:v1.2.3-beta.1
sarman:v1.2.2
sarman:v1.2.1
sarman:v1.2.0
sarman:v1.1.0
sarman:v1.0.8
sarman:v0.3.12
sarman:v0.3.11
sarman:v0.3.10
sarman:v0.3.9
sarman:v0.3.8
sarman:v0.3.7
sarman:v0.3.6
sarman:v0.3.5
sarman:v0.3.4
sarman:v0.3.3
sarman:v0.3.2
sarman:v0.3.1
sarman:v0.1.22

5 Commits
6d8263c5b5 ... 34a69620f5

Author SHA1 Message Date
Shaun Arman
34a69620f5 fix(ci): consolidate all auto-tag changelog fixes
All checks were successful
Test / rust-fmt-check (pull_request) Successful in 1m25s
Details
Test / frontend-typecheck (pull_request) Successful in 1m53s
Details
Test / frontend-tests (pull_request) Successful in 1m53s
Details
Test / rust-clippy (pull_request) Successful in 3m12s
Details
PR Review Automation / review (pull_request) Successful in 4m24s
Details
Test / rust-tests (pull_request) Successful in 4m37s
Details 
Three issues addressed together:

1. Race condition (was PR #56): changelog job now CREATES the Gitea
   release rather than assuming build jobs have already created it.
   Build jobs continue to use create-or-skip + upload unchanged.

2. Detached HEAD push: 'git push origin master' fails when HEAD is
   detached (no local branch named master). Changed to 'HEAD:master'.

3. git-cliff tag guard: verify tag is present locally before running
   git-cliff, to fail fast with a clear message rather than silently
   generating a wrong changelog.

4. git commit idiom: replaced 'git commit || echo' (swallows all
   non-zero exit codes including real failures) with an explicit
   'git diff --staged --quiet' guard so set -euo pipefail is not
   undermined.
 2026-05-31 16:38:02 -05:00
Shaun Arman
f90c76911a fix(ci): push detached HEAD to master using HEAD:master refspec 
The changelog job checks out a specific SHA (detached HEAD) then
commits CHANGELOG.md and tries to push with 'git push origin master'.
Since there is no local branch named 'master', git rejects the push
with 'src refspec master does not match any'.

Fix: use 'git push origin HEAD:master' which explicitly maps the
current detached HEAD to the remote master branch regardless of
local branch state.
 2026-05-31 16:37:25 -05:00
sarman
8eccea96ec Merge pull request 'fix(ci): changelog job creates release, eliminating race with build jobs' (#56) from fix/auto-tag-changelog-race into master
Some checks failed
Auto Tag / autotag (push) Successful in 6s
Details
Auto Tag / wiki-sync (push) Successful in 7s
Details
Test / rust-fmt-check (push) Successful in 1m46s
Details
Test / frontend-typecheck (push) Successful in 1m43s
Details
Test / frontend-tests (push) Successful in 2m21s
Details
Auto Tag / changelog (push) Failing after 2m20s
Details
Auto Tag / build-macos-arm64 (push) Successful in 2m36s
Details
Test / rust-clippy (push) Successful in 4m2s
Details
Test / rust-tests (push) Successful in 5m43s
Details
Auto Tag / build-linux-amd64 (push) Successful in 10m42s
Details
Auto Tag / build-linux-arm64 (push) Successful in 13m6s
Details
Auto Tag / build-windows-amd64 (push) Successful in 13m37s
Details 
Reviewed-on: #56
 2026-05-31 21:13:11 +00:00
Shaun Arman
7ee4f58bfd fix(ci): verify tag exists locally before running git-cliff
All checks were successful
Test / rust-fmt-check (pull_request) Successful in 1m42s
Details
Test / rust-clippy (pull_request) Successful in 3m31s
Details
Test / frontend-typecheck (pull_request) Successful in 2m40s
Details
Test / frontend-tests (pull_request) Successful in 1m54s
Details
Test / rust-tests (pull_request) Successful in 4m23s
Details
PR Review Automation / review (pull_request) Successful in 6m15s
Details 
Addresses the review warning: git rev-parse confirms the tag is
present in the local repo after git fetch --tags before git-cliff
or git tag --sort= runs against it. Fails fast with a clear error
if the tag is missing rather than silently generating an incomplete
changelog.
 2026-05-31 16:05:18 -05:00
Shaun Arman
cc99aa815b fix(ci): changelog job creates release to avoid race with build jobs
Some checks failed
Test / rust-fmt-check (pull_request) Waiting to run
Details
PR Review Automation / review (pull_request) Successful in 4m38s
Details
Test / frontend-typecheck (pull_request) Successful in 1m22s
Details
Test / rust-clippy (pull_request) Successful in 6m12s
Details
Test / frontend-tests (pull_request) Successful in 1m13s
Details
Test / rust-tests (pull_request) Has been cancelled
Details 
The changelog and build-* jobs all fan out from autotag in parallel.
Build jobs create the Gitea release with 'curl ... || true', but the
changelog job was trying to GET the release before any build job had
run, reliably failing with 'Could not find release for tag vX.Y.Z'.

Fix: changelog job owns release creation. It creates the release with
the git-cliff body if it does not exist, or patches the body if a
prior run already created it. Build jobs continue using their existing
create-or-skip + upload pattern unchanged.
 2026-05-31 15:57:26 -05:00
1 changed files with 51 additions and 15 deletions
Show Stats Expand all files Collapse all files

66
.gitea/workflows/auto-tag.yml
View File

@ -125,22 +125,28 @@ jobs:
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
run: |
set -eu
# Use the tag output from autotag — never rely on git describe
CURRENT_TAG="${RELEASE_TAG}"
echo "Building changelog for $CURRENT_TAG"
# Verify the tag is present locally after fetch
if ! git rev-parse "refs/tags/${CURRENT_TAG}" >/dev/null 2>&1; then
echo "ERROR: tag ${CURRENT_TAG} not found locally after fetch"
exit 1
fi
git-cliff --config cliff.toml --output CHANGELOG.md
PREV_TAG=$(git tag --sort=-version:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' \
| grep -v "^${CURRENT_TAG}$" | head -1 || echo "")
if [ -n "$PREV_TAG" ]; then
git-cliff --config cliff.toml --tag "$CURRENT_TAG" --strip all > /tmp/release_body.md || true
else
echo "=== No previous tag found, generating from git commits ==="
echo "No previous tag found, generating from git commits"
git log --pretty=format:"- %s" > /tmp/release_body.md || true
fi
echo "=== Release body preview ==="
cat /tmp/release_body.md
- name: Update Gitea release body
- name: Create or update Gitea release
env:
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
RELEASE_TAG: ${{ needs.autotag.outputs.release_tag }}
@ -148,18 +154,41 @@ jobs:
set -eu
TAG="${RELEASE_TAG}"
API="http://172.0.0.29:3000/api/v1/repos/$GITHUB_REPOSITORY"
RELEASE_ID=$(curl -sf "$API/releases/tags/$TAG" \
-H "Authorization: token $RELEASE_TOKEN" | jq -r '.id')
# Try to find an existing release for this tag
RELEASE_ID=$(curl -s "$API/releases/tags/$TAG" \
-H "Authorization: token $RELEASE_TOKEN" | jq -r '.id // empty')
if [ -z "$RELEASE_ID" ]; then
# First run: changelog job owns release creation so build jobs
# never race against a missing release object
echo "Creating release $TAG..."
RELEASE_ID=$(jq -n \
--arg tag "$TAG" \
--arg name "TFTSR $TAG" \
--rawfile body /tmp/release_body.md \
'{tag_name: $tag, name: $name, body: $body, draft: false}' \
| curl -sf -X POST "$API/releases" \
-H "Authorization: token $RELEASE_TOKEN" \
-H "Content-Type: application/json" \
--data @- \
| jq -r '.id')
echo "✓ Release created (id=$RELEASE_ID)"
else
# Re-run: patch the body only
echo "Updating existing release $TAG (id=$RELEASE_ID)..."
jq -n --rawfile body /tmp/release_body.md '{body: $body}' \
| curl -sf -X PATCH "$API/releases/$RELEASE_ID" \
-H "Authorization: token $RELEASE_TOKEN" \
-H "Content-Type: application/json" \
--data @-
echo "✓ Release body updated"
fi
if [ -z "$RELEASE_ID" ] || [ "$RELEASE_ID" = "null" ]; then
echo "ERROR: Could not find release for tag $TAG"
echo "ERROR: Failed to create or locate release for $TAG"
exit 1
fi
BODY=$(jq -n --rawfile note /tmp/release_body.md '{body: $note}')
curl -sf -X PATCH "$API/releases/$RELEASE_ID" \
-H "Authorization: token $RELEASE_TOKEN" \
-H "Content-Type: application/json" \
-d "$BODY"
echo "✓ Release body updated"
- name: Commit CHANGELOG.md to master
env:
@ -167,14 +196,21 @@ jobs:
run: |
set -euo pipefail
TAG="${RELEASE_TAG}"
# Validate tag format to prevent shell injection in commit message / JSON
if ! echo "$TAG" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+$'; then
echo "ERROR: Unexpected tag format: $TAG"
exit 1
fi
git add CHANGELOG.md
git commit -m "chore: update CHANGELOG.md for ${TAG} [skip ci]" || echo "No changes to commit"
git push origin master
# Only commit if CHANGELOG.md actually changed — avoids ambiguous
# exit-code handling from 'git commit || echo' with set -e
if git diff --staged --quiet; then
echo "No CHANGELOG.md changes to commit"
else
git commit -m "chore: update CHANGELOG.md for ${TAG} [skip ci]"
fi
# HEAD:master works in detached HEAD state; 'git push origin master'
# would fail because there is no local branch named master
git push origin HEAD:master
echo "✓ CHANGELOG.md committed to master"
- name: Upload CHANGELOG.md as release asset