From db69d54531dd141a31ed2ce80bbe7e25c94d20be Mon Sep 17 00:00:00 2001 From: Jonathan Miller Date: Thu, 16 Apr 2026 22:28:42 -0500 Subject: [PATCH] Fix release.yml: GA_TOKEN for Gitea, GH_TOKEN for GitHub mirror only - Gitea API calls use secrets.GA_TOKEN - GitHub mirror only for stable/rc, uses secrets.GH_TOKEN - updates.xml now updates only the specific stability channel (version, SHA, date, download URLs) via Python regex Co-Authored-By: Claude Opus 4.6 (1M context) --- .github/workflows/release.yml | 107 ++++++++++++++++++++++++++-------- 1 file changed, 84 insertions(+), 23 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 11fb262..59a10d9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -134,7 +134,7 @@ jobs: - name: "Gitea: Delete existing release" run: | TAG="${{ steps.meta.outputs.tag_name }}" - TOKEN="${{ secrets.GITEA_TOKEN }}" + TOKEN="${{ secrets.GA_TOKEN }}" API="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" # Find and delete existing release by tag @@ -159,7 +159,7 @@ jobs: STABILITY="${{ steps.meta.outputs.stability }}" PRERELEASE="${{ steps.meta.outputs.prerelease }}" SHA256="${{ steps.zip.outputs.sha256 }}" - TOKEN="${{ secrets.GITEA_TOKEN }}" + TOKEN="${{ secrets.GA_TOKEN }}" API="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" # Build release body @@ -206,7 +206,7 @@ jobs: run: | RELEASE_ID="${{ steps.gitea_release.outputs.release_id }}" ZIP_NAME="${{ steps.meta.outputs.zip_name }}" - TOKEN="${{ secrets.GITEA_TOKEN }}" + TOKEN="${{ secrets.GA_TOKEN }}" API="${GITEA_URL}/api/v1/repos/${GITEA_ORG}/${GITEA_REPO}" curl -sf -X POST \ @@ -218,8 +218,8 @@ jobs: echo "Uploaded ${ZIP_NAME} to Gitea release ${RELEASE_ID}" # ── GitHub Mirror (BACKUP) ─────────────────────────────────────── - - name: "GitHub: Mirror release (backup)" - if: ${{ secrets.GH_MIRROR_TOKEN != '' }} + - name: "GitHub: Mirror release (stable/rc only)" + if: ${{ steps.meta.outputs.stability == 'stable' || steps.meta.outputs.stability == 'rc' }} continue-on-error: true run: | TAG="${{ steps.meta.outputs.tag_name }}" @@ -227,7 +227,7 @@ jobs: STABILITY="${{ steps.meta.outputs.stability }}" ZIP_NAME="${{ steps.meta.outputs.zip_name }}" SHA256="${{ steps.zip.outputs.sha256 }}" - TOKEN="${{ secrets.GH_MIRROR_TOKEN }}" + TOKEN="${{ secrets.GH_TOKEN }}" GH_REPO="mokoconsulting-tech/${GITEA_REPO}" GH_API="https://api.github.com/repos/${GH_REPO}" @@ -270,29 +270,90 @@ jobs: fi # ── Update updates.xml ────────────────────────────────────────── - - name: "Update updates.xml SHA-256" + - name: "Update updates.xml for this channel" run: | - TAG="${{ steps.meta.outputs.tag_name }}" STABILITY="${{ steps.meta.outputs.stability }}" + VERSION="${{ steps.meta.outputs.version }}" SHA256="${{ steps.zip.outputs.sha256 }}" + ZIP_NAME="${{ steps.meta.outputs.zip_name }}" + TAG="${{ steps.meta.outputs.tag_name }}" + DATE=$(date +%Y-%m-%d) - if [ -f "updates.xml" ] && [ -n "$SHA256" ]; then - # Update the SHA for the matching stability channel - python3 -c " - import re, sys - tag_map = {'development':'development','alpha':'alpha','beta':'beta','rc':'rc','stable':'stable'} - tag = tag_map.get('${STABILITY}', 'development') - with open('updates.xml', 'r') as f: - content = f.read() - # Find the update block with matching tag and replace its sha256 - pattern = r'(' + re.escape(tag) + r'.*?)[^<]*()' - content = re.sub(pattern, r'\g<1>sha256:${SHA256}\g<2>', content, flags=re.DOTALL) - with open('updates.xml', 'w') as f: - f.write(content) - print(f'Updated SHA for {tag} channel') - " + if [ ! -f "updates.xml" ] || [ -z "$SHA256" ]; then + echo "No updates.xml or no SHA — skipping" + exit 0 fi + python3 << 'PYEOF' + import re + + stability = "${STABILITY}" + version = "${VERSION}" + sha256 = "${SHA256}" + zip_name = "${ZIP_NAME}" + tag = "${TAG}" + date = "${DATE}" + gitea_org = "${GITEA_ORG}" + gitea_repo = "${GITEA_REPO}" + + # Map stability to the value in updates.xml + tag_map = { + "development": "development", + "alpha": "alpha", + "beta": "beta", + "rc": "rc", + "stable": "stable", + } + xml_tag = tag_map.get(stability, "development") + + with open("updates.xml", "r") as f: + content = f.read() + + # Build regex to find the block containing this stability tag + # Match from to that contains xml_tag + block_pattern = r"(.*?" + re.escape(xml_tag) + r".*?)" + match = re.search(block_pattern, content, re.DOTALL) + + if not match: + print(f"No block found for {xml_tag}") + exit(0) + + block = match.group(1) + original_block = block + + # Update version + block = re.sub(r"[^<]*", f"{version}", block) + + # Update creation date + block = re.sub(r"[^<]*", f"{date}", block) + + # Update SHA-256 + block = re.sub(r"[^<]*", f"sha256:{sha256}", block) + + # Update Gitea download URL + gitea_url = f"https://git.mokoconsulting.tech/{gitea_org}/{gitea_repo}/releases/download/{tag}/{zip_name}" + block = re.sub( + r"(]*>)https://git\.mokoconsulting\.tech/[^<]*()", + rf"\g<1>{gitea_url}\g<2>", + block + ) + + # Update GitHub download URL (if present) + gh_url = f"https://github.com/mokoconsulting-tech/{gitea_repo}/releases/download/{tag}/{zip_name}" + block = re.sub( + r"(]*>)https://github\.com/[^<]*()", + rf"\g<1>{gh_url}\g<2>", + block + ) + + content = content.replace(original_block, block) + + with open("updates.xml", "w") as f: + f.write(content) + + print(f"Updated {xml_tag} channel: version={version}, sha={sha256[:16]}..., date={date}") + PYEOF + - name: "Commit updates.xml" run: | if git diff --quiet updates.xml 2>/dev/null; then