From 765bb9b3685af63adfe5c6376277eaf6793084f2 Mon Sep 17 00:00:00 2001 From: Jonathan Miller Date: Wed, 22 Apr 2026 03:22:22 -0500 Subject: [PATCH] feat: sync updates.xml to main via PR instead of direct API push Co-Authored-By: Claude Opus 4.6 (1M context) --- .gitea/workflows/release.yml | 50 ++++++++++++++++++++++++------------ 1 file changed, 33 insertions(+), 17 deletions(-) diff --git a/.gitea/workflows/release.yml b/.gitea/workflows/release.yml index 34e8217..55b3e9d 100644 --- a/.gitea/workflows/release.yml +++ b/.gitea/workflows/release.yml @@ -479,38 +479,54 @@ jobs: # Push to current branch git push || true - # Also update updates.xml on main via Gitea API (git push blocked by branch protection) + # Sync updates.xml to main via PR (respects branch protection) if [ "$CURRENT_BRANCH" != "main" ]; then GA_TOKEN="${{ secrets.GA_TOKEN }}" API="${GITEA_URL}/api/v1/repos/${{ github.repository }}" + PR_BRANCH="chore/update-xml-${VERSION}" + + curl -sf -X POST -H "Authorization: token ${GA_TOKEN}" \ + -H "Content-Type: application/json" \ + "${API}/branches" \ + -d "$(jq -n --arg name "$PR_BRANCH" '{new_branch_name: $name, old_branch_name: "main"}')" > /dev/null 2>&1 || true - # Get current file SHA on main (required for update) FILE_SHA=$(curl -sf -H "Authorization: token ${GA_TOKEN}" \ - "${API}/contents/updates.xml?ref=main" | jq -r '.sha // empty') + "${API}/contents/updates.xml?ref=${PR_BRANCH}" | jq -r '.sha // empty') if [ -n "$FILE_SHA" ]; then - # Base64-encode the updates.xml content from working tree (has updated SHA) CONTENT=$(base64 -w0 updates.xml) - - RESPONSE=$(curl -s -w "\n%{http_code}" -X PUT -H "Authorization: token ${GA_TOKEN}" \ + curl -sf -X PUT -H "Authorization: token ${GA_TOKEN}" \ -H "Content-Type: application/json" \ "${API}/contents/updates.xml" \ -d "$(jq -n \ --arg content "$CONTENT" \ --arg sha "$FILE_SHA" \ - --arg msg "chore: update ${STABILITY} channel to ${VERSION} on main [skip ci]" \ - --arg branch "main" \ + --arg msg "chore: update ${STABILITY} channel to ${VERSION} [skip ci]" \ + --arg branch "$PR_BRANCH" \ '{content: $content, sha: $sha, message: $msg, branch: $branch}' - )") - HTTP_CODE=$(echo "$RESPONSE" | tail -1) - if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "201" ]; then - echo "updates.xml synced to main via API (HTTP ${HTTP_CODE})" - else - echo "WARNING: failed to sync updates.xml to main (HTTP ${HTTP_CODE})" - echo "$RESPONSE" | head -5 + )" > /dev/null 2>&1 + + PR_NUM=$(curl -sf -X POST -H "Authorization: token ${GA_TOKEN}" \ + -H "Content-Type: application/json" \ + "${API}/pulls" \ + -d "$(jq -n \ + --arg title "chore: update updates.xml for ${VERSION} [skip ci]" \ + --arg head "$PR_BRANCH" \ + --arg base "main" \ + --arg body "Auto-generated by release workflow." \ + '{title: $title, head: $head, base: $base, body: $body}' + )" | jq -r '.number // empty') + + if [ -n "$PR_NUM" ]; then + curl -sf -X POST -H "Authorization: token ${GA_TOKEN}" \ + -H "Content-Type: application/json" \ + "${API}/pulls/${PR_NUM}/merge" \ + -d '{"Do":"merge","merge_message_field":"chore: update updates.xml for '"${VERSION}"' [skip ci]"}' > /dev/null 2>&1 \ + && echo "updates.xml synced to main via PR #${PR_NUM}" \ + || echo "PR #${PR_NUM} created — merge manually" + curl -sf -X DELETE -H "Authorization: token ${GA_TOKEN}" \ + "${API}/branches/${PR_BRANCH}" > /dev/null 2>&1 || true fi - else - echo "WARNING: could not get file SHA for updates.xml on main" fi fi