ci: gate on dev/main pushes, pin Flutter, extract release script
- trigger: add branches: [dev, main] so analyze+test run on every push, not just release tags. Build job stays tag-gated via if: startsWith(github.ref, 'refs/tags/') - pin Flutter to 3.41.6 instead of floating :stable for reproducible release builds - concurrency: cancel in-progress non-tag runs - permissions: contents: read default, contents: write scoped to build - extract release publish logic to scripts/publish_apk_release.sh so it's testable locally (bash -x with env vars) and the YAML stays readable. Adds set -euo pipefail + curl -f so failures surface instead of getting swallowed by || echo "skipped" - drop the broken artifact upload step (silently swallowed errors)
This commit is contained in:
Executable
+72
@@ -0,0 +1,72 @@
|
||||
#!/usr/bin/env bash
|
||||
#
|
||||
# Publish a signed release APK to Forgejo.
|
||||
#
|
||||
# Finds the release matching $TAG (creating it if the CI job got here
|
||||
# before the UI did), then attaches the APK as a release asset.
|
||||
#
|
||||
# Required env:
|
||||
# RELEASE_TOKEN — Forgejo PAT with write:repository scope
|
||||
# TAG — release tag (e.g. v26.04.11)
|
||||
# APK — path to the built APK
|
||||
#
|
||||
# Optional env:
|
||||
# FORGEJO_API — defaults to the FabledApp repo API root
|
||||
#
|
||||
# Exits non-zero if the release can't be created or the asset upload
|
||||
# fails. Designed to be testable locally:
|
||||
# RELEASE_TOKEN=... TAG=v0.0.1 APK=/tmp/test.apk bash -x scripts/publish_apk_release.sh
|
||||
set -euo pipefail
|
||||
|
||||
: "${RELEASE_TOKEN:?RELEASE_TOKEN not set}"
|
||||
: "${TAG:?TAG not set}"
|
||||
: "${APK:?APK not set}"
|
||||
|
||||
if [ ! -f "$APK" ]; then
|
||||
echo "APK not found at $APK" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
API="${FORGEJO_API:-https://git.fabledsword.com/api/v1/repos/bvandeusen/FabledApp}"
|
||||
|
||||
# jq isn't in the cirruslabs Flutter image, so we parse JSON with grep.
|
||||
# Fragile but bounded: we only care about the first "id": <n> field,
|
||||
# which is always the release id in Forgejo's responses for these
|
||||
# endpoints. If Forgejo ever adds a preceding id field, revisit.
|
||||
extract_id() {
|
||||
echo "$1" | grep -oE '"id"[[:space:]]*:[[:space:]]*[0-9]+' | head -1 | grep -oE '[0-9]+'
|
||||
}
|
||||
|
||||
# Look for an existing release (created via the UI or a prior run).
|
||||
# curl -f turns 4xx/5xx into non-zero so we can distinguish "not found"
|
||||
# (no release yet) from "auth broken" (real failure).
|
||||
existing=$(curl -fsS -H "Authorization: token $RELEASE_TOKEN" \
|
||||
"$API/releases/tags/$TAG" 2>/dev/null || true)
|
||||
|
||||
release_id=$(extract_id "$existing")
|
||||
|
||||
if [ -z "$release_id" ]; then
|
||||
echo "No existing release for $TAG — creating one..."
|
||||
response=$(curl -fsS -X POST \
|
||||
-H "Authorization: token $RELEASE_TOKEN" \
|
||||
-H "Content-Type: application/json" \
|
||||
-d "{\"tag_name\": \"$TAG\", \"name\": \"$TAG\", \"body\": \"\"}" \
|
||||
"$API/releases")
|
||||
release_id=$(extract_id "$response")
|
||||
if [ -z "$release_id" ]; then
|
||||
echo "Failed to create release. API response:" >&2
|
||||
echo "$response" >&2
|
||||
exit 1
|
||||
fi
|
||||
echo "Created release $TAG (id=$release_id)."
|
||||
else
|
||||
echo "Found existing release $TAG (id=$release_id). Attaching APK..."
|
||||
fi
|
||||
|
||||
curl -fsS -X POST \
|
||||
-H "Authorization: token $RELEASE_TOKEN" \
|
||||
-F "attachment=@$APK" \
|
||||
"$API/releases/$release_id/assets" > /dev/null
|
||||
|
||||
echo "Done — $TAG is live at:"
|
||||
echo "https://git.fabledsword.com/bvandeusen/FabledApp/releases/tag/$TAG"
|
||||
Reference in New Issue
Block a user