ci: enhance GitHub release workflow with token handling and file upload improvements

2025-02-21 21:13:36 +01:00 · 2025-02-21 21:13:36 +01:00 · d71e3d8184
commit d71e3d8184
parent bb166aa29f
2 changed files with 47 additions and 28 deletions
--- a/.github/workflows/github-release.yml
+++ b/.github/workflows/github-release.yml
@ -2,12 +2,19 @@ name: GitHub Release

 on:
  workflow_call:
+    secrets:
+      GITHUB_TOKEN:
+        description: 'GitHub token for release creation'
+        required: true
+
+permissions:
+  contents: write

 jobs:
  create-release:
    runs-on: ubuntu-latest
-    #permissions:
-    #  contents: write
+    permissions:
+      contents: write
    steps:
    - uses: actions/checkout@v4
    
@ -97,35 +104,40 @@ jobs:

    - name: Create GitHub Release
      env:
-        GH_TOKEN: ${{ github.token }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      run: |
        VERSION=${{ steps.get_version.outputs.VERSION }}
-        
-        # Create release with available files
        cd .pio/build/esp32dev
-        FILES_TO_UPLOAD=""
        
-        # Always add firmware
-        if [ -f "filaman_${VERSION}.bin" ]; then
-          FILES_TO_UPLOAD="$FILES_TO_UPLOAD filaman_${VERSION}.bin"
-        fi
+        # Create the release first
+        RELEASE_JSON=$(curl -L \
+          -X POST \
+          -H "Accept: application/vnd.github+json" \
+          -H "Authorization: Bearer $GITHUB_TOKEN" \
+          -H "X-GitHub-Api-Version: 2022-11-28" \
+          "https://api.github.com/repos/$GITHUB_REPOSITORY/releases" \
+          -d "{
+            \"tag_name\":\"v${VERSION}\",
+            \"name\":\"Release ${VERSION}\",
+            \"body\":\"${{ steps.changelog.outputs.CHANGES }}\",
+            \"draft\":false,
+            \"prerelease\":false
+          }")
        
-        # Add SPIFFS and full binary only if they exist
-        if [ -f "webpage_${VERSION}.bin" ]; then
-          FILES_TO_UPLOAD="$FILES_TO_UPLOAD webpage_${VERSION}.bin"
-        fi
+        # Extract the upload URL from the response
+        UPLOAD_URL=$(echo "$RELEASE_JSON" | jq -r .upload_url | sed 's/{?name,label}//')
        
-        if [ -f "filaman_full_${VERSION}.bin" ]; then
-          FILES_TO_UPLOAD="$FILES_TO_UPLOAD filaman_full_${VERSION}.bin"
-        fi
-        
-        # Create release with available files
-        if [ -n "$FILES_TO_UPLOAD" ]; then
-          gh release create "v${VERSION}" \
-            --title "Release ${VERSION}" \
-            --notes "${{ steps.changelog.outputs.CHANGES }}" \
-            $FILES_TO_UPLOAD
-        else
-          echo "Error: No files found to upload"
-          exit 1
-        fi
+        # Upload the binary files
+        for file in filaman_${VERSION}.bin webpage_${VERSION}.bin filaman_full_${VERSION}.bin; do
+          if [ -f "$file" ]; then
+            echo "Uploading $file..."
+            curl -L \
+              -X POST \
+              -H "Accept: application/vnd.github+json" \
+              -H "Authorization: Bearer $GITHUB_TOKEN" \
+              -H "X-GitHub-Api-Version: 2022-11-28" \
+              -H "Content-Type: application/octet-stream" \
+              "${UPLOAD_URL}?name=${file}" \
+              --data-binary "@${file}"
+          fi
+        done
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -5,6 +5,9 @@ on:
    tags:
      - 'v*'

+permissions:
+  contents: write
+
 jobs:
  detect-provider:
    runs-on: ubuntu-latest
@ -23,8 +26,12 @@ jobs:

  github-release:
    needs: detect-provider
+    permissions:
+      contents: write
    if: needs.detect-provider.outputs.provider == 'github'
    uses: ./.github/workflows/github-release.yml
+    secrets:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

  gitea-release:
    needs: detect-provider