name: Release on: push: branches: - "**" paths-ignore: - "docs/**" - "**/*.md" workflow_dispatch: permissions: contents: write jobs: release: runs-on: ubuntu-latest container: image: docker.pchuan.top/forge/bun:latest credentials: username: ${{ secrets.REGISTRY_USERNAME }} password: ${{ secrets.REGISTRY_PASSWORD }} steps: - name: Checkout shell: sh env: GITEA_ACTOR: ${{ gitea.actor }} GITEA_REF: ${{ gitea.ref }} GITEA_REPOSITORY: ${{ gitea.repository }} GITEA_SERVER_URL: ${{ gitea.server_url }} GITEA_SHA: ${{ gitea.sha }} GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} run: | set -eu if ! command -v git >/dev/null 2>&1; then echo "git is required in the job container" >&2 exit 1 fi if [ -z "${GITEA_TOKEN:-}" ]; then echo "GITEA_TOKEN is required" >&2 exit 1 fi git init . git remote add origin "${GITEA_SERVER_URL}/${GITEA_REPOSITORY}.git" auth_header="$(printf '%s:%s' "${GITEA_ACTOR}" "${GITEA_TOKEN}" | base64 | tr -d '\n')" git -c "http.${GITEA_SERVER_URL}/.extraheader=AUTHORIZATION: Basic ${auth_header}" fetch --force --depth=1 origin "${GITEA_REF}:refs/remotes/origin/checkout" git checkout --force "${GITEA_SHA}" - name: Install system packages run: | apt-get update apt-get install -y --no-install-recommends zip - name: Install dependencies run: bun install --frozen-lockfile - name: Build and verify run: bun run test - name: Package release run: bun run release:package - name: Publish release env: GITEA_API_URL: ${{ gitea.api_url }} GITEA_REPOSITORY: ${{ gitea.repository }} GITEA_SHA: ${{ gitea.sha }} GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} run: bun scripts/publish-release.ts