--- name: Release on version.js update on: push: branches: ["master"] paths: - public/js/version.js workflow_run: workflows: ["Bump version and sync Changelog to Docker Repo"] types: [completed] workflow_dispatch: inputs: ref: description: "Ref (branch or SHA) to build from (default: origin/master)" required: false version: description: "Explicit version tag to release (e.g., v1.8.6). If empty, auto-detect." required: false permissions: contents: write jobs: delay: runs-on: ubuntu-latest steps: - name: Delay 10 minutes run: sleep 600 release: needs: delay runs-on: ubuntu-latest # Guard: Only run on trusted workflow_run events (pushes from this repo) if: > github.event_name == 'push' || github.event_name == 'workflow_dispatch' || (github.event_name == 'workflow_run' && github.event.workflow_run.event == 'push' && github.event.workflow_run.head_repository.full_name == github.repository) # Use run_id for a stable, unique key concurrency: group: release-${{ github.run_id }} cancel-in-progress: false steps: - name: Checkout (fetch all) uses: actions/checkout@v4 with: fetch-depth: 0 - name: Ensure tags + master available shell: bash run: | git fetch --tags --force --prune --quiet git fetch origin master --quiet - name: Resolve source ref + (maybe) version id: pickref shell: bash run: | set -euo pipefail # Defaults REF="" VER="" SRC="" if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then # manual run REF_IN="${{ github.event.inputs.ref }}" VER_IN="${{ github.event.inputs.version }}" if [[ -n "$REF_IN" ]]; then # Try branch/sha; fetch branch if needed git fetch origin "$REF_IN" --quiet || true if REF_SHA="$(git rev-parse --verify --quiet "$REF_IN")"; then REF="$REF_SHA" else echo "Provided ref '$REF_IN' not found" >&2 exit 1 fi else REF="$(git rev-parse origin/master)" fi if [[ -n "$VER_IN" ]]; then VER="$VER_IN" SRC="manual-version" fi elif [[ "${{ github.event_name }}" == "workflow_run" ]]; then REF="${{ github.event.workflow_run.head_sha }}" else REF="${{ github.sha }}" fi # If no explicit version, try to find the latest bot bump reachable from REF if [[ -z "$VER" ]]; then # Search recent history reachable from REF BOT_SHA="$(git log "$REF" -n 200 --author='github-actions[bot]' --grep='set APP_VERSION to v' --pretty=%H | head -n1 || true)" if [[ -n "$BOT_SHA" ]]; then SUBJ="$(git log -n1 --pretty=%s "$BOT_SHA")" BOT_VER="$(sed -n 's/.*set APP_VERSION to \(v[^ ]*\).*/\1/p' <<<"${SUBJ}")" if [[ -n "$BOT_VER" ]]; then VER="$BOT_VER" REF="$BOT_SHA" # build/tag from the bump commit SRC="bot-commit" fi fi fi # Output REF_SHA="$(git rev-parse "$REF")" echo "ref=$REF_SHA" >> "$GITHUB_OUTPUT" echo "source=${SRC:-event-ref}" >> "$GITHUB_OUTPUT" echo "preversion=${VER}" >> "$GITHUB_OUTPUT" echo "Using source=${SRC:-event-ref} ref=$REF_SHA" if [[ -n "$VER" ]]; then echo "Pre-resolved version=$VER"; fi - name: Checkout chosen ref uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{ steps.pickref.outputs.ref }} - name: Assert ref is on master shell: bash run: | set -euo pipefail REF="${{ steps.pickref.outputs.ref }}" git fetch origin master --quiet if ! git merge-base --is-ancestor "$REF" origin/master; then echo "Ref $REF is not on master; refusing to release." exit 78 fi - name: Debug version.js provenance shell: bash run: | echo "version.js last-change commit: $(git log -n1 --pretty='%h %s' -- public/js/version.js || echo 'none')" sed -n '1,20p' public/js/version.js || true - name: Determine version id: ver shell: bash run: | set -euo pipefail # Prefer pre-resolved version (manual input or bot commit) if [[ -n "${{ steps.pickref.outputs.preversion }}" ]]; then VER="${{ steps.pickref.outputs.preversion }}" echo "version=$VER" >> "$GITHUB_OUTPUT" echo "Parsed version (pre-resolved): $VER" exit 0 fi # Fallback to version.js VER="$(grep -Eo "APP_VERSION\s*=\s*['\"]v[^'\"]+['\"]" public/js/version.js | sed -E "s/.*['\"](v[^'\"]+)['\"].*/\1/")" if [[ -z "$VER" ]]; then echo "Could not parse APP_VERSION from version.js" >&2 exit 1 fi echo "version=$VER" >> "$GITHUB_OUTPUT" echo "Parsed version (file): $VER" - name: Skip if tag already exists id: tagcheck shell: bash run: | set -euo pipefail if git rev-parse -q --verify "refs/tags/${{ steps.ver.outputs.version }}" >/dev/null; then echo "exists=true" >> "$GITHUB_OUTPUT" echo "Tag ${{ steps.ver.outputs.version }} already exists. Skipping release." else echo "exists=false" >> "$GITHUB_OUTPUT" fi - name: Prep stamper script if: steps.tagcheck.outputs.exists == 'false' shell: bash run: | set -euo pipefail sed -i 's/\r$//' scripts/stamp-assets.sh || true chmod +x scripts/stamp-assets.sh - name: Build zip artifact (stamped) if: steps.tagcheck.outputs.exists == 'false' shell: bash run: | set -euo pipefail VER="${{ steps.ver.outputs.version }}" rm -rf staging rsync -a \ --exclude '.git' --exclude '.github' \ --exclude 'resources' \ --exclude '.dockerignore' --exclude '.gitattributes' --exclude '.gitignore' \ ./ staging/ bash ./scripts/stamp-assets.sh "${VER}" "$(pwd)/staging" - name: Verify placeholders are gone (staging) if: steps.tagcheck.outputs.exists == 'false' shell: bash run: | set -euo pipefail ROOT="$(pwd)/staging" if grep -R -n -E "{{APP_QVER}}|{{APP_VER}}" "$ROOT" \ --include='*.html' --include='*.php' --include='*.css' --include='*.js' 2>/dev/null; then echo "---- DEBUG (show 10 hits with context) ----" grep -R -n -E "{{APP_QVER}}|{{APP_VER}}" "$ROOT" \ --include='*.html' --include='*.php' --include='*.css' --include='*.js' \ | head -n 10 | while IFS=: read -r file line _; do echo ">>> $file:$line" nl -ba "$file" | sed -n "$((line-3)),$((line+3))p" || true echo "----------------------------------------" done exit 1 fi echo "OK: No unreplaced placeholders in staging." - name: Zip stamped staging if: steps.tagcheck.outputs.exists == 'false' shell: bash run: | set -euo pipefail VER="${{ steps.ver.outputs.version }}" (cd staging && zip -r "../FileRise-${VER}.zip" . >/dev/null) - name: Compute SHA-256 checksum if: steps.tagcheck.outputs.exists == 'false' id: sum shell: bash run: | set -euo pipefail ZIP="FileRise-${{ steps.ver.outputs.version }}.zip" SHA=$(shasum -a 256 "$ZIP" | awk '{print $1}') echo "$SHA $ZIP" > "${ZIP}.sha256" echo "sha=$SHA" >> "$GITHUB_OUTPUT" echo "Computed SHA-256: $SHA" - name: Extract notes from CHANGELOG (optional) if: steps.tagcheck.outputs.exists == 'false' id: notes shell: bash run: | set -euo pipefail NOTES_PATH="" if [[ -f CHANGELOG.md ]]; then awk ' BEGIN{found=0} /^## / && !found {found=1} found && /^---$/ {exit} found {print} ' CHANGELOG.md > CHANGELOG_SNIPPET.md || true sed -i -e :a -e '/^\n*$/{$d;N;ba' -e '}' CHANGELOG_SNIPPET.md || true if [[ -s CHANGELOG_SNIPPET.md ]]; then NOTES_PATH="CHANGELOG_SNIPPET.md" fi fi echo "path=$NOTES_PATH" >> "$GITHUB_OUTPUT" - name: Compute previous tag (for Full Changelog link) if: steps.tagcheck.outputs.exists == 'false' id: prev shell: bash run: | set -euo pipefail VER="${{ steps.ver.outputs.version }}" PREV=$(git tag --list "v*" --sort=-v:refname | grep -v -F "$VER" | head -n1 || true) if [[ -z "$PREV" ]]; then PREV=$(git rev-list --max-parents=0 HEAD | tail -n1) fi echo "prev=$PREV" >> "$GITHUB_OUTPUT" echo "Previous tag or baseline: $PREV" - name: Build release body (snippet + full changelog + checksum) if: steps.tagcheck.outputs.exists == 'false' shell: bash run: | set -euo pipefail VER="${{ steps.ver.outputs.version }}" PREV="${{ steps.prev.outputs.prev }}" REPO="${GITHUB_REPOSITORY}" COMPARE_URL="https://github.com/${REPO}/compare/${PREV}...${VER}" ZIP="FileRise-${VER}.zip" SHA="${{ steps.sum.outputs.sha }}" { echo if [[ -s CHANGELOG_SNIPPET.md ]]; then cat CHANGELOG_SNIPPET.md echo fi echo "## ${VER}" echo "### Full Changelog" echo "[${PREV} → ${VER}](${COMPARE_URL})" echo echo "### SHA-256 (zip)" echo '```' echo "${SHA} ${ZIP}" echo '```' } > RELEASE_BODY.md sed -n '1,200p' RELEASE_BODY.md - name: Create GitHub Release if: steps.tagcheck.outputs.exists == 'false' uses: softprops/action-gh-release@v2 with: tag_name: ${{ steps.ver.outputs.version }} target_commitish: ${{ steps.pickref.outputs.ref }} name: ${{ steps.ver.outputs.version }} body_path: RELEASE_BODY.md generate_release_notes: false files: | FileRise-${{ steps.ver.outputs.version }}.zip FileRise-${{ steps.ver.outputs.version }}.zip.sha256