--- name: Release on version.js update on: push: branches: ["master"] # keep as-is; change to ["master","main"] if you use main too paths: - public/js/version.js workflow_run: workflows: ["Bump version and sync Changelog to Docker Repo"] types: [completed] permissions: contents: write jobs: delay: runs-on: ubuntu-latest steps: - name: Delay 2 minutes run: sleep 120 release: needs: delay runs-on: ubuntu-latest # Guard: Only run on trusted workflow_run events (pushes from this repo) if: > github.event_name == 'push' || (github.event_name == 'workflow_run' && github.event.workflow_run.event == 'push' && github.event.workflow_run.head_repository.full_name == github.repository) concurrency: # Ensure concurrency key follows the actual source ref group: release-${{ github.event_name }}-${{ github.event.workflow_run.head_sha || github.sha }} cancel-in-progress: false steps: - name: Resolve correct ref id: pickref shell: bash run: | if [ "${{ github.event_name }}" = "workflow_run" ]; then echo "ref=${{ github.event.workflow_run.head_sha }}" >> "$GITHUB_OUTPUT" else echo "ref=${{ github.sha }}" >> "$GITHUB_OUTPUT" fi echo "Using ref: $(cat $GITHUB_OUTPUT)" - name: Checkout uses: actions/checkout@v4 with: fetch-depth: 0 ref: ${{ steps.pickref.outputs.ref }} - name: Ensure tags available run: git fetch --tags --force --prune --quiet # Guard: refuse if the ref isn’t contained in master - name: Assert ref is on master shell: bash run: | set -euo pipefail REF="${{ steps.pickref.outputs.ref }}" git fetch origin master --quiet if ! git merge-base --is-ancestor "$REF" origin/master; then echo "Ref $REF is not on master; refusing to release." exit 78 # neutral exit fi - name: Debug version.js origin run: | echo "version.js at commit: $(git log -n1 --pretty=%h -- public/js/version.js)" sed -n '1,20p' public/js/version.js || true - name: Read version from version.js id: ver shell: bash run: | set -euo pipefail VER=$(grep -Eo "APP_VERSION\s*=\s*['\"]v[^'\"]+['\"]" public/js/version.js | sed -E "s/.*['\"](v[^'\"]+)['\"].*/\1/") if [[ -z "$VER" ]]; then echo "Could not parse APP_VERSION from version.js" >&2 exit 1 fi echo "version=$VER" >> "$GITHUB_OUTPUT" echo "Parsed version: $VER" - name: Skip if tag already exists id: tagcheck shell: bash run: | set -euo pipefail if git rev-parse -q --verify "refs/tags/${{ steps.ver.outputs.version }}" >/dev/null; then echo "exists=true" >> "$GITHUB_OUTPUT" echo "Tag ${{ steps.ver.outputs.version }} already exists. Skipping release." else echo "exists=false" >> "$GITHUB_OUTPUT" fi - name: Prep stamper script if: steps.tagcheck.outputs.exists == 'false' shell: bash run: | set -euo pipefail sed -i 's/\r$//' scripts/stamp-assets.sh || true chmod +x scripts/stamp-assets.sh - name: Build zip artifact (stamped) if: steps.tagcheck.outputs.exists == 'false' shell: bash run: | set -euo pipefail VER="${{ steps.ver.outputs.version }}" rm -rf staging rsync -a \ --exclude '.git' --exclude '.github' \ --exclude 'resources' \ --exclude '.dockerignore' --exclude '.gitattributes' --exclude '.gitignore' \ ./ staging/ bash ./scripts/stamp-assets.sh "${VER}" "$(pwd)/staging" - name: Verify placeholders are gone (staging) if: steps.tagcheck.outputs.exists == 'false' shell: bash run: | set -euo pipefail ROOT="$(pwd)/staging" if grep -R -n -E "{{APP_QVER}}|{{APP_VER}}" "$ROOT" \ --include='*.html' --include='*.php' --include='*.css' --include='*.js' 2>/dev/null; then echo "---- DEBUG (show 10 hits with context) ----" grep -R -n -E "{{APP_QVER}}|{{APP_VER}}" "$ROOT" \ --include='*.html' --include='*.php' --include='*.css' --include='*.js' \ | head -n 10 | while IFS=: read -r file line _; do echo ">>> $file:$line" nl -ba "$file" | sed -n "$((line-3)),$((line+3))p" || true echo "----------------------------------------" done exit 1 fi echo "OK: No unreplaced placeholders in staging." - name: Zip stamped staging if: steps.tagcheck.outputs.exists == 'false' shell: bash run: | set -euo pipefail VER="${{ steps.ver.outputs.version }}" (cd staging && zip -r "../FileRise-${VER}.zip" . >/dev/null) - name: Compute SHA-256 checksum if: steps.tagcheck.outputs.exists == 'false' id: sum shell: bash run: | set -euo pipefail ZIP="FileRise-${{ steps.ver.outputs.version }}.zip" SHA=$(shasum -a 256 "$ZIP" | awk '{print $1}') echo "$SHA $ZIP" > "${ZIP}.sha256" echo "sha=$SHA" >> "$GITHUB_OUTPUT" echo "Computed SHA-256: $SHA" - name: Extract notes from CHANGELOG (optional) if: steps.tagcheck.outputs.exists == 'false' id: notes shell: bash run: | set -euo pipefail NOTES_PATH="" if [[ -f CHANGELOG.md ]]; then awk ' BEGIN{found=0} /^## / && !found {found=1} found && /^---$/ {exit} found {print} ' CHANGELOG.md > CHANGELOG_SNIPPET.md || true sed -i -e :a -e '/^\n*$/{$d;N;ba' -e '}' CHANGELOG_SNIPPET.md || true if [[ -s CHANGELOG_SNIPPET.md ]]; then NOTES_PATH="CHANGELOG_SNIPPET.md" fi fi echo "path=$NOTES_PATH" >> "$GITHUB_OUTPUT" - name: Compute previous tag (for Full Changelog link) if: steps.tagcheck.outputs.exists == 'false' id: prev shell: bash run: | set -euo pipefail VER="${{ steps.ver.outputs.version }}" PREV=$(git tag --list "v*" --sort=-v:refname | grep -v -F "$VER" | head -n1 || true) if [[ -z "$PREV" ]]; then PREV=$(git rev-list --max-parents=0 HEAD | tail -n1) fi echo "prev=$PREV" >> "$GITHUB_OUTPUT" echo "Previous tag or baseline: $PREV" - name: Build release body (snippet + full changelog + checksum) if: steps.tagcheck.outputs.exists == 'false' shell: bash run: | set -euo pipefail VER="${{ steps.ver.outputs.version }}" PREV="${{ steps.prev.outputs.prev }}" REPO="${GITHUB_REPOSITORY}" COMPARE_URL="https://github.com/${REPO}/compare/${PREV}...${VER}" ZIP="FileRise-${VER}.zip" SHA="${{ steps.sum.outputs.sha }}" { echo if [[ -s CHANGELOG_SNIPPET.md ]]; then cat CHANGELOG_SNIPPET.md echo fi echo "## ${VER}" echo "### Full Changelog" echo "[${PREV} → ${VER}](${COMPARE_URL})" echo echo "### SHA-256 (zip)" echo '```' echo "${SHA} ${ZIP}" echo '```' } > RELEASE_BODY.md sed -n '1,200p' RELEASE_BODY.md - name: Create GitHub Release if: steps.tagcheck.outputs.exists == 'false' uses: softprops/action-gh-release@v2 with: tag_name: ${{ steps.ver.outputs.version }} target_commitish: ${{ steps.pickref.outputs.ref }} name: ${{ steps.ver.outputs.version }} body_path: RELEASE_BODY.md generate_release_notes: false files: | FileRise-${{ steps.ver.outputs.version }}.zip FileRise-${{ steps.ver.outputs.version }}.zip.sha256