ci: harden Gitea release sync auth diagnostics and upsert flow
This commit is contained in:
@@ -157,7 +157,6 @@ jobs:
|
|||||||
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
||||||
run: |
|
run: |
|
||||||
python3 - <<'PY'
|
python3 - <<'PY'
|
||||||
import sys
|
|
||||||
import json
|
import json
|
||||||
import os
|
import os
|
||||||
import urllib.error
|
import urllib.error
|
||||||
@@ -166,19 +165,22 @@ jobs:
|
|||||||
base = "https://gitea.emulab.it/api/v1"
|
base = "https://gitea.emulab.it/api/v1"
|
||||||
repo = "Simone/nsis-plugin-ns7zip"
|
repo = "Simone/nsis-plugin-ns7zip"
|
||||||
tag = "${{ github.ref_name }}"
|
tag = "${{ github.ref_name }}"
|
||||||
token = os.environ["GITEA_TOKEN"]
|
token = os.environ.get("GITEA_TOKEN", "").strip()
|
||||||
|
|
||||||
|
if not token:
|
||||||
|
raise SystemExit("GITEA_TOKEN is missing or empty")
|
||||||
|
|
||||||
with open("release_body.md", "r", encoding="utf-8") as f:
|
with open("release_body.md", "r", encoding="utf-8") as f:
|
||||||
body = f.read()
|
body = f.read()
|
||||||
|
|
||||||
def request(method, path, payload=None):
|
def request(method, path, payload=None, auth_scheme="token"):
|
||||||
data = json.dumps(payload).encode("utf-8") if payload is not None else None
|
data = json.dumps(payload).encode("utf-8") if payload is not None else None
|
||||||
req = urllib.request.Request(
|
req = urllib.request.Request(
|
||||||
f"{base}{path}",
|
f"{base}{path}",
|
||||||
data=data,
|
data=data,
|
||||||
method=method,
|
method=method,
|
||||||
headers={
|
headers={
|
||||||
"Authorization": f"token {token}",
|
"Authorization": f"{auth_scheme} {token}",
|
||||||
"Content-Type": "application/json",
|
"Content-Type": "application/json",
|
||||||
"Accept": "application/json",
|
"Accept": "application/json",
|
||||||
},
|
},
|
||||||
@@ -186,32 +188,52 @@ jobs:
|
|||||||
with urllib.request.urlopen(req) as resp:
|
with urllib.request.urlopen(req) as resp:
|
||||||
return json.loads(resp.read().decode("utf-8"))
|
return json.loads(resp.read().decode("utf-8"))
|
||||||
|
|
||||||
|
auth_scheme = None
|
||||||
|
last_error = None
|
||||||
|
for scheme in ("token", "Bearer"):
|
||||||
|
try:
|
||||||
|
user = request("GET", "/user", auth_scheme=scheme)
|
||||||
|
auth_scheme = scheme
|
||||||
|
print(f"Gitea auth OK via '{scheme}' as user: {user.get('login', '<unknown>')}")
|
||||||
|
break
|
||||||
|
except urllib.error.HTTPError as e:
|
||||||
|
try:
|
||||||
|
details = e.read().decode("utf-8", errors="replace")
|
||||||
|
except Exception:
|
||||||
|
details = ""
|
||||||
|
last_error = f"HTTP {e.code} {e.reason} ({scheme}) {details}".strip()
|
||||||
|
|
||||||
|
if not auth_scheme:
|
||||||
|
raise SystemExit(
|
||||||
|
"Gitea authentication failed for both 'token' and 'Bearer'. "
|
||||||
|
"Check secret GITEA_TOKEN value and permissions (Repository Read+Write). "
|
||||||
|
f"Last error: {last_error}"
|
||||||
|
)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
try:
|
release = request("GET", f"/repos/{repo}/releases/tags/{tag}", auth_scheme=auth_scheme)
|
||||||
release = request("GET", f"/repos/{repo}/releases/tags/{tag}")
|
|
||||||
rid = release["id"]
|
rid = release["id"]
|
||||||
request("PATCH", f"/repos/{repo}/releases/{rid}", {"body": body})
|
request("PATCH", f"/repos/{repo}/releases/{rid}", {"body": body}, auth_scheme=auth_scheme)
|
||||||
print(f"Updated existing Gitea release id={rid} for tag {tag}")
|
print(f"Updated existing Gitea release id={rid} for tag {tag}")
|
||||||
except urllib.error.HTTPError as e:
|
except urllib.error.HTTPError as e:
|
||||||
if e.code == 404:
|
if e.code != 404:
|
||||||
created = request(
|
try:
|
||||||
|
details = e.read().decode("utf-8", errors="replace")
|
||||||
|
except Exception:
|
||||||
|
details = ""
|
||||||
|
raise SystemExit(f"Gitea release lookup/update failed: HTTP {e.code} {e.reason}. {details}".strip())
|
||||||
|
|
||||||
|
created = request(
|
||||||
"POST",
|
"POST",
|
||||||
f"/repos/{repo}/releases",
|
f"/repos/{repo}/releases",
|
||||||
{
|
{
|
||||||
"tag_name": tag,
|
"tag_name": tag,
|
||||||
"name": tag,
|
"name": tag,
|
||||||
"body": body,
|
"body": body,
|
||||||
"draft": False,
|
"draft": False,
|
||||||
"prerelease": False,
|
"prerelease": False,
|
||||||
},
|
},
|
||||||
)
|
auth_scheme=auth_scheme,
|
||||||
print(f"Created Gitea release id={created['id']} for tag {tag}")
|
)
|
||||||
elif e.code in (401, 403):
|
print(f"Created Gitea release id={created['id']} for tag {tag}")
|
||||||
print("::warning::Gitea release sync skipped: token unauthorized/forbidden. Check GITEA_TOKEN permissions (Repository Read+Write).")
|
|
||||||
sys.exit(0)
|
|
||||||
else:
|
|
||||||
raise
|
|
||||||
except urllib.error.HTTPError as e:
|
|
||||||
print(f"::warning::Gitea release sync skipped due to HTTP {e.code}: {e.reason}")
|
|
||||||
sys.exit(0)
|
|
||||||
PY
|
PY
|
||||||
|
|||||||
Reference in New Issue
Block a user