ci: 精简 Release upsert 逻辑

提取 auth/api 公共变量避免重复；用 xargs 单行替换 while 循环清理旧 assets；POST 分支用管道直接取 id 省去临时文件。 279 行 → 248 行。 Made-with: Cursor
2026-03-21 11:36:43 +08:00
parent c815fb4cc8
commit 259fbe10a6
1 changed files with 19 additions and 49 deletions
--- a/.gitea/workflows/secrets.yml
+++ b/.gitea/workflows/secrets.yml
@@ -122,14 +122,15 @@ jobs:
          git push origin "$tag"

      # ── Release（可选，需配置 RELEASE_TOKEN）───────────────────────────
-      - name: 创建并发布 Release
+      - name: Upsert Release
        if: env.RELEASE_TOKEN != ''
        env:
          RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
        run: |
          tag="${{ steps.ver.outputs.tag }}"
          version="${{ steps.ver.outputs.version }}"
-          release_api="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases"
+          api="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases"
+          auth="Authorization: token $RELEASE_TOKEN"

          previous_tag=$(git tag --list 'secrets-mcp-*' --sort=-v:refname | awk -v t="$tag" '$0 != t { print; exit }')
          if [ -n "$previous_tag" ]; then
@@ -140,60 +141,29 @@ jobs:
          [ -z "$changes" ] && changes="- 首次发布"
          body=$(printf '## 变更日志\n\n%s' "$changes")

-          meta=$(jq -n \
-            --arg name "secrets-mcp ${version}" \
-            --arg body "$body" \
-            '{name: $name, body: $body, draft: false}')
-
-          # 若已存在同名 Release，PATCH 更新（避免 DELETE+POST 触发唯一约束冲突）
-          existing_code=$(curl -sS -o /tmp/existing-release.json -w '%{http_code}' \
-            -H "Authorization: token $RELEASE_TOKEN" \
-            "${release_api}/tags/${tag}")
-
-          if [ "$existing_code" = "200" ]; then
-            release_id=$(jq -r '.id // empty' /tmp/existing-release.json)
-            http_code=$(curl -sS -o /tmp/release.json -w '%{http_code}' \
-              -H "Authorization: token $RELEASE_TOKEN" \
-              -H "Content-Type: application/json" \
-              -X PATCH "${release_api}/${release_id}" -d "$meta")
-            echo "已更新旧 Release: ${release_id} (HTTP ${http_code})"
-
-            # 删除旧 assets，上传前清空
-            jq -r '.[].id' <<< "$(curl -sS \
-              -H "Authorization: token $RELEASE_TOKEN" \
-              "${release_api}/${release_id}/assets")" | while read -r aid; do
-              curl -sS -o /dev/null \
-                -H "Authorization: token $RELEASE_TOKEN" \
-                -X DELETE "${release_api}/${release_id}/assets/${aid}"
-            done
+          # Upsert: 存在 → PATCH + 清旧 assets；不存在 → POST
+          release_id=$(curl -sS -H "$auth" "${api}/tags/${tag}" 2>/dev/null | jq -r '.id // empty')
+          if [ -n "$release_id" ]; then
+            curl -sS -o /dev/null -H "$auth" -H "Content-Type: application/json" \
+              -X PATCH "${api}/${release_id}" \
+              -d "$(jq -n --arg n "secrets-mcp ${version}" --arg b "$body" '{name:$n,body:$b,draft:false}')"
+            curl -sS -H "$auth" "${api}/${release_id}/assets" | \
+              jq -r '.[].id' | xargs -I{} curl -sS -o /dev/null -H "$auth" -X DELETE "${api}/${release_id}/assets/{}"
+            echo "已更新 Release ${release_id}"
          else
-            # 首次创建
-            create_payload=$(jq -n \
-              --arg tag "$tag" \
-              --arg name "secrets-mcp ${version}" \
-              --arg body "$body" \
-              '{tag_name: $tag, name: $name, body: $body, draft: false}')
-            http_code=$(curl -sS -o /tmp/release.json -w '%{http_code}' \
-              -H "Authorization: token $RELEASE_TOKEN" \
-              -H "Content-Type: application/json" \
-              -X POST "$release_api" -d "$create_payload")
-            if [ "$http_code" != "201" ] && [ "$http_code" != "200" ]; then
-              echo "创建 Release 失败 (HTTP ${http_code})"
-              cat /tmp/release.json || true
-              exit 1
-            fi
-            release_id=$(jq -r '.id' /tmp/release.json)
-            echo "已创建 Release: ${release_id}"
+            release_id=$(curl -fsS -H "$auth" -H "Content-Type: application/json" \
+              -X POST "$api" \
+              -d "$(jq -n --arg t "$tag" --arg n "secrets-mcp ${version}" --arg b "$body" \
+                   '{tag_name:$t,name:$n,body:$b,draft:false}')" | jq -r '.id')
+            echo "已创建 Release ${release_id}"
          fi

          bin="target/${MUSL_TARGET}/release/${MCP_BINARY}"
          archive="${MCP_BINARY}-${tag}-x86_64-linux-musl.tar.gz"
          tar -czf "$archive" -C "$(dirname "$bin")" "$(basename "$bin")"
          sha256sum "$archive" > "${archive}.sha256"
-
-          asset_url="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases/${release_id}/assets"
-          curl -fsS -H "Authorization: token $RELEASE_TOKEN" -F "attachment=@${archive}" "$asset_url"
-          curl -fsS -H "Authorization: token $RELEASE_TOKEN" -F "attachment=@${archive}.sha256" "$asset_url"
+          curl -fsS -H "$auth" -F "attachment=@${archive}" "${api}/${release_id}/assets"
+          curl -fsS -H "$auth" -F "attachment=@${archive}.sha256" "${api}/${release_id}/assets"
          echo "Release ${tag} 已发布"

      # ── 飞书汇总通知 ─────────────────────────────────────────────────────