refining/secrets
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 61 Wiki Activity

ci: 精简 Release upsert 逻辑
All checks were successful
Secrets MCP — Build & Release / 检查 / 构建 / 发版 (push) Successful in 4m36s
Details
Secrets MCP — Build & Release / 部署 secrets-mcp (push) Successful in 5s
Details

Browse Source 
提取 auth/api 公共变量避免重复;用 xargs 单行替换 while 循环清理
旧 assets;POST 分支用管道直接取 id 省去临时文件。
279 行 → 248 行。

Made-with: Cursor
This commit is contained in:
voson
2026-03-21 11:36:43 +08:00
parent c815fb4cc8
commit 259fbe10a6
1 changed files with 19 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
.gitea/workflows/secrets.yml
View File

@@ -122,14 +122,15 @@ jobs:
git push origin "$tag" git push origin "$tag"
# ── Release可选需配置 RELEASE_TOKEN─────────────────────────── # ── Release可选需配置 RELEASE_TOKEN───────────────────────────
- name: 创建并发布 Release - name: Upsert Release
if: env.RELEASE_TOKEN != '' if: env.RELEASE_TOKEN != ''
env: env:
RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }} RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
run: | run: |
tag="${{ steps.ver.outputs.tag }}" tag="${{ steps.ver.outputs.tag }}"
version="${{ steps.ver.outputs.version }}" version="${{ steps.ver.outputs.version }}"
release_api="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases" api="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases"
auth="Authorization: token $RELEASE_TOKEN"
previous_tag=$(git tag --list 'secrets-mcp-*' --sort=-v:refname | awk -v t="$tag" '$0 != t { print; exit }') previous_tag=$(git tag --list 'secrets-mcp-*' --sort=-v:refname | awk -v t="$tag" '$0 != t { print; exit }')
if [ -n "$previous_tag" ]; then if [ -n "$previous_tag" ]; then
@@ -140,60 +141,29 @@ jobs:
[ -z "$changes" ] && changes="- 首次发布" [ -z "$changes" ] && changes="- 首次发布"
body=$(printf '## 变更日志\n\n%s' "$changes") body=$(printf '## 变更日志\n\n%s' "$changes")
meta=$(jq -n \ # Upsert: 存在 → PATCH + 清旧 assets不存在 → POST
--arg name "secrets-mcp ${version}" \ release_id=$(curl -sS -H "$auth" "${api}/tags/${tag}" 2>/dev/null | jq -r '.id // empty')
--arg body "$body" \ if [ -n "$release_id" ]; then
'{name: $name, body: $body, draft: false}') curl -sS -o /dev/null -H "$auth" -H "Content-Type: application/json" \
-X PATCH "${api}/${release_id}" \
# 若已存在同名 ReleasePATCH 更新(避免 DELETE+POST 触发唯一约束冲突) -d "$(jq -n --arg n "secrets-mcp ${version}" --arg b "$body" '{name:$n,body:$b,draft:false}')"
existing_code=$(curl -sS -o /tmp/existing-release.json -w '%{http_code}' \ curl -sS -H "$auth" "${api}/${release_id}/assets" | \
-H "Authorization: token $RELEASE_TOKEN" \ jq -r '.[].id' | xargs -I{} curl -sS -o /dev/null -H "$auth" -X DELETE "${api}/${release_id}/assets/{}"
"${release_api}/tags/${tag}") echo "已更新 Release ${release_id}"
if [ "$existing_code" = "200" ]; then
release_id=$(jq -r '.id // empty' /tmp/existing-release.json)
http_code=$(curl -sS -o /tmp/release.json -w '%{http_code}' \
-H "Authorization: token $RELEASE_TOKEN" \
-H "Content-Type: application/json" \
-X PATCH "${release_api}/${release_id}" -d "$meta")
echo "已更新旧 Release: ${release_id} (HTTP ${http_code})"
# 删除旧 assets上传前清空
jq -r '.[].id' <<< "$(curl -sS \
-H "Authorization: token $RELEASE_TOKEN" \
"${release_api}/${release_id}/assets")" | while read -r aid; do
curl -sS -o /dev/null \
-H "Authorization: token $RELEASE_TOKEN" \
-X DELETE "${release_api}/${release_id}/assets/${aid}"
done
else else
# 首次创建 release_id=$(curl -fsS -H "$auth" -H "Content-Type: application/json" \
create_payload=$(jq -n \ -X POST "$api" \
--arg tag "$tag" \ -d "$(jq -n --arg t "$tag" --arg n "secrets-mcp ${version}" --arg b "$body" \
--arg name "secrets-mcp ${version}" \ '{tag_name:$t,name:$n,body:$b,draft:false}')" | jq -r '.id')
--arg body "$body" \ echo "已创建 Release ${release_id}"
'{tag_name: $tag, name: $name, body: $body, draft: false}')
http_code=$(curl -sS -o /tmp/release.json -w '%{http_code}' \
-H "Authorization: token $RELEASE_TOKEN" \
-H "Content-Type: application/json" \
-X POST "$release_api" -d "$create_payload")
if [ "$http_code" != "201" ] && [ "$http_code" != "200" ]; then
echo "创建 Release 失败 (HTTP ${http_code})"
cat /tmp/release.json || true
exit 1
fi
release_id=$(jq -r '.id' /tmp/release.json)
echo "已创建 Release: ${release_id}"
fi fi
bin="target/${MUSL_TARGET}/release/${MCP_BINARY}" bin="target/${MUSL_TARGET}/release/${MCP_BINARY}"
archive="${MCP_BINARY}-${tag}-x86_64-linux-musl.tar.gz" archive="${MCP_BINARY}-${tag}-x86_64-linux-musl.tar.gz"
tar -czf "$archive" -C "$(dirname "$bin")" "$(basename "$bin")" tar -czf "$archive" -C "$(dirname "$bin")" "$(basename "$bin")"
sha256sum "$archive" > "${archive}.sha256" sha256sum "$archive" > "${archive}.sha256"
curl -fsS -H "$auth" -F "attachment=@${archive}" "${api}/${release_id}/assets"
asset_url="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases/${release_id}/assets" curl -fsS -H "$auth" -F "attachment=@${archive}.sha256" "${api}/${release_id}/assets"
curl -fsS -H "Authorization: token $RELEASE_TOKEN" -F "attachment=@${archive}" "$asset_url"
curl -fsS -H "Authorization: token $RELEASE_TOKEN" -F "attachment=@${archive}.sha256" "$asset_url"
echo "Release ${tag} 已发布" echo "Release ${tag} 已发布"
# ── 飞书汇总通知 ───────────────────────────────────────────────────── # ── 飞书汇总通知 ─────────────────────────────────────────────────────