ci: decouple android release attach, add workflow_dispatch to release.yml
Lint & Test / test (push) Successful in 2m16s
Lint & Test / test (push) Successful in 2m16s
build-android.yml - Attach step upserts the Gitea release: GET /releases/tags/<TAG>, and POST to create it on 404 instead of warning-and-skipping. Removes the ordering dependency on release.yml's create-release job — the Android workflow can now own its own release attachment end-to-end. - Fail loudly on broken DEPLOY_TOKEN: curl -f on every asset call so 403/422 surface as job failures instead of "Uploaded" lies, and an explicit check that the token is non-empty before starting. - Preserve the pre-existing replace-on-re-run behavior for idempotent asset uploads. release.yml - Add workflow_dispatch trigger with optional `version` input so the Windows/Linux/Docker builds can be exercised on demand between real releases (was tag-push only). - Gate create-release on github.event_name == 'push' so a manual dispatch doesn't create a stray Gitea release. - Each build job gets `if: !cancelled() && (needs.create-release.result in (success, skipped))` so dispatch runs still produce artifacts even though create-release was skipped. - Gate each "Attach * to release" step on github.event_name == 'push'. - Docker: login + push are push-only; build runs on both triggers so dispatch validates the Dockerfile without needing registry creds.
This commit is contained in:
@@ -4,10 +4,21 @@ on:
|
||||
push:
|
||||
tags:
|
||||
- 'v*'
|
||||
# Manual dispatch builds Windows/Linux/Docker artifacts without creating
|
||||
# a Gitea release — for validating build scripts between real releases.
|
||||
# Attach/push steps are gated on github.event_name == 'push'.
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
version:
|
||||
description: 'Version label for dispatch builds (artifacts only, no release)'
|
||||
required: false
|
||||
default: 'dev'
|
||||
|
||||
jobs:
|
||||
# ── Create the release first (shared by all build jobs) ────
|
||||
create-release:
|
||||
# Skipped on workflow_dispatch — dispatch is for build validation only.
|
||||
if: github.event_name == 'push'
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
release_id: ${{ steps.create.outputs.release_id }}
|
||||
@@ -112,6 +123,9 @@ jobs:
|
||||
# ── Windows portable ZIP (cross-built from Linux) ─────────
|
||||
build-windows:
|
||||
needs: create-release
|
||||
# `!cancelled()` lets this job run even when create-release was skipped
|
||||
# (dispatch) or failed. The attach step itself is still push-gated.
|
||||
if: ${{ !cancelled() && (needs.create-release.result == 'success' || needs.create-release.result == 'skipped') }}
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
@@ -149,6 +163,8 @@ jobs:
|
||||
retention-days: 90
|
||||
|
||||
- name: Attach assets to release
|
||||
# Push (tag) only — dispatch runs produce artifacts but no release.
|
||||
if: github.event_name == 'push'
|
||||
env:
|
||||
GITEA_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
|
||||
run: |
|
||||
@@ -184,6 +200,7 @@ jobs:
|
||||
# ── Linux tarball ──────────────────────────────────────────
|
||||
build-linux:
|
||||
needs: create-release
|
||||
if: ${{ !cancelled() && (needs.create-release.result == 'success' || needs.create-release.result == 'skipped') }}
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
@@ -219,6 +236,7 @@ jobs:
|
||||
retention-days: 90
|
||||
|
||||
- name: Attach tarball to release
|
||||
if: github.event_name == 'push'
|
||||
env:
|
||||
GITEA_TOKEN: ${{ secrets.DEPLOY_TOKEN }}
|
||||
run: |
|
||||
@@ -247,6 +265,7 @@ jobs:
|
||||
# ── Docker image ───────────────────────────────────────────
|
||||
build-docker:
|
||||
needs: create-release
|
||||
if: ${{ !cancelled() && (needs.create-release.result == 'success' || needs.create-release.result == 'skipped') }}
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
@@ -270,6 +289,9 @@ jobs:
|
||||
|
||||
- name: Login to Gitea Container Registry
|
||||
id: docker-login
|
||||
# Dispatch runs don't need registry credentials — the build step
|
||||
# verifies the Dockerfile locally and push is skipped.
|
||||
if: github.event_name == 'push'
|
||||
continue-on-error: true
|
||||
run: |
|
||||
echo "${{ secrets.DEPLOY_TOKEN }}" | docker login \
|
||||
@@ -277,7 +299,10 @@ jobs:
|
||||
-u "${{ gitea.actor }}" --password-stdin
|
||||
|
||||
- name: Build Docker image
|
||||
if: steps.docker-login.outcome == 'success'
|
||||
# Always build — dispatch uses this to validate the Dockerfile.
|
||||
# On push, still gate on successful login so we don't build a
|
||||
# tagged image that can't be pushed.
|
||||
if: github.event_name != 'push' || steps.docker-login.outcome == 'success'
|
||||
run: |
|
||||
TAG="${{ gitea.ref_name }}"
|
||||
REGISTRY="${{ steps.meta.outputs.registry }}"
|
||||
@@ -296,7 +321,7 @@ jobs:
|
||||
fi
|
||||
|
||||
- name: Push Docker image
|
||||
if: steps.docker-login.outcome == 'success'
|
||||
if: github.event_name == 'push' && steps.docker-login.outcome == 'success'
|
||||
run: |
|
||||
TAG="${{ gitea.ref_name }}"
|
||||
REGISTRY="${{ steps.meta.outputs.registry }}"
|
||||
|
||||
Reference in New Issue
Block a user