CI: allow insecure curl for self-signed Forgejo API
All checks were successful
Forgejo Release Builder / release (push) Successful in 15m48s

This commit is contained in:
littlecodedragon 2026-05-08 08:34:29 +02:00
parent 0d6a348578
commit 7e3738551b

View file

@ -270,6 +270,7 @@ jobs:
COMMIT_LOGS: ${{ steps.prepare.outputs.COMMIT_LOGS }} COMMIT_LOGS: ${{ steps.prepare.outputs.COMMIT_LOGS }}
REPO_URL: ${{ github.server_url }}/${{ github.repository }} REPO_URL: ${{ github.server_url }}/${{ github.repository }}
REPOSITORY_NAME: ${{ github.repository }} REPOSITORY_NAME: ${{ github.repository }}
FORGEJO_CURL_INSECURE: "true"
run: | run: |
set -euo pipefail set -euo pipefail
@ -342,6 +343,10 @@ jobs:
} }
ensure_jq || { echo "jq not found; install jq on the runner (dnf install -y jq)."; exit 1; } ensure_jq || { echo "jq not found; install jq on the runner (dnf install -y jq)."; exit 1; }
ensure_curl || { echo "curl not found; install curl on the runner (dnf install -y curl)."; exit 1; } ensure_curl || { echo "curl not found; install curl on the runner (dnf install -y curl)."; exit 1; }
curl_tls_args=()
if [ "${FORGEJO_CURL_INSECURE:-false}" = "true" ]; then
curl_tls_args+=(--insecure)
fi
api_base="${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY}/releases" api_base="${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY}/releases"
payload_file="$(mktemp)" payload_file="$(mktemp)"
@ -384,13 +389,13 @@ jobs:
--arg body "${release_body}" \ --arg body "${release_body}" \
'{tag_name: $tag, name: $title, body: $body, draft: true, prerelease: false}' > "${payload_file}" '{tag_name: $tag, name: $title, body: $body, draft: true, prerelease: false}' > "${payload_file}"
status="$(curl -sS -o "$response_file" -w '%{http_code}' \ status="$(curl "${curl_tls_args[@]}" -sS -o "$response_file" -w '%{http_code}' \
-H "Authorization: token ${FORGEJO_TOKEN}" \ -H "Authorization: token ${FORGEJO_TOKEN}" \
"${api_base}/tags/${VERSION_TAG}")" "${api_base}/tags/${VERSION_TAG}")"
if [ "$status" = "200" ]; then if [ "$status" = "200" ]; then
release_id="$("${JQ_BIN}" -r '.id' < "$response_file")" release_id="$("${JQ_BIN}" -r '.id' < "$response_file")"
curl -fsS \ curl "${curl_tls_args[@]}" -fsS \
-X PATCH \ -X PATCH \
-H "Authorization: token ${FORGEJO_TOKEN}" \ -H "Authorization: token ${FORGEJO_TOKEN}" \
-H 'Content-Type: application/json' \ -H 'Content-Type: application/json' \
@ -398,7 +403,7 @@ jobs:
"${api_base}/${release_id}" \ "${api_base}/${release_id}" \
> "$response_file" > "$response_file"
elif [ "$status" = "404" ]; then elif [ "$status" = "404" ]; then
curl -fsS \ curl "${curl_tls_args[@]}" -fsS \
-X POST \ -X POST \
-H "Authorization: token ${FORGEJO_TOKEN}" \ -H "Authorization: token ${FORGEJO_TOKEN}" \
-H 'Content-Type: application/json' \ -H 'Content-Type: application/json' \
@ -418,6 +423,7 @@ jobs:
env: env:
FORGEJO_TOKEN: ${{ secrets.GITHUB_TOKEN }} FORGEJO_TOKEN: ${{ secrets.GITHUB_TOKEN }}
RELEASE_ID: ${{ steps.release.outputs.RELEASE_ID }} RELEASE_ID: ${{ steps.release.outputs.RELEASE_ID }}
FORGEJO_CURL_INSECURE: "true"
run: | run: |
set -euo pipefail set -euo pipefail
@ -490,11 +496,15 @@ jobs:
} }
ensure_jq || { echo "jq not found; install jq on the runner (dnf install -y jq)."; exit 1; } ensure_jq || { echo "jq not found; install jq on the runner (dnf install -y jq)."; exit 1; }
ensure_curl || { echo "curl not found; install curl on the runner (dnf install -y curl)."; exit 1; } ensure_curl || { echo "curl not found; install curl on the runner (dnf install -y curl)."; exit 1; }
curl_tls_args=()
if [ "${FORGEJO_CURL_INSECURE:-false}" = "true" ]; then
curl_tls_args+=(--insecure)
fi
release_api="${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY}/releases/${RELEASE_ID}" release_api="${GITHUB_API_URL}/repos/${GITHUB_REPOSITORY}/releases/${RELEASE_ID}"
assets_file="$(mktemp)" assets_file="$(mktemp)"
curl -fsS \ curl "${curl_tls_args[@]}" -fsS \
-H "Authorization: token ${FORGEJO_TOKEN}" \ -H "Authorization: token ${FORGEJO_TOKEN}" \
"${release_api}/assets" \ "${release_api}/assets" \
> "$assets_file" > "$assets_file"
@ -513,7 +523,7 @@ jobs:
asset_id="$("${JQ_BIN}" -r --arg n "${asset_name}" '(.[] | select(.name == $n) | .id) // empty' "$assets_file")" asset_id="$("${JQ_BIN}" -r --arg n "${asset_name}" '(.[] | select(.name == $n) | .id) // empty' "$assets_file")"
if [ -n "$asset_id" ] && [ "$asset_id" != "null" ]; then if [ -n "$asset_id" ] && [ "$asset_id" != "null" ]; then
curl -fsS \ curl "${curl_tls_args[@]}" -fsS \
-X DELETE \ -X DELETE \
-H "Authorization: token ${FORGEJO_TOKEN}" \ -H "Authorization: token ${FORGEJO_TOKEN}" \
"${release_api}/assets/${asset_id}" \ "${release_api}/assets/${asset_id}" \
@ -522,7 +532,7 @@ jobs:
encoded_name="$("${JQ_BIN}" -nr --arg s "${asset_name}" '$s | @uri')" encoded_name="$("${JQ_BIN}" -nr --arg s "${asset_name}" '$s | @uri')"
curl -fsS \ curl "${curl_tls_args[@]}" -fsS \
-X POST \ -X POST \
-H "Authorization: token ${FORGEJO_TOKEN}" \ -H "Authorization: token ${FORGEJO_TOKEN}" \
-H 'Content-Type: application/octet-stream' \ -H 'Content-Type: application/octet-stream' \