root
804e32a418
Root cause of the earlier "Failed to authenticate" / "could not read
Username" failures: shell scripts in Gitea Actions don't automatically
inherit secrets — \${GITHUB_TOKEN} expanded to an empty string, so the
URL became "https://forgejo-runner:@..." (empty password) and Gitea's
auth layer rejected it.
Fix: explicit env: block on the Checkout step pulls the token in,
then the URL uses it via x-access-token (canonical token-as-password
username, accepted by Gitea, GitHub, Forgejo alike).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
78 lines
2.5 KiB
YAML
78 lines
2.5 KiB
YAML
name: Build
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
paths-ignore:
|
|
- 'docs/**'
|
|
- 'README.md'
|
|
- 'LICENSE'
|
|
- '*.md'
|
|
pull_request:
|
|
paths-ignore:
|
|
- 'docs/**'
|
|
- '*.md'
|
|
|
|
concurrency:
|
|
group: build-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
# We deliberately avoid actions/cache@v4 and actions/upload-artifact@v4 in this
|
|
# workflow. They are Node.js-based and the runner image (golang:*) has no Node.
|
|
# Installing Node would add ~10s per job for every run; for now we accept
|
|
# that go module downloads happen on each invocation (~20-30s once warm).
|
|
# Real release artifacts are produced by release.yml via curl + Forgejo API.
|
|
|
|
jobs:
|
|
test:
|
|
runs-on: go
|
|
steps:
|
|
- name: Checkout
|
|
env:
|
|
# Gitea Actions doesn't auto-export GITHUB_TOKEN to the shell;
|
|
# we have to read it from secrets and surface it explicitly.
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
git clone --no-checkout "https://x-access-token:${GITHUB_TOKEN}@git.okcu.io/${GITHUB_REPOSITORY}.git" /tmp/src
|
|
git -C /tmp/src checkout "$GITHUB_SHA"
|
|
cp -a /tmp/src/. .
|
|
- name: Vet
|
|
run: go vet ./...
|
|
- name: Test with race
|
|
run: go test -race -coverprofile=coverage.txt -covermode=atomic ./...
|
|
- name: Linux smoke build
|
|
run: |
|
|
mkdir -p bin
|
|
go build -trimpath -ldflags="-s -w" -o bin/drover ./cmd/drover
|
|
./bin/drover --version
|
|
|
|
build-windows:
|
|
runs-on: go
|
|
needs: test
|
|
steps:
|
|
- name: Checkout
|
|
env:
|
|
# Gitea Actions doesn't auto-export GITHUB_TOKEN to the shell;
|
|
# we have to read it from secrets and surface it explicitly.
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
run: |
|
|
git clone --no-checkout "https://x-access-token:${GITHUB_TOKEN}@git.okcu.io/${GITHUB_REPOSITORY}.git" /tmp/src
|
|
git -C /tmp/src checkout "$GITHUB_SHA"
|
|
cp -a /tmp/src/. .
|
|
- name: Cross-compile drover.exe (windows/amd64)
|
|
env:
|
|
GOOS: windows
|
|
GOARCH: amd64
|
|
CGO_ENABLED: '0'
|
|
run: |
|
|
SHORT_SHA="${GITHUB_SHA:0:7}"
|
|
BUILD_DATE="$(date -u +%Y-%m-%d)"
|
|
mkdir -p bin
|
|
go build -trimpath -ldflags="-s -w \
|
|
-X main.Version=dev-${SHORT_SHA} \
|
|
-X main.Commit=${SHORT_SHA} \
|
|
-X main.BuildDate=${BUILD_DATE}" \
|
|
-o bin/drover.exe ./cmd/drover
|
|
ls -la bin/
|
|
sha256sum bin/drover.exe
|