Skip to content

Commit 47fff59

Browse files
xreamxream
committed
chore(ci): 优化 GitHub Release 工作流,提升 release 分支发布与资产同步稳定性
- build 任务添加 contents: write 权限,Checkout 去除固定 ref 参数 - release tag 生成改为安全变量写法,避免 shell 展开问题 - Release 步骤升级 action-gh-release 到 v3,并限制仅 master 分支、非 PR、成功构建时执行 - release assets 推送增加同样的执行条件,避免在 PR 或其他分支误推送 - 推送脚本改为 set -euo pipefail + GITHUB_TOKEN HTTP header 鉴权 - 推送前先判断 release 分支是否已存在:存在则克隆,不存在则初始化 - 使用临时目录 + rsync 同步 backend/dist,并在无变更时跳过提交 - 移除旧有 git init/force push 流程与 url 中直接拼 token 的写法
1 parent b6969e7 commit 47fff59

2 files changed

Lines changed: 33 additions & 13 deletions

File tree

.github/workflows/main.yml

Lines changed: 32 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,11 @@ on:
1414
jobs:
1515
build:
1616
runs-on: ubuntu-latest
17+
permissions:
18+
contents: write
1719
steps:
1820
- name: Checkout
1921
uses: actions/checkout@v6
20-
with:
21-
ref: "master"
2222
- name: Set up Node.js
2323
uses: actions/setup-node@v6
2424
with:
@@ -74,16 +74,16 @@ jobs:
7474
name: Generate release tag
7575
run: |
7676
cd backend
77-
SUBSTORE_RELEASE=`node --eval="process.stdout.write(require('./package.json').version)"`
78-
echo "release_tag=$SUBSTORE_RELEASE" >> $GITHUB_OUTPUT
77+
SUBSTORE_RELEASE="$(node --eval="process.stdout.write(require('./package.json').version)")"
78+
echo "release_tag=${SUBSTORE_RELEASE}" >> "${GITHUB_OUTPUT}"
7979
- name: Prepare release
8080
run: |
8181
cd backend
8282
pnpm i -D conventional-changelog-cli
8383
pnpm run changelog
8484
- name: Release
85-
uses: softprops/action-gh-release@v1
86-
if: ${{ success() }}
85+
uses: softprops/action-gh-release@v3
86+
if: ${{ success() && github.event_name != 'pull_request' && github.ref == 'refs/heads/master' }}
8787
env:
8888
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
8989
with:
@@ -99,16 +99,36 @@ jobs:
9999
./backend/dist/proxy-utils.esm.mjs
100100
./backend/dist/sub-store.bundle.js
101101
- name: Git push assets to "release" branch
102+
if: ${{ success() && github.event_name != 'pull_request' && github.ref == 'refs/heads/master' }}
103+
env:
104+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
102105
run: |
103-
cd backend/dist || exit 1
104-
git init
106+
set -euo pipefail
107+
108+
auth_header="AUTHORIZATION: bearer ${GITHUB_TOKEN}"
109+
repo_url="https://github.com/${GITHUB_REPOSITORY}.git"
110+
release_dir="${RUNNER_TEMP}/release-dist"
111+
112+
rm -rf "${release_dir}"
113+
if git -c http.https://github.com/.extraheader="${auth_header}" ls-remote --exit-code --heads "${repo_url}" release > /dev/null; then
114+
git -c http.https://github.com/.extraheader="${auth_header}" clone --depth 1 --branch release "${repo_url}" "${release_dir}"
115+
else
116+
git init -b release "${release_dir}"
117+
git -C "${release_dir}" remote add origin "${repo_url}"
118+
fi
119+
120+
rsync -a --delete --exclude='.git' backend/dist/ "${release_dir}/"
121+
122+
cd "${release_dir}"
105123
git config --local user.name "github-actions[bot]"
106124
git config --local user.email "github-actions[bot]@users.noreply.github.com"
107-
git checkout -b release
108-
git add .
125+
git add -A
126+
if git diff --cached --quiet; then
127+
echo "No release asset changes to push."
128+
exit 0
129+
fi
109130
git commit -m "release: ${{ steps.tag.outputs.release_tag }}"
110-
git remote add origin "https://${{ github.actor }}:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}"
111-
git push -f -u origin release
131+
git -c http.https://github.com/.extraheader="${auth_header}" push origin release
112132
# - name: Sync to GitLab
113133
# env:
114134
# GITLAB_PIPELINE_TOKEN: ${{ secrets.GITLAB_PIPELINE_TOKEN }}

backend/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "sub-store",
3-
"version": "2.23.25",
3+
"version": "2.23.26",
44
"description": "Advanced Subscription Manager for QX, Loon, Surge, Stash and Shadowrocket.",
55
"main": "src/main.js",
66
"packageManager": "pnpm@11.0.9",

0 commit comments

Comments
 (0)