126 lines
3.2 KiB
Bash
126 lines
3.2 KiB
Bash
#!/bin/bash
|
|
|
|
set -Eeuo pipefail
|
|
|
|
section() {
|
|
printf '\n==================================================\n'
|
|
printf '%s\n' "$1"
|
|
printf '--------------------------------------------------\n'
|
|
}
|
|
|
|
require_value() {
|
|
local name="$1"
|
|
local value="$2"
|
|
local display_value="$value"
|
|
|
|
case "$name" in
|
|
*TOKEN*|*SECRET*|*PASSWORD*|*PASS*|*KEY*)
|
|
display_value="***"
|
|
;;
|
|
esac
|
|
|
|
printf '%s=%s\n' "$name" "$display_value"
|
|
|
|
if [ -z "$value" ] || [ "$value" = "null" ]; then
|
|
printf '錯誤:%s 不可為空\n' "$name" >&2
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
validate_release_archive() {
|
|
local archive="$1"
|
|
local archive_entries
|
|
local entry
|
|
local normalized_entry
|
|
|
|
if ! archive_entries="$(unzip -Z1 "$archive")"; then
|
|
printf '錯誤:無法讀取壓縮檔:%s\n' "$archive" >&2
|
|
exit 1
|
|
fi
|
|
|
|
while IFS= read -r entry; do
|
|
[ -z "$entry" ] && continue
|
|
|
|
normalized_entry="${entry//\\//}"
|
|
|
|
case "$normalized_entry" in
|
|
/*|../*|*/../*|*/..|..)
|
|
printf '錯誤:壓縮檔包含不安全路徑:%s\n' "$entry" >&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
done <<EOF
|
|
$archive_entries
|
|
EOF
|
|
}
|
|
|
|
require_index() {
|
|
local value="$1"
|
|
|
|
if [[ ! "$value" =~ ^[0-9]+$ ]]; then
|
|
printf '錯誤:RELEASE_INDEX 必須是非負整數\n' >&2
|
|
exit 1
|
|
fi
|
|
}
|
|
|
|
section "參數檢查"
|
|
require_value "GITEA_SERVER_URL" "${GITEA_SERVER_URL:-}"
|
|
require_value "GITEA_REPOSITORY" "${GITEA_REPOSITORY:-}"
|
|
require_value "RELEASE_VERSION" "${RELEASE_VERSION:-}"
|
|
require_value "RELEASE_INDEX" "${RELEASE_INDEX:-}"
|
|
require_index "${RELEASE_INDEX:-}"
|
|
require_value "RUNNER_TOKEN" "${RUNNER_TOKEN:-}"
|
|
require_value "NUGET_AUTHOR" "${NUGET_AUTHOR:-}"
|
|
|
|
section "取得成品連結"
|
|
|
|
release_header="Authorization: token $RUNNER_TOKEN"
|
|
release_api_url="$GITEA_SERVER_URL/api/v1/repos/$GITEA_REPOSITORY/releases/tags/v$RELEASE_VERSION"
|
|
|
|
printf 'RELEASE_API_URL=%s\n' "$release_api_url"
|
|
|
|
release_json="$(curl -fsSL -H "$release_header" "$release_api_url")"
|
|
release_asset_path=".assets[$RELEASE_INDEX]"
|
|
|
|
release_name="$(printf '%s' "$release_json" | jq -r "$release_asset_path.name")"
|
|
require_value "RELEASE_NAME" "$release_name"
|
|
|
|
release_url="$(printf '%s' "$release_json" | jq -r "$release_asset_path.browser_download_url")"
|
|
require_value "RELEASE_URL" "$release_url"
|
|
|
|
section "下載成品"
|
|
|
|
curl -fsSL -H "$release_header" "$release_url" -o "$release_name"
|
|
printf '已下載:%s\n' "$release_name"
|
|
|
|
section "解壓縮成品"
|
|
|
|
rm -rf output
|
|
mkdir -p output
|
|
validate_release_archive "$release_name"
|
|
unzip -q "$release_name" -d output
|
|
printf '已解壓縮到:%s\n' "output"
|
|
|
|
section "推送 NUGET 套件"
|
|
|
|
nuget_source="$GITEA_SERVER_URL/api/packages/$NUGET_AUTHOR/nuget/index.json"
|
|
printf 'NUGET_SOURCE=%s\n' "$nuget_source"
|
|
|
|
mapfile -t nuget_packages < <(find output -type f -name '*.nupkg' | sort)
|
|
|
|
if [ "${#nuget_packages[@]}" -eq 0 ]; then
|
|
printf '錯誤:找不到 .nupkg 檔案\n' >&2
|
|
exit 1
|
|
fi
|
|
|
|
for nuget_package in "${nuget_packages[@]}"; do
|
|
printf 'NUGET_PACKAGE=%s\n' "$nuget_package"
|
|
|
|
dotnet nuget push "$nuget_package" \
|
|
--source "$nuget_source" \
|
|
--api-key "$RUNNER_TOKEN" \
|
|
--skip-duplicate
|
|
done
|
|
|
|
section "完成"
|