release(v3.11.2): phpseclib security dependency update #250
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Bump version and sync Changelog to Docker Repo | |
| on: | |
| push: | |
| paths: | |
| - "CHANGELOG.md" | |
| workflow_dispatch: {} | |
| permissions: | |
| contents: write | |
| concurrency: | |
| group: bump-and-sync-${{ github.ref }} | |
| cancel-in-progress: false | |
| jobs: | |
| bump_and_sync: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout FileRise | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.ref }} | |
| - name: Extract version from commit message | |
| id: ver | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| # Read from git to avoid Actions injecting raw commit messages into the shell | |
| # (commit bodies can contain backticks / $() / quotes, which would otherwise be interpreted). | |
| MSG="$(git log -1 --pretty=%s)" | |
| if [[ "$MSG" =~ release\((v[0-9]+\.[0-9]+\.[0-9]+)\): ]]; then | |
| echo "version=${BASH_REMATCH[1]}" >> "$GITHUB_OUTPUT" | |
| echo "Found version: ${BASH_REMATCH[1]}" | |
| else | |
| echo "version=" >> "$GITHUB_OUTPUT" | |
| echo "No release(vX.Y.Z) tag in commit message; skipping bump." | |
| fi | |
| # Ensure we're on the branch and up to date BEFORE modifying files | |
| - name: Ensure clean branch (no local mods), update from remote | |
| if: steps.ver.outputs.version != '' | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| # Be on a named branch that tracks the remote | |
| git checkout -B "${{ github.ref_name }}" --track "origin/${{ github.ref_name }}" || git checkout -B "${{ github.ref_name }}" | |
| # Make sure the worktree is clean | |
| if ! git diff --quiet || ! git diff --cached --quiet; then | |
| echo "::error::Working tree not clean before update. Aborting." | |
| git status --porcelain | |
| exit 1 | |
| fi | |
| # Update branch | |
| git pull --rebase origin "${{ github.ref_name }}" | |
| - name: Update public/js/version.js (source of truth) | |
| if: steps.ver.outputs.version != '' | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| cat > public/js/version.js <<'EOF' | |
| // generated by CI | |
| window.APP_VERSION = '${{ steps.ver.outputs.version }}'; | |
| EOF | |
| - name: Commit version.js only | |
| if: steps.ver.outputs.version != '' | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add public/js/version.js | |
| if git diff --cached --quiet; then | |
| echo "No changes to commit" | |
| else | |
| git commit -m "chore(release): set APP_VERSION to ${{ steps.ver.outputs.version }} [skip ci]" | |
| git push origin "${{ github.ref_name }}" | |
| fi | |
| - name: Checkout filerise-docker | |
| if: steps.ver.outputs.version != '' | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: error311/filerise-docker | |
| token: ${{ secrets.PAT_TOKEN }} | |
| path: docker-repo | |
| fetch-depth: 0 | |
| - name: Copy CHANGELOG.md and write VERSION | |
| if: steps.ver.outputs.version != '' | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| cp CHANGELOG.md docker-repo/CHANGELOG.md | |
| echo "${{ steps.ver.outputs.version }}" > docker-repo/VERSION | |
| - name: Commit & push to docker repo | |
| if: steps.ver.outputs.version != '' | |
| working-directory: docker-repo | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| git config user.name "github-actions[bot]" | |
| git config user.email "github-actions[bot]@users.noreply.github.com" | |
| git add CHANGELOG.md VERSION | |
| if git diff --cached --quiet; then | |
| echo "No changes to commit" | |
| else | |
| git commit -m "chore: sync CHANGELOG.md + VERSION (${{ steps.ver.outputs.version }}) from FileRise" | |
| git push origin main | |
| fi |