XtreamPlayer/.github/workflows/release-safety.yml at 03465a3169ffefe6af5fdf004655ca1ce179a8c6 · kalzEOS/XtreamPlayer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
name: Release Safety Rails

on:
  release:
    types: [published, edited]

jobs:
  validate-release:
    runs-on: ubuntu-latest
    permissions:
      contents: read
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Fetch Release Data
        id: release
        env:
          GITHUB_TOKEN: ${{ github.token }}
          TAG_NAME: ${{ github.event.release.tag_name }}
        run: |
          set -euo pipefail
          release_json="$(mktemp)"
          curl -fsSL \
            -H "Authorization: Bearer ${GITHUB_TOKEN}" \
            -H "Accept: application/vnd.github+json" \
            "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/tags/${TAG_NAME}" \
            -o "${release_json}"
          echo "release_json=${release_json}" >> "${GITHUB_OUTPUT}"

      - name: Validate Metadata
        env:
          TAG_NAME: ${{ github.event.release.tag_name }}
          RELEASE_JSON: ${{ steps.release.outputs.release_json }}
        run: |
          set -euo pipefail
          notes_file="$(mktemp)"
          title="$(jq -r '.name // empty' "${RELEASE_JSON}")"
          jq -r '.body // empty' "${RELEASE_JSON}" > "${notes_file}"
          prerelease="$(jq -r '.prerelease' "${RELEASE_JSON}")"
          target_branch="$(jq -r '.target_commitish // empty' "${RELEASE_JSON}")"
          title="${title:-${TAG_NAME}}"
          ./scripts/validate_release_metadata.sh \
            "${TAG_NAME}" \
            "${title}" \
            "${notes_file}" \
            "${prerelease}" \
            "${target_branch}"

      - name: Validate Release Assets
        env:
          TAG_NAME: ${{ github.event.release.tag_name }}
          RELEASE_JSON: ${{ steps.release.outputs.release_json }}
        run: |
          set -euo pipefail
          version="${TAG_NAME#XtreamPlayerv}"
          apk_count="$(jq '[.assets[] | select(.name | endswith(".apk"))] | length' "${RELEASE_JSON}")"
          if [[ "${apk_count}" -lt 1 ]]; then
            echo "Release must include at least one APK asset."
            exit 1
          fi
          bad_assets="$(jq -r '.assets[] | .name' "${RELEASE_JSON}" | awk -v v="${version}" 'index($0, v)==0')"
          if [[ -n "${bad_assets}" ]]; then
            echo "Every release asset name must include version ${version}."
            echo "${bad_assets}"
            exit 1
          fi