CubeCraft-Creations/remote-rig
11
0
Fork 0
generated from CubeCraft-Creations/Tracehound
Code Issues 9 Pull Requests 1 Actions Packages Projects Releases 1 Wiki Activity

ci: publish dev release via Node (runner has no curl/jq/sudo)
Build (Dev) / build (push) Failing after 9s
Details
CI/CD / lint-and-typecheck (push) Successful in 7s
Details
CI/CD / test (push) Successful in 7s
Details
CI/CD / build (push) Failing after 9s
Details
CI/CD / deploy (push) Has been skipped
Details

Browse Source 
The build-dev publish step failed with exit 127 — the act runner image is
minimal (no curl, jq, or sudo; runs as root). Node is always present
(setup-node), so do the release publish in Node using built-in fetch/crypto
and FormData/Blob for the asset upload. No external tools needed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Joshua King
2026-06-05 08:16:30 -04:00
parent 8387a4208f
commit a1456fe741
2 changed files with 60 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitea/scripts/publish-release.mjs
+58
View File
@@ -0,0 +1,58 @@
// Publish the built hub binary to a rolling "dev" release on Gitea.
// Runs in the CI job with only Node available (the runner image has no
// curl/jq/sudo), so this uses Node built-ins + global fetch/FormData/Blob.
//
// Env: TOKEN (Gitea token), SERVER (github.server_url), REPO (owner/repo),
// SHA (github.sha). Expects ./remoterig in the working dir.
import { readFileSync } from 'node:fs';
import { createHash } from 'node:crypto';
const { TOKEN, SERVER, REPO, SHA } = process.env;
const BIN = 'remoterig';
const VERSION = SHA.slice(0, 8);
const API = `${SERVER}/api/v1/repos/${REPO}`;
const H = { Authorization: `token ${TOKEN}` };
const ok = async (r) => {
if (!r.ok) throw new Error(`${r.status} ${r.url}\n${await r.text()}`);
const t = await r.text();
return t ? JSON.parse(t) : null;
};
const bin = readFileSync(BIN);
const sha256 = createHash('sha256').update(bin).digest('hex');
const files = {
[BIN]: bin,
[`${BIN}.sha256`]: Buffer.from(sha256 + '\n'),
'version.txt': Buffer.from(VERSION + '\n'),
};
// Roll the "dev" release forward to this commit: delete the old release + tag.
const existing = await fetch(`${API}/releases/tags/dev`, { headers: H });
if (existing.ok) {
const rel = await existing.json();
await fetch(`${API}/releases/${rel.id}`, { method: 'DELETE', headers: H });
}
await fetch(`${API}/tags/dev`, { method: 'DELETE', headers: H }); // ignore if absent
const rel = await ok(await fetch(`${API}/releases`, {
method: 'POST',
headers: { ...H, 'Content-Type': 'application/json' },
body: JSON.stringify({
tag_name: 'dev',
target_commitish: SHA,
name: `dev (${VERSION})`,
body: `Rolling dev build ${SHA}`,
prerelease: true,
}),
}));
for (const [name, buf] of Object.entries(files)) {
const fd = new FormData();
fd.append('attachment', new Blob([buf]), name);
await ok(await fetch(`${API}/releases/${rel.id}/assets?name=${encodeURIComponent(name)}`, {
method: 'POST', headers: H, body: fd,
}));
console.log(`uploaded ${name}`);
}
console.log(`Published dev release ${VERSION}`);
.gitea/workflows/build-dev.yaml
+2 -22
View File
@@ -42,31 +42,11 @@ jobs:
# Pull-based deploy: publish the binary to a rolling "dev" release.
# The Pi polls this release and self-updates (scripts/pi-update.sh);
# the runner never needs to reach the closed RemoteRig network.
# Done in Node (runner image has no curl/jq/sudo; Node is present).
- name: Publish to rolling dev release
env:
TOKEN: ${{ secrets.GITHUB_TOKEN }}
SERVER: ${{ github.server_url }}
REPO: ${{ github.repository }}
SHA: ${{ github.sha }}
run: |
set -euo pipefail
if ! command -v jq >/dev/null; then sudo apt-get update -qq && sudo apt-get install -y -qq jq; fi
API="$SERVER/api/v1/repos/$REPO"
AUTH="Authorization: token $TOKEN"
VERSION="${SHA:0:8}"
echo "$VERSION" > version.txt
sha256sum "$BINARY_NAME" | awk '{print $1}' > "$BINARY_NAME.sha256"
# Roll the "dev" release forward to this commit (delete old release + tag).
REL_ID=$(curl -sf -H "$AUTH" "$API/releases/tags/dev" | jq -r '.id // empty' || true)
[ -n "$REL_ID" ] && curl -sf -X DELETE -H "$AUTH" "$API/releases/$REL_ID" || true
curl -sf -X DELETE -H "$AUTH" "$API/tags/dev" || true
REL_ID=$(curl -sf -X POST -H "$AUTH" -H "Content-Type: application/json" "$API/releases" \
-d "{\"tag_name\":\"dev\",\"target_commitish\":\"$SHA\",\"name\":\"dev ($VERSION)\",\"body\":\"Rolling dev build $SHA\",\"prerelease\":true}" \
| jq -r '.id')
for f in "$BINARY_NAME" "$BINARY_NAME.sha256" version.txt; do
curl -sf -X POST -H "$AUTH" -F "attachment=@$f" "$API/releases/$REL_ID/assets?name=$f"
done
echo "Published dev release $VERSION"
run: node .gitea/scripts/publish-release.mjs