2.4.1

Fix uploading of assets

.eslintrc.json

@@ -24,7 +24,6 @@
         "@typescript-eslint/func-call-spacing": ["error", "never"],
         "@typescript-eslint/no-array-constructor": "error",
         "@typescript-eslint/no-empty-interface": "error",
-        "@typescript-eslint/no-explicit-any": "error",
         "@typescript-eslint/no-extraneous-class": "error",
         "@typescript-eslint/no-for-in-array": "error",
         "@typescript-eslint/no-inferrable-types": "error",

.github/workflows/ci.yml

@@ -9,7 +9,7 @@ jobs:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - run: |
         npm install
         npm run all
@@ -21,7 +21,7 @@ jobs:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Make test pre-release
       uses: ./
       with:
@@ -31,7 +31,7 @@ jobs:
         tag: ci-test-${{ matrix.os }}-${{ github.run_id }}
         overwrite: true
         prerelease: true
-        body: "rofl lol test"
+        body: "rofl lol test%0Aianal %25 fubar"
     - name: Check that the uploaded asset is readable
       uses: actions/github-script@v2
       with:
@@ -47,7 +47,7 @@ jobs:
             tag: "ci-test-${{ matrix.os }}-${{ github.run_id }}",
           })
           assert.deepStrictEqual(release.data.prerelease, true)
-          assert.deepStrictEqual(release.data.body, "rofl lol test")
+          assert.deepStrictEqual(release.data.body, "rofl lol test\nianal % fubar")
           assert.deepStrictEqual(release.data.assets[0].name, "TEST.md")
           const actual = child_process.execSync(`curl -Ls ${release.data.assets[0].browser_download_url}`)
           assert.deepStrictEqual(expected, actual)

CHANGELOG.md

@@ -1,5 +1,25 @@
 # Changelog
 
+## [2.4.1] - 2023-02-01
+- Modernize octokit usage
+
+## [2.4.0] - 2023-01-09
+- Update to node 16
+- Bump most dependencies
+
+## [2.3.0] - 2022-06-05
+- Now defaults `repo_token` to `${{ github.token }}` and `tag` to `${{ github.ref }}` [#69](https://github.com/svenstaro/upload-release-action/pull/69) (thanks @leighmcculloch)
+
+## [2.2.1] - 2020-12-16
+- Added support for the GitHub pagination API for repositories with many releases [#36](https://github.com/svenstaro/upload-release-action/pull/36) (thanks @djpohly)
+
+## [2.2.0] - 2020-10-07
+- Add support for ceating a new release in a foreign repository [#25](https://github.com/svenstaro/upload-release-action/pull/25) (thanks @kittaakos)
+- Upgrade all deps
+
+## [2.1.1] - 2020-09-25
+- Fix `release_name` option [#27](https://github.com/svenstaro/upload-release-action/pull/27) (thanks @kittaakos)
+
 ## [2.1.0] - 2020-08-10
 - Strip refs/heads/ from the input tag [#23](https://github.com/svenstaro/upload-release-action/pull/23) (thanks @OmarEmaraDev)
 

README.md

@@ -1,4 +1,4 @@
-# Upload files to a GitHub release [![GitHub Actions Workflow](https://github.com/svenstaro/upload-release-action/workflows/PR%20Checks/badge.svg)](https://github.com/svenstaro/upload-release-action/actions)
+# Upload files to a GitHub release [![GitHub Actions Workflow](https://github.com/svenstaro/upload-release-action/actions/workflows/ci.yml/badge.svg)](https://github.com/svenstaro/upload-release-action/actions)
 
 This action allows you to select which files to upload to the just-tagged release.
 It runs on all operating systems types offered by GitHub.
@@ -7,19 +7,20 @@ It runs on all operating systems types offered by GitHub.
 
 You must provide:
 
-- `repo_token`: Usually you'll want to set this to `${{ secrets.GITHUB_TOKEN }}`.
 - `file`: A local file to be uploaded as the asset.
-- `tag`: The tag to upload into. If you want the current event's tag or branch name, use `${{ github.ref }}` (the `refs/tags/` and `refs/heads/` prefixes will be automatically stripped).
 
 Optional Arguments
 
+- `repo_token`: Defaults to `github.token`.
+- `tag`: The tag to upload into. If you want the current event's tag or branch name, use `${{ github.ref }}` (the `refs/tags/` and `refs/heads/` prefixes will be automatically stripped). Defaults to `github.ref`.
 - `asset_name`: The name the file gets as an asset on a release. Use `$tag` to include the tag name. When not provided it will default to the filename.
                 This is not used if `file_glob` is set to `true`.
 - `file_glob`: If set to true, the file argument can be a glob pattern (`asset_name` is ignored in this case) (Default: `false`)
 - `overwrite`: If an asset with the same name already exists, overwrite it (Default: `false`).
 - `prerelease`: Mark the release as a pre-release (Default: `false`).
 - `release_name`: Explicitly set a release name. (Defaults: implicitly same as `tag` via GitHub API).
-- `body`: Content of the release text (Defaut: `""`).
+- `body`: Content of the release text (Default: `""`).
+- `repo_name`: Specify the name of the GitHub repository in which the GitHub release will be created, edited, and deleted. If the repository is other than the current, it is required to create a personal access token with `repo`, `user`, `admin:repo_hook` scopes to the foreign repository and add it as a secret. (Default: current repository).
 
 ## Output variables
 
@@ -46,7 +47,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Build
       run: cargo build --release
     - name: Upload binaries to release
@@ -88,7 +89,7 @@ jobs:
             asset_name: mything-macos-amd64
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Build
       run: cargo build --release --locked
     - name: Upload binaries to release
@@ -101,18 +102,20 @@ jobs:
 ```
 
 Example with `file_glob`:
+
 ```yaml
 name: Publish
 on:
   push:
     tags:
       - '*'
+
 jobs:
   build:
     name: Publish binaries
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
     - name: Build
       run: cargo build --release
     - name: Upload binaries to release
@@ -125,6 +128,85 @@ jobs:
         file_glob: true
 ```
 
+Example for creating a release in a foreign repository using `repo_name`:
+
+```yaml
+name: Publish
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+  build:
+    name: Publish binaries
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+    - name: Build
+      run: cargo build --release
+    - name: Upload binaries to release
+      uses: svenstaro/upload-release-action@v2
+      with:
+        repo_name: owner/repository-name
+        # A personal access token for the GitHub repository in which the release will be created and edited.
+        # It is recommended to create the access token with the following scopes: `repo, user, admin:repo_hook`.
+        repo_token: ${{ secrets.YOUR_PERSONAL_ACCESS_TOKEN }}
+        file: target/release/mything
+        asset_name: mything
+        tag: ${{ github.ref }}
+        overwrite: true
+        body: "This is my release text"
+```
+
+**Example for feeding a file from repo to the `body` tag:**
+
+This example covers following points:
+* Reading a file present on the repo. For example, `release.md` which is placed in root directory of the repo.
+* Modify & push the `release.md` file before triggering this action (create tag for this example) to dynamically change the body of the release.
+
+```yaml
+name: Publish
+
+on:
+  push:
+    tags:
+      - '*'
+
+jobs:
+
+  build:
+    name: Publish binaries
+    runs-on: ubuntu-latest
+         
+    steps:
+      - uses: actions/checkout@v3
+
+      # This step reads a file from repo and use it for body of the release
+      # This works on any self-hosted runner OS
+      - name: Read release.md and use it as a body of new release
+        id: read_release
+        shell: bash
+        run: |
+          r=$(cat path/to/release.md)                       # <--- Read release.md (Provide correct path as per your repo)
+          r="${r//'%'/'%25'}"                               # Multiline escape sequences for %
+          r="${r//$'\n'/'%0A'}"                             # Multiline escape sequences for '\n'
+          r="${r//$'\r'/'%0D'}"                             # Multiline escape sequences for '\r'
+          echo "RELEASE_BODY=$r" >> $GITHUB_OUTPUT          # <--- Set environment variable
+
+      - name: Upload Binaries to Release
+        uses: svenstaro/upload-release-action@v2
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          tag: ${{ github.ref }}
+          body: |
+            ${{ steps.read_release.outputs.RELEASE_BODY }}  # <--- Use environment variables that was created earlier
+
+```
+
+
 ## Releasing
 
 To release this Action:

action.yml

@@ -8,12 +8,14 @@ inputs:
   repo_token:
     description: 'GitHub token.'
     required: true
+    default: ${{ github.token }}
   file:
     description: 'Local file to upload.'
     required: true
   tag:
     description: 'Tag to use as a release.'
     required: true
+    default: ${{ github.ref }}
   asset_name:
     description: 'Name of the asset. When not provided will use the file name. Unused if file_glob is set to "true".'
   overwrite:
@@ -26,9 +28,11 @@ inputs:
     description: 'Explicitly set a release name. Defaults to empty which will cause the release to take the tag as name on GitHub.'
   body:
     description: 'Content of the release text. Empty by default.'
+  repo_name:
+    description: 'Specify the name of the GitHub repository in which the GitHub release will be created, edited, and deleted. If the repository is other than the current, it is required to create a personal access token with `repo`, `user`, `admin:repo_hook` scopes to the foreign repository and add it as a secret. Defaults to the current repository'
 outputs:
   browser_download_url:
     description: 'The publicly available URL of the asset.'
 runs:
-  using: 'node12'
+  using: 'node16'
   main: 'dist/index.js'

package.json

@@ -1,6 +1,6 @@
 {
   "name": "upload-release-action",
-  "version": "2.1.0",
+  "version": "2.4.1",
   "private": true,
   "description": "Upload files to a GitHub release",
   "main": "lib/main.js",
@@ -27,24 +27,24 @@
   "author": "Sven-Hendrik Haase",
   "license": "MIT",
   "dependencies": {
-    "@actions/core": "^1.2.0",
-    "@actions/github": "^4.0.0",
-    "@types/glob": "^7.1.2",
-    "glob": "^7.1.6"
+    "@actions/core": "^1.10.0",
+    "@actions/github": "^5",
+    "glob": "^7"
   },
   "devDependencies": {
-    "@types/jest": "^24.9.1",
-    "@types/node": "^12.12.47",
-    "@typescript-eslint/parser": "^3.5.0",
-    "@zeit/ncc": "^0.22.3",
-    "eslint": "^7.3.1",
-    "eslint-plugin-github": "^4.0.1",
-    "eslint-plugin-jest": "^23.17.1",
-    "jest": "^26.1.0",
-    "jest-circus": "^26.1.0",
-    "js-yaml": "^3.14.0",
-    "prettier": "^2.0.5",
-    "ts-jest": "^26.1.1",
-    "typescript": "^3.9.6"
+    "@types/glob": "^7",
+    "@types/jest": "^29",
+    "@types/node": "^16",
+    "@typescript-eslint/parser": "^5",
+    "@vercel/ncc": "^0.36.0",
+    "eslint": "^8",
+    "eslint-plugin-github": "^4.6",
+    "eslint-plugin-jest": "^27",
+    "jest": "^29",
+    "jest-circus": "^29",
+    "js-yaml": "^4",
+    "prettier": "^2.8",
+    "ts-jest": "^29",
+    "typescript": "^4"
   }
 }

src/main.ts

@@ -6,10 +6,19 @@ import * as github from '@actions/github'
 import * as path from 'path'
 import * as glob from 'glob'
 
-type RepoAssetsResp = Endpoints['GET /repos/:owner/:repo/releases/:release_id/assets']['response']
-type ReleaseByTagResp = Endpoints['GET /repos/:owner/:repo/releases/tags/:tag']['response']
-type CreateReleaseResp = Endpoints['POST /repos/:owner/:repo/releases']['response']
-type UploadAssetResp = Endpoints['POST /repos/:owner/:repo/releases/:release_id/assets{?name,label}']['response']
+const releaseByTag = 'GET /repos/{owner}/{repo}/releases/tags/{tag}' as const
+const createRelease = 'POST /repos/{owner}/{repo}/releases' as const
+const repoAssets =
+  'GET /repos/{owner}/{repo}/releases/{release_id}/assets' as const
+const uploadAssets =
+  'POST {origin}/repos/{owner}/{repo}/releases/{release_id}/assets{?name,label}' as const
+const deleteAssets =
+  'DELETE /repos/{owner}/{repo}/releases/assets/{asset_id}' as const
+
+type ReleaseByTagResp = Endpoints[typeof releaseByTag]['response']
+type CreateReleaseResp = Endpoints[typeof createRelease]['response']
+type RepoAssetsResp = Endpoints[typeof repoAssets]['response']['data']
+type UploadAssetResp = Endpoints[typeof uploadAssets]['response']
 
 async function get_release_by_tag(
   tag: string,
@@ -20,21 +29,21 @@ async function get_release_by_tag(
 ): Promise<ReleaseByTagResp | CreateReleaseResp> {
   try {
     core.debug(`Getting release by tag ${tag}.`)
-    return await octokit.repos.getReleaseByTag({
-      ...github.context.repo,
+    return await octokit.request(releaseByTag, {
+      ...repo(),
       tag: tag
     })
-  } catch (error) {
+  } catch (error: any) {
     // If this returns 404, we need to create the release first.
     if (error.status === 404) {
       core.debug(
         `Release for tag ${tag} doesn't exist yet so we'll create it now.`
       )
-      return await octokit.repos.createRelease({
-        ...github.context.repo,
+      return await octokit.request(createRelease, {
+        ...repo(),
         tag_name: tag,
         prerelease: prerelease,
-        release_name: release_name,
+        name: release_name,
         body: body
       })
     } else {
@@ -49,7 +58,7 @@ async function upload_to_release(
   asset_name: string,
   tag: string,
   overwrite: boolean,
-  octokit: Octokit
+  octokit: ReturnType<(typeof github)['getOctokit']>
 ): Promise<undefined | string> {
   const stat = fs.statSync(file)
   if (!stat.isFile()) {
@@ -57,21 +66,21 @@ async function upload_to_release(
     return
   }
   const file_size = stat.size
-  const file_bytes = fs.readFileSync(file)
+  const file_bytes: any = fs.createReadStream(file)
 
   // Check for duplicates.
-  const assets: RepoAssetsResp = await octokit.repos.listReleaseAssets({
-    ...github.context.repo,
+  const assets: RepoAssetsResp = await octokit.paginate(repoAssets, {
+    ...repo(),
     release_id: release.data.id
   })
-  const duplicate_asset = assets.data.find(a => a.name === asset_name)
+  const duplicate_asset = assets.find(a => a.name === asset_name)
   if (duplicate_asset !== undefined) {
     if (overwrite) {
       core.debug(
         `An asset called ${asset_name} already exists in release ${tag} so we'll overwrite it.`
       )
-      await octokit.repos.deleteReleaseAsset({
-        ...github.context.repo,
+      await octokit.request(deleteAssets, {
+        ...repo(),
         asset_id: duplicate_asset.id
       })
     } else {
@@ -85,20 +94,40 @@ async function upload_to_release(
   }
 
   core.debug(`Uploading ${file} to ${asset_name} in release ${tag}.`)
-  const uploaded_asset: UploadAssetResp = await octokit.repos.uploadReleaseAsset(
-    {
-      url: release.data.upload_url,
-      name: asset_name,
-      data: file_bytes,
-      headers: {
-        'content-type': 'binary/octet-stream',
-        'content-length': file_size
-      }
+  const uploaded_asset: UploadAssetResp = await octokit.request(uploadAssets, {
+    ...repo(),
+    release_id: release.data.id,
+    url: release.data.upload_url,
+    name: asset_name,
+    data: file_bytes,
+    headers: {
+      'content-type': 'binary/octet-stream',
+      'content-length': file_size
     }
-  )
+  })
   return uploaded_asset.data.browser_download_url
 }
 
+function repo(): {owner: string; repo: string} {
+  const repo_name = core.getInput('repo_name')
+  // If we're not targeting a foreign repository, we can just return immediately and don't have to do extra work.
+  if (!repo_name) {
+    return github.context.repo
+  }
+  const owner = repo_name.substring(0, repo_name.indexOf('/'))
+  if (!owner) {
+    throw new Error(`Could not extract 'owner' from 'repo_name': ${repo_name}.`)
+  }
+  const repo_ = repo_name.substring(repo_name.indexOf('/') + 1)
+  if (!repo_) {
+    throw new Error(`Could not extract 'repo' from 'repo_name': ${repo_name}.`)
+  }
+  return {
+    owner,
+    repo: repo_
+  }
+}
+
 async function run(): Promise<void> {
   try {
     // Get the inputs from the workflow file: https://github.com/actions/toolkit/tree/master/packages/core#inputsoutputs
@@ -113,9 +142,13 @@ async function run(): Promise<void> {
     const overwrite = core.getInput('overwrite') == 'true' ? true : false
     const prerelease = core.getInput('prerelease') == 'true' ? true : false
     const release_name = core.getInput('release_name')
-    const body = core.getInput('body')
+    const body = core
+      .getInput('body')
+      .replace(/%0A/gi, '\n')
+      .replace(/%0D/gi, '\r')
+      .replace(/%25/g, '%')
 
-    const octokit: Octokit = github.getOctokit(token)
+    const octokit = github.getOctokit(token)
     const release = await get_release_by_tag(
       tag,
       prerelease,
@@ -127,11 +160,11 @@ async function run(): Promise<void> {
     if (file_glob) {
       const files = glob.sync(file)
       if (files.length > 0) {
-        for (const file of files) {
-          const asset_name = path.basename(file)
+        for (const file_ of files) {
+          const asset_name = path.basename(file_)
           const asset_download_url = await upload_to_release(
             release,
-            file,
+            file_,
             asset_name,
             tag,
             overwrite,
@@ -157,7 +190,7 @@ async function run(): Promise<void> {
       )
       core.setOutput('browser_download_url', asset_download_url)
     }
-  } catch (error) {
+  } catch (error: any) {
     core.setFailed(error.message)
   }
 }