From 1b37335f8ad844bda028f18efadf4f8c93e90ea5 Mon Sep 17 00:00:00 2001 From: claudi Date: Wed, 28 Jan 2026 14:29:35 +0100 Subject: [PATCH] refactor: Use environment variables for upload script authentication - Add FORGEJO_TOKEN environment variable support to both upload scripts - Windows: Add Credential Manager storage via -SaveToken flag - macOS: Add config file storage via --save-token flag - Scripts now check: parameter -> env var -> credential manager/config - Update FORGEJO_PACKAGES_SETUP.md with all authentication methods - Token is now optional - scripts find it automatically - Matches git authentication workflow --- FORGEJO_PACKAGES_SETUP.md | 135 ++++++++++++++++++++------- build/scripts/upload_to_packages.ps1 | 70 +++++++++++++- build/scripts/upload_to_packages.sh | 56 ++++++++++- 3 files changed, 220 insertions(+), 41 deletions(-) diff --git a/FORGEJO_PACKAGES_SETUP.md b/FORGEJO_PACKAGES_SETUP.md index 5619ec3..1441616 100644 --- a/FORGEJO_PACKAGES_SETUP.md +++ b/FORGEJO_PACKAGES_SETUP.md @@ -24,11 +24,38 @@ Create a token with package write permissions: 3. Name: `BUILD_UPLOAD_TOKEN` 4. Scopes: Check `write:package`, `api` 5. Click "Generate Token" -6. Copy the token (you'll use it for uploads) +6. Copy the token -**Store securely** - this token grants upload access! +### 2. Store Token Securely -### 2. Build Scripts +Choose one of these methods: + +**Option A: Environment Variable (Simplest)** +```powershell +# Windows PowerShell +$env:FORGEJO_TOKEN = "your_token_here" +``` + +**Option B: Credential Manager (Windows - Most Secure)** +```powershell +.\build\scripts\upload_to_packages.ps1 -SaveToken -ForgejoToken "your_token_here" +# Token is encrypted and stored for future use +``` + +**Option C: Config File** +```bash +# macOS/Linux - Save to home directory +bash build/scripts/upload_to_packages.sh --save-token -t "your_token_here" +# Saved to ~/.config/webdrop-bridge/.env (chmod 600) +``` + +**Option D: Project .env (Development Only)** +Create `.env` in project root and add to `.gitignore`: +``` +FORGEJO_TOKEN=your_token_here +``` + +### 3. Build Scripts Upload scripts are already created: - Windows: `build/scripts/upload_to_packages.ps1` @@ -56,18 +83,24 @@ bash build/scripts/build_macos.sh ### Step 2: Upload to Packages +After storing your token (see Setup Requirements above), uploading is simple: + **Windows Upload:** ```powershell -$token = "your_token_from_settings" -.\build\scripts\upload_to_packages.ps1 -Version 1.0.0 -ForgejoToken $token +.\build\scripts\upload_to_packages.ps1 -Version 1.0.0 ``` **macOS Upload:** ```bash -token="your_token_from_settings" -bash build/scripts/upload_to_packages.sh -v 1.0.0 -t $token +bash build/scripts/upload_to_packages.sh -v 1.0.0 ``` +The scripts will automatically find your token from: +1. `-ForgejoToken` / `-t` parameter (if provided) +2. `$env:FORGEJO_TOKEN` / `$FORGEJO_TOKEN` environment variable +3. Windows Credential Manager / `~/.config/webdrop-bridge/.env` +4. Project `.env` file + ### Step 3: Tag and Commit Once both are uploaded: @@ -158,41 +191,75 @@ async def check_for_updates(self) -> Optional[UpdateInfo]: ### Windows Script (`upload_to_packages.ps1`) +**Basic Usage:** ```powershell -Usage: .\upload_to_packages.ps1 -Version 1.0.0 -ForgejoToken $token - -Parameters: - -Version Version number (required, e.g., "1.0.0") - -ForgejoToken Personal access token (required) - -ForgejoUrl Forgejo server URL (default: https://git.him-tools.de) - -Repo Repository (default: HIM-public/webdrop-bridge) - -ExePath Path to exe file (default: build\dist\windows\WebDropBridge.exe) - -ChecksumPath Path to checksum file - -What it does: - 1. Verifies exe and checksum files exist - 2. Uploads exe to Packages - 3. Uploads checksum to Packages - 4. Shows success/error messages +# After storing token (see Setup Requirements) +.\build\scripts\upload_to_packages.ps1 -Version 1.0.0 ``` +**First time setup - Save token to Credential Manager:** +```powershell +.\build\scripts\upload_to_packages.ps1 -SaveToken -ForgejoToken "your_token" +# Then future uploads just need version +.\build\scripts\upload_to_packages.ps1 -Version 1.0.0 +``` + +**Parameters:** +- `-Version` - Version number (required, e.g., "1.0.0") +- `-ForgejoToken` - Personal access token (optional if stored) +- `-SaveToken` - Save token to Credential Manager +- `-ForgejoUrl` - Forgejo server URL (default: https://git.him-tools.de) +- `-Repo` - Repository (default: HIM-public/webdrop-bridge) +- `-ExePath` - Path to exe file (default: build\dist\windows\WebDropBridge.exe) +- `-ChecksumPath` - Path to checksum file + +**Script flow:** +1. Check for token in: parameter → environment → Credential Manager +2. Verify exe and checksum files exist +3. Upload exe to Packages API +4. Upload checksum to Packages API +5. Show success message with package URL + ### macOS Script (`upload_to_packages.sh`) +**Basic Usage:** ```bash -Usage: ./upload_to_packages.sh -v 1.0.0 -t $token - -Options: - -v, --version Version number (required) - -t, --token Personal access token (required) - -u, --url Forgejo server URL (default: https://git.him-tools.de) - -What it does: - 1. Verifies dmg and checksum files exist - 2. Uploads dmg to Packages - 3. Uploads checksum to Packages - 4. Shows success/error messages +# After storing token (see Setup Requirements) +bash build/scripts/upload_to_packages.sh -v 1.0.0 ``` +**First time setup - Save token to config:** +```bash +bash build/scripts/upload_to_packages.sh --save-token -t "your_token" +# Then future uploads just need version +bash build/scripts/upload_to_packages.sh -v 1.0.0 +``` + +**Options:** +- `-v, --version` - Version number (required, e.g., "1.0.0") +- `-t, --token` - Personal access token (optional if stored) +- `--save-token` - Save token to ~/.config/webdrop-bridge/.env +- `-u, --url` - Forgejo server URL (default: https://git.him-tools.de) + +**Script flow:** +1. Check for token in: parameter → environment → ~/.config/webdrop-bridge/.env → project .env +2. Verify dmg and checksum files exist +3. Upload dmg to Packages API +4. Upload checksum to Packages API +5. Show success message with package URL + +### Token Resolution Order + +Both scripts check for tokens in this priority: +1. **Parameter**: `-ForgejoToken "token"` (PowerShell) or `-t "token"` (Bash) +2. **Environment**: `$env:FORGEJO_TOKEN` (PowerShell) or `$FORGEJO_TOKEN` (Bash) +3. **Stored Config**: + - Windows: Credential Manager (via `-SaveToken` flag) + - macOS/Linux: `~/.config/webdrop-bridge/.env` +4. **Project File**: `.env` in project root (if exists) + +This design matches how git handles credentials! + ## Complete Release Checklist ``` diff --git a/build/scripts/upload_to_packages.ps1 b/build/scripts/upload_to_packages.ps1 index da5dbd7..c3d3009 100644 --- a/build/scripts/upload_to_packages.ps1 +++ b/build/scripts/upload_to_packages.ps1 @@ -1,21 +1,85 @@ # Upload Windows Build to Forgejo Packages -# Usage: .\upload_to_packages.ps1 -Version 1.0.0 -ForgejoToken $token +# Usage: .\upload_to_packages.ps1 -Version 1.0.0 +# Set token via: $env:FORGEJO_TOKEN = "your_token" +# Or store in Credential Manager: .\upload_to_packages.ps1 -SaveToken param( - [Parameter(Mandatory=$true)] + [Parameter(Mandatory=$false)] [string]$Version, - [Parameter(Mandatory=$true)] + [Parameter(Mandatory=$false)] [string]$ForgejoToken, + [switch]$SaveToken, + [string]$ForgejoUrl = "https://git.him-tools.de", [string]$Repo = "HIM-public/webdrop-bridge", [string]$ExePath = "build\dist\windows\WebDropBridge.exe", [string]$ChecksumPath = "build\dist\windows\WebDropBridge.exe.sha256" ) +# Helper function to manage credentials +function Get-ForgejoToken { + param([switch]$Save, [string]$Token) + + if ($Save -and $Token) { + # Save to Credential Manager + $cred = New-Object System.Management.Automation.PSCredential( + "forgejo", + (ConvertTo-SecureString $Token -AsPlainText -Force) + ) + $cred | Export-Clixml -Path "$env:APPDATA\forgejo_token.xml" -Force + Write-Host "✓ Token saved to Credential Manager" -ForegroundColor Green + return $Token + } + + # Try to load from Credential Manager + if (Test-Path "$env:APPDATA\forgejo_token.xml") { + $cred = Import-Clixml -Path "$env:APPDATA\forgejo_token.xml" + return $cred.GetNetworkCredential().Password + } + + return $null +} + +# Handle -SaveToken flag +if ($SaveToken) { + if (-not $ForgejoToken) { + $ForgejoToken = Read-Host "Enter Forgejo token to save" -AsSecureString | %{[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($_))} + } + Get-ForgejoToken -Save -Token $ForgejoToken + exit 0 +} + $ErrorActionPreference = "Stop" +# Get token from sources (in order of priority) +if (-not $ForgejoToken) { + # Try environment variable first + $ForgejoToken = $env:FORGEJO_TOKEN +} + +if (-not $ForgejoToken) { + # Try Credential Manager + $ForgejoToken = Get-ForgejoToken +} + +if (-not $ForgejoToken) { + Write-Host "ERROR: No Forgejo token found!" -ForegroundColor Red + Write-Host "Set token using one of these methods:" -ForegroundColor Yellow + Write-Host " 1. Environment variable: `$env:FORGEJO_TOKEN = 'your_token'" + Write-Host " 2. Credential Manager: .\upload_to_packages.ps1 -SaveToken" + Write-Host " 3. Parameter: -ForgejoToken 'your_token'" + exit 1 +} + +# Verify Version parameter +if (-not $Version) { + Write-Host "ERROR: Version parameter required" -ForegroundColor Red + Write-Host "Usage: .\upload_to_packages.ps1 -Version 1.0.0" -ForegroundColor Yellow + exit 1 +} + # Verify files exist if (-not (Test-Path $ExePath)) { Write-Host "ERROR: Executable not found at $ExePath" -ForegroundColor Red diff --git a/build/scripts/upload_to_packages.sh b/build/scripts/upload_to_packages.sh index 6666383..14733a3 100644 --- a/build/scripts/upload_to_packages.sh +++ b/build/scripts/upload_to_packages.sh @@ -1,6 +1,8 @@ #!/bin/bash # Upload macOS Build to Forgejo Packages -# Usage: ./upload_to_packages.sh -v 1.0.0 -t $token +# Usage: ./upload_to_packages.sh -v 1.0.0 +# Set token via: export FORGEJO_TOKEN="your_token" +# Or store in config: ./upload_to_packages.sh --save-token -t "your_token" set -e @@ -11,19 +13,65 @@ FORGEJO_URL="https://git.him-tools.de" REPO="HIM-public/webdrop-bridge" DMG_PATH="build/dist/macos/WebDropBridge.dmg" CHECKSUM_PATH="build/dist/macos/WebDropBridge.dmg.sha256" +SAVE_TOKEN=false while [[ $# -gt 0 ]]; do case $1 in -v|--version) VERSION="$2"; shift 2;; -t|--token) FORGEJO_TOKEN="$2"; shift 2;; -u|--url) FORGEJO_URL="$2"; shift 2;; + --save-token) SAVE_TOKEN=true; shift;; *) echo "Unknown option: $1"; exit 1;; esac done -if [ -z "$VERSION" ] || [ -z "$FORGEJO_TOKEN" ]; then - echo "Usage: $0 -v VERSION -t TOKEN [-u FORGEJO_URL]" - echo "Example: $0 -v 1.0.0 -t your_token_here" +# Load token from environment or .env file +if [ -z "$FORGEJO_TOKEN" ]; then + # Check if .env file exists in project root + if [ -f ".env" ]; then + export $(grep "FORGEJO_TOKEN" .env | xargs) + fi + # Check if saved in home config + if [ -z "$FORGEJO_TOKEN" ] && [ -f "$HOME/.config/webdrop-bridge/.env" ]; then + export $(grep "FORGEJO_TOKEN" "$HOME/.config/webdrop-bridge/.env" | xargs) + fi +fi + +# Handle --save-token flag +if [ "$SAVE_TOKEN" = true ]; then + if [ -z "$FORGEJO_TOKEN" ]; then + read -sp "Enter Forgejo token to save: " FORGEJO_TOKEN + echo "" + fi + mkdir -p "$HOME/.config/webdrop-bridge" + echo "FORGEJO_TOKEN=$FORGEJO_TOKEN" > "$HOME/.config/webdrop-bridge/.env" + chmod 600 "$HOME/.config/webdrop-bridge/.env" + echo "✓ Token saved to $HOME/.config/webdrop-bridge/.env" + exit 0 +fi + +# Verify required parameters +if [ -z "$VERSION" ]; then + echo "ERROR: Version parameter required" >&2 + echo "Usage: $0 -v VERSION [-t TOKEN] [-u FORGEJO_URL]" >&2 + echo "Example: $0 -v 1.0.0" >&2 + echo "" >&2 + echo "Token can be set via:" >&2 + echo " 1. Environment: export FORGEJO_TOKEN='your_token'" >&2 + echo " 2. .env file: FORGEJO_TOKEN=your_token (in project root)" >&2 + echo " 3. Config: $0 --save-token -t 'your_token'" >&2 + echo " 4. Parameter: -t 'your_token'" >&2 + exit 1 +fi + +if [ -z "$FORGEJO_TOKEN" ]; then + echo "ERROR: Forgejo token not found!" >&2 + echo "" >&2 + echo "Set token using one of these methods:" >&2 + echo " 1. Environment: export FORGEJO_TOKEN='your_token'" >&2 + echo " 2. .env file: FORGEJO_TOKEN=your_token (in project root)" >&2 + echo " 3. Config: $0 --save-token -t 'your_token'" >&2 + echo " 4. Parameter: -t 'your_token'" >&2 exit 1 fi