refactor: Use environment variables for upload script authentication

- Add FORGEJO_TOKEN environment variable support to both upload scripts - Windows: Add Credential Manager storage via -SaveToken flag - macOS: Add config file storage via --save-token flag - Scripts now check: parameter -> env var -> credential manager/config - Update FORGEJO_PACKAGES_SETUP.md with all authentication methods - Token is now optional - scripts find it automatically - Matches git authentication workflow
2026-01-28 14:29:35 +01:00 · 2026-01-28 14:29:35 +01:00 · 1b37335f8a
commit 1b37335f8a
parent 7bf3a86f5c
3 changed files with 220 additions and 41 deletions
--- a/FORGEJO_PACKAGES_SETUP.md
+++ b/FORGEJO_PACKAGES_SETUP.md
@ -24,11 +24,38 @@ Create a token with package write permissions:
 3. Name: `BUILD_UPLOAD_TOKEN`
 4. Scopes: Check `write:package`, `api`
 5. Click "Generate Token"
-6. Copy the token (you'll use it for uploads)
+6. Copy the token
-**Store securely** - this token grants upload access!
+### 2. Store Token Securely
-### 2. Build Scripts
+Choose one of these methods:
 **Option A: Environment Variable (Simplest)**
 ```powershell
 # Windows PowerShell
 $env:FORGEJO_TOKEN = "your_token_here"
 ```
 **Option B: Credential Manager (Windows - Most Secure)**
 ```powershell
 .\build\scripts\upload_to_packages.ps1 -SaveToken -ForgejoToken "your_token_here"
 # Token is encrypted and stored for future use
 ```
 **Option C: Config File**
 ```bash
 # macOS/Linux - Save to home directory
 bash build/scripts/upload_to_packages.sh --save-token -t "your_token_here"
 # Saved to ~/.config/webdrop-bridge/.env (chmod 600)
 ```
 **Option D: Project .env (Development Only)**
 Create `.env` in project root and add to `.gitignore`:
 ```
 FORGEJO_TOKEN=your_token_here
 ```
 ### 3. Build Scripts
 Upload scripts are already created:
 - Windows: `build/scripts/upload_to_packages.ps1`
@ -56,18 +83,24 @@ bash build/scripts/build_macos.sh
 ### Step 2: Upload to Packages
 After storing your token (see Setup Requirements above), uploading is simple:
 **Windows Upload:**
 ```powershell
-$token = "your_token_from_settings"
+.\build\scripts\upload_to_packages.ps1 -Version 1.0.0
 .\build\scripts\upload_to_packages.ps1 -Version 1.0.0 -ForgejoToken $token
 ```
 **macOS Upload:**
 ```bash
-token="your_token_from_settings"
+bash build/scripts/upload_to_packages.sh -v 1.0.0
 bash build/scripts/upload_to_packages.sh -v 1.0.0 -t $token
 ```
 The scripts will automatically find your token from:
 1. `-ForgejoToken` / `-t` parameter (if provided)
 2. `$env:FORGEJO_TOKEN` / `$FORGEJO_TOKEN` environment variable
 3. Windows Credential Manager / `~/.config/webdrop-bridge/.env`
 4. Project `.env` file
 ### Step 3: Tag and Commit
 Once both are uploaded:
@ -158,41 +191,75 @@ async def check_for_updates(self) -> Optional[UpdateInfo]:
 ### Windows Script (`upload_to_packages.ps1`)
 **Basic Usage:**
 ```powershell
-Usage: .\upload_to_packages.ps1 -Version 1.0.0 -ForgejoToken $token
+# After storing token (see Setup Requirements)
-
+.\build\scripts\upload_to_packages.ps1 -Version 1.0.0
 Parameters:
  -Version          Version number (required, e.g., "1.0.0")
  -ForgejoToken     Personal access token (required)
  -ForgejoUrl       Forgejo server URL (default: https://git.him-tools.de)
  -Repo             Repository (default: HIM-public/webdrop-bridge)
  -ExePath          Path to exe file (default: build\dist\windows\WebDropBridge.exe)
  -ChecksumPath     Path to checksum file
 What it does:
  1. Verifies exe and checksum files exist
  2. Uploads exe to Packages
  3. Uploads checksum to Packages
  4. Shows success/error messages
 ```
 **First time setup - Save token to Credential Manager:**
 ```powershell
 .\build\scripts\upload_to_packages.ps1 -SaveToken -ForgejoToken "your_token"
 # Then future uploads just need version
 .\build\scripts\upload_to_packages.ps1 -Version 1.0.0
 ```
 **Parameters:**
 - `-Version` - Version number (required, e.g., "1.0.0")
 - `-ForgejoToken` - Personal access token (optional if stored)
 - `-SaveToken` - Save token to Credential Manager
 - `-ForgejoUrl` - Forgejo server URL (default: https://git.him-tools.de)
 - `-Repo` - Repository (default: HIM-public/webdrop-bridge)
 - `-ExePath` - Path to exe file (default: build\dist\windows\WebDropBridge.exe)
 - `-ChecksumPath` - Path to checksum file
 **Script flow:**
 1. Check for token in: parameter → environment → Credential Manager
 2. Verify exe and checksum files exist
 3. Upload exe to Packages API
 4. Upload checksum to Packages API
 5. Show success message with package URL
 ### macOS Script (`upload_to_packages.sh`)
 **Basic Usage:**
 ```bash
-Usage: ./upload_to_packages.sh -v 1.0.0 -t $token
+# After storing token (see Setup Requirements)
-
+bash build/scripts/upload_to_packages.sh -v 1.0.0
 Options:
  -v, --version     Version number (required)
  -t, --token       Personal access token (required)
  -u, --url         Forgejo server URL (default: https://git.him-tools.de)
 What it does:
  1. Verifies dmg and checksum files exist
  2. Uploads dmg to Packages
  3. Uploads checksum to Packages
  4. Shows success/error messages
 ```
 **First time setup - Save token to config:**
 ```bash
 bash build/scripts/upload_to_packages.sh --save-token -t "your_token"
 # Then future uploads just need version
 bash build/scripts/upload_to_packages.sh -v 1.0.0
 ```
 **Options:**
 - `-v, --version` - Version number (required, e.g., "1.0.0")
 - `-t, --token` - Personal access token (optional if stored)
 - `--save-token` - Save token to ~/.config/webdrop-bridge/.env
 - `-u, --url` - Forgejo server URL (default: https://git.him-tools.de)
 **Script flow:**
 1. Check for token in: parameter → environment → ~/.config/webdrop-bridge/.env → project .env
 2. Verify dmg and checksum files exist
 3. Upload dmg to Packages API
 4. Upload checksum to Packages API
 5. Show success message with package URL
 ### Token Resolution Order
 Both scripts check for tokens in this priority:
 1. **Parameter**: `-ForgejoToken "token"` (PowerShell) or `-t "token"` (Bash)
 2. **Environment**: `$env:FORGEJO_TOKEN` (PowerShell) or `$FORGEJO_TOKEN` (Bash)
 3. **Stored Config**:
   - Windows: Credential Manager (via `-SaveToken` flag)
   - macOS/Linux: `~/.config/webdrop-bridge/.env`
 4. **Project File**: `.env` in project root (if exists)
 This design matches how git handles credentials!
 ## Complete Release Checklist
 ```
--- a/build/scripts/upload_to_packages.ps1
+++ b/build/scripts/upload_to_packages.ps1
@ -1,21 +1,85 @@
 # Upload Windows Build to Forgejo Packages
-# Usage: .\upload_to_packages.ps1 -Version 1.0.0 -ForgejoToken $token
+# Usage: .\upload_to_packages.ps1 -Version 1.0.0
 # Set token via: $env:FORGEJO_TOKEN = "your_token"
 # Or store in Credential Manager: .\upload_to_packages.ps1 -SaveToken
 param(
-    [Parameter(Mandatory=$true)]
+    [Parameter(Mandatory=$false)]
    [string]$Version,
-    [Parameter(Mandatory=$true)]
+    [Parameter(Mandatory=$false)]
    [string]$ForgejoToken,
    [switch]$SaveToken,
    [string]$ForgejoUrl = "https://git.him-tools.de",
    [string]$Repo = "HIM-public/webdrop-bridge",
    [string]$ExePath = "build\dist\windows\WebDropBridge.exe",
    [string]$ChecksumPath = "build\dist\windows\WebDropBridge.exe.sha256"
 )
 # Helper function to manage credentials
 function Get-ForgejoToken {
    param([switch]$Save, [string]$Token)
    if ($Save -and $Token) {
        # Save to Credential Manager
        $cred = New-Object System.Management.Automation.PSCredential(
            "forgejo",
            (ConvertTo-SecureString $Token -AsPlainText -Force)
        )
        $cred | Export-Clixml -Path "$env:APPDATA\forgejo_token.xml" -Force
        Write-Host "✓ Token saved to Credential Manager" -ForegroundColor Green
        return $Token
    }
    # Try to load from Credential Manager
    if (Test-Path "$env:APPDATA\forgejo_token.xml") {
        $cred = Import-Clixml -Path "$env:APPDATA\forgejo_token.xml"
        return $cred.GetNetworkCredential().Password
    }
    return $null
 }
 # Handle -SaveToken flag
 if ($SaveToken) {
    if (-not $ForgejoToken) {
        $ForgejoToken = Read-Host "Enter Forgejo token to save" -AsSecureString | %{[Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($_))}
    }
    Get-ForgejoToken -Save -Token $ForgejoToken
    exit 0
 }
 $ErrorActionPreference = "Stop"
 # Get token from sources (in order of priority)
 if (-not $ForgejoToken) {
    # Try environment variable first
    $ForgejoToken = $env:FORGEJO_TOKEN
 }
 if (-not $ForgejoToken) {
    # Try Credential Manager
    $ForgejoToken = Get-ForgejoToken
 }
 if (-not $ForgejoToken) {
    Write-Host "ERROR: No Forgejo token found!" -ForegroundColor Red
    Write-Host "Set token using one of these methods:" -ForegroundColor Yellow
    Write-Host "  1. Environment variable: `$env:FORGEJO_TOKEN = 'your_token'" 
    Write-Host "  2. Credential Manager: .\upload_to_packages.ps1 -SaveToken"  
    Write-Host "  3. Parameter: -ForgejoToken 'your_token'"
    exit 1
 }
 # Verify Version parameter
 if (-not $Version) {
    Write-Host "ERROR: Version parameter required" -ForegroundColor Red
    Write-Host "Usage: .\upload_to_packages.ps1 -Version 1.0.0" -ForegroundColor Yellow
    exit 1
 }
 # Verify files exist
 if (-not (Test-Path $ExePath)) {
    Write-Host "ERROR: Executable not found at $ExePath" -ForegroundColor Red
--- a/build/scripts/upload_to_packages.sh
+++ b/build/scripts/upload_to_packages.sh
@ -1,6 +1,8 @@
 #!/bin/bash
 # Upload macOS Build to Forgejo Packages
-# Usage: ./upload_to_packages.sh -v 1.0.0 -t $token
+# Usage: ./upload_to_packages.sh -v 1.0.0
 # Set token via: export FORGEJO_TOKEN="your_token"
 # Or store in config: ./upload_to_packages.sh --save-token -t "your_token"
 set -e
@ -11,19 +13,65 @@ FORGEJO_URL="https://git.him-tools.de"
 REPO="HIM-public/webdrop-bridge"
 DMG_PATH="build/dist/macos/WebDropBridge.dmg"
 CHECKSUM_PATH="build/dist/macos/WebDropBridge.dmg.sha256"
 SAVE_TOKEN=false
 while [[ $# -gt 0 ]]; do
    case $1 in
        -v|--version) VERSION="$2"; shift 2;;
        -t|--token) FORGEJO_TOKEN="$2"; shift 2;;
        -u|--url) FORGEJO_URL="$2"; shift 2;;
        --save-token) SAVE_TOKEN=true; shift;;
        *) echo "Unknown option: $1"; exit 1;;
    esac
 done
-if [ -z "$VERSION" ] || [ -z "$FORGEJO_TOKEN" ]; then
+# Load token from environment or .env file
-    echo "Usage: $0 -v VERSION -t TOKEN [-u FORGEJO_URL]"
+if [ -z "$FORGEJO_TOKEN" ]; then
-    echo "Example: $0 -v 1.0.0 -t your_token_here"
+    # Check if .env file exists in project root
    if [ -f ".env" ]; then
        export $(grep "FORGEJO_TOKEN" .env | xargs)
    fi
    # Check if saved in home config
    if [ -z "$FORGEJO_TOKEN" ] && [ -f "$HOME/.config/webdrop-bridge/.env" ]; then
        export $(grep "FORGEJO_TOKEN" "$HOME/.config/webdrop-bridge/.env" | xargs)
    fi
 fi
 # Handle --save-token flag
 if [ "$SAVE_TOKEN" = true ]; then
    if [ -z "$FORGEJO_TOKEN" ]; then
        read -sp "Enter Forgejo token to save: " FORGEJO_TOKEN
        echo ""
    fi
    mkdir -p "$HOME/.config/webdrop-bridge"
    echo "FORGEJO_TOKEN=$FORGEJO_TOKEN" > "$HOME/.config/webdrop-bridge/.env"
    chmod 600 "$HOME/.config/webdrop-bridge/.env"
    echo "✓ Token saved to $HOME/.config/webdrop-bridge/.env"
    exit 0
 fi
 # Verify required parameters
 if [ -z "$VERSION" ]; then
    echo "ERROR: Version parameter required" >&2
    echo "Usage: $0 -v VERSION [-t TOKEN] [-u FORGEJO_URL]" >&2
    echo "Example: $0 -v 1.0.0" >&2
    echo "" >&2
    echo "Token can be set via:" >&2
    echo "  1. Environment: export FORGEJO_TOKEN='your_token'" >&2
    echo "  2. .env file: FORGEJO_TOKEN=your_token (in project root)" >&2
    echo "  3. Config: $0 --save-token -t 'your_token'" >&2
    echo "  4. Parameter: -t 'your_token'" >&2
    exit 1
 fi
 if [ -z "$FORGEJO_TOKEN" ]; then
    echo "ERROR: Forgejo token not found!" >&2
    echo "" >&2
    echo "Set token using one of these methods:" >&2
    echo "  1. Environment: export FORGEJO_TOKEN='your_token'" >&2
    echo "  2. .env file: FORGEJO_TOKEN=your_token (in project root)" >&2
    echo "  3. Config: $0 --save-token -t 'your_token'" >&2
    echo "  4. Parameter: -t 'your_token'" >&2
    exit 1
 fi