Add TDLib packaging and release scripts

scripts/publish-release.sh

@@ -0,0 +1,139 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+if [ "$#" -ne 1 ]; then
+  echo "usage: $0 <tdlib-tar.gz>" >&2
+  exit 1
+fi
+
+archive="$(realpath "$1")"
+checksum="${archive}.sha256"
+
+if [ ! -f "$archive" ]; then
+  echo "archive not found: $archive" >&2
+  exit 1
+fi
+
+if [ ! -f "$checksum" ]; then
+  echo "checksum not found: $checksum" >&2
+  exit 1
+fi
+
+REPO_SLUG="${REPO_SLUG:-AxiFisk/shinoa-tdlib}"
+SERVER_URL="${SERVER_URL:-https://git.mshq.dev}"
+tdlib_version="$(
+  tar -xOf "$archive" tdlib/lib/libtdjson.so 2>/dev/null |
+    strings | rg -o 'Td::TdJson [0-9]+\.[0-9]+\.[0-9]+' -m1 |
+    awk '{print $2}' || true
+)"
+if [ -z "$tdlib_version" ]; then
+  tdlib_version="$(basename "$(tar -tzf "$archive" | rg 'tdlib/lib/libtdjson\.so\.[0-9]+\.[0-9]+\.[0-9]+$' -m1)" | sed 's/^libtdjson\.so\.//')"
+fi
+if [ -z "$tdlib_version" ]; then
+  echo "failed to determine TDLib version from $archive" >&2
+  exit 1
+fi
+
+RELEASE_TAG="${RELEASE_TAG:-v${tdlib_version}}"
+RELEASE_NAME="${RELEASE_NAME:-TDLib ${tdlib_version}}"
+
+if [ -n "${GITEA_TOKEN:-}" ]; then
+  auth_header=(-H "Authorization: token ${GITEA_TOKEN}")
+else
+  cred_data="$(
+    printf 'protocol=https\nhost=%s\npath=%s.git\n\n' \
+      "${SERVER_URL#https://}" \
+      "$REPO_SLUG" | git credential fill
+  )"
+  username="$(printf '%s\n' "$cred_data" | awk -F= '$1=="username"{print $2}')"
+  password="$(printf '%s\n' "$cred_data" | awk -F= '$1=="password"{print $2}')"
+  if [ -z "$username" ] || [ -z "$password" ]; then
+    echo "failed to resolve credentials for $SERVER_URL/$REPO_SLUG" >&2
+    exit 1
+  fi
+  auth_header=(-u "${username}:${password}")
+fi
+
+api="${SERVER_URL}/api/v1/repos/${REPO_SLUG}"
+release_json="$(mktemp)"
+body_file="$(mktemp)"
+trap 'rm -f "$release_json" "$body_file"' EXIT
+
+cat > "$body_file" <<EOF
+Manual TDLib bundle upload.
+EOF
+
+status="$(
+  curl --silent --show-error \
+    --output "$release_json" \
+    --write-out "%{http_code}" \
+    "${auth_header[@]}" \
+    "$api/releases/tags/$RELEASE_TAG"
+)"
+
+if [ "$status" = "200" ]; then
+  release_id="$(jq -r '.id' "$release_json")"
+  jq -r '.assets[]?.id' "$release_json" | while read -r asset_id; do
+    [ -n "$asset_id" ] || continue
+    curl --fail-with-body \
+      "${auth_header[@]}" \
+      -X DELETE \
+      "$api/releases/$release_id/assets/$asset_id"
+  done
+  curl --fail-with-body \
+    "${auth_header[@]}" \
+    -X DELETE \
+    "$api/releases/tags/$RELEASE_TAG"
+elif [ "$status" != "404" ]; then
+  echo "failed to query release, HTTP $status" >&2
+  cat "$release_json" >&2
+  exit 1
+fi
+
+status="$(
+  curl --silent --show-error \
+    --output /dev/null \
+    --write-out "%{http_code}" \
+    "${auth_header[@]}" \
+    -X DELETE \
+    "$api/tags/$RELEASE_TAG"
+)"
+case "$status" in
+  204|404) ;;
+  *)
+    echo "failed to delete tag $RELEASE_TAG, HTTP $status" >&2
+    exit 1
+    ;;
+esac
+
+default_branch="$(git remote show origin | awk '/HEAD branch/ {print $NF}')"
+default_branch="${default_branch:-main}"
+commit_sha="$(git rev-parse "origin/${default_branch}")"
+
+curl --fail-with-body \
+  "${auth_header[@]}" \
+  -H "Content-Type: application/json" \
+  -X POST \
+  -d @- \
+  "$api/releases" > "$release_json" <<EOF
+{
+  "body": $(jq -Rs . < "$body_file"),
+  "draft": false,
+  "name": ${RELEASE_NAME@Q},
+  "prerelease": false,
+  "tag_name": ${RELEASE_TAG@Q},
+  "target_commitish": ${commit_sha@Q}
+}
+EOF
+
+release_id="$(jq -r '.id' "$release_json")"
+[ -n "$release_id" ] && [ "$release_id" != "null" ]
+
+for file in "$archive" "$checksum"; do
+  curl --fail-with-body \
+    "${auth_header[@]}" \
+    -F "attachment=@${file}" \
+    "$api/releases/$release_id/assets?name=$(basename "$file")"
+done
+
+echo "published $(basename "$archive") to $SERVER_URL/$REPO_SLUG releases/tag/$RELEASE_TAG"