- Shell 100%
| .forgejo | ||
| action.yaml | ||
| CHANGELOG.md | ||
| entrypoint.sh | ||
| LICENSE | ||
| README.md | ||
| renovate.json | ||
Upload Release Asset
Upload release assets to an existing Forgejo release from a workflow run. This action will locate a release (by release ID or by tag), optionally create checksum files, and upload one or more assets to that release. It is intended to be run from a workflow on a runner that has access to the files you want to upload.
Quick example
- name: Upload release assets
uses: https://git.michaelsasser.org/actions/upload-release-assets@main
with:
assets: |
dist/app-linux.tar.gz
dist/app-windows.zip
create_sha256: "true"
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
Inputs
| Name | Required | Default | Description | |
|---|---|---|---|---|
server_url |
no | (runtime instance) | Base URL of the Forgejo instance to target. If omitted the action uses the runner’s instance value. | |
repository |
no | (current repository) | Target repository in owner/name form. Omit to use the current repository. |
|
release_id |
no | "" |
Numeric release ID to upload assets to. If provided, this takes precedence over tag. |
|
tag |
no | "" |
Tag name for the release (alternative to release_id). If release_id is empty, the action will try to resolve this tag to a release ID. |
|
assets |
yes | — | Newline-separated list of file paths to upload. Use a YAML literal block (` | `) to provide multiple lines. Paths must be accessible on the runner. |
create_sha256 |
no | "false" |
"true" or "false". If "true", the action will create <file>.sha256 and upload it before the file. |
|
create_sha512 |
no | "false" |
"true" or "false". If "true", the action will create <file>.sha512 and upload it before the file. |
|
token |
yes | — | A personal access token used to authenticate the upload. Store this token as a secret and pass it here. |
Notes:
create_sha256andcreate_sha512are string inputs; pass"true"/"false"(not boolean YAML values) to avoid ambiguity with composite input parsing.- The action accepts multiple assets via the
assetsinput. Use a literal block to pass multiple lines.
Outputs
| Name | Description |
|---|---|
logfile |
Path to a temporary logfile created during the run. The file contains the action’s request/response traces and helper output. |
exitcode |
Exit code from the upload step (0 on success). |
Access outputs in subsequent steps like:
steps:
- id: upload
uses: https://git.michaelsasser.org/actions/upload-release-assets@main
with:
assets: |
dist/a.tar.gz
dist/b.zip
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
- name: Show logfile
run: cat "${{ steps.upload.outputs.logfile }}"
Behaviour & details
-
If
release_idis provided, the action uploads assets directly to that release. -
If
release_idis empty buttagis provided, the action will attempt to locate the release matching that tag and use its release ID. -
If neither
release_idnortagis provided the action fails with an error: specify at least one. -
For each file in
assets:- If
create_sha256is"true", a${file}.sha256file is created (containing the SHA-256 hex digest) and uploaded. - If
create_sha512is"true", a${file}.sha512file is created and uploaded. - The original file is uploaded after any generated checksum files.
- If
-
The action writes a temporary logfile and sets
logfileoutput to its absolute path. The logfile will be printed to the step logs and also available via the output.
Examples
Upload assets in the same repository
name: Release Upload
on:
push:
tags:
- "v*"
jobs:
upload:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- name: Build artifacts
run: ./scripts/build.sh
- name: Upload release assets
uses: https://git.michaelsasser.org/actions/upload-release-assets@main
with:
tag: ${{ github.ref_name }}
assets: |
dist/app-linux.tar.gz
dist/app-windows.zip
create_sha256: "true"
token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
Upload assets to a different repository on the same instance
- name: Upload to other repo
uses: ./
with:
repository: other-owner/other-repo
release_id: "1234"
assets: |
build/output.zip
token: ${{ secrets.OTHER_TOKEN }}
Upload assets to a different Forgejo instance
- name: Upload to remote instance
uses: https://git.michaelsasser.org/actions/upload-release-assets@main
with:
server_url: https://forgejo.example.org
repository: owner/repo
tag: release-1.2.3
assets: |
dist/app.tar.gz
token: ${{ secrets.REMOTE_TOKEN }}
Troubleshooting
-
Action fails because it cannot find a release Ensure you provided either
release_idortag. If you providedtag, confirm that a release exists for that tag in the target repository. -
Authentication / permission errors Ensure the
tokenis valid and stored as a secret. The token must grant the runner the necessary permission to create and update release assets on the target repository. -
File not found errors Confirm the asset paths are present on the runner and spelled correctly. If you build artifacts in an earlier step, make sure the upload step runs on the same runner workspace (or that you persist artifacts between jobs and download them before upload).
-
Unexpected exit code / partial uploads Check the
logfileoutput (steps.<id>.outputs.logfile) for detailed request/response traces and error messages.
Security
- Never store tokens in plaintext in your repository. Use repository or organization secrets.
- Use the least-privilege token necessary for uploads.
- Be cautious when uploading files generated from untrusted input.
License
Copyright © 2025 Michael Sasser info@michaelsasser.org. Released under the MIT license.