From 4df46502d5c0fd75c3040892900f1edaa25a2b05 Mon Sep 17 00:00:00 2001 From: Arlind Date: Fri, 27 Jun 2025 11:52:50 +0200 Subject: [PATCH] Update .gitea/workflows/deploy-ci.yaml --- .gitea/workflows/deploy-ci.yaml | 126 +++++++++++++++++++++----------- 1 file changed, 84 insertions(+), 42 deletions(-) diff --git a/.gitea/workflows/deploy-ci.yaml b/.gitea/workflows/deploy-ci.yaml index 2419e3b..95b3d90 100644 --- a/.gitea/workflows/deploy-ci.yaml +++ b/.gitea/workflows/deploy-ci.yaml @@ -5,95 +5,137 @@ on: env: GITEA_API: https://${{ vars.CONTAINER_REGISTRY }}/api/v1 - TOKEN: ${{ secrets.TOKEN }} TEMPLATE_PATH: .gitea/workflows/ci.yml IMAGE_NAME: osc/skins-image jobs: - update_ci_for_all_users: - name: Sync CI Template to All Skin Repositories + fetch-template: + name: Fetch CI Template runs-on: ubuntu-latest container: image: ${{ vars.CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}:latest + outputs: + template_b64: ${{ steps.load-template.outputs.template_b64 }} steps: - - name: Mask Sensitive Tokens - run: echo "::add-mask::$TOKEN" + - name: Mask Sensitive Token + run: echo "::add-mask::${{ secrets.TOKEN }}" - - name: Fetch CI Template from skins-template + - id: load-template + name: Load Template from osc/skins-template run: | - resp=$(curl -sSL -H "Authorization: token $TOKEN" \ + set -eo pipefail + echo "📥 Fetching template from osc/skins-template@$TEMPLATE_PATH" + resp=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" \ "$GITEA_API/repos/osc/skins-template/contents/$TEMPLATE_PATH?ref=main") - template_b64=$(echo "$resp" | jq -r .content) - echo "TEMPLATE_B64=$template_b64" >> $GITHUB_ENV - - name: Find Repositories with Skins Directory + template_b64=$(echo "$resp" | jq -r .content) + echo "✅ Template fetched and encoded" + echo "template_b64=$template_b64" >> $GITHUB_OUTPUT + + discover-repositories: + name: Discover Valid Skin Repositories + runs-on: ubuntu-latest + container: + image: ${{ vars.CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}:latest + outputs: + repo_list: ${{ steps.save-repos.outputs.repo_list }} + + steps: + - id: find-repos + name: Scan All Users for Valid Skin Repositories run: | + set -eo pipefail + echo "🔍 Scanning users for repositories with 'Skins' directory" + repo_file="valid_repos.txt" page=1 - per_page=50 - valid_repos_file=$(mktemp) - user_count_total=$(curl -sSL -H "Authorization: token $TOKEN" \ - "$GITEA_API/admin/users" | jq 'length') - user_counter=1 + total_valid=0 + user_index=1 + users_total=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$GITEA_API/admin/users" | jq 'length') while :; do - users_json=$(curl -sSL -H "Authorization: token $TOKEN" \ - "$GITEA_API/admin/users?limit=$per_page&page=$page") + users_json=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$GITEA_API/admin/users?limit=50&page=$page") users_count=$(echo "$users_json" | jq 'length') [ "$users_count" -eq 0 ] && break for i in $(seq 0 $((users_count - 1))); do - user_login=$(echo "$users_json" | jq -r ".[$i].login") - echo "[$user_counter/$user_count_total] User: $user_login" - repos_json=$(curl -sSL -H "Authorization: token $TOKEN" \ - "$GITEA_API/users/$user_login/repos") + user=$(echo "$users_json" | jq -r ".[$i].login") + echo "[$user_index/$users_total] 👤 Checking user: $user" + + repos_json=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$GITEA_API/users/$user/repos") repo_count=$(echo "$repos_json" | jq 'length') for j in $(seq 0 $((repo_count - 1))); do owner=$(echo "$repos_json" | jq -r ".[$j].owner.login") repo=$(echo "$repos_json" | jq -r ".[$j].name") - contents=$(curl -sSL -H "Authorization: token $TOKEN" \ - "$GITEA_API/repos/$owner/$repo/contents?ref=main") - if echo "$contents" | jq -e '.[] | select(.type=="dir" and .name=="Skins")' >/dev/null; then - echo "$owner/$repo" >> "$valid_repos_file" - echo "✔️ Found valid repo: $owner/$repo" + contents=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$GITEA_API/repos/$owner/$repo/contents?ref=main") + + if echo "$contents" | jq -e '.[] | select(.type=="dir" and .name=="Skins")' > /dev/null; then + echo "$owner/$repo" >> "$repo_file" + echo " ✅ Valid repo found: $owner/$repo" + total_valid=$((total_valid + 1)) fi done - - user_counter=$((user_counter + 1)) + user_index=$((user_index + 1)) done page=$((page + 1)) done - echo "VALID_REPOS_FILE=$valid_repos_file" >> $GITHUB_ENV + echo "✅ Discovery complete — $total_valid valid repositories" + echo "repo_list=$repo_file" >> $GITHUB_OUTPUT - - name: Apply CI Template to Valid Repositories - shell: bash + - id: save-repos + name: Save Valid Repository List run: | - mapfile -t repos < "$VALID_REPOS_FILE" + echo "Valid repos saved to file" + echo "repo_list=valid_repos.txt" >> $GITHUB_OUTPUT + + sync-template: + name: Sync CI Template + needs: [fetch-template, discover-repositories] + runs-on: ubuntu-latest + container: + image: ${{ vars.CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}:latest + + steps: + - name: Load Template Content + run: echo "Loaded template content for update" + + - name: Read Repository List + run: | + cp "${{ needs.discover-repositories.outputs.repo_list }}" repos.txt + echo "🗂️ Repositories to process:" + cat repos.txt + + - name: Sync Template to Repositories + run: | + mapfile -t repos < repos.txt for repo_full in "${repos[@]}"; do - owner=${repo_full%%/*} - repo=${repo_full##*/} + owner="${repo_full%%/*}" + repo="${repo_full##*/}" api="$GITEA_API/repos/$owner/$repo" - default_branch=$(curl -sSL -H "Authorization: token $TOKEN" "$api" | jq -r '.default_branch') - latest_tag=$(curl -sSL -H "Authorization: token $TOKEN" "$api/tags" | jq -r '.[0].name // empty') + echo "🔧 Syncing CI to: $owner/$repo" + + default_branch=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$api" | jq -r '.default_branch') + latest_tag=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$api/tags" | jq -r '.[0].name // empty') url="$api/contents/$TEMPLATE_PATH" - sha=$(curl -sSL -H "Authorization: token $TOKEN" "$url" | jq -r '.sha // empty' || true) + + sha=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$url" | jq -r '.sha // empty' || true) if [[ -z "$sha" ]]; then action="Add" msg="Add CI from skins-template" - payload=$(jq -nc --arg message "$msg" --arg content "$TEMPLATE_B64" --arg branch "$default_branch" \ + payload=$(jq -nc --arg message "$msg" --arg content "${{ needs.fetch-template.outputs.template_b64 }}" --arg branch "$default_branch" \ '{message: $message, content: $content, branch: $branch}') else action="Update" msg="Update CI from skins-template" - payload=$(jq -nc --arg message "$msg" --arg content "$TEMPLATE_B64" --arg sha "$sha" --arg branch "$default_branch" \ + payload=$(jq -nc --arg message "$msg" --arg content "${{ needs.fetch-template.outputs.template_b64 }}" --arg sha "$sha" --arg branch "$default_branch" \ '{message: $message, content: $content, sha: $sha, branch: $branch}') fi - if curl -sSL --fail -X PUT -H "Authorization: token $TOKEN" -H "Content-Type: application/json" \ + if curl -sSL --fail -X PUT -H "Authorization: token ${{ secrets.TOKEN }}" -H "Content-Type: application/json" \ -d "$payload" "$url" >/dev/null; then echo "✅ $action successful for $owner/$repo on branch $default_branch" else @@ -101,5 +143,5 @@ jobs: fi done - - name: Cleanup Temporary Files - run: rm -f "$VALID_REPOS_FILE" + - name: Cleanup + run: rm -f repos.txt