Update .gitea/workflows/deploy-ci.yaml
This commit is contained in:
Arlind
@@ -5,95 +5,137 @@ on:
|
||||
|
||||
env:
|
||||
GITEA_API: https://${{ vars.CONTAINER_REGISTRY }}/api/v1
|
||||
TOKEN: ${{ secrets.TOKEN }}
|
||||
TEMPLATE_PATH: .gitea/workflows/ci.yml
|
||||
IMAGE_NAME: osc/skins-image
|
||||
|
||||
jobs:
|
||||
update_ci_for_all_users:
|
||||
name: Sync CI Template to All Skin Repositories
|
||||
fetch-template:
|
||||
name: Fetch CI Template
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: ${{ vars.CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}:latest
|
||||
outputs:
|
||||
template_b64: ${{ steps.load-template.outputs.template_b64 }}
|
||||
|
||||
steps:
|
||||
- name: Mask Sensitive Tokens
|
||||
run: echo "::add-mask::$TOKEN"
|
||||
- name: Mask Sensitive Token
|
||||
run: echo "::add-mask::${{ secrets.TOKEN }}"
|
||||
|
||||
- name: Fetch CI Template from skins-template
|
||||
- id: load-template
|
||||
name: Load Template from osc/skins-template
|
||||
run: |
|
||||
resp=$(curl -sSL -H "Authorization: token $TOKEN" \
|
||||
set -eo pipefail
|
||||
echo "📥 Fetching template from osc/skins-template@$TEMPLATE_PATH"
|
||||
resp=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" \
|
||||
"$GITEA_API/repos/osc/skins-template/contents/$TEMPLATE_PATH?ref=main")
|
||||
template_b64=$(echo "$resp" | jq -r .content)
|
||||
echo "TEMPLATE_B64=$template_b64" >> $GITHUB_ENV
|
||||
|
||||
- name: Find Repositories with Skins Directory
|
||||
template_b64=$(echo "$resp" | jq -r .content)
|
||||
echo "✅ Template fetched and encoded"
|
||||
echo "template_b64=$template_b64" >> $GITHUB_OUTPUT
|
||||
|
||||
discover-repositories:
|
||||
name: Discover Valid Skin Repositories
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: ${{ vars.CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}:latest
|
||||
outputs:
|
||||
repo_list: ${{ steps.save-repos.outputs.repo_list }}
|
||||
|
||||
steps:
|
||||
- id: find-repos
|
||||
name: Scan All Users for Valid Skin Repositories
|
||||
run: |
|
||||
set -eo pipefail
|
||||
echo "🔍 Scanning users for repositories with 'Skins' directory"
|
||||
repo_file="valid_repos.txt"
|
||||
page=1
|
||||
per_page=50
|
||||
valid_repos_file=$(mktemp)
|
||||
user_count_total=$(curl -sSL -H "Authorization: token $TOKEN" \
|
||||
"$GITEA_API/admin/users" | jq 'length')
|
||||
user_counter=1
|
||||
total_valid=0
|
||||
user_index=1
|
||||
users_total=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$GITEA_API/admin/users" | jq 'length')
|
||||
|
||||
while :; do
|
||||
users_json=$(curl -sSL -H "Authorization: token $TOKEN" \
|
||||
"$GITEA_API/admin/users?limit=$per_page&page=$page")
|
||||
users_json=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$GITEA_API/admin/users?limit=50&page=$page")
|
||||
users_count=$(echo "$users_json" | jq 'length')
|
||||
[ "$users_count" -eq 0 ] && break
|
||||
|
||||
for i in $(seq 0 $((users_count - 1))); do
|
||||
user_login=$(echo "$users_json" | jq -r ".[$i].login")
|
||||
echo "[$user_counter/$user_count_total] User: $user_login"
|
||||
repos_json=$(curl -sSL -H "Authorization: token $TOKEN" \
|
||||
"$GITEA_API/users/$user_login/repos")
|
||||
user=$(echo "$users_json" | jq -r ".[$i].login")
|
||||
echo "[$user_index/$users_total] 👤 Checking user: $user"
|
||||
|
||||
repos_json=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$GITEA_API/users/$user/repos")
|
||||
repo_count=$(echo "$repos_json" | jq 'length')
|
||||
|
||||
for j in $(seq 0 $((repo_count - 1))); do
|
||||
owner=$(echo "$repos_json" | jq -r ".[$j].owner.login")
|
||||
repo=$(echo "$repos_json" | jq -r ".[$j].name")
|
||||
contents=$(curl -sSL -H "Authorization: token $TOKEN" \
|
||||
"$GITEA_API/repos/$owner/$repo/contents?ref=main")
|
||||
if echo "$contents" | jq -e '.[] | select(.type=="dir" and .name=="Skins")' >/dev/null; then
|
||||
echo "$owner/$repo" >> "$valid_repos_file"
|
||||
echo "✔️ Found valid repo: $owner/$repo"
|
||||
contents=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$GITEA_API/repos/$owner/$repo/contents?ref=main")
|
||||
|
||||
if echo "$contents" | jq -e '.[] | select(.type=="dir" and .name=="Skins")' > /dev/null; then
|
||||
echo "$owner/$repo" >> "$repo_file"
|
||||
echo " ✅ Valid repo found: $owner/$repo"
|
||||
total_valid=$((total_valid + 1))
|
||||
fi
|
||||
done
|
||||
|
||||
user_counter=$((user_counter + 1))
|
||||
user_index=$((user_index + 1))
|
||||
done
|
||||
page=$((page + 1))
|
||||
done
|
||||
|
||||
echo "VALID_REPOS_FILE=$valid_repos_file" >> $GITHUB_ENV
|
||||
echo "✅ Discovery complete — $total_valid valid repositories"
|
||||
echo "repo_list=$repo_file" >> $GITHUB_OUTPUT
|
||||
|
||||
- name: Apply CI Template to Valid Repositories
|
||||
shell: bash
|
||||
- id: save-repos
|
||||
name: Save Valid Repository List
|
||||
run: |
|
||||
mapfile -t repos < "$VALID_REPOS_FILE"
|
||||
echo "Valid repos saved to file"
|
||||
echo "repo_list=valid_repos.txt" >> $GITHUB_OUTPUT
|
||||
|
||||
sync-template:
|
||||
name: Sync CI Template
|
||||
needs: [fetch-template, discover-repositories]
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: ${{ vars.CONTAINER_REGISTRY }}/${{ env.IMAGE_NAME }}:latest
|
||||
|
||||
steps:
|
||||
- name: Load Template Content
|
||||
run: echo "Loaded template content for update"
|
||||
|
||||
- name: Read Repository List
|
||||
run: |
|
||||
cp "${{ needs.discover-repositories.outputs.repo_list }}" repos.txt
|
||||
echo "🗂️ Repositories to process:"
|
||||
cat repos.txt
|
||||
|
||||
- name: Sync Template to Repositories
|
||||
run: |
|
||||
mapfile -t repos < repos.txt
|
||||
for repo_full in "${repos[@]}"; do
|
||||
owner=${repo_full%%/*}
|
||||
repo=${repo_full##*/}
|
||||
owner="${repo_full%%/*}"
|
||||
repo="${repo_full##*/}"
|
||||
api="$GITEA_API/repos/$owner/$repo"
|
||||
|
||||
default_branch=$(curl -sSL -H "Authorization: token $TOKEN" "$api" | jq -r '.default_branch')
|
||||
latest_tag=$(curl -sSL -H "Authorization: token $TOKEN" "$api/tags" | jq -r '.[0].name // empty')
|
||||
echo "🔧 Syncing CI to: $owner/$repo"
|
||||
|
||||
default_branch=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$api" | jq -r '.default_branch')
|
||||
latest_tag=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$api/tags" | jq -r '.[0].name // empty')
|
||||
url="$api/contents/$TEMPLATE_PATH"
|
||||
sha=$(curl -sSL -H "Authorization: token $TOKEN" "$url" | jq -r '.sha // empty' || true)
|
||||
|
||||
sha=$(curl -sSL -H "Authorization: token ${{ secrets.TOKEN }}" "$url" | jq -r '.sha // empty' || true)
|
||||
|
||||
if [[ -z "$sha" ]]; then
|
||||
action="Add"
|
||||
msg="Add CI from skins-template"
|
||||
payload=$(jq -nc --arg message "$msg" --arg content "$TEMPLATE_B64" --arg branch "$default_branch" \
|
||||
payload=$(jq -nc --arg message "$msg" --arg content "${{ needs.fetch-template.outputs.template_b64 }}" --arg branch "$default_branch" \
|
||||
'{message: $message, content: $content, branch: $branch}')
|
||||
else
|
||||
action="Update"
|
||||
msg="Update CI from skins-template"
|
||||
payload=$(jq -nc --arg message "$msg" --arg content "$TEMPLATE_B64" --arg sha "$sha" --arg branch "$default_branch" \
|
||||
payload=$(jq -nc --arg message "$msg" --arg content "${{ needs.fetch-template.outputs.template_b64 }}" --arg sha "$sha" --arg branch "$default_branch" \
|
||||
'{message: $message, content: $content, sha: $sha, branch: $branch}')
|
||||
fi
|
||||
|
||||
if curl -sSL --fail -X PUT -H "Authorization: token $TOKEN" -H "Content-Type: application/json" \
|
||||
if curl -sSL --fail -X PUT -H "Authorization: token ${{ secrets.TOKEN }}" -H "Content-Type: application/json" \
|
||||
-d "$payload" "$url" >/dev/null; then
|
||||
echo "✅ $action successful for $owner/$repo on branch $default_branch"
|
||||
else
|
||||
@@ -101,5 +143,5 @@ jobs:
|
||||
fi
|
||||
done
|
||||
|
||||
- name: Cleanup Temporary Files
|
||||
run: rm -f "$VALID_REPOS_FILE"
|
||||
- name: Cleanup
|
||||
run: rm -f repos.txt
|
||||
|
||||
Reference in New Issue
Block a user