skins/.gitea/workflows/deploy-ci.yaml

name: Sync CI from skins-template to Every User Repository

on:
  workflow_dispatch:

jobs:
  sync-all:
    runs-on: ubuntu-latest
    container:
      image: ${{ vars.CONTAINER_REGISTRY }}/arlind/skins:latest
    env:
      GITEA_API: https://${{ vars.CONTAINER_REGISTRY }}/api/v1
      TOKEN:    ${{ secrets.TOKEN }}
      TEMPLATE_PATH: .gitea/workflows/ci.yml

    steps:
      - name: Fetch CI template via Gitea API
        run: |
          # get the template file (base64)
          resp=$(curl -sSL \
            -H "Authorization: token $TOKEN" \
            "$GITEA_API/repos/osc/skins-template/contents/$TEMPLATE_PATH?ref=main")
          template_b64=$(echo "$resp" | jq -r .content)
          echo "TEMPLATE_B64=$template_b64" >> $GITHUB_ENV

      - name: Fetch valid user repositories
        run: |
          page=1
          per_page=50
          valid_repos_file=$(mktemp)
          user_count_total=$(curl -sSL \
            -H "Authorization: token $TOKEN" \
            "$GITEA_API/admin/users" \
            | jq 'length')
          user_counter=1

          while :; do
            users_json=$(curl -sSL \
              -H "Authorization: token $TOKEN" \
              "$GITEA_API/admin/users?limit=$per_page&page=$page")
            users_count=$(echo "$users_json" | jq 'length')
            [ "$users_count" -eq 0 ] && break

            for i in $(seq 0 $((users_count - 1))); do
              user_login=$(echo "$users_json" | jq -r ".[$i].login")
              echo "[$user_counter/$user_count_total] Processing user: $user_login"
              repos_json=$(curl -sSL \
                -H "Authorization: token $TOKEN" \
                "$GITEA_API/users/$user_login/repos")
              repo_count=$(echo "$repos_json" | jq 'length')

              if [ "$repo_count" -eq 0 ]; then
                echo "  ✖ No repos for $user_login"
              else
                repo_matched=false
                for j in $(seq 0 $((repo_count - 1))); do
                  owner=$(echo "$repos_json" | jq -r ".[$j].owner.login")
                  repo=$(echo "$repos_json" | jq -r ".[$j].name")
                  readme_json=$(curl -sSL \
                    -H "Authorization: token $TOKEN" \
                    "$GITEA_API/repos/$owner/$repo/contents/README.md" \
                    || echo "{}")
                  content=$(echo "$readme_json" \
                    | jq -r .content 2>/dev/null \
                    | base64 -d 2>/dev/null \
                    || echo "")

                  if echo "$content" | grep -qE "^---$" && \
                     echo "$content" | grep -q "^gitea: none" && \
                     echo "$content" | grep -q "^include_toc: true" && \
                     echo "$content" | grep -q "^# Skins"; then
                    echo "$owner/$repo" >> "$valid_repos_file"
                    echo "  ✓ Added $owner/$repo"
                    repo_matched=true
                  fi
                done

                [ "$repo_matched" = false ] && \
                  echo "  ✓ No matching repos for $user_login"
              fi

              user_counter=$((user_counter + 1))
            done

            page=$((page + 1))
          done

          echo "VALID_REPOS_FILE=$valid_repos_file" >> $GITHUB_ENV

      - name: Update CI via Gitea API
        run: |
          mapfile -t repos < "$VALID_REPOS_FILE"
          total=${#repos[@]}

          for idx in "${!repos[@]}"; do
            repo_full=${repos[$idx]}
            owner=${repo_full%%/*}
            repo=${repo_full##*/}
            url="$GITEA_API/repos/$owner/$repo/contents/$TEMPLATE_PATH"

            echo "[$((idx+1))/$total] Fetching SHA for $owner/$repo…"
            sha=$(curl -sSL \
              -H "Authorization: token $TOKEN" \
              "$url" \
              | jq -r .sha // echo "")

            if [ -z "$sha" ] || [ "$sha" = "null" ]; then
              payload=$(jq -n \
                --arg m "Add CI from skins-template" \
                --arg c "$TEMPLATE_B64" \
                '{message: $m, content: $c, branch: "main"}')
            else
              payload=$(jq -n \
                --arg m "Update CI from skins-template" \
                --arg c "$TEMPLATE_B64" \
                --arg s "$sha" \
                '{message: $m, content: $c, sha: $s, branch: "main"}')
            fi

            echo "→ PUT $url"
            curl -sSL -X PUT \
              -H "Authorization: token $TOKEN" \
              -H "Content-Type: application/json" \
              -d "$payload" \
              "$url" \
              && echo "✓ Updated $owner/$repo" \
              || echo "✖ Failed $owner/$repo"
          done

      - name: Cleanup
        run: rm -f "$VALID_REPOS_FILE"