diff --git a/.gitea/workflows/pr-check-yaml b/.gitea/workflows/pr-check-yaml deleted file mode 100644 index 2d89269..0000000 --- a/.gitea/workflows/pr-check-yaml +++ /dev/null @@ -1,164 +0,0 @@ ---- -# https://github.com/kekxv/pr-check -name: PR check - -on: - pull_request: - types: [opened, synchronize] - -jobs: - leak_test: - name: Gitleaks - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v6 - with: - github-server-url: ${{ vars.GIT_SERVER_URL }} - - - name: Install Gitleaks - run: | - curl -sSL https://github.com/gitleaks/gitleaks/releases/download/v8.30.0/gitleaks_8.30.0_linux_x64.tar.gz \ - | tar -xz - sudo mv gitleaks /usr/local/bin/ - - - name: Run Gitleaks - run: | - gitleaks dir . \ - --redact=10 \ - --verbose \ - --exit-code 1 - - lint_test: - name: lint tests - runs-on: ubuntu-latest - - steps: - - name: Checkout code - uses: actions/checkout@v6 - with: - github-server-url: ${{ vars.GIT_SERVER_URL }} - - - name: Install Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - - - name: Run markdownlint - run: npx markdownlint-cli2 "**/*.md" "#node_modules" - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: "3.14" - - - name: Install ansible-lint and yamllint - run: | - python -m pip install --upgrade pip - pip install ansible ansible-lint yamllint - - - name: Run yamllint - run: | - yamllint . - - - name: Run ansible-lint - run: | - ansible-lint - -handle_failures: - runs-on: ubuntu-latest - needs: [leak_test, lint_test] - if: needs.leak_test.result != 'success' || needs.lint_test.result != 'success' - - steps: - - name: Comment, label, and close PR - run: | - API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}" - PR="${{ github.event.pull_request.number }}" - TOKEN="${{ secrets.GITEA_TOKEN }}" - - COMMENT_BODY="❌ CI checks failed.\n\nLeak test: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}" - - # Find existing comment - EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \ - "$API/issues/$PR/comments" \ - | jq -r '.[] | select(.body | test("")) | .id') - - # Update or create comment - if [ -n "$EXISTING_COMMENT_ID" ]; then - curl -s -X PATCH \ - -H "Authorization: token $TOKEN" \ - -H "Content-Type: application/json" \ - -d "{\"body\":\"\n$COMMENT_BODY\"}" \ - "$API/issues/$PR/comments/$EXISTING_COMMENT_ID" - else - curl -s -X POST \ - -H "Authorization: token $TOKEN" \ - -H "Content-Type: application/json" \ - -d "{\"body\":\"\n$COMMENT_BODY\"}" \ - "$API/issues/$PR/comments" - fi - - # Add label if missing - LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name') - if ! echo "$LABELS" | grep -q "^ci-failed$"; then - curl -s -X POST \ - -H "Authorization: token $TOKEN" \ - -H "Content-Type: application/json" \ - -d '["ci-failed"]' \ - "$API/issues/$PR/labels" - fi - - # Close PR - curl -s -X PATCH \ - -H "Authorization: token $TOKEN" \ - -H "Content-Type: application/json" \ - -d '{"state":"closed"}' \ - "$API/pulls/$PR" - -handle_success: - runs-on: ubuntu-latest - needs: [leak_test, lint_test] - if: needs.leak_test.result == 'success' && needs.lint_test.result == 'success' - - steps: - - name: Update comment, remove label, reopen PR - run: | - API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}" - PR="${{ github.event.pull_request.number }}" - TOKEN="${{ secrets.GITEA_TOKEN }}" - - COMMENT_BODY="✅ All CI checks passed.\n\nLeak test: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}" - - # Find existing comment - EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \ - "$API/issues/$PR/comments" \ - | jq -r '.[] | select(.body | test("")) | .id') - - # Update comment if exists - if [ -n "$EXISTING_COMMENT_ID" ]; then - curl -s -X PATCH \ - -H "Authorization: token $TOKEN" \ - -H "Content-Type: application/json" \ - -d "{\"body\":\"\n$COMMENT_BODY\"}" \ - "$API/issues/$PR/comments/$EXISTING_COMMENT_ID" - fi - - # Remove label if exists - LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name') - if echo "$LABELS" | grep -q "^ci-failed$"; then - curl -s -X DELETE \ - -H "Authorization: token $TOKEN" \ - "$API/issues/$PR/labels/ci-failed" - fi - - # Reopen PR if closed - PR_STATE=$(curl -s -H "Authorization: token $TOKEN" "$API/pulls/$PR" | jq -r '.state') - if [ "$PR_STATE" = "closed" ]; then - curl -s -X PATCH \ - -H "Authorization: token $TOKEN" \ - -H "Content-Type: application/json" \ - -d '{"state":"open"}' \ - "$API/pulls/$PR" - fi diff --git a/.gitea/workflows/pr-check.yaml b/.gitea/workflows/pr-check.yaml new file mode 100644 index 0000000..bcf3874 --- /dev/null +++ b/.gitea/workflows/pr-check.yaml @@ -0,0 +1,166 @@ +--- +# https://github.com/kekxv/pr-check +name: PR check + +on: + pull_request: + types: [opened, synchronize] + +jobs: + leak_test: + name: Gitleaks + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v6 + with: + github-server-url: ${{ vars.GIT_SERVER_URL }} + + - name: Install Gitleaks + run: | + curl -sSL https://github.com/gitleaks/gitleaks/releases/download/v8.30.0/gitleaks_8.30.0_linux_x64.tar.gz \ + | tar -xz + sudo mv gitleaks /usr/local/bin/ + + - name: Run Gitleaks + run: | + gitleaks dir . \ + --redact=10 \ + --verbose \ + --exit-code 1 + + lint_test: + name: lint tests + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v6 + with: + github-server-url: ${{ vars.GIT_SERVER_URL }} + + - name: Install Node.js + uses: actions/setup-node@v4 + with: + node-version: 20 + + - name: Run markdownlint + run: npx markdownlint-cli2 "**/*.md" "#node_modules" + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: "3.14" + + - name: Install ansible-lint and yamllint + run: | + python -m pip install --upgrade pip + pip install ansible ansible-lint yamllint + + - name: Run yamllint + run: | + yamllint . + + - name: Run ansible-lint + run: | + ansible-lint + + handle_failures: + runs-on: ubuntu-latest + needs: [leak_test, lint_test] + if: "${{ always() && ( + needs.leak_test.result != 'success' || + needs.lint_test.result != 'success' ) }}" + + steps: + - name: Comment, label, and close PR + run: | + API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}" + PR="${{ github.event.pull_request.number }}" + TOKEN="${{ secrets.GITEA_TOKEN }}" + + COMMENT_BODY="❌ CI checks failed.\n\nLeak: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}" + + # Find existing comment + EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \ + "$API/issues/$PR/comments" \ + | jq -r '.[] | select(.body | test("")) | .id') + + # Update or create comment + if [ -n "$EXISTING_COMMENT_ID" ]; then + curl -s -X PATCH \ + -H "Authorization: token $TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"body\":\"\n$COMMENT_BODY\"}" \ + "$API/issues/$PR/comments/$EXISTING_COMMENT_ID" + else + curl -s -X POST \ + -H "Authorization: token $TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"body\":\"\n$COMMENT_BODY\"}" \ + "$API/issues/$PR/comments" + fi + + # Add label if missing + LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name') + if ! echo "$LABELS" | grep -q "^ci-failed$"; then + curl -s -X POST \ + -H "Authorization: token $TOKEN" \ + -H "Content-Type: application/json" \ + -d '["ci-failed"]' \ + "$API/issues/$PR/labels" + fi + + # Close PR + curl -s -X PATCH \ + -H "Authorization: token $TOKEN" \ + -H "Content-Type: application/json" \ + -d '{"state":"closed"}' \ + "$API/pulls/$PR" + + handle_success: + runs-on: ubuntu-latest + needs: [leak_test, lint_test] + if: needs.leak_test.result == 'success' && needs.lint_test.result == 'success' + + steps: + - name: Update comment, remove label, reopen PR + run: | + API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}" + PR="${{ github.event.pull_request.number }}" + TOKEN="${{ secrets.GITEA_TOKEN }}" + + COMMENT_BODY="✅ CI checks pass.\n\nLeaks: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}" + + # Find existing comment + EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \ + "$API/issues/$PR/comments" \ + | jq -r '.[] | select(.body | test("")) | .id') + + # Update comment if exists + if [ -n "$EXISTING_COMMENT_ID" ]; then + curl -s -X PATCH \ + -H "Authorization: token $TOKEN" \ + -H "Content-Type: application/json" \ + -d "{\"body\":\"\n$COMMENT_BODY\"}" \ + "$API/issues/$PR/comments/$EXISTING_COMMENT_ID" + fi + + # Remove label if exists + LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name') + if echo "$LABELS" | grep -q "^ci-failed$"; then + curl -s -X DELETE \ + -H "Authorization: token $TOKEN" \ + "$API/issues/$PR/labels/ci-failed" + fi + + # Reopen PR if closed + PR_STATE=$(curl -s -H "Authorization: token $TOKEN" "$API/pulls/$PR" | jq -r '.state') + if [ "$PR_STATE" = "closed" ]; then + curl -s -X PATCH \ + -H "Authorization: token $TOKEN" \ + -H "Content-Type: application/json" \ + -d '{"state":"open"}' \ + "$API/pulls/$PR" + fi