chore: 👷 Add repository condition to CI workflows… #1905
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| name: 🐳 CI - Devcontainer | ||
| on: | ||
| # Trigger the workflow only if PR is merged | ||
| push: | ||
|
|
@@ -7,18 +7,19 @@ on: | |
|
|
||
| jobs: | ||
| build: | ||
| name: 🏗️ Build Devcontainer | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: 🛎️ Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: 🔑 Login to GitHub Container Registry | ||
| uses: docker/[email protected] | ||
| with: | ||
| registry: ghcr.io | ||
| username: ${{ github.repository_owner }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
| - name: 🐳 Build devcontainer | ||
| uses: devcontainers/[email protected] | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| name: 🚢 CD - Publish Docker image on ghcr.io | ||
|
|
||
| # cos | ||
| # separate terms of service, privacy policy, and support | ||
|
|
@@ -29,38 +29,40 @@ jobs: | |
| packages: write | ||
| id-token: write # needed for signing the images with GitHub OIDC Token | ||
|
|
||
| name: 🛠️ Build Image | ||
| steps: | ||
| - name: 🛎️ Checkout repository | ||
| uses: actions/[email protected] | ||
| with: | ||
| fetch-depth: 1 | ||
|
|
||
| - name: 📦 Install Cosign | ||
| uses: sigstore/[email protected] | ||
| # with: | ||
| # cosign-release: \'v2.2.4\' # optional | ||
|
|
||
| - name: 🔧 Setup QEMU | ||
| uses: docker/[email protected] | ||
|
|
||
| - name: 🐳 Set up Docker Buildx | ||
| uses: docker/[email protected] | ||
|
|
||
| - name: 🔑 Login to GitHub Container Registry | ||
| uses: docker/[email protected] | ||
| with: | ||
| registry: ${{ env.REGISTRY }} | ||
| username: ${{ github.actor }} | ||
| password: ${{ secrets.GITHUB_TOKEN }} | ||
|
|
||
| - id: docker_meta | ||
| name: 🏷️ Extract Docker metadata | ||
| uses: docker/[email protected] | ||
| with: | ||
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | ||
| # tags: | | ||
| # type=pep440,pattern={{version}},prefix=v | ||
|
|
||
| - name: 🏗️ Build and Push container images | ||
| uses: docker/[email protected] | ||
| id: build-and-push | ||
| with: | ||
|
|
@@ -73,7 +75,7 @@ jobs: | |
| outputs: type=image,name=target,annotation-index.org.opencontainers.image.description=${{ fromJSON(steps.docker_meta.outputs.json).labels['org.opencontainers.image.description'] }} | ||
|
|
||
| # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable | ||
| - name: ✍️ Sign image with a key | ||
| run: | | ||
| images="" | ||
| for tag in ${TAGS}; do | ||
|
|
@@ -86,7 +88,7 @@ jobs: | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | ||
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | ||
|
|
||
| - name: ✍️ Sign the images with GitHub OIDC Token | ||
| env: | ||
| DIGEST: ${{ steps.build-and-push.outputs.digest }} | ||
| TAGS: ${{ steps.docker_meta.outputs.tags }} | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| name: 🐳 CI - Docker Image | ||
| on: | ||
| push: | ||
| branches: [main] | ||
|
|
@@ -9,20 +9,23 @@ on: | |
|
|
||
| jobs: | ||
| docker: | ||
| if: github.repository == 'Anselmoo/spectrafit' | ||
| # Only if Dockerfile is changed | ||
| name: 🐳 Docker Image Build | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: 🛎️ Checkout repository | ||
| uses: actions/checkout@v4 | ||
| - name: 🗂️ Filter Dockerfile changes | ||
| uses: dorny/[email protected] | ||
| id: filter | ||
| with: | ||
| filters: | | ||
| docker: | ||
| - 'Dockerfile' | ||
| - name: 🏗️ Build the Docker image for AMD64 | ||
| run: | | ||
| docker build . --file Dockerfile --tag spectrafit:$(date +%s) | ||
| # - name: 🏗️ Build the Docker image for ARM64 | ||
| # run: | | ||
| # docker build . --file Dockerfile --tag spectrafit-arm64:$(date +%s) --platform linux/arm64 | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,136 @@ | ||
| name: 🦊 Mirror to GitLab | ||
|
|
||
| on: | ||
| push: | ||
| branches: ["**"] | ||
| tags: ["**"] | ||
| pull_request: | ||
| types: [opened, synchronize] | ||
|
|
||
| jobs: | ||
| mirror: | ||
| name: 🔄 Mirror to GitLab | ||
| runs-on: ubuntu-latest | ||
| # Avoid running twice on PRs | ||
| if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository | ||
|
|
||
| steps: | ||
| - name: 🛎️ Checkout repository | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 0 # Fetch all history and tags for proper mirroring | ||
|
|
||
| - name: 🔗 Mirror to GitLab | ||
| shell: bash | ||
| env: | ||
| GITLAB_HOSTNAME: ${{ secrets.GITLAB_HOSTNAME }} | ||
| GITLAB_USERNAME: ${{ secrets.GITLAB_USERNAME }} | ||
| GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }} | ||
| GITLAB_PROJECT_PATH: ${{ secrets.GITLAB_PROJECT_PATH }} | ||
| run: | | ||
| # Check for required secrets | ||
| if [ -z "$GITLAB_USERNAME" ] || [ -z "$GITLAB_TOKEN" ] || [ -z "$GITLAB_PROJECT_PATH" ]; then | ||
| echo "❌ Error: Missing required GitLab credentials or project path." | ||
| echo "Please set GITLAB_USERNAME, GITLAB_TOKEN, and GITLAB_PROJECT_PATH secrets." | ||
| exit 1 | ||
| fi | ||
|
|
||
| # Set default GitLab hostname if not provided | ||
| GITLAB_HOSTNAME="${GITLAB_HOSTNAME:-gitlab.com}" | ||
|
|
||
| # Configure git | ||
| git config --global user.name "GitHub Actions" | ||
| git config --global user.email "[email protected]" | ||
|
|
||
| # Add GitLab remote with credentials | ||
| echo "📝 Adding GitLab remote..." | ||
| GITLAB_URL="https://${GITLAB_USERNAME}:${GITLAB_TOKEN}@${GITLAB_HOSTNAME}/${GITLAB_PROJECT_PATH}.git" | ||
| git remote add gitlab "${GITLAB_URL}" | ||
|
There was a problem hiding this comment. issue (bug_risk): No check for existing 'gitlab' remote before adding. Verify if a 'gitlab' remote already exists and remove or update it before adding, to prevent failures on reruns. |
||
|
|
||
| # Fetch from GitLab to see remote state | ||
| echo "🔄 Fetching from GitLab..." | ||
| if ! git fetch gitlab; then | ||
| echo "⚠️ Could not fetch from GitLab. The repository might not exist or credentials are invalid." | ||
| echo "🚀 Pushing all branches and tags to GitLab..." | ||
| git push --force --mirror gitlab | ||
| echo "✅ Repository successfully mirrored to GitLab" | ||
| exit 0 | ||
| fi | ||
|
|
||
| # Handle different GitHub ref types | ||
| if [[ "$GITHUB_REF" == refs/tags/* ]]; then | ||
| # Handle tags | ||
| TAG_NAME="${GITHUB_REF#refs/tags/}" | ||
| echo "🏷️ Pushing tag: $TAG_NAME" | ||
| git push gitlab "$TAG_NAME" | ||
| exit 0 | ||
| elif [[ "$GITHUB_REF" == refs/pull/* ]]; then | ||
| # Handle pull requests - push the source branch instead | ||
| PR_NUMBER=$(echo $GITHUB_REF | cut -d'/' -f3) | ||
| SOURCE_BRANCH="${GITHUB_HEAD_REF}" | ||
| TARGET_BRANCH="${GITHUB_BASE_REF}" | ||
|
|
||
| echo "🔄 Processing pull request #$PR_NUMBER from $SOURCE_BRANCH to $TARGET_BRANCH" | ||
|
|
||
| # Check if PR source branch exists locally | ||
| if git show-ref --verify --quiet "refs/remotes/origin/$SOURCE_BRANCH"; then | ||
|
There was a problem hiding this comment. issue (bug_risk): PR source branch check may not work for forks. The 'refs/remotes/origin/$SOURCE_BRANCH' check skips forked PRs since their branches aren’t local. Ensure fork branches are fetched or handled. |
||
| echo "🔄 Pushing PR source branch to GitLab: $SOURCE_BRANCH" | ||
| git push gitlab "refs/remotes/origin/$SOURCE_BRANCH:refs/heads/$SOURCE_BRANCH" | ||
| else | ||
| echo "⚠️ PR source branch not found locally, skipping mirror" | ||
| fi | ||
| exit 0 | ||
| else | ||
| # Regular branch handling | ||
| CURRENT_BRANCH="${GITHUB_REF#refs/heads/}" | ||
| echo "🔍 Current branch: $CURRENT_BRANCH" | ||
| fi | ||
|
|
||
| # Check if branch exists on GitLab | ||
| if git branch -r | grep -q "gitlab/$CURRENT_BRANCH"; then | ||
| echo "✅ Branch $CURRENT_BRANCH exists on GitLab" | ||
|
|
||
| # Compare branches | ||
| LOCAL_SHA=$(git rev-parse HEAD) | ||
| REMOTE_SHA=$(git rev-parse "gitlab/$CURRENT_BRANCH") | ||
| BASE_SHA=$(git merge-base HEAD "gitlab/$CURRENT_BRANCH") | ||
|
|
||
| # Branch comparison logic | ||
| if [ "$LOCAL_SHA" = "$REMOTE_SHA" ]; then | ||
| echo "🟢 Branches are identical. No action needed." | ||
| else | ||
| if [ "$LOCAL_SHA" = "$BASE_SHA" ]; then | ||
| echo "⬇️ GitLab branch is ahead. Pulling changes..." | ||
| git merge "gitlab/$CURRENT_BRANCH" | ||
| fi | ||
|
|
||
| if [ "$REMOTE_SHA" = "$BASE_SHA" ]; then | ||
| echo "⬆️ GitHub branch is ahead. Pushing changes..." | ||
| git push gitlab "$CURRENT_BRANCH":"$CURRENT_BRANCH" | ||
| else | ||
| # Only handle diverged branches if neither condition above was true | ||
| if [ "$LOCAL_SHA" != "$BASE_SHA" ] && [ "$REMOTE_SHA" != "$BASE_SHA" ]; then | ||
| echo "⚠️ Branches have diverged. Creating conflict resolution branch..." | ||
| CONFLICT_BRANCH="merge-conflict/$CURRENT_BRANCH-$(date +%s)" | ||
| git checkout -b "$CONFLICT_BRANCH" | ||
|
|
||
| if git merge "gitlab/$CURRENT_BRANCH"; then | ||
| echo "🔀 Automatic merge successful. Pushing merged branch to GitLab..." | ||
| git push gitlab "$CONFLICT_BRANCH" | ||
| echo "🔗 Created conflict resolution branch: $CONFLICT_BRANCH" | ||
| else | ||
| echo "❌ Merge conflicts detected. Manual resolution needed." | ||
| git merge --abort | ||
| echo "⬆️ Pushing GitHub version to GitLab as-is..." | ||
| git checkout "$CURRENT_BRANCH" | ||
| git push gitlab "$CURRENT_BRANCH":"$CURRENT_BRANCH" | ||
| fi | ||
| fi | ||
| fi | ||
| fi | ||
| else | ||
| echo "🆕 Branch $CURRENT_BRANCH does not exist on GitLab. Creating it..." | ||
| git push gitlab "$CURRENT_BRANCH" | ||
|
There was a problem hiding this comment. suggestion (bug_risk): Initial branch push does not handle protected branches. Catch push failures when the GitLab branch is protected or restricted and provide clear error messages. |
||
| fi | ||
|
|
||
| echo "✅ Mirroring process completed" | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
suggestion: Secret validation only checks for presence, not for empty values.
Add checks to ensure each secret is not only set but also non-empty to prevent the script from proceeding with empty values.