Merge pull request 'fix: fix: remove hardcoded 'johba' references — use dynamic project config instead (#241)' (#243) from fix/issue-241 into main
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
This commit is contained in:
commit
076f6655df
7 changed files with 27 additions and 24 deletions
21
bin/disinto
21
bin/disinto
|
|
@ -303,10 +303,10 @@ services:
|
||||||
environment:
|
environment:
|
||||||
- DISINTO_VERSION=${DISINTO_VERSION:-main}
|
- DISINTO_VERSION=${DISINTO_VERSION:-main}
|
||||||
- FORGE_URL=http://forgejo:3000
|
- FORGE_URL=http://forgejo:3000
|
||||||
- FORGE_REPO=johba/disinto
|
- FORGE_REPO=${FORGE_REPO:-disinto-admin/disinto}
|
||||||
- FORGE_OPS_REPO=johba/disinto-ops
|
- FORGE_OPS_REPO=${FORGE_OPS_REPO:-disinto-admin/disinto-ops}
|
||||||
- FORGE_TOKEN=${FORGE_TOKEN:-}
|
- FORGE_TOKEN=${FORGE_TOKEN:-}
|
||||||
- FORGE_ADMIN_USERS=${FORGE_ADMIN_USERS:-disinto-admin,johba}
|
- FORGE_ADMIN_USERS=${FORGE_ADMIN_USERS:-disinto-admin}
|
||||||
- FORGE_ADMIN_TOKEN=${FORGE_ADMIN_TOKEN:-}
|
- FORGE_ADMIN_TOKEN=${FORGE_ADMIN_TOKEN:-}
|
||||||
- OPS_REPO_ROOT=/opt/disinto-ops
|
- OPS_REPO_ROOT=/opt/disinto-ops
|
||||||
- PROJECT_REPO_ROOT=/opt/disinto
|
- PROJECT_REPO_ROOT=/opt/disinto
|
||||||
|
|
@ -711,10 +711,10 @@ setup_forge() {
|
||||||
# Preserve password for Woodpecker OAuth2 token generation (#779)
|
# Preserve password for Woodpecker OAuth2 token generation (#779)
|
||||||
_FORGE_ADMIN_PASS="$admin_pass"
|
_FORGE_ADMIN_PASS="$admin_pass"
|
||||||
|
|
||||||
# Create human user (johba) as site admin if it doesn't exist
|
# Create human user (disinto-admin) as site admin if it doesn't exist
|
||||||
local human_user="johba"
|
local human_user="disinto-admin"
|
||||||
local human_pass
|
local human_pass
|
||||||
human_pass="human-$(head -c 16 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 20)"
|
human_pass="admin-$(head -c 16 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 20)"
|
||||||
|
|
||||||
if ! curl -sf --max-time 5 "${forge_url}/api/v1/users/${human_user}" >/dev/null 2>&1; then
|
if ! curl -sf --max-time 5 "${forge_url}/api/v1/users/${human_user}" >/dev/null 2>&1; then
|
||||||
echo "Creating human user: ${human_user}"
|
echo "Creating human user: ${human_user}"
|
||||||
|
|
@ -723,7 +723,7 @@ setup_forge() {
|
||||||
--admin \
|
--admin \
|
||||||
--username "${human_user}" \
|
--username "${human_user}" \
|
||||||
--password "${human_pass}" \
|
--password "${human_pass}" \
|
||||||
--email "johba@disinto.local" \
|
--email "admin@disinto.local" \
|
||||||
--must-change-password=false 2>&1); then
|
--must-change-password=false 2>&1); then
|
||||||
echo "Error: failed to create human user '${human_user}':" >&2
|
echo "Error: failed to create human user '${human_user}':" >&2
|
||||||
echo " ${create_output}" >&2
|
echo " ${create_output}" >&2
|
||||||
|
|
@ -1007,11 +1007,12 @@ setup_ops_repo() {
|
||||||
-H "Content-Type: application/json" \
|
-H "Content-Type: application/json" \
|
||||||
"${forge_url}/api/v1/orgs/${org_name}/repos" \
|
"${forge_url}/api/v1/orgs/${org_name}/repos" \
|
||||||
-d "{\"name\":\"${ops_name}\",\"auto_init\":true,\"default_branch\":\"${primary_branch}\",\"description\":\"Operational data for ${org_name}/${ops_name%-ops}\"}" >/dev/null 2>&1; then
|
-d "{\"name\":\"${ops_name}\",\"auto_init\":true,\"default_branch\":\"${primary_branch}\",\"description\":\"Operational data for ${org_name}/${ops_name%-ops}\"}" >/dev/null 2>&1; then
|
||||||
# Fallback: create under the human user namespace
|
# Fallback: create under the repo owner namespace (FORGE_REPO owner)
|
||||||
|
local repo_owner="${FORGE_REPO%%/*}"
|
||||||
curl -sf -X POST \
|
curl -sf -X POST \
|
||||||
-H "Authorization: token ${admin_token:-${FORGE_TOKEN}}" \
|
-H "Authorization: token ${admin_token:-${FORGE_TOKEN}}" \
|
||||||
-H "Content-Type: application/json" \
|
-H "Content-Type: application/json" \
|
||||||
"${forge_url}/api/v1/users/johba/repos" \
|
"${forge_url}/api/v1/users/${repo_owner}/repos" \
|
||||||
-d "{\"name\":\"${ops_name}\",\"auto_init\":true,\"default_branch\":\"${primary_branch}\",\"description\":\"Operational data\"}" >/dev/null 2>&1 || true
|
-d "{\"name\":\"${ops_name}\",\"auto_init\":true,\"default_branch\":\"${primary_branch}\",\"description\":\"Operational data\"}" >/dev/null 2>&1 || true
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
@ -1985,7 +1986,7 @@ p.write_text(text)
|
||||||
|
|
||||||
# Set up vault branch protection on ops repo (#77)
|
# Set up vault branch protection on ops repo (#77)
|
||||||
# This ensures admin-only merge to main, blocking bots from merging vault PRs
|
# This ensures admin-only merge to main, blocking bots from merging vault PRs
|
||||||
# Use HUMAN_TOKEN (johba) or FORGE_TOKEN (dev-bot) for admin operations
|
# Use HUMAN_TOKEN (disinto-admin) or FORGE_TOKEN (dev-bot) for admin operations
|
||||||
export FORGE_OPS_REPO="$ops_slug"
|
export FORGE_OPS_REPO="$ops_slug"
|
||||||
# Source env.sh to ensure FORGE_TOKEN is available
|
# Source env.sh to ensure FORGE_TOKEN is available
|
||||||
source "${FACTORY_ROOT}/lib/env.sh"
|
source "${FACTORY_ROOT}/lib/env.sh"
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,7 @@ services:
|
||||||
- FORGE_TOKEN=${FORGE_TOKEN:-}
|
- FORGE_TOKEN=${FORGE_TOKEN:-}
|
||||||
- FORGE_URL=http://forgejo:3000
|
- FORGE_URL=http://forgejo:3000
|
||||||
- PROJECT_TOML=projects/disinto.toml
|
- PROJECT_TOML=projects/disinto.toml
|
||||||
- FORGE_REPO=johba/disinto
|
- FORGE_REPO=${FORGE_REPO:-disinto-admin/disinto}
|
||||||
depends_on:
|
depends_on:
|
||||||
- forgejo
|
- forgejo
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@ if [ ! -d "${PROJECT_REPO_ROOT}/.git" ]; then
|
||||||
log "Cloning repo..."
|
log "Cloning repo..."
|
||||||
mkdir -p "$(dirname "$PROJECT_REPO_ROOT")"
|
mkdir -p "$(dirname "$PROJECT_REPO_ROOT")"
|
||||||
chown -R agent:agent /home/agent/repos 2>/dev/null || true
|
chown -R agent:agent /home/agent/repos 2>/dev/null || true
|
||||||
su -s /bin/bash agent -c "git clone http://dev-bot:${FORGE_TOKEN}@forgejo:3000/${FORGE_REPO:-johba/disinto}.git ${PROJECT_REPO_ROOT}"
|
su -s /bin/bash agent -c "git clone http://dev-bot:${FORGE_TOKEN}@forgejo:3000/${FORGE_REPO:-disinto-admin/disinto}.git ${PROJECT_REPO_ROOT}"
|
||||||
log "Repo cloned"
|
log "Repo cloned"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -5,7 +5,7 @@ set -euo pipefail
|
||||||
export USER="${USER:-root}"
|
export USER="${USER:-root}"
|
||||||
|
|
||||||
DISINTO_VERSION="${DISINTO_VERSION:-main}"
|
DISINTO_VERSION="${DISINTO_VERSION:-main}"
|
||||||
DISINTO_REPO="${FORGE_URL:-http://forgejo:3000}/johba/disinto.git"
|
DISINTO_REPO="${FORGE_URL:-http://forgejo:3000}/${FORGE_REPO:-disinto-admin/disinto}.git"
|
||||||
|
|
||||||
# Shallow clone at the pinned version
|
# Shallow clone at the pinned version
|
||||||
if [ ! -d /opt/disinto/.git ]; then
|
if [ ! -d /opt/disinto/.git ]; then
|
||||||
|
|
|
||||||
|
|
@ -58,7 +58,7 @@ Validate release prerequisites before proceeding.
|
||||||
|
|
||||||
7. Check if tag already exists on Forgejo:
|
7. Check if tag already exists on Forgejo:
|
||||||
- curl -sf -H "Authorization: token $FORGE_TOKEN" \
|
- curl -sf -H "Authorization: token $FORGE_TOKEN" \
|
||||||
- "$FORGE_URL/api/v1/repos/johba/disinto/git/tags/$RELEASE_VERSION"
|
- "$FORGE_URL/api/v1/repos/$FORGE_REPO/git/tags/$RELEASE_VERSION"
|
||||||
- If exists, exit with error
|
- If exists, exit with error
|
||||||
|
|
||||||
8. Export RELEASE_VERSION for subsequent steps:
|
8. Export RELEASE_VERSION for subsequent steps:
|
||||||
|
|
@ -77,14 +77,14 @@ Create the release tag on Forgejo main via the Forgejo API.
|
||||||
|
|
||||||
1. Get current HEAD SHA of main:
|
1. Get current HEAD SHA of main:
|
||||||
- curl -sf -H "Authorization: token $FORGE_TOKEN" \
|
- curl -sf -H "Authorization: token $FORGE_TOKEN" \
|
||||||
- "$FORGE_URL/api/v1/repos/johba/disinto/branches/$PRIMARY_BRANCH"
|
- "$FORGE_URL/api/v1/repos/$FORGE_REPO/branches/$PRIMARY_BRANCH"
|
||||||
- Parse sha field from response
|
- Parse sha field from response
|
||||||
|
|
||||||
2. Create tag via Forgejo API:
|
2. Create tag via Forgejo API:
|
||||||
- curl -sf -X POST \
|
- curl -sf -X POST \
|
||||||
- -H "Authorization: token $FORGE_TOKEN" \
|
- -H "Authorization: token $FORGE_TOKEN" \
|
||||||
- -H "Content-Type: application/json" \
|
- -H "Content-Type: application/json" \
|
||||||
- "$FORGE_URL/api/v1/repos/johba/disinto/tags" \
|
- "$FORGE_URL/api/v1/repos/$FORGE_REPO/tags" \
|
||||||
- -d "{\"tag\":\"$RELEASE_VERSION\",\"target\":\"$HEAD_SHA\",\"message\":\"Release $RELEASE_VERSION\"}"
|
- -d "{\"tag\":\"$RELEASE_VERSION\",\"target\":\"$HEAD_SHA\",\"message\":\"Release $RELEASE_VERSION\"}"
|
||||||
- Parse response for success
|
- Parse response for success
|
||||||
|
|
||||||
|
|
@ -106,8 +106,8 @@ description = """
|
||||||
Push the newly created tag to all configured mirrors.
|
Push the newly created tag to all configured mirrors.
|
||||||
|
|
||||||
1. Add mirror remotes if not already present:
|
1. Add mirror remotes if not already present:
|
||||||
- Codeberg: git remote add codeberg git@codeberg.org:johba/disinto.git
|
- Codeberg: git remote add codeberg git@codeberg.org:${FORGE_REPO_OWNER}/${PROJECT_NAME}.git
|
||||||
- GitHub: git remote add github git@github.com:disinto/disinto.git
|
- GitHub: git remote add github git@github.com:disinto/${PROJECT_NAME}.git
|
||||||
- Check with: git remote -v
|
- Check with: git remote -v
|
||||||
|
|
||||||
2. Push tag to Codeberg:
|
2. Push tag to Codeberg:
|
||||||
|
|
@ -120,9 +120,9 @@ Push the newly created tag to all configured mirrors.
|
||||||
|
|
||||||
4. Verify tags exist on mirrors:
|
4. Verify tags exist on mirrors:
|
||||||
- curl -sf -H "Authorization: token $GITHUB_TOKEN" \
|
- curl -sf -H "Authorization: token $GITHUB_TOKEN" \
|
||||||
- "https://api.github.com/repos/disinto/disinto/tags/$RELEASE_VERSION"
|
- "https://api.github.com/repos/disinto/${PROJECT_NAME}/tags/$RELEASE_VERSION"
|
||||||
- curl -sf -H "Authorization: token $FORGE_TOKEN" \
|
- curl -sf -H "Authorization: token $FORGE_TOKEN" \
|
||||||
- "$FORGE_URL/api/v1/repos/johba/disinto/git/tags/$RELEASE_VERSION"
|
- "$FORGE_URL/api/v1/repos/$FORGE_REPO/git/tags/$RELEASE_VERSION"
|
||||||
|
|
||||||
5. Log success:
|
5. Log success:
|
||||||
- echo "Tag $RELEASE_VERSION pushed to mirrors"
|
- echo "Tag $RELEASE_VERSION pushed to mirrors"
|
||||||
|
|
@ -227,7 +227,7 @@ Write the release result to a file for tracking.
|
||||||
- {
|
- {
|
||||||
- "version": "$RELEASE_VERSION",
|
- "version": "$RELEASE_VERSION",
|
||||||
- "image_id": "$IMAGE_ID",
|
- "image_id": "$IMAGE_ID",
|
||||||
- "forgejo_tag_url": "$FORGE_URL/johba/disinto/src/$RELEASE_VERSION",
|
- "forgejo_tag_url": "$FORGE_URL/$FORGE_REPO/src/$RELEASE_VERSION",
|
||||||
- "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
|
- "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
|
||||||
- "status": "success"
|
- "status": "success"
|
||||||
- }
|
- }
|
||||||
|
|
|
||||||
|
|
@ -379,7 +379,7 @@ remove_branch_protection() {
|
||||||
# - Allow review-bot to approve PRs
|
# - Allow review-bot to approve PRs
|
||||||
#
|
#
|
||||||
# Args:
|
# Args:
|
||||||
# $1 - Repo path in format 'owner/repo' (e.g., 'johba/disinto')
|
# $1 - Repo path in format 'owner/repo' (e.g., 'disinto-admin/disinto')
|
||||||
# $2 - Branch to protect (default: main)
|
# $2 - Branch to protect (default: main)
|
||||||
#
|
#
|
||||||
# Returns: 0 on success, 1 on failure
|
# Returns: 0 on success, 1 on failure
|
||||||
|
|
@ -536,7 +536,7 @@ if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
|
||||||
echo "Required environment variables:"
|
echo "Required environment variables:"
|
||||||
echo " FORGE_TOKEN Forgejo API token (admin user recommended)"
|
echo " FORGE_TOKEN Forgejo API token (admin user recommended)"
|
||||||
echo " FORGE_URL Forgejo instance URL (e.g., https://codeberg.org)"
|
echo " FORGE_URL Forgejo instance URL (e.g., https://codeberg.org)"
|
||||||
echo " FORGE_OPS_REPO Ops repo in format owner/repo (e.g., johba/disinto-ops)"
|
echo " FORGE_OPS_REPO Ops repo in format owner/repo (e.g., disinto-admin/disinto-ops)"
|
||||||
exit 0
|
exit 0
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
|
|
|
||||||
|
|
@ -83,7 +83,7 @@ if mirrors:
|
||||||
# Export parsed variables.
|
# Export parsed variables.
|
||||||
# Inside the agents container (DISINTO_CONTAINER=1), compose already sets the
|
# Inside the agents container (DISINTO_CONTAINER=1), compose already sets the
|
||||||
# correct FORGE_URL (http://forgejo:3000) and path vars for the container
|
# correct FORGE_URL (http://forgejo:3000) and path vars for the container
|
||||||
# environment. The TOML carries host-perspective values (localhost, /home/johba/…)
|
# environment. The TOML carries host-perspective values (localhost, /home/admin/…)
|
||||||
# that would break container API calls and path resolution. Skip overriding
|
# that would break container API calls and path resolution. Skip overriding
|
||||||
# any env var that is already set when running inside the container.
|
# any env var that is already set when running inside the container.
|
||||||
while IFS='=' read -r _key _val; do
|
while IFS='=' read -r _key _val; do
|
||||||
|
|
@ -100,6 +100,8 @@ export FORGE_URL="${FORGE_URL:-http://localhost:3000}"
|
||||||
if [ -n "$FORGE_REPO" ]; then
|
if [ -n "$FORGE_REPO" ]; then
|
||||||
export FORGE_API="${FORGE_URL}/api/v1/repos/${FORGE_REPO}"
|
export FORGE_API="${FORGE_URL}/api/v1/repos/${FORGE_REPO}"
|
||||||
export FORGE_WEB="${FORGE_URL}/${FORGE_REPO}"
|
export FORGE_WEB="${FORGE_URL}/${FORGE_REPO}"
|
||||||
|
# Extract repo owner (first path segment of owner/repo)
|
||||||
|
export FORGE_REPO_OWNER="${FORGE_REPO%%/*}"
|
||||||
fi
|
fi
|
||||||
# Backwards-compat aliases
|
# Backwards-compat aliases
|
||||||
export CODEBERG_REPO="${FORGE_REPO}"
|
export CODEBERG_REPO="${FORGE_REPO}"
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue