Merge pull request 'fix: fix: remove hardcoded 'johba' references — use dynamic project config instead (#241)' (#243) from fix/issue-241 into main
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
All checks were successful
ci/woodpecker/push/ci Pipeline was successful
This commit is contained in:
commit
076f6655df
7 changed files with 27 additions and 24 deletions
21
bin/disinto
21
bin/disinto
|
|
@ -303,10 +303,10 @@ services:
|
|||
environment:
|
||||
- DISINTO_VERSION=${DISINTO_VERSION:-main}
|
||||
- FORGE_URL=http://forgejo:3000
|
||||
- FORGE_REPO=johba/disinto
|
||||
- FORGE_OPS_REPO=johba/disinto-ops
|
||||
- FORGE_REPO=${FORGE_REPO:-disinto-admin/disinto}
|
||||
- FORGE_OPS_REPO=${FORGE_OPS_REPO:-disinto-admin/disinto-ops}
|
||||
- FORGE_TOKEN=${FORGE_TOKEN:-}
|
||||
- FORGE_ADMIN_USERS=${FORGE_ADMIN_USERS:-disinto-admin,johba}
|
||||
- FORGE_ADMIN_USERS=${FORGE_ADMIN_USERS:-disinto-admin}
|
||||
- FORGE_ADMIN_TOKEN=${FORGE_ADMIN_TOKEN:-}
|
||||
- OPS_REPO_ROOT=/opt/disinto-ops
|
||||
- PROJECT_REPO_ROOT=/opt/disinto
|
||||
|
|
@ -711,10 +711,10 @@ setup_forge() {
|
|||
# Preserve password for Woodpecker OAuth2 token generation (#779)
|
||||
_FORGE_ADMIN_PASS="$admin_pass"
|
||||
|
||||
# Create human user (johba) as site admin if it doesn't exist
|
||||
local human_user="johba"
|
||||
# Create human user (disinto-admin) as site admin if it doesn't exist
|
||||
local human_user="disinto-admin"
|
||||
local human_pass
|
||||
human_pass="human-$(head -c 16 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 20)"
|
||||
human_pass="admin-$(head -c 16 /dev/urandom | base64 | tr -dc 'a-zA-Z0-9' | head -c 20)"
|
||||
|
||||
if ! curl -sf --max-time 5 "${forge_url}/api/v1/users/${human_user}" >/dev/null 2>&1; then
|
||||
echo "Creating human user: ${human_user}"
|
||||
|
|
@ -723,7 +723,7 @@ setup_forge() {
|
|||
--admin \
|
||||
--username "${human_user}" \
|
||||
--password "${human_pass}" \
|
||||
--email "johba@disinto.local" \
|
||||
--email "admin@disinto.local" \
|
||||
--must-change-password=false 2>&1); then
|
||||
echo "Error: failed to create human user '${human_user}':" >&2
|
||||
echo " ${create_output}" >&2
|
||||
|
|
@ -1007,11 +1007,12 @@ setup_ops_repo() {
|
|||
-H "Content-Type: application/json" \
|
||||
"${forge_url}/api/v1/orgs/${org_name}/repos" \
|
||||
-d "{\"name\":\"${ops_name}\",\"auto_init\":true,\"default_branch\":\"${primary_branch}\",\"description\":\"Operational data for ${org_name}/${ops_name%-ops}\"}" >/dev/null 2>&1; then
|
||||
# Fallback: create under the human user namespace
|
||||
# Fallback: create under the repo owner namespace (FORGE_REPO owner)
|
||||
local repo_owner="${FORGE_REPO%%/*}"
|
||||
curl -sf -X POST \
|
||||
-H "Authorization: token ${admin_token:-${FORGE_TOKEN}}" \
|
||||
-H "Content-Type: application/json" \
|
||||
"${forge_url}/api/v1/users/johba/repos" \
|
||||
"${forge_url}/api/v1/users/${repo_owner}/repos" \
|
||||
-d "{\"name\":\"${ops_name}\",\"auto_init\":true,\"default_branch\":\"${primary_branch}\",\"description\":\"Operational data\"}" >/dev/null 2>&1 || true
|
||||
fi
|
||||
|
||||
|
|
@ -1985,7 +1986,7 @@ p.write_text(text)
|
|||
|
||||
# Set up vault branch protection on ops repo (#77)
|
||||
# This ensures admin-only merge to main, blocking bots from merging vault PRs
|
||||
# Use HUMAN_TOKEN (johba) or FORGE_TOKEN (dev-bot) for admin operations
|
||||
# Use HUMAN_TOKEN (disinto-admin) or FORGE_TOKEN (dev-bot) for admin operations
|
||||
export FORGE_OPS_REPO="$ops_slug"
|
||||
# Source env.sh to ensure FORGE_TOKEN is available
|
||||
source "${FACTORY_ROOT}/lib/env.sh"
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ services:
|
|||
- FORGE_TOKEN=${FORGE_TOKEN:-}
|
||||
- FORGE_URL=http://forgejo:3000
|
||||
- PROJECT_TOML=projects/disinto.toml
|
||||
- FORGE_REPO=johba/disinto
|
||||
- FORGE_REPO=${FORGE_REPO:-disinto-admin/disinto}
|
||||
depends_on:
|
||||
- forgejo
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ if [ ! -d "${PROJECT_REPO_ROOT}/.git" ]; then
|
|||
log "Cloning repo..."
|
||||
mkdir -p "$(dirname "$PROJECT_REPO_ROOT")"
|
||||
chown -R agent:agent /home/agent/repos 2>/dev/null || true
|
||||
su -s /bin/bash agent -c "git clone http://dev-bot:${FORGE_TOKEN}@forgejo:3000/${FORGE_REPO:-johba/disinto}.git ${PROJECT_REPO_ROOT}"
|
||||
su -s /bin/bash agent -c "git clone http://dev-bot:${FORGE_TOKEN}@forgejo:3000/${FORGE_REPO:-disinto-admin/disinto}.git ${PROJECT_REPO_ROOT}"
|
||||
log "Repo cloned"
|
||||
fi
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ set -euo pipefail
|
|||
export USER="${USER:-root}"
|
||||
|
||||
DISINTO_VERSION="${DISINTO_VERSION:-main}"
|
||||
DISINTO_REPO="${FORGE_URL:-http://forgejo:3000}/johba/disinto.git"
|
||||
DISINTO_REPO="${FORGE_URL:-http://forgejo:3000}/${FORGE_REPO:-disinto-admin/disinto}.git"
|
||||
|
||||
# Shallow clone at the pinned version
|
||||
if [ ! -d /opt/disinto/.git ]; then
|
||||
|
|
|
|||
|
|
@ -58,7 +58,7 @@ Validate release prerequisites before proceeding.
|
|||
|
||||
7. Check if tag already exists on Forgejo:
|
||||
- curl -sf -H "Authorization: token $FORGE_TOKEN" \
|
||||
- "$FORGE_URL/api/v1/repos/johba/disinto/git/tags/$RELEASE_VERSION"
|
||||
- "$FORGE_URL/api/v1/repos/$FORGE_REPO/git/tags/$RELEASE_VERSION"
|
||||
- If exists, exit with error
|
||||
|
||||
8. Export RELEASE_VERSION for subsequent steps:
|
||||
|
|
@ -77,14 +77,14 @@ Create the release tag on Forgejo main via the Forgejo API.
|
|||
|
||||
1. Get current HEAD SHA of main:
|
||||
- curl -sf -H "Authorization: token $FORGE_TOKEN" \
|
||||
- "$FORGE_URL/api/v1/repos/johba/disinto/branches/$PRIMARY_BRANCH"
|
||||
- "$FORGE_URL/api/v1/repos/$FORGE_REPO/branches/$PRIMARY_BRANCH"
|
||||
- Parse sha field from response
|
||||
|
||||
2. Create tag via Forgejo API:
|
||||
- curl -sf -X POST \
|
||||
- -H "Authorization: token $FORGE_TOKEN" \
|
||||
- -H "Content-Type: application/json" \
|
||||
- "$FORGE_URL/api/v1/repos/johba/disinto/tags" \
|
||||
- "$FORGE_URL/api/v1/repos/$FORGE_REPO/tags" \
|
||||
- -d "{\"tag\":\"$RELEASE_VERSION\",\"target\":\"$HEAD_SHA\",\"message\":\"Release $RELEASE_VERSION\"}"
|
||||
- Parse response for success
|
||||
|
||||
|
|
@ -106,8 +106,8 @@ description = """
|
|||
Push the newly created tag to all configured mirrors.
|
||||
|
||||
1. Add mirror remotes if not already present:
|
||||
- Codeberg: git remote add codeberg git@codeberg.org:johba/disinto.git
|
||||
- GitHub: git remote add github git@github.com:disinto/disinto.git
|
||||
- Codeberg: git remote add codeberg git@codeberg.org:${FORGE_REPO_OWNER}/${PROJECT_NAME}.git
|
||||
- GitHub: git remote add github git@github.com:disinto/${PROJECT_NAME}.git
|
||||
- Check with: git remote -v
|
||||
|
||||
2. Push tag to Codeberg:
|
||||
|
|
@ -120,9 +120,9 @@ Push the newly created tag to all configured mirrors.
|
|||
|
||||
4. Verify tags exist on mirrors:
|
||||
- curl -sf -H "Authorization: token $GITHUB_TOKEN" \
|
||||
- "https://api.github.com/repos/disinto/disinto/tags/$RELEASE_VERSION"
|
||||
- "https://api.github.com/repos/disinto/${PROJECT_NAME}/tags/$RELEASE_VERSION"
|
||||
- curl -sf -H "Authorization: token $FORGE_TOKEN" \
|
||||
- "$FORGE_URL/api/v1/repos/johba/disinto/git/tags/$RELEASE_VERSION"
|
||||
- "$FORGE_URL/api/v1/repos/$FORGE_REPO/git/tags/$RELEASE_VERSION"
|
||||
|
||||
5. Log success:
|
||||
- echo "Tag $RELEASE_VERSION pushed to mirrors"
|
||||
|
|
@ -227,7 +227,7 @@ Write the release result to a file for tracking.
|
|||
- {
|
||||
- "version": "$RELEASE_VERSION",
|
||||
- "image_id": "$IMAGE_ID",
|
||||
- "forgejo_tag_url": "$FORGE_URL/johba/disinto/src/$RELEASE_VERSION",
|
||||
- "forgejo_tag_url": "$FORGE_URL/$FORGE_REPO/src/$RELEASE_VERSION",
|
||||
- "timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
|
||||
- "status": "success"
|
||||
- }
|
||||
|
|
|
|||
|
|
@ -379,7 +379,7 @@ remove_branch_protection() {
|
|||
# - Allow review-bot to approve PRs
|
||||
#
|
||||
# Args:
|
||||
# $1 - Repo path in format 'owner/repo' (e.g., 'johba/disinto')
|
||||
# $1 - Repo path in format 'owner/repo' (e.g., 'disinto-admin/disinto')
|
||||
# $2 - Branch to protect (default: main)
|
||||
#
|
||||
# Returns: 0 on success, 1 on failure
|
||||
|
|
@ -536,7 +536,7 @@ if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
|
|||
echo "Required environment variables:"
|
||||
echo " FORGE_TOKEN Forgejo API token (admin user recommended)"
|
||||
echo " FORGE_URL Forgejo instance URL (e.g., https://codeberg.org)"
|
||||
echo " FORGE_OPS_REPO Ops repo in format owner/repo (e.g., johba/disinto-ops)"
|
||||
echo " FORGE_OPS_REPO Ops repo in format owner/repo (e.g., disinto-admin/disinto-ops)"
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ if mirrors:
|
|||
# Export parsed variables.
|
||||
# Inside the agents container (DISINTO_CONTAINER=1), compose already sets the
|
||||
# correct FORGE_URL (http://forgejo:3000) and path vars for the container
|
||||
# environment. The TOML carries host-perspective values (localhost, /home/johba/…)
|
||||
# environment. The TOML carries host-perspective values (localhost, /home/admin/…)
|
||||
# that would break container API calls and path resolution. Skip overriding
|
||||
# any env var that is already set when running inside the container.
|
||||
while IFS='=' read -r _key _val; do
|
||||
|
|
@ -100,6 +100,8 @@ export FORGE_URL="${FORGE_URL:-http://localhost:3000}"
|
|||
if [ -n "$FORGE_REPO" ]; then
|
||||
export FORGE_API="${FORGE_URL}/api/v1/repos/${FORGE_REPO}"
|
||||
export FORGE_WEB="${FORGE_URL}/${FORGE_REPO}"
|
||||
# Extract repo owner (first path segment of owner/repo)
|
||||
export FORGE_REPO_OWNER="${FORGE_REPO%%/*}"
|
||||
fi
|
||||
# Backwards-compat aliases
|
||||
export CODEBERG_REPO="${FORGE_REPO}"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue