johba/disinto
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: johba:898f6f616011dfa8e939032ea30292b86a263e34
Branches Tags
johba:main
johba:fix/issue-14
johba:fix/issue-21
johba:v0.1.0
..
compare: johba:0a0fd30aa9342db7bafd124f71f7ef70aa02bfd4
Branches Tags
johba:main
johba:fix/issue-14
johba:fix/issue-21
johba:v0.1.0

No commits in common. "898f6f616011dfa8e939032ea30292b86a263e34" and "0a0fd30aa9342db7bafd124f71f7ef70aa02bfd4" have entirely different histories.
898f6f6160 ... 0a0fd30aa9

3 changed files with 39 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

6
bin/disinto
View file

@ -285,12 +285,6 @@ services:
environment: environment:
- DISINTO_VERSION=${DISINTO_VERSION:-main} - DISINTO_VERSION=${DISINTO_VERSION:-main}
- FORGE_URL=http://forgejo:3000 - FORGE_URL=http://forgejo:3000
- FORGE_REPO=johba/disinto
- FORGE_OPS_REPO=johba/disinto-ops
- FORGE_TOKEN=${FORGE_TOKEN:-}
- OPS_REPO_ROOT=/opt/disinto-ops
- PROJECT_REPO_ROOT=/opt/disinto
- PRIMARY_BRANCH=main
volumes: volumes:
- ./docker/Caddyfile:/etc/caddy/Caddyfile - ./docker/Caddyfile:/etc/caddy/Caddyfile
- caddy_data:/data - caddy_data:/data

80
docker/edge/dispatcher.sh
View file

@ -109,34 +109,33 @@ get_pr_for_file() {
local file_name local file_name
file_name=$(basename "$file_path") file_name=$(basename "$file_path")
# Step 1: find the commit that added the file # Get recent commits that added this specific file
local add_commit local commits
add_commit=$(git -C "$OPS_REPO_ROOT" log --diff-filter=A --format="%H" \ commits=$(git -C "$OPS_REPO_ROOT" log --oneline --diff-filter=A -- "vault/actions/${file_name}" 2>/dev/null | head -20) || true
-- "vault/actions/${file_name}" 2>/dev/null | head -1)
if [ -z "$add_commit" ]; then if [ -z "$commits" ]; then
return 1 return 1
fi fi
# Step 2: find the merge commit that contains it via ancestry path # For each commit, check if it's a merge commit from a PR
local merge_line while IFS= read -r commit; do
# Use --reverse to get the oldest (direct PR merge) first, not the newest local commit_sha commit_msg
merge_line=$(git -C "$OPS_REPO_ROOT" log --merges --ancestry-path \
--reverse "${add_commit}..HEAD" --oneline 2>/dev/null | head -1)
if [ -z "$merge_line" ]; then commit_sha=$(echo "$commit" | awk '{print $1}')
return 1 commit_msg=$(git -C "$OPS_REPO_ROOT" log -1 --format="%B" "$commit_sha" 2>/dev/null) || continue
fi
# Step 3: extract PR number from merge commit message # Check if this is a merge commit (has "Merge pull request" in message)
# Forgejo format: "Merge pull request 'title' (#N) from branch into main" if [[ "$commit_msg" =~ "Merge pull request" ]]; then
local pr_num # Extract PR number from merge message (e.g., "Merge pull request #123")
pr_num=$(echo "$merge_line" | grep -oP '#\d+' | head -1 | tr -d '#') local pr_num
pr_num=$(echo "$commit_msg" | grep -oP '#\d+' | head -1 | tr -d '#') || true
if [ -n "$pr_num" ]; then if [ -n "$pr_num" ]; then
echo "$pr_num" echo "$pr_num"
return 0 return 0
fi fi
fi
done <<< "$commits"
return 1 return 1
} }
@ -147,11 +146,8 @@ get_pr_for_file() {
get_pr_merger() { get_pr_merger() {
local pr_number="$1" local pr_number="$1"
# Use ops repo API URL for PR lookups (not disinto repo)
local ops_api="${FORGE_URL}/api/v1/repos/${FORGE_OPS_REPO}"
curl -sf -H "Authorization: token ${FORGE_TOKEN}" \ curl -sf -H "Authorization: token ${FORGE_TOKEN}" \
"${ops_api}/pulls/${pr_number}" 2>/dev/null | jq -r '{ "${FORGE_API}/pulls/${pr_number}" 2>/dev/null | jq -r '{
username: .merge_user?.login // .user?.login, username: .merge_user?.login // .user?.login,
merged: .merged, merged: .merged,
merged_at: .merged_at // empty merged_at: .merged_at // empty
@ -294,26 +290,28 @@ launch_runner() {
local secrets_array local secrets_array
secrets_array="${VAULT_ACTION_SECRETS:-}" secrets_array="${VAULT_ACTION_SECRETS:-}"
if [ -z "$secrets_array" ]; then
log "ERROR: Action ${action_id} has no secrets declared"
write_result "$action_id" 1 "No secrets declared in TOML"
return 1
fi
# Build command array (safe from shell injection) # Build command array (safe from shell injection)
local -a cmd=(docker compose run --rm runner) local -a cmd=(docker compose run --rm runner)
# Add environment variables for secrets (if any declared) # Add environment variables for secrets
if [ -n "$secrets_array" ]; then for secret in $secrets_array; do
for secret in $secrets_array; do secret=$(echo "$secret" | xargs)
secret=$(echo "$secret" | xargs) if [ -n "$secret" ]; then
if [ -n "$secret" ]; then # Verify secret exists in vault
# Verify secret exists in vault if [ -z "${!secret:-}" ]; then
if [ -z "${!secret:-}" ]; then log "ERROR: Secret '${secret}' not found in vault for action ${action_id}"
log "ERROR: Secret '${secret}' not found in vault for action ${action_id}" write_result "$action_id" 1 "Secret not found in vault: ${secret}"
write_result "$action_id" 1 "Secret not found in vault: ${secret}" return 1
return 1
fi
cmd+=(-e "$secret")
fi fi
done cmd+=(-e "$secret")
else fi
log "Action ${action_id} has no secrets declared — runner will execute without extra env vars" done
fi
# Add formula and action id as arguments (after service name) # Add formula and action id as arguments (after service name)
local formula="${VAULT_ACTION_FORMULA:-}" local formula="${VAULT_ACTION_FORMULA:-}"

3
docker/edge/entrypoint-edge.sh
View file

@ -1,9 +1,6 @@
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
# Set USER before sourcing env.sh (Alpine doesn't set USER)
export USER="${USER:-root}"
DISINTO_VERSION="${DISINTO_VERSION:-main}" DISINTO_VERSION="${DISINTO_VERSION:-main}"
DISINTO_REPO="${FORGE_URL:-http://forgejo:3000}/johba/disinto.git" DISINTO_REPO="${FORGE_URL:-http://forgejo:3000}/johba/disinto.git"