Earl Warren
921ed6f481
All checks were successful
upgrade / upgrade (pull_request) Successful in 11m9s
/ actions (map[branch:next forgejo:https://codeberg.org repo:forgejo-experimental/forgejo tests:${{ vars.V1_22_TESTS }} version:v1.22]) (pull_request) Successful in 10m49s
/ actions (map[forgejo:https://codeberg.org repo:forgejo/forgejo tests:${{ vars.V1_20_TESTS }} version:v1.20]) (pull_request) Successful in 7m59s
/ actions (map[forgejo:https://codeberg.org repo:forgejo/forgejo tests:${{ vars.V1_21_TESTS }} version:v1.21]) (pull_request) Successful in 11m11s
158 lines
5.3 KiB
YAML
158 lines
5.3 KiB
YAML
on:
|
|
pull_request:
|
|
pull_request_target:
|
|
types:
|
|
- opened
|
|
- synchronize
|
|
|
|
jobs:
|
|
test:
|
|
runs-on: docker
|
|
container:
|
|
image: code.forgejo.org/oci/node:20-bookworm
|
|
options: "--volume /srv/example:/srv/example"
|
|
|
|
steps:
|
|
- name: setup
|
|
shell: bash
|
|
run: |
|
|
set -x
|
|
test $GITHUB_TOKEN = ${{ env.GITHUB_TOKEN }}
|
|
test $GITHUB_TOKEN = ${{ github.token }}
|
|
export DEBIAN_FRONTEND=noninteractive ; apt-get -qq update ; apt-get install -y -qq curl git >& /dev/null
|
|
curl -sS -o /usr/local/bin/forgejo-curl.sh https://code.forgejo.org/forgejo/forgejo-curl/raw/branch/main/forgejo-curl.sh && chmod +x /usr/local/bin/forgejo-curl.sh
|
|
forgejo-curl.sh --token "$GITHUB_TOKEN" login $GITHUB_SERVER_URL
|
|
forgejo-curl.sh api_json $GITHUB_SERVER_URL/api/v1/user
|
|
|
|
- name: determine if the PR is from a fork
|
|
id: forked
|
|
run: |
|
|
if test ${{ github.event.pull_request.base.repo.full_name }} = ${{ github.event.pull_request.head.repo.full_name }} ; then
|
|
echo value=false >> $GITHUB_OUTPUT
|
|
else
|
|
echo value=true >> $GITHUB_OUTPUT
|
|
fi
|
|
|
|
# See also actions/example-context/.forgejo/workflows/test.yml
|
|
- name: env.GITHUB_BASE_REF
|
|
run: |
|
|
set -x
|
|
test "$GITHUB_BASE_REF" = main
|
|
test "$GITHUB_BASE_REF" = "${{ env.GITHUB_BASE_REF }}"
|
|
|
|
# See also actions/example-context/.forgejo/workflows/test.yml
|
|
- name: env.GITHUB_HEAD_REF
|
|
run: |
|
|
set -x
|
|
if ${{ steps.forked.outputs.value }} ; then
|
|
test "$GITHUB_HEAD_REF" = main
|
|
else
|
|
test "$GITHUB_HEAD_REF" = other
|
|
fi
|
|
test "$GITHUB_HEAD_REF" = "${{ env.GITHUB_HEAD_REF }}"
|
|
|
|
- name: secrets
|
|
shell: bash
|
|
run: |
|
|
set -x
|
|
case $GITHUB_EVENT_NAME in
|
|
pull_request_target)
|
|
#
|
|
# all PRs: secrets
|
|
#
|
|
test "${{ secrets.SECRET }}"
|
|
;;
|
|
pull_request)
|
|
if ${{ steps.forked.outputs.value }} ; then
|
|
#
|
|
# PRs from forked repositories: no secrets
|
|
#
|
|
test -z "${{ secrets.SECRET }}"
|
|
else
|
|
#
|
|
# PRs from the same repository: secrets
|
|
#
|
|
test "${{ secrets.SECRET }}"
|
|
fi
|
|
;;
|
|
*)
|
|
echo unexpected event $GITHUB_EVENT_NAME
|
|
false
|
|
;;
|
|
esac
|
|
|
|
- name: PR TOKEN scopes
|
|
shell: bash
|
|
run: |
|
|
set -x
|
|
function assert_fail_if_forked() {
|
|
if "$@" ; then
|
|
! ${{ steps.forked.outputs.value }}
|
|
else
|
|
${{ steps.forked.outputs.value }}
|
|
fi
|
|
}
|
|
#
|
|
# create an issue
|
|
#
|
|
base_repo=${{ github.event.pull_request.base.repo.full_name }}
|
|
forgejo-curl.sh api_json --data-raw '{"title":"ISSUE"}' $GITHUB_SERVER_URL/api/v1/repos/$base_repo/issues
|
|
url=$(echo $GITHUB_SERVER_URL | sed -e "s|://|://$GITHUB_TOKEN@|")
|
|
git clone $url/$base_repo base
|
|
branch=B$RANDOM
|
|
(
|
|
cd base
|
|
git checkout -b $branch
|
|
git config user.email root@example.com
|
|
git config user.name username
|
|
echo CHANGE >> README
|
|
git add .
|
|
git commit -m 'change'
|
|
case $GITHUB_EVENT_NAME in
|
|
pull_request_target|pull_request)
|
|
#
|
|
# repository write scope via http git passthrough
|
|
#
|
|
assert_fail_if_forked git push --force -u origin $branch
|
|
#
|
|
# repository write scope via the API
|
|
#
|
|
assert_fail_if_forked forgejo-curl.sh api_json --data-raw '{"title":"PR","base":"main","head":"'$branch'"}' $GITHUB_SERVER_URL/api/v1/repos/$base_repo/pulls
|
|
assert_fail_if_forked forgejo-curl.sh api_json --data-raw '{"color":"#ffffff","name":"labelname"}' $GITHUB_SERVER_URL/api/v1/repos/$base_repo/labels
|
|
#
|
|
# See https://codeberg.org/forgejo/forgejo/issues/1525
|
|
#
|
|
! forgejo-curl.sh api_json --data-raw '{"new_branch_name":"B'$RANDOM'"}' $GITHUB_SERVER_URL/api/v1/repos/$base_repo/branches
|
|
;;
|
|
*)
|
|
echo unexpected event $GITHUB_EVENT_NAME
|
|
false
|
|
;;
|
|
esac
|
|
)
|
|
|
|
- name: save event
|
|
run: |
|
|
d=/srv/example/pull-request/contexts/${{ github.event.pull_request.head.repo.owner.username }}/$GITHUB_EVENT_NAME
|
|
mkdir -p $d
|
|
cat > $d/github <<'EOF'
|
|
${{ toJSON(github) }}
|
|
EOF
|
|
|
|
- uses: https://code.forgejo.org/actions/checkout@v4
|
|
- name: checkout the default branch if pull_request_target
|
|
run: |
|
|
set -x
|
|
case $GITHUB_EVENT_NAME in
|
|
pull_request_target)
|
|
! test -f file-unique-to-the-pr-branch
|
|
;;
|
|
pull_request)
|
|
test -f file-unique-to-the-pr-branch
|
|
;;
|
|
*)
|
|
echo unexpected event $GITHUB_EVENT_NAME
|
|
false
|
|
;;
|
|
esac
|