From 0ac3356f3a0df1c6d4d2c2a7f3f8ac373cabcd0b Mon Sep 17 00:00:00 2001 From: Andras Schmelczer Date: Sat, 9 May 2026 21:29:23 +0100 Subject: [PATCH] Migrate to forgejo --- .forgejo/workflows/deploy.yml | 31 ++++++++++ .forgejo/workflows/docker-publish.yml | 63 ++++++++++++++++++++ .github/dependabot.yml | 6 -- .github/workflows/deploy.yaml | 36 ----------- .github/workflows/docker-publish.yml | 86 --------------------------- 5 files changed, 94 insertions(+), 128 deletions(-) create mode 100644 .forgejo/workflows/deploy.yml create mode 100644 .forgejo/workflows/docker-publish.yml delete mode 100644 .github/dependabot.yml delete mode 100644 .github/workflows/deploy.yaml delete mode 100644 .github/workflows/docker-publish.yml diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml new file mode 100644 index 0000000..cee1627 --- /dev/null +++ b/.forgejo/workflows/deploy.yml @@ -0,0 +1,31 @@ +name: Deploy to Pages + +on: + push: + branches: ['main'] + pull_request: + branches: ['main'] + workflow_dispatch: + +concurrency: + group: 'pages' + cancel-in-progress: false + +jobs: + deploy: + runs-on: docker + + steps: + - uses: actions/checkout@v4 + + - name: Validate static frontend + run: | + test -f frontend/index.html + test -f frontend/fizika.json + + - name: Copy frontend to host pages mount + if: github.event_name == 'push' && github.ref == 'refs/heads/main' + run: | + apt update && apt install -y rsync + mkdir -p /pages + rsync -a --delete frontend/ /pages/fizika diff --git a/.forgejo/workflows/docker-publish.yml b/.forgejo/workflows/docker-publish.yml new file mode 100644 index 0000000..f13528a --- /dev/null +++ b/.forgejo/workflows/docker-publish.yml @@ -0,0 +1,63 @@ +name: Build and Publish Docker Image + +on: + push: + branches: ['main'] + tags: ['v*'] + pull_request: + branches: ['main'] + workflow_dispatch: + +env: + IMAGE_NAME: ${{ forgejo.repository }}/fizika-admin + +jobs: + build-and-push: + runs-on: ubuntu-docker + + steps: + - name: Checkout repository + uses: https://code.forgejo.org/actions/checkout@v4 + + - name: Extract registry host + id: registry + run: echo "host=$(echo '${{ forgejo.server_url }}' | sed 's|https\?://||')" >> "$GITHUB_OUTPUT" + + - name: Log into Forgejo registry + if: forgejo.event_name != 'pull_request' + run: echo "${{ secrets.FORGEJO_TOKEN }}" | docker login "${{ steps.registry.outputs.host }}" -u "${{ forgejo.actor }}" --password-stdin + + - name: Build Docker image + run: | + IMAGE="${{ steps.registry.outputs.host }}/$(echo "${{ env.IMAGE_NAME }}" | tr '[:upper:]' '[:lower:]')" + SHA_SHORT="$(echo "${{ forgejo.sha }}" | cut -c1-12)" + TAG_ARGS="-t ${IMAGE}:sha-${SHA_SHORT}" + + if [ "${{ forgejo.ref }}" = "refs/heads/main" ]; then + TAG_ARGS="${TAG_ARGS} -t ${IMAGE}:main -t ${IMAGE}:latest" + fi + + if [ "${{ forgejo.ref_type }}" = "tag" ]; then + REF_NAME="${{ forgejo.ref_name }}" + TAG_ARGS="${TAG_ARGS} -t ${IMAGE}:${REF_NAME}" + + if echo "$REF_NAME" | grep -Eq '^v[0-9]+\.[0-9]+\.[0-9]+$'; then + VERSION="${REF_NAME#v}" + MAJOR_MINOR="$(echo "$VERSION" | cut -d. -f1,2)" + MAJOR="$(echo "$VERSION" | cut -d. -f1)" + TAG_ARGS="${TAG_ARGS} -t ${IMAGE}:${VERSION} -t ${IMAGE}:${MAJOR_MINOR} -t ${IMAGE}:${MAJOR}" + fi + fi + + docker build \ + --label "org.opencontainers.image.source=${{ forgejo.server_url }}/${{ forgejo.repository }}" \ + --label "org.opencontainers.image.revision=${{ forgejo.sha }}" \ + --label "org.opencontainers.image.created=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" \ + ${TAG_ARGS} \ + ./backend + + echo "IMAGE=${IMAGE}" >> "$GITHUB_ENV" + + - name: Push Docker image + if: forgejo.event_name != 'pull_request' + run: docker push --all-tags "$IMAGE" diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 1230149..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,6 +0,0 @@ -version: 2 -updates: - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "daily" diff --git a/.github/workflows/deploy.yaml b/.github/workflows/deploy.yaml deleted file mode 100644 index 197b9c9..0000000 --- a/.github/workflows/deploy.yaml +++ /dev/null @@ -1,36 +0,0 @@ -name: Deploy to Pages - -on: - push: - branches: [main] - workflow_dispatch: - -permissions: - contents: read - pages: write - id-token: write - -# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued. -# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete. -concurrency: - group: "pages" - cancel-in-progress: false - -jobs: - deploy: - environment: - name: github-pages - url: ${{ steps.deployment.outputs.page_url }} - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v5 - - name: Setup Pages - uses: actions/configure-pages@v5 - - name: Upload artifact - uses: actions/upload-pages-artifact@v4 - with: - path: "frontend" - - name: Deploy to GitHub Pages - id: deployment - uses: actions/deploy-pages@v4 diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml deleted file mode 100644 index 1e281bb..0000000 --- a/.github/workflows/docker-publish.yml +++ /dev/null @@ -1,86 +0,0 @@ -name: Build and Publish Docker Image - -on: - push: - branches: ["main"] - -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }}/fizika-admin - -jobs: - build-and-push: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - # This is used to complete the identity challenge - # with sigstore/fulcio when running outside of PRs. - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v5 - - - name: Setup Docker buildx - uses: docker/setup-buildx-action@v3 - - # Login against a Docker registry except on PR - # https://github.com/docker/login-action - - name: Log into registry ${{ env.REGISTRY }} - if: github.event_name != 'pull_request' - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # Extract metadata (tags, labels) for Docker - # https://github.com/docker/metadata-action - - name: Extract metadata - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=sha,prefix={{branch}}- - # set latest tag for default branch - type=raw,value=latest,enable={{is_default_branch}} - - # Build and push Docker image with Buildx (don't push on PR) - # https://github.com/docker/build-push-action - - name: Build and push Docker image - id: build-and-push - uses: docker/build-push-action@v5 - with: - context: ./backend - file: ./backend/Dockerfile - platforms: linux/amd64,linux/arm64 - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha - cache-to: type=gha,mode=max - # Security scanning - sbom: true - provenance: true - - # Sign the resulting Docker image digest. - # This will only write to the public Rekor transparency log when the Docker - # repository is public to avoid leaking data. If you would like to publish - # transparency data even for private images, pass --force to cosign below. - # https://github.com/sigstore/cosign - - name: Sign the published Docker image - if: ${{ github.ref_type == 'tag' }} - env: - # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable - TAGS: ${{ steps.meta.outputs.tags }} - DIGEST: ${{ steps.build-and-push.outputs.digest }} - # This step uses the identity token to provision an ephemeral certificate - # against the sigstore community Fulcio instance. - run: echo "${TAGS}" | xargs -I {} cosign sign --yes {}@${DIGEST}