revert(ci): reusable workflows after all — Forgejo 11 supports them
All checks were successful
CI / preflight (push) Successful in 4s
CI / typecheck (push) Successful in 15s
ecosystem-selftest / semantic-release-bumptest (push) Successful in 12s
ecosystem-selftest / eslint-gate (push) Successful in 4s
ecosystem-selftest / yamllint-gate (push) Successful in 4s
pulumi-preview / preview (push) Successful in 18s
All checks were successful
CI / preflight (push) Successful in 4s
CI / typecheck (push) Successful in 15s
ecosystem-selftest / semantic-release-bumptest (push) Successful in 12s
ecosystem-selftest / eslint-gate (push) Successful in 4s
ecosystem-selftest / yamllint-gate (push) Successful in 4s
pulumi-preview / preview (push) Successful in 18s
Correction to the previous commit. Forgejo 11.0.15 DOES support reusable workflows; my earlier "not supported" was a false negative — the test caller omitted `runs-on`, and the pre-v15 "limited" implementation REQUIRES `runs-on` on the calling job (omitting it makes Forgejo silently schedule no run). Verified live: a caller with `runs-on` runs green, same-repo and cross-repo (short ref); the full-URL form fails for reusable workflows (it was only needed for composite ACTIONS, which resolve via DEFAULT_ACTIONS_URL). - Restore the four reusable-*.yml (on: workflow_call), the architecture the handover + 999_testing chose; fix the caller examples to include `runs-on`. - Remove the composite-action layer (actions/) — single mechanism, no redundancy. - .forgejo/workflows/README.md documents the v11 caller-`runs-on` + short-ref quirks (both removed by a future Forgejo v15 upgrade) and the candidate coverage. - ecosystem-selftest paths filter back to reusable-*.yml. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
5be9382afe
commit
290f48ba18
11 changed files with 335 additions and 290 deletions
61
.forgejo/workflows/README.md
Normal file
61
.forgejo/workflows/README.md
Normal file
|
|
@ -0,0 +1,61 @@
|
||||||
|
# Ecosystem CI — reusable workflows
|
||||||
|
|
||||||
|
Shared CI building blocks for Olsitec projects on the foundation forge
|
||||||
|
(`documentation/999_testing.md`). Downstream repos call them as **reusable
|
||||||
|
workflows** (`on: workflow_call`) at **job** level:
|
||||||
|
|
||||||
|
```yaml
|
||||||
|
# .forgejo/workflows/ci.yml in any project repo
|
||||||
|
name: ci
|
||||||
|
on: [push]
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: docker # ← REQUIRED on Forgejo 11 (see "Forgejo 11 quirk" below)
|
||||||
|
uses: olsitec/foundation/.forgejo/workflows/reusable-node-build.yml@master
|
||||||
|
with: { package-manager: bun, build: "bun run build" }
|
||||||
|
```
|
||||||
|
|
||||||
|
## Forgejo 11 quirk (IMPORTANT)
|
||||||
|
|
||||||
|
Our forge runs **Forgejo 11.0.15**, where reusable-workflow support is the
|
||||||
|
**pre-v15 "limited" implementation**. Two rules differ from GitHub / Forgejo ≥ v15:
|
||||||
|
|
||||||
|
1. **The calling job MUST declare `runs-on`** (e.g. `runs-on: docker`). On standard
|
||||||
|
GitHub you omit `runs-on` on a `uses:` job — do that here and Forgejo **silently
|
||||||
|
schedules no run at all** (no error). This was verified live: a caller without
|
||||||
|
`runs-on` produced zero runs; the same caller with `runs-on` ran green.
|
||||||
|
2. **Cross-repo references use the SHORT form** `owner/repo/.forgejo/workflows/x.yml@ref`
|
||||||
|
— the **full-URL** form (`https://forge.olsitec.net/...`) fails for reusable
|
||||||
|
workflows (it is, conversely, the form composite *actions* require).
|
||||||
|
|
||||||
|
Also pre-v15: the called workflow's logs collapse into a single "Set up job" entry
|
||||||
|
in the UI. **Forgejo v15.0** (LTS, Apr 2026) reworks this — omit `runs-on` and Forgejo
|
||||||
|
expands the reusable workflow into its inner jobs with separate logs. On a future v15
|
||||||
|
upgrade, drop the `runs-on` from callers and these notes become obsolete.
|
||||||
|
|
||||||
|
## Workflows
|
||||||
|
|
||||||
|
| Workflow | Purpose | Key inputs |
|
||||||
|
|----------|---------|------------|
|
||||||
|
| `reusable-node-build.yml` | install + build npm/bun/none | `package-manager`, `build`, `workdir` |
|
||||||
|
| `reusable-docker-build.yml` | `docker build` via the host socket | `image`, `dockerfile`, `context`, `build-args`, `push` |
|
||||||
|
| `reusable-lint.yml` | eslint + yamllint gate (error → non-zero) | `eslint-paths`, `yamllint-paths`, `package-manager` |
|
||||||
|
| `reusable-semantic-release.yml` | dry-run next-version probe (conventionalcommits) | `branch` → output `version` |
|
||||||
|
|
||||||
|
All run in the baked `foundation-ci:latest` image. `reusable-semantic-release`
|
||||||
|
checks out with `fetch-depth: 0` (full history + tags). Real Forgejo release
|
||||||
|
publishing is deferred (no `@semantic-release/forgejo` analogue yet) — it computes
|
||||||
|
+ outputs the version, faithful to the GitLab `generate-release-version` job.
|
||||||
|
|
||||||
|
## Candidate coverage (999_testing)
|
||||||
|
|
||||||
|
| Candidate | Shape | Workflow | Status |
|
||||||
|
|-----------|-------|----------|--------|
|
||||||
|
| olsicrypto | npm package (tsc) | `reusable-node-build` (npm) | self-contained ✓ |
|
||||||
|
| document-engine | bun package (tsc) | `reusable-node-build` (bun) | self-contained ✓ |
|
||||||
|
| olsitrack/api | no-artifact / versioned | `reusable-node-build` (empty build) | self-contained ✓ |
|
||||||
|
| seaspots-homepage | docker, dep `@olsitec/svelte-common` | `reusable-docker-build` | blocked on the package registry (Stage-2) |
|
||||||
|
| token-service | docker, dep `@olsitec/olsicrypto` | `reusable-docker-build` | blocked on the package registry (Stage-2) |
|
||||||
|
|
||||||
|
The semantic-release bump sequence and the eslint/yamllint gates are continuously
|
||||||
|
proven by `ecosystem-selftest.yml` on the foundation's own runner.
|
||||||
|
|
@ -13,7 +13,7 @@ on:
|
||||||
paths:
|
paths:
|
||||||
- "ci/**"
|
- "ci/**"
|
||||||
- ".forgejo/workflows/ecosystem-selftest.yml"
|
- ".forgejo/workflows/ecosystem-selftest.yml"
|
||||||
- "actions/**"
|
- ".forgejo/workflows/reusable-*.yml"
|
||||||
workflow_dispatch:
|
workflow_dispatch:
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
|
|
||||||
68
.forgejo/workflows/reusable-docker-build.yml
Normal file
68
.forgejo/workflows/reusable-docker-build.yml
Normal file
|
|
@ -0,0 +1,68 @@
|
||||||
|
# reusable-docker-build — build a Docker image (999_testing candidates C1/C5).
|
||||||
|
#
|
||||||
|
# A REUSABLE workflow (on: workflow_call) downstream repos call:
|
||||||
|
# jobs:
|
||||||
|
# image:
|
||||||
|
# runs-on: docker # REQUIRED on Forgejo 11 (pre-v15 reusable-workflow quirk; see README)
|
||||||
|
# uses: olsitec/foundation/.forgejo/workflows/reusable-docker-build.yml@master
|
||||||
|
# with: { image: "olsitec/seaspots-homepage:ci", push: false }
|
||||||
|
#
|
||||||
|
# Builds against the HOST Docker daemon via the mounted socket (the foundation-ci
|
||||||
|
# image ships the docker CLI; the runner's valid_volumes allows the mount). NOTE
|
||||||
|
# (R5): the host socket is root-equivalent on the forge VM — this is acceptable
|
||||||
|
# ONLY for trusted first-party repos until the runner is fenced to its own VM.
|
||||||
|
#
|
||||||
|
# Candidates C1 (seaspots-homepage) and C5 (token-service) depend on @olsitec
|
||||||
|
# packages from a private registry that is not published yet (Stage-2). Their real
|
||||||
|
# builds need a registry / npmrc; this workflow proves the docker-build path and
|
||||||
|
# accepts a `build-args`/`npmrc` hook for when the registry exists.
|
||||||
|
name: reusable-docker-build
|
||||||
|
on:
|
||||||
|
workflow_call:
|
||||||
|
inputs:
|
||||||
|
context:
|
||||||
|
type: string
|
||||||
|
default: "."
|
||||||
|
dockerfile:
|
||||||
|
type: string
|
||||||
|
default: "Dockerfile"
|
||||||
|
image:
|
||||||
|
description: "image ref to tag, e.g. name:tag"
|
||||||
|
type: string
|
||||||
|
required: true
|
||||||
|
build-args:
|
||||||
|
description: "newline-separated KEY=VALUE docker --build-arg pairs"
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
push:
|
||||||
|
description: "push to the foundation registry after build (registry must exist)"
|
||||||
|
type: boolean
|
||||||
|
default: false
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
image:
|
||||||
|
runs-on: docker
|
||||||
|
container:
|
||||||
|
image: foundation-ci:latest
|
||||||
|
volumes:
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Docker build
|
||||||
|
run: |
|
||||||
|
args=""
|
||||||
|
if [ -n "${{ inputs.build-args }}" ]; then
|
||||||
|
while IFS= read -r kv; do
|
||||||
|
[ -z "$kv" ] && continue
|
||||||
|
args="$args --build-arg $kv"
|
||||||
|
done <<'EOF'
|
||||||
|
${{ inputs.build-args }}
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
echo "+ docker build -f ${{ inputs.dockerfile }} -t ${{ inputs.image }} $args ${{ inputs.context }}"
|
||||||
|
docker build -f "${{ inputs.dockerfile }}" -t "${{ inputs.image }}" $args "${{ inputs.context }}"
|
||||||
|
|
||||||
|
- name: Push
|
||||||
|
if: ${{ inputs.push }}
|
||||||
|
run: docker push "${{ inputs.image }}"
|
||||||
64
.forgejo/workflows/reusable-lint.yml
Normal file
64
.forgejo/workflows/reusable-lint.yml
Normal file
|
|
@ -0,0 +1,64 @@
|
||||||
|
# reusable-lint — eslint + yamllint gate (999_testing "linter testing").
|
||||||
|
#
|
||||||
|
# A REUSABLE workflow (on: workflow_call). Either linter finding an error makes
|
||||||
|
# the job exit non-zero (the acceptance criterion). Prefers the project's own
|
||||||
|
# pinned eslint (node_modules/.bin) for config/plugin fidelity, falling back to
|
||||||
|
# the foundation-ci image's global eslint; yamllint comes from the image.
|
||||||
|
#
|
||||||
|
# jobs:
|
||||||
|
# lint:
|
||||||
|
# runs-on: docker # REQUIRED on Forgejo 11 (pre-v15 reusable-workflow quirk; see README)
|
||||||
|
# uses: olsitec/foundation/.forgejo/workflows/reusable-lint.yml@master
|
||||||
|
# with: { eslint-paths: ".", yamllint-paths: "." }
|
||||||
|
name: reusable-lint
|
||||||
|
on:
|
||||||
|
workflow_call:
|
||||||
|
inputs:
|
||||||
|
eslint:
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
yamllint:
|
||||||
|
type: boolean
|
||||||
|
default: true
|
||||||
|
eslint-paths:
|
||||||
|
type: string
|
||||||
|
default: "."
|
||||||
|
yamllint-paths:
|
||||||
|
type: string
|
||||||
|
default: "."
|
||||||
|
package-manager:
|
||||||
|
description: "bun | npm | none — to install project-local eslint config/plugins"
|
||||||
|
type: string
|
||||||
|
default: bun
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
lint:
|
||||||
|
runs-on: docker
|
||||||
|
container:
|
||||||
|
image: foundation-ci:latest
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Install dependencies (project-local eslint config/plugins)
|
||||||
|
if: ${{ inputs.eslint }}
|
||||||
|
run: |
|
||||||
|
case "${{ inputs.package-manager }}" in
|
||||||
|
bun) bun install --frozen-lockfile || bun install || true ;;
|
||||||
|
npm) npm ci || npm install || true ;;
|
||||||
|
none) echo "skip install" ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
- name: eslint
|
||||||
|
if: ${{ inputs.eslint }}
|
||||||
|
run: |
|
||||||
|
if [ -x node_modules/.bin/eslint ]; then
|
||||||
|
echo "+ project eslint"; node_modules/.bin/eslint ${{ inputs.eslint-paths }}
|
||||||
|
else
|
||||||
|
echo "+ image eslint"; eslint ${{ inputs.eslint-paths }}
|
||||||
|
fi
|
||||||
|
|
||||||
|
- name: yamllint
|
||||||
|
if: ${{ inputs.yamllint }}
|
||||||
|
run: |
|
||||||
|
echo "+ yamllint ${{ inputs.yamllint-paths }}"
|
||||||
|
yamllint ${{ inputs.yamllint-paths }}
|
||||||
59
.forgejo/workflows/reusable-node-build.yml
Normal file
59
.forgejo/workflows/reusable-node-build.yml
Normal file
|
|
@ -0,0 +1,59 @@
|
||||||
|
# reusable-node-build — build/test an npm- or bun-based project (999_testing).
|
||||||
|
#
|
||||||
|
# A REUSABLE workflow (on: workflow_call) downstream repos call:
|
||||||
|
# jobs:
|
||||||
|
# build:
|
||||||
|
# runs-on: docker # REQUIRED on Forgejo 11 (pre-v15 reusable-workflow quirk; see README)
|
||||||
|
# uses: olsitec/foundation/.forgejo/workflows/reusable-node-build.yml@master
|
||||||
|
# with: { package-manager: bun, build: "bun run build" }
|
||||||
|
#
|
||||||
|
# Runs in the baked foundation-ci image (bun + node present). Covers the
|
||||||
|
# non-Docker candidate shapes: npm package built with npm (olsicrypto), bun
|
||||||
|
# package built with bun (document-engine), and the no-build / versioned-only
|
||||||
|
# utility (olsitrack/api) via an empty `build`.
|
||||||
|
name: reusable-node-build
|
||||||
|
on:
|
||||||
|
workflow_call:
|
||||||
|
inputs:
|
||||||
|
package-manager:
|
||||||
|
description: "bun | npm | none (none = skip install)"
|
||||||
|
type: string
|
||||||
|
default: bun
|
||||||
|
build:
|
||||||
|
description: "build command to run verbatim (empty = skip, e.g. no-artifact repos)"
|
||||||
|
type: string
|
||||||
|
default: ""
|
||||||
|
workdir:
|
||||||
|
description: "working directory for install + build"
|
||||||
|
type: string
|
||||||
|
default: "."
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
build:
|
||||||
|
runs-on: docker
|
||||||
|
container:
|
||||||
|
image: foundation-ci:latest
|
||||||
|
defaults:
|
||||||
|
run:
|
||||||
|
working-directory: ${{ inputs.workdir }}
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
|
||||||
|
- name: Install dependencies (${{ inputs.package-manager }})
|
||||||
|
run: |
|
||||||
|
case "${{ inputs.package-manager }}" in
|
||||||
|
bun) bun install --frozen-lockfile || bun install ;;
|
||||||
|
npm) npm ci || npm install ;;
|
||||||
|
none) echo "package-manager=none → skipping install" ;;
|
||||||
|
*) echo "unknown package-manager '${{ inputs.package-manager }}'" >&2; exit 1 ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
- name: Build
|
||||||
|
run: |
|
||||||
|
cmd='${{ inputs.build }}'
|
||||||
|
if [ -z "$cmd" ]; then
|
||||||
|
echo "no build command (non-artifact / versioned-only repo) — install-only check passed"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
echo "+ $cmd"
|
||||||
|
eval "$cmd"
|
||||||
82
.forgejo/workflows/reusable-semantic-release.yml
Normal file
82
.forgejo/workflows/reusable-semantic-release.yml
Normal file
|
|
@ -0,0 +1,82 @@
|
||||||
|
# reusable-semantic-release — compute the next semver from conventional commits
|
||||||
|
# (999_testing "semantic-release testing"). Mirrors the canonical GitLab template
|
||||||
|
# (olsitec/gitlab ci_templates/release-automation/semantic-release.yaml): the
|
||||||
|
# conventionalcommits preset + Olsitec's releaseRules, run as a `--dry-run --no-ci
|
||||||
|
# --tag-format '${version}'` version probe. Exposes the computed version as an output.
|
||||||
|
#
|
||||||
|
# jobs:
|
||||||
|
# version:
|
||||||
|
# runs-on: docker # REQUIRED on Forgejo 11 (pre-v15 reusable-workflow quirk; see README)
|
||||||
|
# uses: olsitec/foundation/.forgejo/workflows/reusable-semantic-release.yml@master
|
||||||
|
# build:
|
||||||
|
# needs: version
|
||||||
|
# runs-on: docker
|
||||||
|
# steps: [ run: echo "releasing ${{ needs.version.outputs.version }}" ]
|
||||||
|
#
|
||||||
|
# NOTE: dry-run only — it computes/prints the next version (the part exercised by
|
||||||
|
# 999_testing and the GitLab `generate-release-version` job). Actually PUBLISHING a
|
||||||
|
# release to Forgejo (tag + release + changelog) needs a Forgejo-side publish step
|
||||||
|
# and a token; that is deferred until the package/release flow is wired (the GitLab
|
||||||
|
# template publishes via @semantic-release/gitlab, which has no Forgejo analogue yet).
|
||||||
|
name: reusable-semantic-release
|
||||||
|
on:
|
||||||
|
workflow_call:
|
||||||
|
inputs:
|
||||||
|
branch:
|
||||||
|
type: string
|
||||||
|
default: master
|
||||||
|
outputs:
|
||||||
|
version:
|
||||||
|
description: "next release version (empty if the commits warrant no release)"
|
||||||
|
value: ${{ jobs.version.outputs.version }}
|
||||||
|
|
||||||
|
jobs:
|
||||||
|
version:
|
||||||
|
runs-on: docker
|
||||||
|
container:
|
||||||
|
image: foundation-ci:latest
|
||||||
|
outputs:
|
||||||
|
version: ${{ steps.compute.outputs.version }}
|
||||||
|
steps:
|
||||||
|
- uses: actions/checkout@v4
|
||||||
|
with:
|
||||||
|
fetch-depth: 0 # semantic-release needs full history + tags
|
||||||
|
|
||||||
|
- name: Write .releaserc.yaml (Olsitec conventionalcommits ruleset)
|
||||||
|
run: |
|
||||||
|
cat > .releaserc.yaml <<'EOF'
|
||||||
|
branches:
|
||||||
|
- name: ${{ inputs.branch }}
|
||||||
|
tagFormat: "${version}"
|
||||||
|
plugins:
|
||||||
|
- - "@semantic-release/commit-analyzer"
|
||||||
|
- preset: conventionalcommits
|
||||||
|
releaseRules:
|
||||||
|
- { breaking: true, release: major }
|
||||||
|
- { type: breaking, release: major }
|
||||||
|
- { type: feature, release: minor }
|
||||||
|
- { type: feat, release: minor }
|
||||||
|
- { type: fix, release: patch }
|
||||||
|
- { type: build, release: patch }
|
||||||
|
- { type: chore, release: patch }
|
||||||
|
- { type: ci, release: patch }
|
||||||
|
- { type: docs, release: patch }
|
||||||
|
- { type: perf, release: patch }
|
||||||
|
- { type: refactor, release: patch }
|
||||||
|
- { type: style, release: patch }
|
||||||
|
- { type: test, release: patch }
|
||||||
|
parserOpts:
|
||||||
|
noteKeywords: [ "BREAKING CHANGE", "BREAKING CHANGES" ]
|
||||||
|
- "@semantic-release/release-notes-generator"
|
||||||
|
EOF
|
||||||
|
|
||||||
|
- name: Compute next version (dry-run)
|
||||||
|
id: compute
|
||||||
|
run: |
|
||||||
|
out=$(semantic-release --dry-run --no-ci --tag-format '${version}' --branches "${{ inputs.branch }}" 2>&1 || true)
|
||||||
|
printf '%s\n' "$out"
|
||||||
|
ver=$(printf '%s\n' "$out" \
|
||||||
|
| grep -oiE 'next release version is [0-9]+\.[0-9]+\.[0-9]+' \
|
||||||
|
| grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | tail -1)
|
||||||
|
echo "computed next version: ${ver:-<none>}"
|
||||||
|
echo "version=$ver" >> "$GITHUB_OUTPUT"
|
||||||
|
|
@ -1,61 +0,0 @@
|
||||||
# Ecosystem CI — reusable composite actions
|
|
||||||
|
|
||||||
These are the shared CI building blocks for Olsitec projects on the foundation
|
|
||||||
forge (`documentation/999_testing.md`). Downstream repos reference them at **step
|
|
||||||
level** with a **full URL**:
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
# .forgejo/workflows/ci.yml in any project repo
|
|
||||||
name: ci
|
|
||||||
on: [push]
|
|
||||||
jobs:
|
|
||||||
build:
|
|
||||||
runs-on: docker
|
|
||||||
container: { image: foundation-ci:latest }
|
|
||||||
steps:
|
|
||||||
- uses: actions/checkout@v4
|
|
||||||
- uses: https://forge.olsitec.net/olsitec/foundation/actions/node-build@master
|
|
||||||
with: { package-manager: bun, build: "bun run build" }
|
|
||||||
```
|
|
||||||
|
|
||||||
## Why composite actions, not reusable workflows
|
|
||||||
|
|
||||||
The original plan was **reusable workflows** (`uses: olsitec/foundation/.forgejo/
|
|
||||||
workflows/x.yml@master`, `on: workflow_call`). **Forgejo 11.0.15 does not support
|
|
||||||
reusable workflows** — a job-level `uses:` (or `workflow_call`) is silently dropped
|
|
||||||
and **no run is scheduled** (verified live: a same-repo and cross-repo reusable call
|
|
||||||
both produced zero runs, while an equivalent inline job ran green). The working
|
|
||||||
cross-repo reuse primitive on this Forgejo is the **composite action**, referenced by
|
|
||||||
**full URL** (a short-form `uses: olsitec/foundation/...@master` resolves against the
|
|
||||||
runner's `DEFAULT_ACTIONS_URL` = `data.forgejo.org`, not the local instance, and 404s).
|
|
||||||
|
|
||||||
If the forge is later upgraded to a Forgejo with reusable-workflow support, these can
|
|
||||||
be re-expressed as `workflow_call` workflows; until then, composite actions are the
|
|
||||||
contract.
|
|
||||||
|
|
||||||
## Actions
|
|
||||||
|
|
||||||
| Action | Purpose | Key inputs |
|
|
||||||
|--------|---------|------------|
|
|
||||||
| `node-build` | install + build an npm/bun/none project | `package-manager`, `build`, `workdir` |
|
|
||||||
| `docker-build` | `docker build` via the host socket (caller mounts it) | `image`, `dockerfile`, `context`, `build-args`, `push` |
|
|
||||||
| `lint` | eslint + yamllint gate (error → non-zero) | `eslint-paths`, `yamllint-paths`, `package-manager` |
|
|
||||||
| `semantic-release-version` | dry-run next-version probe (conventionalcommits) | `branch` → output `version` |
|
|
||||||
|
|
||||||
All run in the baked `foundation-ci:latest` image (the caller sets
|
|
||||||
`container.image`). The caller must `actions/checkout@v4` first; `docker-build`
|
|
||||||
callers must also mount `/var/run/docker.sock`; `semantic-release-version` callers
|
|
||||||
must checkout with `fetch-depth: 0`.
|
|
||||||
|
|
||||||
## Candidate coverage (999_testing)
|
|
||||||
|
|
||||||
| Candidate | Shape | Action | Status |
|
|
||||||
|-----------|-------|--------|--------|
|
|
||||||
| olsicrypto | npm package (tsc) | `node-build` (npm) | self-contained ✓ |
|
|
||||||
| document-engine | bun package (tsc) | `node-build` (bun) | self-contained ✓ |
|
|
||||||
| olsitrack/api | no-artifact / versioned | `node-build` (empty build) | self-contained ✓ |
|
|
||||||
| seaspots-homepage | docker, dep `@olsitec/svelte-common` | `docker-build` | blocked on the package registry (Stage-2) |
|
|
||||||
| token-service | docker, dep `@olsitec/olsicrypto` | `docker-build` | blocked on the package registry (Stage-2) |
|
|
||||||
|
|
||||||
The semantic-release bump sequence and the eslint/yamllint gates are continuously
|
|
||||||
proven by `.forgejo/workflows/ecosystem-selftest.yml` on the foundation's own runner.
|
|
||||||
|
|
@ -1,56 +0,0 @@
|
||||||
# docker-build — build a Docker image (999_testing candidates C1/C5). Composite
|
|
||||||
# action (see actions/node-build). Builds against the HOST Docker daemon via the
|
|
||||||
# mounted socket, so the CALLER's job MUST mount it:
|
|
||||||
#
|
|
||||||
# jobs:
|
|
||||||
# image:
|
|
||||||
# runs-on: docker
|
|
||||||
# container:
|
|
||||||
# image: foundation-ci:latest
|
|
||||||
# volumes: [ /var/run/docker.sock:/var/run/docker.sock ]
|
|
||||||
# steps:
|
|
||||||
# - uses: actions/checkout@v4
|
|
||||||
# - uses: https://forge.olsitec.net/olsitec/foundation/actions/docker-build@master
|
|
||||||
# with: { image: "olsitec/token-service:ci" }
|
|
||||||
#
|
|
||||||
# R5: the host socket is root-equivalent on the forge VM — trusted first-party repos
|
|
||||||
# only until the runner is fenced. Candidates C1 (seaspots-homepage) and C5
|
|
||||||
# (token-service) also need @olsitec packages from a registry that is not published
|
|
||||||
# yet (Stage-2); their real builds need an npmrc via `build-args` once it exists.
|
|
||||||
name: docker-build
|
|
||||||
description: Build (optionally push) a Docker image via the host daemon.
|
|
||||||
inputs:
|
|
||||||
context:
|
|
||||||
default: "."
|
|
||||||
dockerfile:
|
|
||||||
default: "Dockerfile"
|
|
||||||
image:
|
|
||||||
description: "image ref to tag, e.g. name:tag"
|
|
||||||
required: true
|
|
||||||
build-args:
|
|
||||||
description: "newline-separated KEY=VALUE docker --build-arg pairs"
|
|
||||||
default: ""
|
|
||||||
push:
|
|
||||||
description: "push after build (true/false; registry must exist)"
|
|
||||||
default: "false"
|
|
||||||
runs:
|
|
||||||
using: composite
|
|
||||||
steps:
|
|
||||||
- name: Docker build
|
|
||||||
shell: bash
|
|
||||||
run: |
|
|
||||||
args=""
|
|
||||||
if [ -n "${{ inputs.build-args }}" ]; then
|
|
||||||
while IFS= read -r kv; do
|
|
||||||
[ -z "$kv" ] && continue
|
|
||||||
args="$args --build-arg $kv"
|
|
||||||
done <<'EOF'
|
|
||||||
${{ inputs.build-args }}
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
echo "+ docker build -f ${{ inputs.dockerfile }} -t ${{ inputs.image }} $args ${{ inputs.context }}"
|
|
||||||
docker build -f "${{ inputs.dockerfile }}" -t "${{ inputs.image }}" $args "${{ inputs.context }}"
|
|
||||||
- name: Push
|
|
||||||
if: ${{ inputs.push == 'true' }}
|
|
||||||
shell: bash
|
|
||||||
run: docker push "${{ inputs.image }}"
|
|
||||||
|
|
@ -1,47 +0,0 @@
|
||||||
# lint — eslint + yamllint gate (999_testing "linter testing"). Composite action
|
|
||||||
# (see actions/node-build for why composite, not reusable workflow). Either linter
|
|
||||||
# finding an error makes the step (hence the job) exit non-zero.
|
|
||||||
#
|
|
||||||
# steps:
|
|
||||||
# - uses: actions/checkout@v4
|
|
||||||
# - uses: https://forge.olsitec.net/olsitec/foundation/actions/lint@master
|
|
||||||
# with: { eslint-paths: ".", yamllint-paths: "." }
|
|
||||||
name: lint
|
|
||||||
description: Run eslint and yamllint; any error fails the job.
|
|
||||||
inputs:
|
|
||||||
eslint:
|
|
||||||
description: "run eslint (true/false)"
|
|
||||||
default: "true"
|
|
||||||
yamllint:
|
|
||||||
description: "run yamllint (true/false)"
|
|
||||||
default: "true"
|
|
||||||
eslint-paths:
|
|
||||||
default: "."
|
|
||||||
yamllint-paths:
|
|
||||||
default: "."
|
|
||||||
package-manager:
|
|
||||||
description: "bun | npm | none — to install project-local eslint config/plugins"
|
|
||||||
default: bun
|
|
||||||
runs:
|
|
||||||
using: composite
|
|
||||||
steps:
|
|
||||||
- name: eslint
|
|
||||||
if: ${{ inputs.eslint == 'true' }}
|
|
||||||
shell: bash
|
|
||||||
run: |
|
|
||||||
case "${{ inputs.package-manager }}" in
|
|
||||||
bun) bun install --frozen-lockfile || bun install || true ;;
|
|
||||||
npm) npm ci || npm install || true ;;
|
|
||||||
none) echo "skip install" ;;
|
|
||||||
esac
|
|
||||||
if [ -x node_modules/.bin/eslint ]; then
|
|
||||||
echo "+ project eslint"; node_modules/.bin/eslint ${{ inputs.eslint-paths }}
|
|
||||||
else
|
|
||||||
echo "+ image eslint"; eslint ${{ inputs.eslint-paths }}
|
|
||||||
fi
|
|
||||||
- name: yamllint
|
|
||||||
if: ${{ inputs.yamllint == 'true' }}
|
|
||||||
shell: bash
|
|
||||||
run: |
|
|
||||||
echo "+ yamllint ${{ inputs.yamllint-paths }}"
|
|
||||||
yamllint ${{ inputs.yamllint-paths }}
|
|
||||||
|
|
@ -1,54 +0,0 @@
|
||||||
# node-build — install + build an npm/bun project (999_testing).
|
|
||||||
#
|
|
||||||
# A COMPOSITE ACTION (not a reusable workflow — Forgejo 11 does not support
|
|
||||||
# job-level `uses:`/workflow_call; composite actions referenced by full URL are
|
|
||||||
# the working cross-repo reuse mechanism). Downstream repos call it at STEP level:
|
|
||||||
#
|
|
||||||
# jobs:
|
|
||||||
# build:
|
|
||||||
# runs-on: docker
|
|
||||||
# container: { image: foundation-ci:latest }
|
|
||||||
# steps:
|
|
||||||
# - uses: actions/checkout@v4
|
|
||||||
# - uses: https://forge.olsitec.net/olsitec/foundation/actions/node-build@master
|
|
||||||
# with: { package-manager: bun, build: "bun run build" }
|
|
||||||
#
|
|
||||||
# Covers the non-Docker candidate shapes: npm package built with npm (olsicrypto),
|
|
||||||
# bun package built with bun (document-engine), no-artifact/versioned (olsitrack/api,
|
|
||||||
# empty `build`). The caller must `actions/checkout` first and run in foundation-ci.
|
|
||||||
name: node-build
|
|
||||||
description: Install dependencies and build an npm- or bun-based project.
|
|
||||||
inputs:
|
|
||||||
package-manager:
|
|
||||||
description: "bun | npm | none (none skips install)"
|
|
||||||
default: bun
|
|
||||||
build:
|
|
||||||
description: "build command run verbatim (empty = skip, e.g. no-artifact repos)"
|
|
||||||
default: ""
|
|
||||||
workdir:
|
|
||||||
description: "working directory for install + build"
|
|
||||||
default: "."
|
|
||||||
runs:
|
|
||||||
using: composite
|
|
||||||
steps:
|
|
||||||
- name: Install dependencies (${{ inputs.package-manager }})
|
|
||||||
shell: bash
|
|
||||||
working-directory: ${{ inputs.workdir }}
|
|
||||||
run: |
|
|
||||||
case "${{ inputs.package-manager }}" in
|
|
||||||
bun) bun install --frozen-lockfile || bun install ;;
|
|
||||||
npm) npm ci || npm install ;;
|
|
||||||
none) echo "package-manager=none → skipping install" ;;
|
|
||||||
*) echo "unknown package-manager '${{ inputs.package-manager }}'" >&2; exit 1 ;;
|
|
||||||
esac
|
|
||||||
- name: Build
|
|
||||||
shell: bash
|
|
||||||
working-directory: ${{ inputs.workdir }}
|
|
||||||
run: |
|
|
||||||
cmd='${{ inputs.build }}'
|
|
||||||
if [ -z "$cmd" ]; then
|
|
||||||
echo "no build command (non-artifact / versioned-only repo) — install-only check passed"
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
echo "+ $cmd"
|
|
||||||
eval "$cmd"
|
|
||||||
|
|
@ -1,71 +0,0 @@
|
||||||
# semantic-release-version — compute the next semver from conventional commits
|
|
||||||
# (999_testing "semantic-release testing"). Composite action (see actions/node-build).
|
|
||||||
# Mirrors the canonical GitLab template (olsitec/gitlab ci_templates/release-automation/
|
|
||||||
# semantic-release.yaml): conventionalcommits preset + Olsitec's releaseRules, run as a
|
|
||||||
# `--dry-run --no-ci --tag-format '${version}'` probe. Outputs the computed version.
|
|
||||||
#
|
|
||||||
# jobs:
|
|
||||||
# version:
|
|
||||||
# runs-on: docker
|
|
||||||
# container: { image: foundation-ci:latest }
|
|
||||||
# outputs: { version: "${{ steps.sr.outputs.version }}" }
|
|
||||||
# steps:
|
|
||||||
# - uses: actions/checkout@v4
|
|
||||||
# with: { fetch-depth: 0 } # REQUIRED: full history + tags
|
|
||||||
# - id: sr
|
|
||||||
# uses: https://forge.olsitec.net/olsitec/foundation/actions/semantic-release-version@master
|
|
||||||
#
|
|
||||||
# NOTE: dry-run version compute only (the part 999_testing checks + the GitLab
|
|
||||||
# `generate-release-version` job). Publishing a Forgejo release is deferred (no
|
|
||||||
# @semantic-release/forgejo analogue yet).
|
|
||||||
name: semantic-release-version
|
|
||||||
description: Compute the next semantic-release version (dry-run) from conventional commits.
|
|
||||||
inputs:
|
|
||||||
branch:
|
|
||||||
default: master
|
|
||||||
outputs:
|
|
||||||
version:
|
|
||||||
description: "next release version (empty if the commits warrant no release)"
|
|
||||||
value: ${{ steps.compute.outputs.version }}
|
|
||||||
runs:
|
|
||||||
using: composite
|
|
||||||
steps:
|
|
||||||
- name: Write .releaserc.yaml (Olsitec conventionalcommits ruleset)
|
|
||||||
shell: bash
|
|
||||||
run: |
|
|
||||||
cat > .releaserc.yaml <<'EOF'
|
|
||||||
branches:
|
|
||||||
- name: ${{ inputs.branch }}
|
|
||||||
tagFormat: "${version}"
|
|
||||||
plugins:
|
|
||||||
- - "@semantic-release/commit-analyzer"
|
|
||||||
- preset: conventionalcommits
|
|
||||||
releaseRules:
|
|
||||||
- { breaking: true, release: major }
|
|
||||||
- { type: breaking, release: major }
|
|
||||||
- { type: feature, release: minor }
|
|
||||||
- { type: feat, release: minor }
|
|
||||||
- { type: fix, release: patch }
|
|
||||||
- { type: build, release: patch }
|
|
||||||
- { type: chore, release: patch }
|
|
||||||
- { type: ci, release: patch }
|
|
||||||
- { type: docs, release: patch }
|
|
||||||
- { type: perf, release: patch }
|
|
||||||
- { type: refactor, release: patch }
|
|
||||||
- { type: style, release: patch }
|
|
||||||
- { type: test, release: patch }
|
|
||||||
parserOpts:
|
|
||||||
noteKeywords: [ "BREAKING CHANGE", "BREAKING CHANGES" ]
|
|
||||||
- "@semantic-release/release-notes-generator"
|
|
||||||
EOF
|
|
||||||
- name: Compute next version (dry-run)
|
|
||||||
id: compute
|
|
||||||
shell: bash
|
|
||||||
run: |
|
|
||||||
out=$(semantic-release --dry-run --no-ci --tag-format '${version}' --branches "${{ inputs.branch }}" 2>&1 || true)
|
|
||||||
printf '%s\n' "$out"
|
|
||||||
ver=$(printf '%s\n' "$out" \
|
|
||||||
| grep -oiE 'next release version is [0-9]+\.[0-9]+\.[0-9]+' \
|
|
||||||
| grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | tail -1)
|
|
||||||
echo "computed next version: ${ver:-<none>}"
|
|
||||||
echo "version=$ver" >> "$GITHUB_OUTPUT"
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue