refactor(ci): composite actions instead of reusable workflows (Forgejo 11)
All checks were successful
CI / preflight (push) Successful in 5s
CI / typecheck (push) Successful in 15s
ecosystem-selftest / semantic-release-bumptest (push) Successful in 13s
ecosystem-selftest / eslint-gate (push) Successful in 3s
ecosystem-selftest / yamllint-gate (push) Successful in 3s
pulumi-preview / preview (push) Successful in 16s
All checks were successful
CI / preflight (push) Successful in 5s
CI / typecheck (push) Successful in 15s
ecosystem-selftest / semantic-release-bumptest (push) Successful in 13s
ecosystem-selftest / eslint-gate (push) Successful in 3s
ecosystem-selftest / yamllint-gate (push) Successful in 3s
pulumi-preview / preview (push) Successful in 16s
Forgejo 11.0.15 does NOT support reusable workflows (job-level `uses:` / `workflow_call`): the call is silently dropped and no run is scheduled (verified live — a same-repo and a cross-repo reusable call both produced zero runs, while an equivalent inline job ran green). The working cross-repo reuse primitive here is the COMPOSITE ACTION referenced by FULL URL (a short-form `uses: olsitec/foundation/...@master` resolves against the runner's DEFAULT_ACTIONS_URL = data.forgejo.org, not the local instance, and 404s; the full-URL form `uses: https://forge.olsitec.net/olsitec/foundation/actions/<x>@master` was verified green). - Replace the four reusable-*.yml with composite actions under actions/: node-build, docker-build, lint, semantic-release-version (same logic + inputs). - actions/README.md documents the pattern, the Forgejo-11 limitation, and the 999_testing candidate coverage (C2/C3/C4 self-contained; C1/C5 blocked on the not-yet-published @olsitec package registry). - ecosystem-selftest paths filter: actions/** (was reusable-*.yml). The capabilities that need no external repo (semantic-release bump sequence, eslint/yamllint gates) keep running green via ecosystem-selftest's inline jobs. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
67157a0de0
commit
35dc008759
12 changed files with 335 additions and 277 deletions
|
|
@ -13,7 +13,7 @@ on:
|
|||
paths:
|
||||
- "ci/**"
|
||||
- ".forgejo/workflows/ecosystem-selftest.yml"
|
||||
- ".forgejo/workflows/reusable-*.yml"
|
||||
- "actions/**"
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
|
|
|
|||
|
|
@ -1,67 +0,0 @@
|
|||
# reusable-docker-build — build a Docker image (999_testing candidates C1/C5).
|
||||
#
|
||||
# A REUSABLE workflow (on: workflow_call) downstream repos call:
|
||||
# jobs:
|
||||
# image:
|
||||
# uses: olsitec/foundation/.forgejo/workflows/reusable-docker-build.yml@master
|
||||
# with: { image: "olsitec/seaspots-homepage:ci", push: false }
|
||||
#
|
||||
# Builds against the HOST Docker daemon via the mounted socket (the foundation-ci
|
||||
# image ships the docker CLI; the runner's valid_volumes allows the mount). NOTE
|
||||
# (R5): the host socket is root-equivalent on the forge VM — this is acceptable
|
||||
# ONLY for trusted first-party repos until the runner is fenced to its own VM.
|
||||
#
|
||||
# Candidates C1 (seaspots-homepage) and C5 (token-service) depend on @olsitec
|
||||
# packages from a private registry that is not published yet (Stage-2). Their real
|
||||
# builds need a registry / npmrc; this workflow proves the docker-build path and
|
||||
# accepts a `build-args`/`npmrc` hook for when the registry exists.
|
||||
name: reusable-docker-build
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
context:
|
||||
type: string
|
||||
default: "."
|
||||
dockerfile:
|
||||
type: string
|
||||
default: "Dockerfile"
|
||||
image:
|
||||
description: "image ref to tag, e.g. name:tag"
|
||||
type: string
|
||||
required: true
|
||||
build-args:
|
||||
description: "newline-separated KEY=VALUE docker --build-arg pairs"
|
||||
type: string
|
||||
default: ""
|
||||
push:
|
||||
description: "push to the foundation registry after build (registry must exist)"
|
||||
type: boolean
|
||||
default: false
|
||||
|
||||
jobs:
|
||||
image:
|
||||
runs-on: docker
|
||||
container:
|
||||
image: foundation-ci:latest
|
||||
volumes:
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Docker build
|
||||
run: |
|
||||
args=""
|
||||
if [ -n "${{ inputs.build-args }}" ]; then
|
||||
while IFS= read -r kv; do
|
||||
[ -z "$kv" ] && continue
|
||||
args="$args --build-arg $kv"
|
||||
done <<'EOF'
|
||||
${{ inputs.build-args }}
|
||||
EOF
|
||||
fi
|
||||
echo "+ docker build -f ${{ inputs.dockerfile }} -t ${{ inputs.image }} $args ${{ inputs.context }}"
|
||||
docker build -f "${{ inputs.dockerfile }}" -t "${{ inputs.image }}" $args "${{ inputs.context }}"
|
||||
|
||||
- name: Push
|
||||
if: ${{ inputs.push }}
|
||||
run: docker push "${{ inputs.image }}"
|
||||
|
|
@ -1,63 +0,0 @@
|
|||
# reusable-lint — eslint + yamllint gate (999_testing "linter testing").
|
||||
#
|
||||
# A REUSABLE workflow (on: workflow_call). Either linter finding an error makes
|
||||
# the job exit non-zero (the acceptance criterion). Prefers the project's own
|
||||
# pinned eslint (node_modules/.bin) for config/plugin fidelity, falling back to
|
||||
# the foundation-ci image's global eslint; yamllint comes from the image.
|
||||
#
|
||||
# jobs:
|
||||
# lint:
|
||||
# uses: olsitec/foundation/.forgejo/workflows/reusable-lint.yml@master
|
||||
# with: { eslint-paths: ".", yamllint-paths: "." }
|
||||
name: reusable-lint
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
eslint:
|
||||
type: boolean
|
||||
default: true
|
||||
yamllint:
|
||||
type: boolean
|
||||
default: true
|
||||
eslint-paths:
|
||||
type: string
|
||||
default: "."
|
||||
yamllint-paths:
|
||||
type: string
|
||||
default: "."
|
||||
package-manager:
|
||||
description: "bun | npm | none — to install project-local eslint config/plugins"
|
||||
type: string
|
||||
default: bun
|
||||
|
||||
jobs:
|
||||
lint:
|
||||
runs-on: docker
|
||||
container:
|
||||
image: foundation-ci:latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Install dependencies (project-local eslint config/plugins)
|
||||
if: ${{ inputs.eslint }}
|
||||
run: |
|
||||
case "${{ inputs.package-manager }}" in
|
||||
bun) bun install --frozen-lockfile || bun install || true ;;
|
||||
npm) npm ci || npm install || true ;;
|
||||
none) echo "skip install" ;;
|
||||
esac
|
||||
|
||||
- name: eslint
|
||||
if: ${{ inputs.eslint }}
|
||||
run: |
|
||||
if [ -x node_modules/.bin/eslint ]; then
|
||||
echo "+ project eslint"; node_modules/.bin/eslint ${{ inputs.eslint-paths }}
|
||||
else
|
||||
echo "+ image eslint"; eslint ${{ inputs.eslint-paths }}
|
||||
fi
|
||||
|
||||
- name: yamllint
|
||||
if: ${{ inputs.yamllint }}
|
||||
run: |
|
||||
echo "+ yamllint ${{ inputs.yamllint-paths }}"
|
||||
yamllint ${{ inputs.yamllint-paths }}
|
||||
|
|
@ -1,58 +0,0 @@
|
|||
# reusable-node-build — build/test an npm- or bun-based project (999_testing).
|
||||
#
|
||||
# A REUSABLE workflow (on: workflow_call) downstream repos call:
|
||||
# jobs:
|
||||
# build:
|
||||
# uses: olsitec/foundation/.forgejo/workflows/reusable-node-build.yml@master
|
||||
# with: { package-manager: bun, build: "bun run build" }
|
||||
#
|
||||
# Runs in the baked foundation-ci image (bun + node present). Covers the
|
||||
# non-Docker candidate shapes: npm package built with npm (olsicrypto), bun
|
||||
# package built with bun (document-engine), and the no-build / versioned-only
|
||||
# utility (olsitrack/api) via an empty `build`.
|
||||
name: reusable-node-build
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
package-manager:
|
||||
description: "bun | npm | none (none = skip install)"
|
||||
type: string
|
||||
default: bun
|
||||
build:
|
||||
description: "build command to run verbatim (empty = skip, e.g. no-artifact repos)"
|
||||
type: string
|
||||
default: ""
|
||||
workdir:
|
||||
description: "working directory for install + build"
|
||||
type: string
|
||||
default: "."
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: docker
|
||||
container:
|
||||
image: foundation-ci:latest
|
||||
defaults:
|
||||
run:
|
||||
working-directory: ${{ inputs.workdir }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: Install dependencies (${{ inputs.package-manager }})
|
||||
run: |
|
||||
case "${{ inputs.package-manager }}" in
|
||||
bun) bun install --frozen-lockfile || bun install ;;
|
||||
npm) npm ci || npm install ;;
|
||||
none) echo "package-manager=none → skipping install" ;;
|
||||
*) echo "unknown package-manager '${{ inputs.package-manager }}'" >&2; exit 1 ;;
|
||||
esac
|
||||
|
||||
- name: Build
|
||||
run: |
|
||||
cmd='${{ inputs.build }}'
|
||||
if [ -z "$cmd" ]; then
|
||||
echo "no build command (non-artifact / versioned-only repo) — install-only check passed"
|
||||
exit 0
|
||||
fi
|
||||
echo "+ $cmd"
|
||||
eval "$cmd"
|
||||
|
|
@ -1,81 +0,0 @@
|
|||
# reusable-semantic-release — compute the next semver from conventional commits
|
||||
# (999_testing "semantic-release testing"). Mirrors the canonical GitLab template
|
||||
# (olsitec/gitlab ci_templates/release-automation/semantic-release.yaml): the
|
||||
# conventionalcommits preset + Olsitec's releaseRules, run as a `--dry-run --no-ci
|
||||
# --tag-format '${version}'` version probe. Exposes the computed version as an output.
|
||||
#
|
||||
# jobs:
|
||||
# version:
|
||||
# uses: olsitec/foundation/.forgejo/workflows/reusable-semantic-release.yml@master
|
||||
# build:
|
||||
# needs: version
|
||||
# runs-on: docker
|
||||
# steps: [ run: echo "releasing ${{ needs.version.outputs.version }}" ]
|
||||
#
|
||||
# NOTE: dry-run only — it computes/prints the next version (the part exercised by
|
||||
# 999_testing and the GitLab `generate-release-version` job). Actually PUBLISHING a
|
||||
# release to Forgejo (tag + release + changelog) needs a Forgejo-side publish step
|
||||
# and a token; that is deferred until the package/release flow is wired (the GitLab
|
||||
# template publishes via @semantic-release/gitlab, which has no Forgejo analogue yet).
|
||||
name: reusable-semantic-release
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
branch:
|
||||
type: string
|
||||
default: master
|
||||
outputs:
|
||||
version:
|
||||
description: "next release version (empty if the commits warrant no release)"
|
||||
value: ${{ jobs.version.outputs.version }}
|
||||
|
||||
jobs:
|
||||
version:
|
||||
runs-on: docker
|
||||
container:
|
||||
image: foundation-ci:latest
|
||||
outputs:
|
||||
version: ${{ steps.compute.outputs.version }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0 # semantic-release needs full history + tags
|
||||
|
||||
- name: Write .releaserc.yaml (Olsitec conventionalcommits ruleset)
|
||||
run: |
|
||||
cat > .releaserc.yaml <<'EOF'
|
||||
branches:
|
||||
- name: ${{ inputs.branch }}
|
||||
tagFormat: "${version}"
|
||||
plugins:
|
||||
- - "@semantic-release/commit-analyzer"
|
||||
- preset: conventionalcommits
|
||||
releaseRules:
|
||||
- { breaking: true, release: major }
|
||||
- { type: breaking, release: major }
|
||||
- { type: feature, release: minor }
|
||||
- { type: feat, release: minor }
|
||||
- { type: fix, release: patch }
|
||||
- { type: build, release: patch }
|
||||
- { type: chore, release: patch }
|
||||
- { type: ci, release: patch }
|
||||
- { type: docs, release: patch }
|
||||
- { type: perf, release: patch }
|
||||
- { type: refactor, release: patch }
|
||||
- { type: style, release: patch }
|
||||
- { type: test, release: patch }
|
||||
parserOpts:
|
||||
noteKeywords: [ "BREAKING CHANGE", "BREAKING CHANGES" ]
|
||||
- "@semantic-release/release-notes-generator"
|
||||
EOF
|
||||
|
||||
- name: Compute next version (dry-run)
|
||||
id: compute
|
||||
run: |
|
||||
out=$(semantic-release --dry-run --no-ci --tag-format '${version}' --branches "${{ inputs.branch }}" 2>&1 || true)
|
||||
printf '%s\n' "$out"
|
||||
ver=$(printf '%s\n' "$out" \
|
||||
| grep -oiE 'next release version is [0-9]+\.[0-9]+\.[0-9]+' \
|
||||
| grep -oE '[0-9]+\.[0-9]+\.[0-9]+' | tail -1)
|
||||
echo "computed next version: ${ver:-<none>}"
|
||||
echo "version=$ver" >> "$GITHUB_OUTPUT"
|
||||
Loading…
Add table
Add a link
Reference in a new issue