From 2ea29242edce8b1cce726c0558283aa4ffd30faf Mon Sep 17 00:00:00 2001 From: Jonathan Miller <230051081+jmiller-moko@users.noreply.github.com> Date: Tue, 16 Dec 2025 16:13:21 -0600 Subject: [PATCH] Delete init.yml --- .github/workflows/init.yml | 233 ------------------------------------- 1 file changed, 233 deletions(-) delete mode 100644 .github/workflows/init.yml diff --git a/.github/workflows/init.yml b/.github/workflows/init.yml deleted file mode 100644 index d49ba9e..0000000 --- a/.github/workflows/init.yml +++ /dev/null @@ -1,233 +0,0 @@ -name: Init UpdateServer Environment - -on: - workflow_dispatch: - inputs: - environment_name: - description: "GitHub Environment name to create or update" - required: true - default: "UpdateServer" - update_xml_repo: - description: "Repo that hosts updates.xml (owner/repo). Defaults to current repo." - required: false - default: "" - update_xml_branch: - description: "Branch that contains updates.xml" - required: true - default: "main" - update_xml_path: - description: "Path to updates.xml in that repo" - required: true - default: "updates.xml" - -permissions: - contents: read - -jobs: - init: - runs-on: ubuntu-latest - - steps: - - name: Preflight validation - shell: bash - env: - GH_TOKEN: ${{ secrets.MOKO_ADMIN_TOKEN }} - API_URL: ${{ github.api_url }} - SERVER_URL: ${{ github.server_url }} - run: | - set -euo pipefail - - if [ -z "${GH_TOKEN}" ]; then - echo "ERROR: Missing secret MOKO_ADMIN_TOKEN." - echo "Action required: Add it at repo scope: Settings -> Secrets and variables -> Actions -> New repository secret." - exit 1 - fi - - if [ -z "${API_URL}" ] || [ -z "${SERVER_URL}" ]; then - echo "ERROR: Missing GitHub runtime context (github.api_url or github.server_url)." - exit 1 - fi - - - name: Create environment and set variables (robust) - env: - GH_TOKEN: ${{ secrets.MOKO_ADMIN_TOKEN }} - ENV_NAME: ${{ github.event.inputs.environment_name }} - UPDATE_XML_REPO_INPUT: ${{ github.event.inputs.update_xml_repo }} - UPDATE_XML_BRANCH: ${{ github.event.inputs.update_xml_branch }} - UPDATE_XML_PATH: ${{ github.event.inputs.update_xml_path }} - API_URL: ${{ github.api_url }} - SERVER_URL: ${{ github.server_url }} - OWNER: ${{ github.repository_owner }} - REPO: ${{ github.event.repository.name }} - RUN_ID: ${{ github.run_id }} - REPO_FULL: ${{ github.repository }} - shell: bash - run: | - set -euo pipefail - - die() { - echo "ERROR: $1" >&2 - exit 1 - } - - require() { - local name="$1" - local val="$2" - if [ -z "${val}" ]; then - die "Missing required value: ${name}" - fi - } - - is_integer() { - case "$1" in - (''|*[!0-9]*) return 1 ;; - (*) return 0 ;; - esac - } - - require "GH_TOKEN" "${GH_TOKEN}" - require "ENV_NAME" "${ENV_NAME}" - require "API_URL" "${API_URL}" - require "SERVER_URL" "${SERVER_URL}" - require "OWNER" "${OWNER}" - require "REPO" "${REPO}" - require "REPO_FULL" "${REPO_FULL}" - require "UPDATE_XML_BRANCH" "${UPDATE_XML_BRANCH}" - require "UPDATE_XML_PATH" "${UPDATE_XML_PATH}" - - # Determine which repo hosts updates.xml - if [ -n "${UPDATE_XML_REPO_INPUT}" ]; then - UPDATE_XML_REPO="${UPDATE_XML_REPO_INPUT}" - else - UPDATE_XML_REPO="${OWNER}/${REPO}" - fi - - # Construct the canonical file URL that downstream workflows parse - UPDATESERVER_FILE_URL="${SERVER_URL}/${UPDATE_XML_REPO}/blob/${UPDATE_XML_BRANCH}/${UPDATE_XML_PATH}" - - echo "Target environment: ${ENV_NAME}" - echo "Variable UPDATESERVER_FILE_URL: ${UPDATESERVER_FILE_URL}" - - # JSON escaper for a single string value - json_escape_string() { - python - << 'PY' -import json -import sys -print(json.dumps(sys.stdin.read())[1:-1]) -PY - } - - # API caller that captures status, body, and curl transport errors - # Usage: api_call METHOD URL DATA_FILE OUT_FILE - # - DATA_FILE may be empty string for no body - api_call() { - local method="$1" - local url="$2" - local data_file="$3" - local out_file="$4" - local err_file="${out_file}.err" - - : > "${out_file}" - : > "${err_file}" - - local args=( - -sS - -o "${out_file}" - -w "%{http_code}" - -X "${method}" - -H "Accept: application/vnd.github+json" - -H "Authorization: Bearer ${GH_TOKEN}" - -H "X-GitHub-Api-Version: 2022-11-28" - ) - - if [ -n "${data_file}" ]; then - args+=( -H "Content-Type: application/json" --data-binary "@${data_file}" ) - fi - - local http_code - http_code=$(curl "${args[@]}" "${url}" 2> "${err_file}" || echo "000") - - if ! is_integer "${http_code}"; then - http_code="000" - fi - - echo "${http_code}" - } - - show_response() { - local label="$1" - local http_code="$2" - local out_file="$3" - local err_file="${out_file}.err" - - echo "${label} HTTP: ${http_code}" - - if [ -s "${out_file}" ]; then - cat "${out_file}" || true - else - echo "(no response body)" - fi - - if [ -s "${err_file}" ]; then - echo "(curl diagnostics)" - cat "${err_file}" || true - fi - } - - print_hint_for_403() { - echo "" - echo "403 troubleshooting checklist:" - echo "- Token resource owner must be the organization that owns the repo (${REPO_FULL})." - echo "- Token must be approved by the org if fine grained token approvals are enabled." - echo "- Token must have Administration read/write for environments." - echo "- Token must have Actions read/write for environment variables." - echo "- If org uses SSO, token must be SSO-authorized." - echo "Audit reference: run id ${RUN_ID}" - } - - # Temp payloads - ENV_PAYLOAD="/tmp/env_payload.json" - VAR_PAYLOAD="/tmp/var_payload.json" - ENV_RESP="/tmp/env_response.json" - VAR_RESP="/tmp/var_response.json" - - echo '{}' > "${ENV_PAYLOAD}" - - # Create or update environment - echo "Creating or updating environment..." - ENV_URL="${API_URL}/repos/${OWNER}/${REPO}/environments/${ENV_NAME}" - ENV_CODE=$(api_call "PUT" "${ENV_URL}" "${ENV_PAYLOAD}" "${ENV_RESP}") - show_response "Environment API" "${ENV_CODE}" "${ENV_RESP}" - - if [ "${ENV_CODE}" -lt 200 ] || [ "${ENV_CODE}" -ge 300 ]; then - if [ "${ENV_CODE}" = "403" ]; then - print_hint_for_403 - fi - die "Environment creation failed with HTTP ${ENV_CODE}" - fi - - # Create or update environment variable - echo "Creating or updating environment variable UPDATESERVER_FILE_URL..." - - ESCAPED_VALUE=$(printf '%s' "${UPDATESERVER_FILE_URL}" | json_escape_string) - printf '{"name":"UPDATESERVER_FILE_URL","value":"%s"} -' "${ESCAPED_VALUE}" > "${VAR_PAYLOAD}" - - VAR_URL="${API_URL}/repos/${OWNER}/${REPO}/environments/${ENV_NAME}/variables/UPDATESERVER_FILE_URL" - VAR_CODE=$(api_call "PUT" "${VAR_URL}" "${VAR_PAYLOAD}" "${VAR_RESP}") - show_response "Variable API" "${VAR_CODE}" "${VAR_RESP}" - - if [ "${VAR_CODE}" -lt 200 ] || [ "${VAR_CODE}" -ge 300 ]; then - if [ "${VAR_CODE}" = "403" ]; then - print_hint_for_403 - fi - die "Variable write failed with HTTP ${VAR_CODE}" - fi - - echo "Applied: ${ENV_NAME}.UPDATESERVER_FILE_URL" - - # Emit outputs for optional downstream use - { - echo "updateserver_file_url=${UPDATESERVER_FILE_URL}" - echo "environment_name=${ENV_NAME}" - } >> "$GITHUB_OUTPUT"