MokoConsulting/MokoCassiopeia
1
1
Fork 0
Code Issues 2 Pull Requests Actions Packages Releases 1 Activity

Fix workflows: Gitea-native API calls [skip ci]

Browse Source
This commit is contained in:
Jonathan Miller
2026-04-18 10:58:56 -05:00
parent 6d72c3c434
commit a53289c912
7 changed files with 60 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.github/workflows/auto-assign.yml vendored
View File

@@ -7,7 +7,7 @@
# REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards # REPO: https://git.mokoconsulting.tech/MokoConsulting/MokoStandards
# PATH: /.github/workflows/auto-assign.yml # PATH: /.github/workflows/auto-assign.yml
# VERSION: 04.06.00 # VERSION: 04.06.00
# BRIEF: Auto-assign jmiller-moko to unassigned issues and PRs every 15 minutes # BRIEF: Auto-assign jmiller to unassigned issues and PRs every 15 minutes
name: Auto-Assign Issues & PRs name: Auto-Assign Issues & PRs
@@ -35,7 +35,7 @@ jobs:
GH_TOKEN: ${{ secrets.GA_TOKEN || github.token }} GH_TOKEN: ${{ secrets.GA_TOKEN || github.token }}
run: | run: |
REPO="${{ github.repository }}" REPO="${{ github.repository }}"
ASSIGNEE="jmiller-moko" ASSIGNEE="jmiller"
echo "## 🏷️ Auto-Assign Report" >> $GITHUB_STEP_SUMMARY echo "## 🏷️ Auto-Assign Report" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY

4
.github/workflows/auto-dev-issue.yml vendored
View File

@@ -135,7 +135,7 @@ jobs:
--title "$SUB_FULL_TITLE" \ --title "$SUB_FULL_TITLE" \
--body "$SUB_BODY" \ --body "$SUB_BODY" \
--label "${SUB_LABELS}" \ --label "${SUB_LABELS}" \
--assignee "jmiller-moko" 2>&1) --assignee "jmiller" 2>&1)
SUB_NUM=$(echo "$SUB_URL" | grep -oE '[0-9]+$') SUB_NUM=$(echo "$SUB_URL" | grep -oE '[0-9]+$')
if [ -n "$SUB_NUM" ]; then if [ -n "$SUB_NUM" ]; then
@@ -154,7 +154,7 @@ jobs:
--title "$TITLE" \ --title "$TITLE" \
--body "$PARENT_BODY" \ --body "$PARENT_BODY" \
--label "${LABEL_TYPE},version" \ --label "${LABEL_TYPE},version" \
--assignee "jmiller-moko" 2>&1) --assignee "jmiller" 2>&1)
PARENT_NUM=$(echo "$PARENT_URL" | grep -oE '[0-9]+$') PARENT_NUM=$(echo "$PARENT_URL" | grep -oE '[0-9]+$')

4
.github/workflows/branch-freeze.yml vendored
View File

@@ -46,7 +46,7 @@ jobs:
ACTOR="${{ github.actor }}" ACTOR="${{ github.actor }}"
REPO="${{ github.repository }}" REPO="${{ github.repository }}"
PERMISSION=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/collaborators/${ACTOR}/permission" 2>/dev/null \ PERMISSION=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/collaborators/${ACTOR}/permission" 2>/dev/null \
--jq '.permission' 2>/dev/null || echo "read") 2>/dev/null | jq -r '.permission' || echo "read")
if [ "$PERMISSION" != "admin" ]; then if [ "$PERMISSION" != "admin" ]; then
echo "Denied: only admins can freeze/unfreeze branches (${ACTOR} has ${PERMISSION})" echo "Denied: only admins can freeze/unfreeze branches (${ACTOR} has ${PERMISSION})"
exit 1 exit 1
@@ -80,7 +80,7 @@ jobs:
printf '"conditions":{"ref_name":{"include":["refs/heads/%s"],"exclude":[]}},' "${BRANCH}" >> /tmp/ruleset.json printf '"conditions":{"ref_name":{"include":["refs/heads/%s"],"exclude":[]}},' "${BRANCH}" >> /tmp/ruleset.json
printf '"rules":[{"type":"update"},{"type":"deletion"},{"type":"non_fast_forward"}]}' >> /tmp/ruleset.json printf '"rules":[{"type":"update"},{"type":"deletion"},{"type":"non_fast_forward"}]}' >> /tmp/ruleset.json
RESULT=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/rulesets" 2>/dev/null -X POST --input /tmp/ruleset.json --jq '.id' 2>&1) || true RESULT=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/rulesets" 2>/dev/null -X POST -d @/tmp/ruleset.json 2>&1 | jq -r '.id') || true
if echo "$RESULT" | grep -qE '^[0-9]+$'; then if echo "$RESULT" | grep -qE '^[0-9]+$'; then
echo "Frozen \`${BRANCH}\` — ruleset #${RESULT}" >> $GITHUB_STEP_SUMMARY echo "Frozen \`${BRANCH}\` — ruleset #${RESULT}" >> $GITHUB_STEP_SUMMARY

96
.github/workflows/repo_health.yml vendored
View File

@@ -87,62 +87,54 @@ jobs:
steps: steps:
- name: Check actor permission (admin only) - name: Check actor permission (admin only)
id: perm id: perm
uses: actions/github-script@v7 run: |
with: ACTOR="${{ github.actor }}"
github-token: ${{ secrets.GH_TOKEN }} REPO="${{ github.repository }}"
script: | TOKEN="${{ secrets.GA_TOKEN }}"
const actor = context.actor; GITEA_API="${GITEA_URL:-https://git.mokoconsulting.tech}/api/v1"
let permission = "unknown";
let allowed = false;
let method = "";
// Hardcoded authorized users — always allowed PERMISSION="unknown"
const authorizedUsers = ["jmiller-moko", "gitea-actions[bot]"]; ALLOWED="false"
if (authorizedUsers.includes(actor)) { METHOD=""
allowed = true;
permission = "admin";
method = "hardcoded allowlist";
} else {
// Check via API for other actors
try {
const res = await github.rest.repos.getCollaboratorPermissionLevel({
owner: context.repo.owner,
repo: context.repo.repo,
username: actor,
});
permission = (res?.data?.permission || "unknown").toLowerCase();
allowed = permission === "admin" || permission === "maintain";
method = "repo collaborator API";
} catch (error) {
core.warning(`Could not fetch permissions for '${actor}': ${error.message}`);
permission = "unknown";
allowed = false;
method = "API error";
}
}
core.setOutput("permission", permission); # Hardcoded authorized users
core.setOutput("allowed", allowed ? "true" : "false"); if [ "$ACTOR" = "jmiller" ] || [ "$ACTOR" = "gitea-actions[bot]" ]; then
PERMISSION="admin"
ALLOWED="true"
METHOD="hardcoded allowlist"
else
# Check via Gitea API
RESULT=$(curl -sf -H "Authorization: token ${TOKEN}" \
"${GITEA_API}/repos/${REPO}/collaborators/${ACTOR}/permission" 2>/dev/null || echo '{}')
PERMISSION=$(echo "$RESULT" | jq -r '.permission // "unknown"')
if [ "$PERMISSION" = "admin" ] || [ "$PERMISSION" = "owner" ] || [ "$PERMISSION" = "maintain" ]; then
ALLOWED="true"
fi
METHOD="Gitea collaborator API"
fi
const lines = [ echo "permission=${PERMISSION}" >> "$GITHUB_OUTPUT"
"## 🔐 Access Authorization", echo "allowed=${ALLOWED}" >> "$GITHUB_OUTPUT"
"",
"| Field | Value |",
"|-------|-------|",
`| **Actor** | \`${actor}\` |`,
`| **Repository** | \`${context.repo.owner}/${context.repo.repo}\` |`,
`| **Permission** | \`${permission}\` |`,
`| **Method** | ${method} |`,
`| **Authorized** | ${allowed} |`,
`| **Trigger** | \`${context.eventName}\` |`,
`| **Branch** | \`${context.ref.replace('refs/heads/', '')}\` |`,
"",
allowed
? `✅ ${actor} authorized (${method})`
: `❌ ${actor} is NOT authorized. Requires admin or maintain role, or be in the hardcoded allowlist.`,
];
await core.summary.addRaw(lines.join("\n")).write(); {
echo "## 🔐 Access Authorization"
echo ""
echo "| Field | Value |"
echo "|-------|-------|"
echo "| **Actor** | \`${ACTOR}\` |"
echo "| **Repository** | \`${REPO}\` |"
echo "| **Permission** | \`${PERMISSION}\` |"
echo "| **Method** | ${METHOD} |"
echo "| **Authorized** | ${ALLOWED} |"
echo "| **Trigger** | \`${{ github.event_name }}\` |"
echo "| **Branch** | \`${GITHUB_REF#refs/heads/}\` |"
echo ""
if [ "$ALLOWED" = "true" ]; then
echo "✅ ${ACTOR} authorized (${METHOD})"
else
echo "❌ ${ACTOR} is NOT authorized. Requires admin or maintain role."
fi
} >> "$GITHUB_STEP_SUMMARY"
- name: Deny execution when not permitted - name: Deny execution when not permitted
if: ${{ steps.perm.outputs.allowed != 'true' }} if: ${{ steps.perm.outputs.allowed != 'true' }}

12
.github/workflows/repository-cleanup.yml vendored
View File

@@ -80,7 +80,7 @@ jobs:
echo "✅ Scheduled run — authorized" echo "✅ Scheduled run — authorized"
exit 0 exit 0
fi fi
AUTHORIZED_USERS="jmiller-moko gitea-actions[bot]" AUTHORIZED_USERS="jmiller gitea-actions[bot]"
for user in $AUTHORIZED_USERS; do for user in $AUTHORIZED_USERS; do
if [ "$ACTOR" = "$user" ]; then if [ "$ACTOR" = "$user" ]; then
echo "✅ ${ACTOR} authorized" echo "✅ ${ACTOR} authorized"
@@ -88,7 +88,7 @@ jobs:
fi fi
done done
PERMISSION=$(gh api "repos/${{ github.repository }}/collaborators/${ACTOR}/permission" \ PERMISSION=$(gh api "repos/${{ github.repository }}/collaborators/${ACTOR}/permission" \
--jq '.permission' 2>/dev/null) 2>/dev/null | jq -r '.permission')
case "$PERMISSION" in case "$PERMISSION" in
admin|maintain) echo "✅ ${ACTOR} has ${PERMISSION}" ;; admin|maintain) echo "✅ ${ACTOR} has ${PERMISSION}" ;;
*) echo "❌ Admin or maintain required"; exit 1 ;; *) echo "❌ Admin or maintain required"; exit 1 ;;
@@ -191,7 +191,7 @@ jobs:
echo "## 🏷️ Label Reset" >> $GITHUB_STEP_SUMMARY echo "## 🏷️ Label Reset" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY
curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/labels?per_page=100" 2>/dev/null --paginate --jq '.[].name' | while read -r label; do curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/labels?per_page=100" 2>/dev/null | jq -r '.[].name' | while read -r label; do
ENCODED=$(python3 -c "import urllib.parse; print(urllib.parse.quote('$label', safe=''))") ENCODED=$(python3 -c "import urllib.parse; print(urllib.parse.quote('$label', safe=''))")
gh api -X DELETE "repos/${REPO}/labels/${ENCODED}" --silent 2>/dev/null || true gh api -X DELETE "repos/${REPO}/labels/${ENCODED}" --silent 2>/dev/null || true
done done
@@ -278,7 +278,7 @@ jobs:
curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/branches?per_page=100" | jq -r '.[].name' 2>/dev/null | \ curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/branches?per_page=100" | jq -r '.[].name' 2>/dev/null | \
grep "^chore/sync-mokostandards" | \ grep "^chore/sync-mokostandards" | \
grep -v "^${CURRENT}$" | while read -r branch; do grep -v "^${CURRENT}$" | while read -r branch; do
gh pr list --repo "$REPO" --head "$branch" --state open --json number --jq '.[].number' 2>/dev/null | while read -r pr; do gh pr list --repo "$REPO" --head "$branch" --state open --json number 2>/dev/null | jq -r '.[].number' | while read -r pr; do
gh pr close "$pr" --repo "$REPO" --comment "Superseded by \`${CURRENT}\`" 2>/dev/null || true gh pr close "$pr" --repo "$REPO" --comment "Superseded by \`${CURRENT}\`" 2>/dev/null || true
echo " Closed PR #${pr}" >> $GITHUB_STEP_SUMMARY echo " Closed PR #${pr}" >> $GITHUB_STEP_SUMMARY
done done
@@ -305,7 +305,7 @@ jobs:
# Delete cancelled and stale workflow runs # Delete cancelled and stale workflow runs
for status in cancelled stale; do for status in cancelled stale; do
curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/actions/runs?status=${status}&per_page=100" 2>/dev/null \ curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/actions/runs?status=${status}&per_page=100" 2>/dev/null \
--jq '.workflow_runs[].id' 2>/dev/null | while read -r run_id; do 2>/dev/null | jq -r '.workflow_runs[].id' | while read -r run_id; do
gh api -X DELETE "repos/${REPO}/actions/runs/${run_id}" --silent 2>/dev/null || true gh api -X DELETE "repos/${REPO}/actions/runs/${run_id}" --silent 2>/dev/null || true
DELETED=$((DELETED+1)) DELETED=$((DELETED+1))
done done
@@ -327,7 +327,7 @@ jobs:
DELETED=0 DELETED=0
curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/actions/runs?created=<${CUTOFF}&per_page=100" 2>/dev/null \ curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/actions/runs?created=<${CUTOFF}&per_page=100" 2>/dev/null \
--jq '.workflow_runs[].id' 2>/dev/null | while read -r run_id; do 2>/dev/null | jq -r '.workflow_runs[].id' | while read -r run_id; do
gh api -X DELETE "repos/${REPO}/actions/runs/${run_id}/logs" --silent 2>/dev/null || true gh api -X DELETE "repos/${REPO}/actions/runs/${run_id}/logs" --silent 2>/dev/null || true
DELETED=$((DELETED+1)) DELETED=$((DELETED+1))
done done

4
.github/workflows/standards-compliance.yml vendored
View File

@@ -2577,7 +2577,7 @@ jobs:
gh label create "$LABEL" --repo "$REPO" --color "D73A4A" --description "Standards compliance failure" --force 2>/dev/null || true gh label create "$LABEL" --repo "$REPO" --color "D73A4A" --description "Standards compliance failure" --force 2>/dev/null || true
EXISTING=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/issues?labels=${LABEL}&state=all&per_page=1&sort=created&direction=desc" 2>/dev/null \ EXISTING=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/issues?labels=${LABEL}&state=all&per_page=1&sort=created&direction=desc" 2>/dev/null \
--jq '.[0].number' 2>/dev/null) 2>/dev/null | jq -r '.[0].number')
if [ -n "$EXISTING" ] && [ "$EXISTING" != "null" ]; then if [ -n "$EXISTING" ] && [ "$EXISTING" != "null" ]; then
curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/issues/${EXISTING}" 2>/dev/null -X PATCH \ curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/issues/${EXISTING}" 2>/dev/null -X PATCH \
@@ -2585,7 +2585,7 @@ jobs:
echo "Updated issue #${EXISTING}" echo "Updated issue #${EXISTING}"
else else
gh issue create --repo "$REPO" --title "$TITLE" --body "$BODY" \ gh issue create --repo "$REPO" --title "$TITLE" --body "$BODY" \
--label "$LABEL" --assignee "jmiller-moko" --label "$LABEL" --assignee "jmiller"
fi fi
# CUSTOMIZATION: # CUSTOMIZATION:

4
.github/workflows/update-server.yml vendored
View File

@@ -294,9 +294,9 @@ jobs:
ACTOR="${{ github.actor }}" ACTOR="${{ github.actor }}"
REPO="${{ github.repository }}" REPO="${{ github.repository }}"
PERMISSION=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/collaborators/${ACTOR}/permission" 2>/dev/null \ PERMISSION=$(curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/collaborators/${ACTOR}/permission" 2>/dev/null \
--jq '.permission' 2>/dev/null || \ 2>/dev/null | jq -r '.permission' || \
curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/collaborators/${ACTOR}" 2>/dev/null \ curl -sf -H "Authorization: token ${{ secrets.GA_TOKEN }}" "${{GITEA_URL:-https://git.mokoconsulting.tech}}/api/v1/repos/${{ github.repository }}/collaborators/${ACTOR}" 2>/dev/null \
--jq '.role' 2>/dev/null || echo "read") 2>/dev/null | jq -r '.role' || echo "read")
case "$PERMISSION" in case "$PERMISSION" in
admin|maintain|write) ;; admin|maintain|write) ;;
*) *)