nanobot/wylab-station-14
1
0
Fork 0
forked from wylab/wylab-station-14
Code Pull Requests Activity

fix: Update secrets config in validation workflows for Gitea (#7)

Browse Source
This commit is contained in:
wylab
2025-12-24 04:24:54 +01:00
parent ef44a42bf8
commit cbe725b93b
13 changed files with 112 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/labeler-approve.yml
+8 -6
View File
@@ -1,4 +1,4 @@
name: "Labels: Approve" name: "Labels: Approve"
on: on:
pull_request_review: pull_request_review:
@@ -11,8 +11,10 @@ jobs:
if: github.event.review.state == 'approved' if: github.event.review.state == 'approved'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions-ecosystem/action-remove-labels@v1 - name: Remove review labels
with: env:
labels: | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Status: Needs Review run: |
Status: Awaiting Changes API="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels"
curl -sS -X DELETE -H "Authorization: token $GITHUB_TOKEN" "$API/Status%3A%20Needs%20Review" || true
curl -sS -X DELETE -H "Authorization: token $GITHUB_TOKEN" "$API/Status%3A%20Awaiting%20Changes" || true
.github/workflows/labeler-changes.yml
+9 -7
View File
@@ -1,4 +1,4 @@
name: "Labels: Changes" name: "Labels: Changes"
on: on:
pull_request_review: pull_request_review:
@@ -11,9 +11,11 @@ jobs:
if: github.event.review.state == 'changes_requested' if: github.event.review.state == 'changes_requested'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions-ecosystem/action-add-labels@v1 - name: Update labels
with: env:
labels: "Status: Awaiting Changes" GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions-ecosystem/action-remove-labels@v1 run: |
with: API="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels"
labels: "Status: Needs Review" curl -sS -X POST -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/json" \
-d '{"labels":["Status: Awaiting Changes"]}' "$API"
curl -sS -X DELETE -H "Authorization: token $GITHUB_TOKEN" "$API/Status%3A%20Needs%20Review" || true
.github/workflows/labeler-conflict.yml
+3 -1
View File
@@ -57,8 +57,10 @@ jobs:
if [ -n "$HAS_LABEL" ]; then if [ -n "$HAS_LABEL" ]; then
echo "Removing stale conflict label..." echo "Removing stale conflict label..."
# URL-encode the label name (handles spaces, colons, etc.)
LABEL_NAME_ENCODED=$(echo "$LABEL_NAME" | jq -rR @uri)
curl -s -X DELETE -H "Authorization: token $API_TOKEN" \ curl -s -X DELETE -H "Authorization: token $API_TOKEN" \
"$API_URL/repos/$REPO_OWNER/$REPO_NAME/issues/$PR_INDEX/labels/$LABEL_NAME" "$API_URL/repos/$REPO_OWNER/$REPO_NAME/issues/$PR_INDEX/labels/$LABEL_NAME_ENCODED"
echo "Conflict label removed." echo "Conflict label removed."
fi fi
fi fi
.github/workflows/labeler-needsreview.yml
+9 -7
View File
@@ -1,4 +1,4 @@
name: "Labels: Review" name: "Labels: Review"
on: on:
pull_request_target: pull_request_target:
@@ -8,9 +8,11 @@ jobs:
add_label: add_label:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions-ecosystem/action-add-labels@v1 - name: Update labels
with: env:
labels: "S: Needs Review" GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions-ecosystem/action-remove-labels@v1 run: |
with: API="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels"
labels: "S: Awaiting Changes" curl -sS -X POST -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/json" \
-d '{"labels":["S: Needs Review"]}' "$API"
curl -sS -X DELETE -H "Authorization: token $GITHUB_TOKEN" "$API/S%3A%20Awaiting%20Changes" || true
.github/workflows/labeler-review.yml
-23
View File
@@ -1,23 +0,0 @@
name: "Labels: Approved"
on:
pull_request_review:
types: [submitted]
jobs:
add_label:
# Change the repository name after you've made sure the team name is correct for your fork!
if: ${{ (github.repository == 'space-wizards/space-station-14') && (github.event.review.state == 'APPROVED') }}
permissions:
contents: read
pull-requests: write
runs-on: ubuntu-latest
steps:
- uses: tspascoal/get-user-teams-membership@v3
id: checkUserMember
with:
username: ${{ github.actor }}
team: "content-maintainers,junior-maintainers"
GITHUB_TOKEN: ${{ secrets.LABELER_PAT }}
- if: ${{ steps.checkUserMember.outputs.isTeamMember == 'true' }}
uses: actions-ecosystem/action-add-labels@v1
with:
labels: "S: Approved"
.github/workflows/labeler-stable.yml
+9 -3
View File
@@ -11,6 +11,12 @@ jobs:
add_label: add_label:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions-ecosystem/action-add-labels@v1 - name: Add branch label
with: env:
labels: "Branch: Stable" GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
curl -sS -X POST \
-H "Authorization: token $GITHUB_TOKEN" \
-H "Content-Type: application/json" \
-d '{"labels":["Branch: Stable"]}' \
"${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels"
.github/workflows/labeler-staging.yml
+9 -3
View File
@@ -11,6 +11,12 @@ jobs:
add_label: add_label:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions-ecosystem/action-add-labels@v1 - name: Add branch label
with: env:
labels: "Branch: Staging" GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
curl -sS -X POST \
-H "Authorization: token $GITHUB_TOKEN" \
-H "Content-Type: application/json" \
-d '{"labels":["Branch: Staging"]}' \
"${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels"
.github/workflows/labeler-untriaged.yml
+12 -5
View File
@@ -1,4 +1,4 @@
name: "Labels: Untriaged" name: "Labels: Untriaged"
on: on:
issues: issues:
@@ -10,7 +10,14 @@ jobs:
add_label: add_label:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions-ecosystem/action-add-labels@v1 - name: Add untriaged label
if: join(github.event.issue.labels) == '' if: github.event.issue.labels[0] == null || github.event.pull_request.labels[0] == null
with: env:
labels: "S: Untriaged" GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
NUMBER="${{ github.event.pull_request.number || github.event.issue.number }}"
curl -sS -X POST \
-H "Authorization: token $GITHUB_TOKEN" \
-H "Content-Type: application/json" \
-d '{"labels":["S: Untriaged"]}' \
"${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues/$NUMBER/labels"
.github/workflows/publish.yml
+8 -15
View File
@@ -32,21 +32,14 @@ jobs:
- name: Check if build already published - name: Check if build already published
id: cdn-check id: cdn-check
run: | run: |
set -euo pipefail SHA=$(echo "$GITHUB_SHA" | tr '[:upper:]' '[:lower:]')
python3 - <<'PY' if curl -sSf "$CDN_MANIFEST_URL" | jq -e ".builds[\"$SHA\"]" > /dev/null 2>&1; then
import json, os, urllib.request, sys echo "Build $SHA already present on CDN; skipping."
url = os.environ["CDN_MANIFEST_URL"] echo "skip=true" >> "$GITHUB_OUTPUT"
sha = os.environ["GITHUB_SHA"].lower() else
with urllib.request.urlopen(url) as resp: echo "Build $SHA not found on CDN; continuing."
manifest = json.load(resp) echo "skip=false" >> "$GITHUB_OUTPUT"
exists = sha in manifest.get("builds", {}) fi
with open(os.environ["GITHUB_OUTPUT"], "a", encoding="utf-8") as f:
f.write(f"skip={'true' if exists else 'false'}\n")
if exists:
print(f"Build {sha} already present on CDN; skipping packaging.")
else:
print(f"Build {sha} not found on CDN; continuing.")
PY
- name: Cache NuGet packages - name: Cache NuGet packages
uses: actions/cache@v4 uses: actions/cache@v4
.github/workflows/test-packaging.yml
+5 -5
View File
@@ -50,19 +50,19 @@ jobs:
cd RobustToolbox/ cd RobustToolbox/
git submodule update --init --recursive git submodule update --init --recursive
# Corvax-Secrets-Start # Wylab-Secrets-Start
- name: Setup secrets - name: Setup secrets
env: env:
SSH_KEY: ${{ secrets.SECRETS_PRIVATE_KEY }} SSH_KEY: ${{ secrets.SECRETS_PRIVATE_KEY }}
if: ${{ env.SSH_KEY != '' }} if: ${{ env.SSH_KEY != '' }}
run: | run: |
mkdir ~/.ssh mkdir -p ~/.ssh
echo "${{ secrets.SECRETS_PRIVATE_KEY }}" > ~/.ssh/id_rsa echo "${{ secrets.SECRETS_PRIVATE_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa
echo "HOST *" > ~/.ssh/config echo "HOST git.wylab.me" > ~/.ssh/config
echo "StrictHostKeyChecking no" >> ~/.ssh/config echo " StrictHostKeyChecking no" >> ~/.ssh/config
git -c submodule.Secrets.update=checkout submodule update --init git -c submodule.Secrets.update=checkout submodule update --init
# Corvax-Secrets-End # Wylab-Secrets-End
- name: Setup .NET Core - name: Setup .NET Core
uses: actions/setup-dotnet@v4.1.0 uses: actions/setup-dotnet@v4.1.0
.github/workflows/validate-rgas.yml
+5 -5
View File
@@ -15,19 +15,19 @@ jobs:
- uses: actions/checkout@v4.2.2 - uses: actions/checkout@v4.2.2
- name: Setup Submodule - name: Setup Submodule
run: git submodule update --init run: git submodule update --init
# Corvax-Secrets-Start # Wylab-Secrets-Start
- name: Setup secrets - name: Setup secrets
env: env:
SSH_KEY: ${{ secrets.SECRETS_PRIVATE_KEY }} SSH_KEY: ${{ secrets.SECRETS_PRIVATE_KEY }}
if: ${{ env.SSH_KEY != '' }} if: ${{ env.SSH_KEY != '' }}
run: | run: |
mkdir ~/.ssh mkdir -p ~/.ssh
echo "${{ secrets.SECRETS_PRIVATE_KEY }}" > ~/.ssh/id_rsa echo "${{ secrets.SECRETS_PRIVATE_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa
echo "HOST *" > ~/.ssh/config echo "HOST git.wylab.me" > ~/.ssh/config
echo "StrictHostKeyChecking no" >> ~/.ssh/config echo " StrictHostKeyChecking no" >> ~/.ssh/config
git -c submodule.Secrets.update=checkout submodule update --init git -c submodule.Secrets.update=checkout submodule update --init
# Corvax-Secrets-End # Wylab-Secrets-End
- name: Pull engine updates - name: Pull engine updates
uses: space-wizards/submodule-dependency@v0.1.5 uses: space-wizards/submodule-dependency@v0.1.5
- uses: PaulRitter/yaml-schema-validator@v1 - uses: PaulRitter/yaml-schema-validator@v1
.github/workflows/validate-rsis.yml
+30 -8
View File
@@ -5,35 +5,57 @@ on:
branches: [ master, staging, stable ] branches: [ master, staging, stable ]
merge_group: merge_group:
pull_request: pull_request:
paths: types: [ opened, reopened, synchronize, ready_for_review ]
- '**.rsi/**' branches: [ master, staging, stable ]
jobs: jobs:
validate_rsis: validate_rsis:
name: Validate RSIs name: Validate RSIs
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Check for RSI changes
id: check_rsi
uses: dorny/paths-filter@v3
with:
filters: |
rsi:
- '**.rsi/**'
- name: Skip if no RSI changes
if: steps.check_rsi.outputs.rsi != 'true' && github.event_name == 'pull_request'
run: echo "No RSI files changed, skipping validation"
- uses: actions/checkout@v4.2.2 - uses: actions/checkout@v4.2.2
if: steps.check_rsi.outputs.rsi == 'true' || github.event_name != 'pull_request'
- name: Setup Submodule - name: Setup Submodule
if: steps.check_rsi.outputs.rsi == 'true' || github.event_name != 'pull_request'
run: git submodule update --init run: git submodule update --init
# Corvax-Secrets-Start
# Wylab-Secrets-Start
- name: Setup secrets - name: Setup secrets
env: env:
SSH_KEY: ${{ secrets.SECRETS_PRIVATE_KEY }} SSH_KEY: ${{ secrets.SECRETS_PRIVATE_KEY }}
if: ${{ env.SSH_KEY != '' }} if: (steps.check_rsi.outputs.rsi == 'true' || github.event_name != 'pull_request') && env.SSH_KEY != ''
run: | run: |
mkdir ~/.ssh mkdir -p ~/.ssh
echo "${{ secrets.SECRETS_PRIVATE_KEY }}" > ~/.ssh/id_rsa echo "${{ secrets.SECRETS_PRIVATE_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa
echo "HOST *" > ~/.ssh/config echo "HOST git.wylab.me" > ~/.ssh/config
echo "StrictHostKeyChecking no" >> ~/.ssh/config echo " StrictHostKeyChecking no" >> ~/.ssh/config
git -c submodule.Secrets.update=checkout submodule update --init git -c submodule.Secrets.update=checkout submodule update --init
# Corvax-Secrets-End # Wylab-Secrets-End
- name: Pull engine updates - name: Pull engine updates
if: steps.check_rsi.outputs.rsi == 'true' || github.event_name != 'pull_request'
uses: space-wizards/submodule-dependency@v0.1.5 uses: space-wizards/submodule-dependency@v0.1.5
- name: Install Python dependencies - name: Install Python dependencies
if: steps.check_rsi.outputs.rsi == 'true' || github.event_name != 'pull_request'
run: | run: |
python3 -m pip install --user --break-system-packages pillow jsonschema python3 -m pip install --user --break-system-packages pillow jsonschema
- name: Validate RSIs - name: Validate RSIs
if: steps.check_rsi.outputs.rsi == 'true' || github.event_name != 'pull_request'
run: | run: |
python3 RobustToolbox/Schemas/validate_rsis.py Resources/ python3 RobustToolbox/Schemas/validate_rsis.py Resources/
.github/workflows/validate_mapfiles.yml
+5 -5
View File
@@ -15,19 +15,19 @@ jobs:
- uses: actions/checkout@v4.2.2 - uses: actions/checkout@v4.2.2
- name: Setup Submodule - name: Setup Submodule
run: git submodule update --init run: git submodule update --init
# Corvax-Secrets-Start # Wylab-Secrets-Start
- name: Setup secrets - name: Setup secrets
env: env:
SSH_KEY: ${{ secrets.SECRETS_PRIVATE_KEY }} SSH_KEY: ${{ secrets.SECRETS_PRIVATE_KEY }}
if: ${{ env.SSH_KEY != '' }} if: ${{ env.SSH_KEY != '' }}
run: | run: |
mkdir ~/.ssh mkdir -p ~/.ssh
echo "${{ secrets.SECRETS_PRIVATE_KEY }}" > ~/.ssh/id_rsa echo "${{ secrets.SECRETS_PRIVATE_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa
echo "HOST *" > ~/.ssh/config echo "HOST git.wylab.me" > ~/.ssh/config
echo "StrictHostKeyChecking no" >> ~/.ssh/config echo " StrictHostKeyChecking no" >> ~/.ssh/config
git -c submodule.Secrets.update=checkout submodule update --init git -c submodule.Secrets.update=checkout submodule update --init
# Corvax-Secrets-End # Wylab-Secrets-End
- name: Pull engine updates - name: Pull engine updates
uses: space-wizards/submodule-dependency@v0.1.5 uses: space-wizards/submodule-dependency@v0.1.5
- uses: PaulRitter/yaml-schema-validator@v1 - uses: PaulRitter/yaml-schema-validator@v1