fix: Update secrets config in validation workflows for Gitea (#7)

.github/workflows/labeler-approve.yml

@@ -1,4 +1,4 @@
-name: "Labels: Approve"
+name: "Labels: Approve"
 
 on:
   pull_request_review:
@@ -11,8 +11,10 @@ jobs:
     if: github.event.review.state == 'approved'
     runs-on: ubuntu-latest
     steps:
-    - uses: actions-ecosystem/action-remove-labels@v1
-      with:
-        labels: |
-          Status: Needs Review
-          Status: Awaiting Changes
+    - name: Remove review labels
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        API="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels"
+        curl -sS -X DELETE -H "Authorization: token $GITHUB_TOKEN" "$API/Status%3A%20Needs%20Review" || true
+        curl -sS -X DELETE -H "Authorization: token $GITHUB_TOKEN" "$API/Status%3A%20Awaiting%20Changes" || true

.github/workflows/labeler-changes.yml

@@ -1,4 +1,4 @@
-name: "Labels: Changes"
+name: "Labels: Changes"
 
 on:
   pull_request_review:
@@ -11,9 +11,11 @@ jobs:
     if: github.event.review.state == 'changes_requested'
     runs-on: ubuntu-latest
     steps:
-    - uses: actions-ecosystem/action-add-labels@v1
-      with:
-        labels: "Status: Awaiting Changes"
-    - uses: actions-ecosystem/action-remove-labels@v1
-      with:
-        labels: "Status: Needs Review"
+    - name: Update labels
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        API="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels"
+        curl -sS -X POST -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/json" \
+          -d '{"labels":["Status: Awaiting Changes"]}' "$API"
+        curl -sS -X DELETE -H "Authorization: token $GITHUB_TOKEN" "$API/Status%3A%20Needs%20Review" || true

.github/workflows/labeler-conflict.yml

@@ -57,8 +57,10 @@ jobs:
 
             if [ -n "$HAS_LABEL" ]; then
               echo "Removing stale conflict label..."
+              # URL-encode the label name (handles spaces, colons, etc.)
+              LABEL_NAME_ENCODED=$(echo "$LABEL_NAME" | jq -rR @uri)
               curl -s -X DELETE -H "Authorization: token $API_TOKEN" \
-                "$API_URL/repos/$REPO_OWNER/$REPO_NAME/issues/$PR_INDEX/labels/$LABEL_NAME"
+                "$API_URL/repos/$REPO_OWNER/$REPO_NAME/issues/$PR_INDEX/labels/$LABEL_NAME_ENCODED"
               echo "Conflict label removed."
             fi
           fi

.github/workflows/labeler-needsreview.yml

@@ -1,4 +1,4 @@
-name: "Labels: Review"
+name: "Labels: Review"
 
 on:
   pull_request_target:
@@ -8,9 +8,11 @@ jobs:
   add_label:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions-ecosystem/action-add-labels@v1
-      with:
-        labels: "S: Needs Review"
-    - uses: actions-ecosystem/action-remove-labels@v1
-      with:
-        labels: "S: Awaiting Changes"
+    - name: Update labels
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        API="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels"
+        curl -sS -X POST -H "Authorization: token $GITHUB_TOKEN" -H "Content-Type: application/json" \
+          -d '{"labels":["S: Needs Review"]}' "$API"
+        curl -sS -X DELETE -H "Authorization: token $GITHUB_TOKEN" "$API/S%3A%20Awaiting%20Changes" || true

.github/workflows/labeler-review.yml

@@ -1,23 +0,0 @@
-name: "Labels: Approved"
-on:
-  pull_request_review:
-    types: [submitted]
-jobs:
-  add_label:
-    # Change the repository name after you've made sure the team name is correct for your fork!
-    if: ${{ (github.repository == 'space-wizards/space-station-14') && (github.event.review.state == 'APPROVED') }}
-    permissions:
-      contents: read
-      pull-requests: write
-    runs-on: ubuntu-latest
-    steps:
-    - uses: tspascoal/get-user-teams-membership@v3
-      id: checkUserMember
-      with:
-        username: ${{ github.actor }}
-        team: "content-maintainers,junior-maintainers"
-        GITHUB_TOKEN: ${{ secrets.LABELER_PAT }}
-    - if: ${{ steps.checkUserMember.outputs.isTeamMember == 'true' }}
-      uses: actions-ecosystem/action-add-labels@v1
-      with:
-        labels: "S: Approved"

.github/workflows/labeler-stable.yml

@@ -11,6 +11,12 @@ jobs:
   add_label:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions-ecosystem/action-add-labels@v1
-      with:
-        labels: "Branch: Stable"
+    - name: Add branch label
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        curl -sS -X POST \
+          -H "Authorization: token $GITHUB_TOKEN" \
+          -H "Content-Type: application/json" \
+          -d '{"labels":["Branch: Stable"]}' \
+          "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels"

.github/workflows/labeler-staging.yml

@@ -11,6 +11,12 @@ jobs:
   add_label:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions-ecosystem/action-add-labels@v1
-      with:
-        labels: "Branch: Staging"
+    - name: Add branch label
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        curl -sS -X POST \
+          -H "Authorization: token $GITHUB_TOKEN" \
+          -H "Content-Type: application/json" \
+          -d '{"labels":["Branch: Staging"]}' \
+          "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/labels"

.github/workflows/labeler-untriaged.yml

@@ -1,4 +1,4 @@
-name: "Labels: Untriaged"
+name: "Labels: Untriaged"
 
 on:
   issues:
@@ -10,7 +10,14 @@ jobs:
   add_label:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions-ecosystem/action-add-labels@v1
-      if: join(github.event.issue.labels) == ''
-      with:
-        labels: "S: Untriaged"
+    - name: Add untriaged label
+      if: github.event.issue.labels[0] == null || github.event.pull_request.labels[0] == null
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      run: |
+        NUMBER="${{ github.event.pull_request.number || github.event.issue.number }}"
+        curl -sS -X POST \
+          -H "Authorization: token $GITHUB_TOKEN" \
+          -H "Content-Type: application/json" \
+          -d '{"labels":["S: Untriaged"]}' \
+          "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/issues/$NUMBER/labels"

.github/workflows/publish.yml

@@ -32,21 +32,14 @@ jobs:
     - name: Check if build already published
       id: cdn-check
       run: |
-        set -euo pipefail
-        python3 - <<'PY'
-import json, os, urllib.request, sys
-url = os.environ["CDN_MANIFEST_URL"]
-sha = os.environ["GITHUB_SHA"].lower()
-with urllib.request.urlopen(url) as resp:
-    manifest = json.load(resp)
-exists = sha in manifest.get("builds", {})
-with open(os.environ["GITHUB_OUTPUT"], "a", encoding="utf-8") as f:
-    f.write(f"skip={'true' if exists else 'false'}\n")
-if exists:
-    print(f"Build {sha} already present on CDN; skipping packaging.")
-else:
-    print(f"Build {sha} not found on CDN; continuing.")
-PY
+        SHA=$(echo "$GITHUB_SHA" | tr '[:upper:]' '[:lower:]')
+        if curl -sSf "$CDN_MANIFEST_URL" | jq -e ".builds[\"$SHA\"]" > /dev/null 2>&1; then
+          echo "Build $SHA already present on CDN; skipping."
+          echo "skip=true" >> "$GITHUB_OUTPUT"
+        else
+          echo "Build $SHA not found on CDN; continuing."
+          echo "skip=false" >> "$GITHUB_OUTPUT"
+        fi
 
     - name: Cache NuGet packages
       uses: actions/cache@v4

.github/workflows/test-packaging.yml

@@ -50,19 +50,19 @@ jobs:
           cd RobustToolbox/
           git submodule update --init --recursive
 
-      # Corvax-Secrets-Start
+      # Wylab-Secrets-Start
       - name: Setup secrets
         env:
           SSH_KEY: ${{ secrets.SECRETS_PRIVATE_KEY }}
         if: ${{ env.SSH_KEY != '' }}
         run: |
-          mkdir ~/.ssh
+          mkdir -p ~/.ssh
           echo "${{ secrets.SECRETS_PRIVATE_KEY }}" > ~/.ssh/id_rsa
           chmod 600 ~/.ssh/id_rsa
-          echo "HOST *" > ~/.ssh/config
+          echo "HOST git.wylab.me" > ~/.ssh/config
           echo "  StrictHostKeyChecking no" >> ~/.ssh/config
           git -c submodule.Secrets.update=checkout submodule update --init
-      # Corvax-Secrets-End
+      # Wylab-Secrets-End
 
       - name: Setup .NET Core
         uses: actions/setup-dotnet@v4.1.0

.github/workflows/validate-rgas.yml

@@ -15,19 +15,19 @@ jobs:
     - uses: actions/checkout@v4.2.2
     - name: Setup Submodule
       run: git submodule update --init
-    # Corvax-Secrets-Start
+    # Wylab-Secrets-Start
     - name: Setup secrets
       env:
         SSH_KEY: ${{ secrets.SECRETS_PRIVATE_KEY }}
       if: ${{ env.SSH_KEY != '' }}
       run: |
-        mkdir ~/.ssh
+        mkdir -p ~/.ssh
         echo "${{ secrets.SECRETS_PRIVATE_KEY }}" > ~/.ssh/id_rsa
         chmod 600 ~/.ssh/id_rsa
-        echo "HOST *" > ~/.ssh/config
+        echo "HOST git.wylab.me" > ~/.ssh/config
         echo "  StrictHostKeyChecking no" >> ~/.ssh/config
         git -c submodule.Secrets.update=checkout submodule update --init
-    # Corvax-Secrets-End
+    # Wylab-Secrets-End
     - name: Pull engine updates
       uses: space-wizards/submodule-dependency@v0.1.5
     - uses: PaulRitter/yaml-schema-validator@v1

.github/workflows/validate-rsis.yml

@@ -5,35 +5,57 @@ on:
     branches: [ master, staging, stable ]
   merge_group:
   pull_request:
-    paths:
-      - '**.rsi/**'
+    types: [ opened, reopened, synchronize, ready_for_review ]
+    branches: [ master, staging, stable ]
 
 jobs:
   validate_rsis:
     name: Validate RSIs
     runs-on: ubuntu-latest
     steps:
+      - name: Check for RSI changes
+        id: check_rsi
+        uses: dorny/paths-filter@v3
+        with:
+          filters: |
+            rsi:
+              - '**.rsi/**'
+
+      - name: Skip if no RSI changes
+        if: steps.check_rsi.outputs.rsi != 'true' && github.event_name == 'pull_request'
+        run: echo "No RSI files changed, skipping validation"
+
       - uses: actions/checkout@v4.2.2
+        if: steps.check_rsi.outputs.rsi == 'true' || github.event_name != 'pull_request'
+
       - name: Setup Submodule
+        if: steps.check_rsi.outputs.rsi == 'true' || github.event_name != 'pull_request'
         run: git submodule update --init
-      # Corvax-Secrets-Start
+
+      # Wylab-Secrets-Start
       - name: Setup secrets
         env:
           SSH_KEY: ${{ secrets.SECRETS_PRIVATE_KEY }}
-        if: ${{ env.SSH_KEY != '' }}
+        if: (steps.check_rsi.outputs.rsi == 'true' || github.event_name != 'pull_request') && env.SSH_KEY != ''
         run: |
-          mkdir ~/.ssh
+          mkdir -p ~/.ssh
           echo "${{ secrets.SECRETS_PRIVATE_KEY }}" > ~/.ssh/id_rsa
           chmod 600 ~/.ssh/id_rsa
-          echo "HOST *" > ~/.ssh/config
+          echo "HOST git.wylab.me" > ~/.ssh/config
           echo "  StrictHostKeyChecking no" >> ~/.ssh/config
           git -c submodule.Secrets.update=checkout submodule update --init
-      # Corvax-Secrets-End
+      # Wylab-Secrets-End
+
       - name: Pull engine updates
+        if: steps.check_rsi.outputs.rsi == 'true' || github.event_name != 'pull_request'
         uses: space-wizards/submodule-dependency@v0.1.5
+
       - name: Install Python dependencies
+        if: steps.check_rsi.outputs.rsi == 'true' || github.event_name != 'pull_request'
         run: |
           python3 -m pip install --user --break-system-packages pillow jsonschema
+
       - name: Validate RSIs
+        if: steps.check_rsi.outputs.rsi == 'true' || github.event_name != 'pull_request'
         run: |
           python3 RobustToolbox/Schemas/validate_rsis.py Resources/

.github/workflows/validate_mapfiles.yml

@@ -15,19 +15,19 @@ jobs:
     - uses: actions/checkout@v4.2.2
     - name: Setup Submodule
       run: git submodule update --init
-    # Corvax-Secrets-Start
+    # Wylab-Secrets-Start
     - name: Setup secrets
       env:
         SSH_KEY: ${{ secrets.SECRETS_PRIVATE_KEY }}
       if: ${{ env.SSH_KEY != '' }}
       run: |
-        mkdir ~/.ssh
+        mkdir -p ~/.ssh
         echo "${{ secrets.SECRETS_PRIVATE_KEY }}" > ~/.ssh/id_rsa
         chmod 600 ~/.ssh/id_rsa
-        echo "HOST *" > ~/.ssh/config
+        echo "HOST git.wylab.me" > ~/.ssh/config
         echo "  StrictHostKeyChecking no" >> ~/.ssh/config
         git -c submodule.Secrets.update=checkout submodule update --init
-    # Corvax-Secrets-End
+    # Wylab-Secrets-End
     - name: Pull engine updates
       uses: space-wizards/submodule-dependency@v0.1.5
     - uses: PaulRitter/yaml-schema-validator@v1