forked from go-gitea/gitea
-
Notifications
You must be signed in to change notification settings - Fork 8
152 lines (133 loc) · 5.32 KB
/
sync-and-apply-patches.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
name: Sync, Tag, Build and Publish Docker Image
run-name: Patch and build ${{ github.event_name == 'schedule' && 'latest upstream tag' || inputs.tag }}
on:
schedule:
- cron: '0 0 * * 0' # Weekly at midnight
workflow_dispatch:
inputs:
tag:
description: 'Specify a tag (optional)'
required: false
default: ''
force:
description: 'Force push branch and tag'
required: false
default: 'false'
jobs:
sync-and-patch:
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
outputs:
tag: ${{ steps.determine-tag.outputs.tag }}
steps:
# Step to checkout the 'ci' branch with patches
- name: Checkout ci branch
uses: actions/checkout@v3
with:
token: ${{ secrets.GITHUB_TOKEN }}
ref: ci
fetch-depth: 0
# Step to back up patches
- name: Backup patches
run: |
mkdir -p $HOME/patches-backup
cp patches/*.patch $HOME/patches-backup/
# Step to check out the repository's default branch
- name: Checkout default branch
uses: actions/checkout@v3
with:
token: ${{ secrets.PAT_TOKEN }}
fetch-depth: 0
# Step to set up Git
- name: Set up Git
run: |
git config --global user.name 'Bart van der Braak'
git config --global user.email '[email protected]'
# Step to add upstream and fetch tags
- name: Add upstream and fetch tags
run: |
git remote add upstream ${{ env.UPSTREAM }}
# Prune tags from the fork to prevent conflicts
git tag -l | xargs -n 1 git tag -d
git fetch upstream --tags
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
UPSTREAM: https://github.com/go-gitea/gitea.git
# Step to find the tag to use (input or latest)
- name: Determine tag
id: determine-tag
run: |
if [ -n "${{ github.event.inputs.tag }}" ]; then
echo "Using manually specified tag: ${{ github.event.inputs.tag }}"
echo "tag=${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT
else
echo "Finding the latest stable tag..."
latest_tag=$(git tag -l "v*" --sort=-v:refname | grep -E '^v[0-9]+\.[0-9]+\.[0-9]+$' | head -n 1)
echo "Latest stable tag: $latest_tag"
echo "tag=$latest_tag" >> $GITHUB_OUTPUT
fi
# Step to create a branch from the determined tag
- name: Create branch from determined tag
run: |
git checkout -b apply-patches-${{ steps.determine-tag.outputs.tag }} ${{ steps.determine-tag.outputs.tag }}
# Step to apply patches and push partial progress if any apply
- name: Apply patches and handle partial progress
id: apply_patches
run: |
successful_patches=()
failed_patches=()
for patch in $HOME/patches-backup/*.patch; do
echo "Applying $patch..."
if git am --3way "$patch"; then
echo "Successfully applied $patch"
successful_patches+=("$(basename "$patch")")
else
echo "Failed to apply patch: $patch"
git am --abort
failed_patches+=("$(basename "$patch")")
break # Stop further patch application
fi
done
echo "successful_patches=${successful_patches[@]}" >> $GITHUB_ENV
echo "failed_patches=${failed_patches[@]}" >> $GITHUB_ENV
# Push the branch even if only some patches were applied
git push https://github.com/${{ github.repository }}.git HEAD ${{ inputs.force == 'true' && '--force' }}
env:
PAT_TOKEN: ${{ secrets.PAT_TOKEN }}
# Step to create a tag on the last commit of the patch branch
- name: Create a tag on the last commit
run: |
git tag -d "${{ steps.determine-tag.outputs.tag }}" || echo "Tag does not exist locally, skipping delete."
git tag -a "${{ steps.determine-tag.outputs.tag }}" -m "Tagging version ${{ steps.determine-tag.outputs.tag }} after applying patches"
git push origin "${{ steps.determine-tag.outputs.tag }}" ${{ inputs.force == 'true' && '--force' }}
build:
runs-on: ubuntu-latest
needs: sync-and-patch
permissions:
contents: read # Read access to repository contents (required to access Dockerfile)
packages: write # Write access to GHCR (required to publish Docker images)
id-token: write # Needed for GHCR authentication
steps:
# Set up Docker Buildx
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
# Log in to GitHub Container Registry
- name: Log in to GitHub Container Registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# Checkout the specific tag
- name: Checkout tag
uses: actions/checkout@v3
with:
ref: ${{ needs.sync-and-patch.outputs.tag }}
- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
file: Dockerfile.rootless
push: true
tags: ghcr.io/${{ github.repository }}:${{ needs.sync-and-patch.outputs.tag }}