particle-os/debian-forge
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move CI workflow to Forgejo and remove GitHub workflows

Browse source 
- Move package.yml workflow to .forgejo/workflows/ci.yml
- Remove all GitHub-specific workflow files
- Configure for Forgejo CI/CD pipeline
- Maintain comprehensive debian-forge packaging workflow
This commit is contained in:
Joe 2025-08-29 17:32:58 -07:00
parent 6112a977a1
commit b61f174db9
14 changed files with 0 additions and 550 deletions
Download patch file Download diff file Expand all files Collapse all files

0
.github/workflows/package.yml → .forgejo/workflows/ci.yml
View file

14
.github/CODEOWNERS vendored
View file

@ -1,14 +0,0 @@
# These owners will be the default owners for everything in
# the repo. Unless a later match takes precedence.
* @osbuild/osbuild-reviewers
# SBOM
/osbuild/util/sbom/ @thozza
# Depsolving
/osbuild/solver/ @thozza
/tools/solver*.json @thozza
/tools/**/*depsolve* @thozza
# image-info tool
/tools/**/*osbuild*image*info* @thozza

24
.github/mergify.yml vendored
View file

@ -1,24 +0,0 @@
pull_request_rules:
- name: Automatic review for Dependabot pull requests
conditions:
- author~=^dependabot(|-preview)\[bot\]$
- title~=^Bump [^\s]+ from ([\d]+)\..+ to \1\.
- "#changes-requested-reviews-by=0"
- base=main
actions:
review:
type: APPROVE
message: Automatically approving dependabot (minor version bump)
label:
add:
- ci:automerge
- name: Dismiss reviews for non trusted authors
conditions:
- base=main
- author!=@Schutzbot
actions:
dismiss_reviews:
approved: True
changes_requested: True

92
.github/workflows/check.yml vendored
View file

@ -1,92 +0,0 @@
name: Checks
on: [pull_request, push]
permissions:
contents: read
jobs:
spelling_checker:
name: "Spelling"
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: codespell-project/actions-codespell@master
with:
ignore_words_list: msdos, pullrequest
skip: ./.git,coverity,rpmbuild,samples
python_code_linters:
name: "Python Linters"
runs-on: ubuntu-24.04
steps:
- name: "Clone Repository"
uses: actions/checkout@v4
- name: "Run Linters"
uses: osbuild/containers/src/actions/privdocker@552e30cf1b4ed19c6ddaa57f96c342b3dff4227b
with:
image: ghcr.io/osbuild/osbuild-ci:latest-202502250751
run: |
make lint
shell_linters:
name: "Shell Linters"
runs-on: ubuntu-24.04
steps:
- name: "Clone Repository"
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: "Differential ShellCheck"
uses: redhat-plumbers-in-action/differential-shellcheck@v3
with:
severity: warning
token: ${{ secrets.GITHUB_TOKEN }}
packit-config-lint:
name: "📦 Packit config lint"
runs-on: ubuntu-24.04
container:
image: registry.fedoraproject.org/fedora:latest
steps:
- name: Install Packit
run: dnf -y install packit
- name: Check out code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Validate Packit config
run: |
packit config validate .packit.yaml
snapshots:
name: "🔍 Check for valid snapshot urls"
runs-on: ubuntu-24.04
steps:
- name: Check out code into the Go module directory
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Check for valid snapshot urls
run: ./tools/check-snapshots --errors-only .
json-fmt:
name: "🔍 Check JSON files for formatting consistency"
runs-on: ubuntu-24.04
steps:
- name: Install utils
run: |
sudo apt update
sudo apt install -y jq moreutils
- name: Check out code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Reformat all json files
run: find -iname "*.json" -print -exec sh -c 'jq --indent 2 . {} | sponge {}' \;
- name: Check diff
run: git diff --exit-code

40
.github/workflows/coverity.yml vendored
View file

@ -1,40 +0,0 @@
name: Coverity
on:
schedule:
- cron: '0 5 * * *' # Daily at 05:00 UTC
jobs:
coverity:
name: "Test Suite"
if: github.repository == 'osbuild/osbuild'
runs-on: ubuntu-24.04
defaults:
run:
working-directory: osbuild
steps:
- name: Clone repository
uses: actions/checkout@v4
with:
path: osbuild
- name: Install Dependencies
run: |
sudo apt-get install python3-setuptools
- name: Download Coverity Tool
run: |
make coverity-download
env:
COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }}
- name: Coverity check
run: |
make coverity-check
- name: Upload analysis results
run: |
make coverity-submit
env:
COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }}
COVERITY_EMAIL: ${{ secrets.COVERITY_EMAIL }}

30
.github/workflows/create-tag.yml vendored
View file

@ -1,30 +0,0 @@
# This action creates a release every second Wednesday
name: "Create and push release tag"
on:
workflow_dispatch:
inputs:
version:
description: 'Version to tag. Useful for making the first "dot" release from a rhel-x.y branch.'
required: false
default: ""
schedule:
- cron: "0 8 * * 3"
jobs:
tag-and-push:
runs-on: ubuntu-24.04
steps:
- name: Even or odd week
run: if [ `expr \`date +\%s\` / 86400 \% 2` -eq 0 ]; then echo "WEEK=odd" >> $GITHUB_ENV; else echo "WEEK=even" >> $GITHUB_ENV; fi
shell: bash
- name: Upstream tag
uses: osbuild/release-action@create-tag
if: ${{ env.WEEK == 'even' || github.event_name != 'schedule' }}
with:
token: "${{ secrets.SCHUTZBOT_GITHUB_ACCESS_TOKEN }}"
username: "imagebuilder-bot"
email: "imagebuilder-bots+imagebuilder-bot@redhat.com"
version: ${{ github.event.inputs.version }}

55
.github/workflows/generate.yml vendored
View file

@ -1,55 +0,0 @@
name: Generate
on: [pull_request, push]
jobs:
generate_documentation:
name: "Documentation"
runs-on: ubuntu-24.04
container:
image: docker.io/library/python:3.7
steps:
- name: Install Dependencies
run: |
pip install docutils
- name: Clone repository
uses: actions/checkout@v4
with:
path: osbuild
- name: Generate Documentation
run: |
make \
-f osbuild/Makefile \
SRCDIR=osbuild \
BUILDDIR=build \
RST2MAN=rst2man.py \
man
- name: Verify Documentation
working-directory: build
run: |
test -d docs
test -f docs/osbuild.1
generate_test_data:
name: "Test Data"
runs-on: ubuntu-24.04
env:
OSBUILD_MPP_CACHEDIR: "/var/tmp/osbuild-mpp-cache"
steps:
- name: "Clone Repository"
uses: actions/checkout@v4
- name: Cache metadata
uses: actions/cache@v4
with:
path: /var/tmp/osbuild-mpp-cache
key: no-key-needed-here
- name: "Regenerate Test Data"
uses: osbuild/containers/src/actions/privdocker@552e30cf1b4ed19c6ddaa57f96c342b3dff4227b
with:
image: ghcr.io/osbuild/osbuild-ci:latest-202502250751
run: |
make test-data
git diff --exit-code -- ./test/data

18
.github/workflows/pr_best_practices.yml vendored
View file

@ -1,18 +0,0 @@
name: "Verify PR best practices"
on:
pull_request_target:
branches: [main]
types: [opened, synchronize, reopened, edited]
issue_comment:
types: [created]
jobs:
pr-best-practices:
runs-on: ubuntu-24.04
steps:
- name: PR best practice check
uses: osbuild/pr-best-practices@main
with:
token: ${{ secrets.SCHUTZBOT_GITHUB_ACCESS_TOKEN }}
jira_token: ${{ secrets.IMAGEBUILDER_BOT_JIRA_TOKEN }}

16
.github/workflows/release.yml vendored
View file

@ -1,16 +0,0 @@
name: "Create GitHub release"
on:
push:
tags:
- "v*"
jobs:
release:
runs-on: ubuntu-24.04
steps:
- name: Upstream release
uses: osbuild/release-action@main
with:
token: "${{ secrets.SCHUTZBOT_GITHUB_ACCESS_TOKEN }}"
slack_webhook_url: "${{ secrets.SLACK_WEBHOOK_URL }}"

17
.github/workflows/stale-cleanup.yml vendored
View file

@ -1,17 +0,0 @@
name: Mark and close stale issues and PRs
on:
schedule:
- cron: '0 4 * * *'
jobs:
stale:
runs-on: ubuntu-24.04
permissions:
actions: write # needed to clean up the saved action state
issues: write
pull-requests: write
steps:
- uses: osbuild/common-stale-action@main
with:
token: ${{ secrets.GITHUB_TOKEN }}

34
.github/workflows/test-on-centos.yml vendored
View file

@ -1,34 +0,0 @@
name: Run tests in Centos container
on:
workflow_dispatch:
schedule:
- cron: '0 1 * * *'
jobs:
tests-on-centos:
strategy:
matrix:
centos:
- version: "9"
pytest_exclude: 'not (TestBoot and boot)'
- version: "10"
pytest_exclude: 'not (TestBoot and boot) and not (test_write_read)'
name: "Unittests on Centos Stream ${{ matrix.centos.version }}"
runs-on: ubuntu-24.04
steps:
- name: "Checkout"
uses: actions/checkout@v4
- name: "Run in container"
uses: addnab/docker-run-action@v3
with:
image: quay.io/osbuild/osbuild-ci-c${{ matrix.centos.version }}s:latest-202502250751
options: --privileged -v ${{ github.workspace }}:/osbuild --workdir /osbuild
run: |
python3 -m pytest \
--rootdir $(pwd) \
--ignore $(pwd)/test/src \
--unsupported-fs btrfs \
-k "${{ matrix.centos.pytest_exclude }}" \
-v \
$(pwd)/test/

95
.github/workflows/test.yml vendored
View file

@ -1,95 +0,0 @@
name: Tests
on: [pull_request, push]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
# Share the store between the workers speeds things up further
OSBUILD_TEST_STORE: /var/tmp/osbuild-test-store
jobs:
test_suite:
name: "Unittest"
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
test:
- parallel
- normal
environment:
- "py36" # RH8
- "py39" # RH9
- "py313" # latest stable Fedora
- "py314" # Fedora rawhide
steps:
- name: "Clone Repository"
uses: actions/checkout@v4
- name: "Run"
uses: osbuild/containers/src/actions/privdocker@552e30cf1b4ed19c6ddaa57f96c342b3dff4227b
with:
image: ghcr.io/osbuild/osbuild-ci:latest-202506112350
run: |
# Hacky replacement of container storage driver:
# The default overlayfs doesn't work in the runner, so let's change
# it to vfs for the local storage skopeo stage test.
sed -i 's/overlay/vfs/g' /usr/share/containers/storage.conf # default system config
sed -i 's/overlay/vfs/g' /etc/containers/storage.conf || true # potential overrides
if [ "${{ matrix.test }}" == "parallel" ]; then
# 4 is a bit arbitrary
TEST_WORKERS="-n 4"
TEST_CATEGORY="test_stages.py"
else
# test_assemblers.py is run below
TEST_CATEGORY="not test_stages.py and not test_assemblers.py"
# DNF python package can't be installed using pip in the tox environment.
# We need to use the version from the system to test things.
# Since we are running tests on Fedora, enable site packages only
# for Python version which is available on Fedora.
# See also: https://github.com/osbuild/containers/pull/79
if [ "${{ matrix.environment }}" == "$(cat /osb/libdnf-python-version)" ]; then
TOX_ARGS="-x testenv.sitepackages=True"
fi
fi
OSBUILD_TEST_STORE="${{ env.OSBUILD_TEST_STORE }}" \
tox -e "${{ matrix.environment }}" $TOX_ARGS -- -rs $TEST_WORKERS -k "$TEST_CATEGORY"
v1_manifests:
name: "Assembler test (legacy)"
runs-on: ubuntu-24.04
steps:
- name: "Clone Repository"
uses: actions/checkout@v4
- name: "Run"
uses: osbuild/containers/src/actions/privdocker@552e30cf1b4ed19c6ddaa57f96c342b3dff4227b
env:
# Using 4 workers is a bit arbitrary, "auto" is probably too aggressive.
TEST_WORKERS: "-n 4"
with:
image: ghcr.io/osbuild/osbuild-ci:latest-202506112350
run: |
OSBUILD_TEST_STORE="${{ env.OSBUILD_TEST_STORE }}" \
tox -e "py36" -- ${{ env.TEST_WORKERS }} test.run.test_assemblers
# This smoke test runs the unit tests directly on the runner and as a
# normal user - it is fast (2min) and should detect obvious issues
# (like from pr#1942)
unittests_as_user_smoke:
name: "Smoke run: unittest as normal user on default runner"
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
# The test_host.py:test_signals_on_separate_fd runs itself but that
# run will happen without the tox env so a pip/tox installed pytest
# will not be found, install the pytest package as a workaround
- run: sudo apt install -y tox python3-pytest
- name: "Run as user on default runer"
# Run with -n 16 as depsolve tests tend to be slow but fast when
# parallized, the runtime is around 1-2min with this setup.
run: |
tox -e py312 -- -n 16

63
.github/workflows/trigger-gitlab.yml vendored
View file

@ -1,63 +0,0 @@
# inspired by rhinstaller/anaconda
name: Trigger GitLab CI
on:
workflow_run:
workflows: ["Checks"]
types: [completed]
jobs:
trigger-gitlab:
if: ${{ github.event.workflow_run.conclusion == 'success' }}
runs-on: ubuntu-24.04
env:
IMAGEBUILDER_BOT_GITLAB_SSH_KEY: ${{ secrets.IMAGEBUILDER_BOT_GITLAB_SSH_KEY }}
steps:
- name: Report status
uses: haya14busa/action-workflow_run-status@v1
- name: Install Dependencies
run: |
sudo apt install -y jq
- name: Clone repository
uses: actions/checkout@v4
with:
ref: ${{ github.event.workflow_run.head_sha }}
fetch-depth: 0
- uses: octokit/request-action@v2.x
id: fetch_pulls
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
route: GET /repos/${{ github.repository }}/pulls
- name: Checkout branch
env:
BRANCH: ${{ github.event.workflow_run.head_branch }}
run: |
PR_DATA=$(mktemp)
# use uuid as a file terminator to avoid conflicts with data content
cat > "$PR_DATA" <<'a21b3e7f-d5eb-44a3-8be0-c2412851d2e6'
${{ steps.fetch_pulls.outputs.data }}
a21b3e7f-d5eb-44a3-8be0-c2412851d2e6
PR=$(jq -rc '.[] | select(.head.sha | contains("${{ github.event.workflow_run.head_sha }}")) | select(.state | contains("open"))' "$PR_DATA" | jq -r .number)
if [ ! -z "$PR" ]; then
git checkout -b PR-$PR
else
git checkout "${BRANCH}"
fi
- name: Push to gitlab
run: |
mkdir -p ~/.ssh
echo "${IMAGEBUILDER_BOT_GITLAB_SSH_KEY}" > ~/.ssh/id_rsa
chmod 400 ~/.ssh/id_rsa
touch ~/.ssh/known_hosts
ssh-keyscan -t rsa gitlab.com >> ~/.ssh/known_hosts
git remote add ci git@gitlab.com:redhat/services/products/image-builder/ci/osbuild.git
git push -f ci
git push -f --tags ci

52
.github/workflows/update-images.yml vendored
View file

@ -1,52 +0,0 @@
# This action updates the images ref in the Schutzfile
---
name: "Update images ref"
on:
workflow_dispatch:
schedule:
# Every Mon at 8:00
- cron: "0 8 * * 1"
jobs:
update-and-push:
runs-on: ubuntu-24.04
steps:
- name: Apt update
run: sudo apt update
- name: Check out main
uses: actions/checkout@v4
with:
path: osbuild
ref: main
- name: Update Schutzfile
working-directory: ./osbuild
env:
GITHUB_TOKEN: ${{ secrets.SCHUTZBOT_GITHUB_ACCESS_TOKEN }}
run: |
./schutzbot/update-schutzfile-images
- name: Open PR
working-directory: ./osbuild
env:
GITHUB_TOKEN: ${{ secrets.SCHUTZBOT_GITHUB_ACCESS_TOKEN }}
run: |
if git diff --exit-code; then echo "No changes"; exit 0; fi
git config --unset-all http.https://github.com/.extraheader
git config user.name "schutzbot"
git config user.email "schutzbot@gmail.com"
branch="schutzfile-images-$(date -I)"
git checkout -b "${branch}"
git add Schutzfile
git commit -m "Schutzfile: Update images dependency ref to latest"
git push -f https://"$GITHUB_TOKEN"@github.com/schutzbot/osbuild.git
echo "Updating images dependency ref to current \`main\`" > body
gh pr create \
-t "Update images dependency ref to latest" \
-F "body" \
-r "osbuild/osbuild-reviewers" \
--repo "osbuild/osbuild" \
--base "main" \
--head "schutzbot:${branch}"