diff --git a/.gitea/workflows/android-build.yml b/.gitea/workflows/android-build.yml index ac175d0..200d4e2 100644 --- a/.gitea/workflows/android-build.yml +++ b/.gitea/workflows/android-build.yml @@ -18,9 +18,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Clone Repo - uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - with: - fetch-depth: 0 + run: | + git config --global credential.helper "!f() { echo username=x-access-token; echo password=${GITEA_TOKEN}; }; f" + git clone "${GITEA_SERVER_URL}/${GITEA_REPOSITORY}.git" . + git checkout "${GITHUB_SHA}" - name: Determine version id: version @@ -35,29 +36,20 @@ jobs: echo "version=${SHORT_SHA}" >> $GITHUB_OUTPUT fi - - name: Set up JDK 17 - uses: https://git.quad4.io/actions/setup-java@f905b4359421f885fd1d195484604c02d27cefed # v5.1.0 - with: - distribution: "zulu" - java-version: "17" + - name: Setup JDK + run: sh scripts/ci/setup-java.sh 17 - - name: Install NodeJS - uses: https://git.quad4.io/actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 - with: - node-version: 24 + - name: Setup Node.js + run: sh scripts/ci/setup-node.sh 24 - - name: Install Python - uses: https://git.quad4.io/actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 - with: - python-version: "3.13" + - name: Setup Python + run: sh scripts/ci/setup-python.sh 3.13 - name: Install Poetry - run: python -m pip install --upgrade pip poetry>=2.0.0 + run: python3 -m pip install --upgrade pip poetry>=2.0.0 - - name: Install pnpm - uses: https://git.quad4.io/actions/setup-pnpm@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 - with: - version: 10.30.0 + - name: Setup pnpm + run: sh scripts/ci/setup-pnpm.sh - name: Install system dependencies run: | @@ -65,9 +57,7 @@ jobs: sudo apt-get install -y patchelf libopusfile0 ffmpeg espeak-ng cmake ninja-build clang pkg-config - name: Setup Task - uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1 - with: - version: "3.46.3" + run: sh scripts/ci/setup-task.sh - name: Sync versions run: node scripts/sync_version.js @@ -83,15 +73,13 @@ jobs: cd android ./gradlew assembleDebug env: - JAVA_HOME: ${{ env.JAVA_HOME_17_X64 }} + JAVA_HOME: /opt/java - name: Prepare release assets run: | mkdir -p release-assets - # Collect APK find android/app/build/outputs/apk/debug -name "*.apk" -exec cp {} release-assets/MeshChatX-${{ steps.version.outputs.version }}-debug.apk \; - # Generate checksums cd release-assets for file in *; do if [ -f "$file" ]; then diff --git a/.gitea/workflows/bench.yml b/.gitea/workflows/bench.yml index 28869aa..c36b29d 100644 --- a/.gitea/workflows/bench.yml +++ b/.gitea/workflows/bench.yml @@ -8,25 +8,22 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + run: | + git config --global credential.helper "!f() { echo username=x-access-token; echo password=${GITEA_TOKEN}; }; f" + git init -q && git remote add origin "${GITEA_SERVER_URL}/${GITEA_REPOSITORY}.git" + git fetch -q --depth=1 origin "${GITHUB_SHA}" && git checkout -q FETCH_HEAD - name: Setup Node.js - uses: https://git.quad4.io/actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 - with: - node-version: 24 + run: sh scripts/ci/setup-node.sh 24 - - name: Install pnpm - run: corepack enable && corepack prepare pnpm@10.30.0 --activate + - name: Setup pnpm + run: sh scripts/ci/setup-pnpm.sh - name: Setup Python - uses: https://git.quad4.io/actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 - with: - python-version: "3.13" + run: sh scripts/ci/setup-python.sh 3.13 - name: Setup Task - uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1 - with: - version: "3.46.3" + run: sh scripts/ci/setup-task.sh - name: Setup Poetry run: pip install poetry diff --git a/.gitea/workflows/build-test.yml b/.gitea/workflows/build-test.yml index 90304bd..5585c4e 100644 --- a/.gitea/workflows/build-test.yml +++ b/.gitea/workflows/build-test.yml @@ -18,27 +18,22 @@ jobs: runs-on: ubuntu-latest steps: - name: Clone Repo - uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - with: - fetch-depth: 0 + run: | + git config --global credential.helper "!f() { echo username=x-access-token; echo password=${GITEA_TOKEN}; }; f" + git clone "${GITEA_SERVER_URL}/${GITEA_REPOSITORY}.git" . + git checkout "${GITHUB_SHA}" - - name: Install NodeJS - uses: https://git.quad4.io/actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 - with: - node-version: 24 + - name: Setup Node.js + run: sh scripts/ci/setup-node.sh 24 - - name: Install Python - uses: https://git.quad4.io/actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 - with: - python-version: "3.13" + - name: Setup Python + run: sh scripts/ci/setup-python.sh 3.13 - name: Install Poetry - run: python -m pip install --upgrade pip poetry>=2.0.0 + run: python3 -m pip install --upgrade pip poetry>=2.0.0 - - name: Install pnpm - uses: https://git.quad4.io/actions/setup-pnpm@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 - with: - version: 10.30.0 + - name: Setup pnpm + run: sh scripts/ci/setup-pnpm.sh - name: Install system dependencies run: | @@ -47,9 +42,7 @@ jobs: sudo apt-get install -y patchelf libopusfile0 ffmpeg espeak-ng zip rpm elfutils appstream appstream-util - name: Setup Task - uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1 - with: - version: "3.46.3" + run: sh scripts/ci/setup-task.sh - name: Install dependencies run: task install @@ -73,12 +66,9 @@ jobs: - name: Prepare release assets run: | mkdir -p release-assets - # Collect Linux artifacts find dist -maxdepth 1 -type f \( -name "*-linux*.AppImage" -o -name "*-linux*.deb" -o -name "*-linux*.rpm" \) -exec cp {} release-assets/ \; - # Collect Python artifacts find python-dist -maxdepth 1 -type f -name "*.whl" -exec cp {} release-assets/ \; - # Generate checksums cd release-assets for file in *; do if [ -f "$file" ] && [[ "$file" != *.sha256 ]]; then diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index dc9c15a..7ffffdf 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -27,9 +27,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Clone Repo - uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - with: - fetch-depth: 0 + run: | + git config --global credential.helper "!f() { echo username=x-access-token; echo password=${GITEA_TOKEN}; }; f" + git clone "${GITEA_SERVER_URL}/${GITEA_REPOSITORY}.git" . + git checkout "${GITHUB_SHA}" - name: Determine version id: version @@ -58,23 +59,17 @@ jobs: fi echo "version=${VERSION}" >> $GITHUB_OUTPUT - - name: Install NodeJS - uses: https://git.quad4.io/actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 - with: - node-version: 24 + - name: Setup Node.js + run: sh scripts/ci/setup-node.sh 24 - - name: Install Python - uses: https://git.quad4.io/actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 - with: - python-version: "3.13" + - name: Setup Python + run: sh scripts/ci/setup-python.sh 3.13 - name: Install Poetry - run: python -m pip install --upgrade pip poetry>=2.0.0 + run: python3 -m pip install --upgrade pip poetry>=2.0.0 - - name: Install pnpm - uses: https://git.quad4.io/actions/setup-pnpm@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 - with: - version: 10.30.0 + - name: Setup pnpm + run: sh scripts/ci/setup-pnpm.sh - name: Install system dependencies run: | @@ -83,9 +78,7 @@ jobs: sudo apt-get install -y patchelf libopusfile0 ffmpeg espeak-ng zip rpm elfutils - name: Setup Task - uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1 - with: - version: "3.46.3" + run: sh scripts/ci/setup-task.sh - name: Install dependencies run: task install @@ -109,10 +102,7 @@ jobs: - name: Prepare release assets run: | mkdir -p release-assets - # Collect artifacts from dist/ - # Linux artifacts find dist -maxdepth 1 -type f \( -name "*-linux*.AppImage" -o -name "*-linux*.deb" -o -name "*-linux*.rpm" \) -exec cp {} release-assets/ \; - # Python artifacts find python-dist -maxdepth 1 -type f -name "*.whl" -exec cp {} release-assets/ \; # Create frontend zip diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index c00e67e..8ce0c64 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -18,21 +18,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + run: | + git config --global credential.helper "!f() { echo username=x-access-token; echo password=${GITEA_TOKEN}; }; f" + git init -q && git remote add origin "${GITEA_SERVER_URL}/${GITEA_REPOSITORY}.git" + git fetch -q --depth=1 origin "${GITHUB_SHA}" && git checkout -q FETCH_HEAD - name: Setup Node.js - uses: https://git.quad4.io/actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 - with: - node-version: 24 - - name: Install pnpm - run: corepack enable && corepack prepare pnpm@10.30.0 --activate + run: sh scripts/ci/setup-node.sh 24 + - name: Setup pnpm + run: sh scripts/ci/setup-pnpm.sh - name: Setup Python - uses: https://git.quad4.io/actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 - with: - python-version: "3.13" + run: sh scripts/ci/setup-python.sh 3.13 - name: Setup Task - uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1 - with: - version: "3.46.3" + run: sh scripts/ci/setup-task.sh - name: Setup Poetry run: pip install poetry - name: Setup Python environment @@ -54,17 +51,16 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + run: | + git config --global credential.helper "!f() { echo username=x-access-token; echo password=${GITEA_TOKEN}; }; f" + git init -q && git remote add origin "${GITEA_SERVER_URL}/${GITEA_REPOSITORY}.git" + git fetch -q --depth=1 origin "${GITHUB_SHA}" && git checkout -q FETCH_HEAD - name: Setup Node.js - uses: https://git.quad4.io/actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 - with: - node-version: 24 - - name: Install pnpm - run: corepack enable && corepack prepare pnpm@10.30.0 --activate + run: sh scripts/ci/setup-node.sh 24 + - name: Setup pnpm + run: sh scripts/ci/setup-pnpm.sh - name: Setup Task - uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1 - with: - version: "3.46.3" + run: sh scripts/ci/setup-task.sh - name: Install dependencies run: task deps:fe - name: pnpm audit @@ -85,15 +81,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + run: | + git config --global credential.helper "!f() { echo username=x-access-token; echo password=${GITEA_TOKEN}; }; f" + git init -q && git remote add origin "${GITEA_SERVER_URL}/${GITEA_REPOSITORY}.git" + git fetch -q --depth=1 origin "${GITHUB_SHA}" && git checkout -q FETCH_HEAD - name: Setup Python - uses: https://git.quad4.io/actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 - with: - python-version: "3.13" + run: sh scripts/ci/setup-python.sh 3.13 - name: Setup Task - uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1 - with: - version: "3.46.3" + run: sh scripts/ci/setup-task.sh - name: Compile backend run: | set -o pipefail @@ -103,21 +98,18 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + run: | + git config --global credential.helper "!f() { echo username=x-access-token; echo password=${GITEA_TOKEN}; }; f" + git init -q && git remote add origin "${GITEA_SERVER_URL}/${GITEA_REPOSITORY}.git" + git fetch -q --depth=1 origin "${GITHUB_SHA}" && git checkout -q FETCH_HEAD - name: Setup Node.js - uses: https://git.quad4.io/actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 - with: - node-version: 24 - - name: Install pnpm - run: corepack enable && corepack prepare pnpm@10.30.0 --activate + run: sh scripts/ci/setup-node.sh 24 + - name: Setup pnpm + run: sh scripts/ci/setup-pnpm.sh - name: Setup Python - uses: https://git.quad4.io/actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 - with: - python-version: "3.13" + run: sh scripts/ci/setup-python.sh 3.13 - name: Setup Task - uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1 - with: - version: "3.46.3" + run: sh scripts/ci/setup-task.sh - name: Setup Poetry run: pip install poetry - name: Install dependencies diff --git a/.gitea/workflows/docker.yml b/.gitea/workflows/docker.yml index 473684f..5240106 100644 --- a/.gitea/workflows/docker.yml +++ b/.gitea/workflows/docker.yml @@ -20,30 +20,16 @@ jobs: permissions: contents: read packages: write - outputs: - image_digest: ${{ steps.build.outputs.digest }} - image_tags: ${{ steps.meta.outputs.tags }} steps: - name: Checkout repository - uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - with: - fetch-depth: 0 + run: | + git config --global credential.helper "!f() { echo username=x-access-token; echo password=${GITEA_TOKEN}; }; f" + git clone "${GITEA_SERVER_URL}/${GITEA_REPOSITORY}.git" . + git checkout "${GITHUB_SHA}" - - name: Set up QEMU - uses: https://git.quad4.io/actions/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - with: - platforms: amd64,arm64 - - - name: Set up Docker Buildx - uses: https://git.quad4.io/actions/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - - - name: Log in to the Container registry - uses: https://git.quad4.io/actions/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 - with: - registry: ${{ env.REGISTRY }} - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} + - name: Set up Docker (QEMU + Buildx + Login) + run: sh scripts/ci/setup-docker.sh "${{ env.REGISTRY }}" "${{ secrets.REGISTRY_USERNAME }}" "${{ secrets.REGISTRY_PASSWORD }}" - name: Download Trivy run: | @@ -53,35 +39,26 @@ jobs: - name: Trivy FS scan run: trivy fs --exit-code 1 . - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: https://git.quad4.io/actions/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=raw,value=latest,enable={{is_default_branch}} - type=ref,event=branch,prefix=,suffix=,enable={{is_default_branch}} - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=sha,format=short + - name: Generate Docker tags + id: tags + run: | + sh scripts/ci/docker-tags.sh "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}" /tmp/docker-tags.txt + TAGS="$(tr '\n' ' ' < /tmp/docker-tags.txt)" + echo "tags=${TAGS}" >> "$GITHUB_OUTPUT" + FIRST_TAG="$(head -1 /tmp/docker-tags.txt | sed 's/^-t //')" + echo "first_tag=${FIRST_TAG}" >> "$GITHUB_OUTPUT" - name: Build and push Docker image - id: build - uses: https://git.quad4.io/actions/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 - with: - context: . - file: ./Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - no-cache: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} + run: | + docker buildx build \ + --platform linux/amd64,linux/arm64 \ + --push \ + --no-cache \ + ${{ steps.tags.outputs.tags }} \ + -f ./Dockerfile . - name: Scan Docker image - run: | - # Extract the first tag from the multi-line tags output - IMAGE_TAG=$(echo "${{ steps.meta.outputs.tags }}" | head -n 1) - trivy image --exit-code 0 "$IMAGE_TAG" + run: trivy image --exit-code 0 "${{ steps.tags.outputs.first_tag }}" build-dev: if: github.ref == 'refs/heads/dev' @@ -92,24 +69,13 @@ jobs: steps: - name: Checkout repository - uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - with: - fetch-depth: 0 + run: | + git config --global credential.helper "!f() { echo username=x-access-token; echo password=${GITEA_TOKEN}; }; f" + git clone "${GITEA_SERVER_URL}/${GITEA_REPOSITORY}.git" . + git checkout "${GITHUB_SHA}" - - name: Set up QEMU - uses: https://git.quad4.io/actions/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3.7.0 - with: - platforms: amd64,arm64 - - - name: Set up Docker Buildx - uses: https://git.quad4.io/actions/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - - - name: Log in to the Container registry - uses: https://git.quad4.io/actions/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 - with: - registry: ${{ env.REGISTRY }} - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_PASSWORD }} + - name: Set up Docker (QEMU + Buildx + Login) + run: sh scripts/ci/setup-docker.sh "${{ env.REGISTRY }}" "${{ secrets.REGISTRY_USERNAME }}" "${{ secrets.REGISTRY_PASSWORD }}" - name: Download Trivy run: | @@ -119,29 +85,23 @@ jobs: - name: Trivy FS scan run: trivy fs --exit-code 1 . - - name: Extract DEV metadata (tags, labels) for Docker - id: meta-dev - uses: https://git.quad4.io/actions/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 - with: - images: ${{ env.REGISTRY }}/${{ env.DEV_IMAGE_NAME }} - tags: | - type=raw,value=dev - type=sha,format=short + - name: Generate dev Docker tags + id: tags + run: | + DEV_IMAGE="${{ env.REGISTRY }}/${{ env.DEV_IMAGE_NAME }}" + SHA="$(git rev-parse --short HEAD)" + TAGS="-t ${DEV_IMAGE}:dev -t ${DEV_IMAGE}:sha-${SHA}" + echo "tags=${TAGS}" >> "$GITHUB_OUTPUT" + echo "first_tag=${DEV_IMAGE}:dev" >> "$GITHUB_OUTPUT" - name: Build and push dev Docker image - id: build-dev - uses: https://git.quad4.io/actions/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 - with: - context: . - file: ./Dockerfile - platforms: linux/amd64,linux/arm64 - push: true - no-cache: true - tags: ${{ steps.meta-dev.outputs.tags }} - labels: ${{ steps.meta-dev.outputs.labels }} + run: | + docker buildx build \ + --platform linux/amd64,linux/arm64 \ + --push \ + --no-cache \ + ${{ steps.tags.outputs.tags }} \ + -f ./Dockerfile . - name: Scan Docker image (dev) - run: | - # Extract the first tag from the multi-line tags output - IMAGE_TAG=$(echo "${{ steps.meta-dev.outputs.tags }}" | head -n 1) - trivy image --exit-code 0 "$IMAGE_TAG" + run: trivy image --exit-code 0 "${{ steps.tags.outputs.first_tag }}" diff --git a/.gitea/workflows/osv-pr.yml b/.gitea/workflows/osv-pr.yml deleted file mode 100644 index 0aa65fc..0000000 --- a/.gitea/workflows/osv-pr.yml +++ /dev/null @@ -1,20 +0,0 @@ -name: OSV-Scanner PR Scan - -on: - pull_request: - branches: [master, dev] - merge_group: - branches: [master, dev] - -permissions: - contents: read - -jobs: - scan-pr: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - - name: OSV scan - run: bash scripts/osv_scan.sh diff --git a/.gitea/workflows/scan.yml b/.gitea/workflows/scan.yml index f9813ea..a6b856c 100644 --- a/.gitea/workflows/scan.yml +++ b/.gitea/workflows/scan.yml @@ -15,10 +15,10 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 - - - name: OSV scan - run: bash scripts/osv_scan.sh + run: | + git config --global credential.helper "!f() { echo username=x-access-token; echo password=${GITEA_TOKEN}; }; f" + git init -q && git remote add origin "${GITEA_SERVER_URL}/${GITEA_REPOSITORY}.git" + git fetch -q --depth=1 origin "${GITHUB_SHA}" && git checkout -q FETCH_HEAD - name: Download Trivy run: | diff --git a/.gitea/workflows/tests.yml b/.gitea/workflows/tests.yml index 699ea66..6cfbfc7 100644 --- a/.gitea/workflows/tests.yml +++ b/.gitea/workflows/tests.yml @@ -18,25 +18,22 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + run: | + git config --global credential.helper "!f() { echo username=x-access-token; echo password=${GITEA_TOKEN}; }; f" + git init -q && git remote add origin "${GITEA_SERVER_URL}/${GITEA_REPOSITORY}.git" + git fetch -q --depth=1 origin "${GITHUB_SHA}" && git checkout -q FETCH_HEAD - name: Setup Node.js - uses: https://git.quad4.io/actions/setup-node@395ad3262231945c25e8478fd5baf05154b1d79f # v6.1.0 - with: - node-version: 24 + run: sh scripts/ci/setup-node.sh 24 - - name: Install pnpm - run: corepack enable && corepack prepare pnpm@10.30.0 --activate + - name: Setup pnpm + run: sh scripts/ci/setup-pnpm.sh - name: Setup Python - uses: https://git.quad4.io/actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0 - with: - python-version: "3.13" + run: sh scripts/ci/setup-python.sh 3.13 - name: Setup Task - uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1 - with: - version: "3.46.3" + run: sh scripts/ci/setup-task.sh - name: Setup Poetry run: pip install poetry