diff --git a/.gitea/workflows/standards-check.yml b/.gitea/workflows/standards-check.yml index dc1e778b..aa51c5a4 100644 --- a/.gitea/workflows/standards-check.yml +++ b/.gitea/workflows/standards-check.yml @@ -31,33 +31,21 @@ jobs: echo "========================================" REPO_NAME="${{ github.event.repository.name }}" - REPO_DIR="${WORKSPACE_DIR}/${REPO_NAME}" TOKEN="${{ secrets.WORKFLOW }}" TARGET_SHA="${{ github.sha }}" TARGET_REF="${{ github.ref }}" TARGET_REF_NAME="${{ github.ref_name }}" + mkdir -p "$WORKSPACE_DIR" + REPO_DIR="$(mktemp -d "$WORKSPACE_DIR/${REPO_NAME}.XXXXXX")" + if [ -n "$TOKEN" ]; then REPO_URL="https://oauth2:${TOKEN}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git" else REPO_URL="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" fi - if [ -d "$REPO_DIR" ]; then - if [ -d "$REPO_DIR/.git" ]; then - cd "$REPO_DIR" - git clean -fdx - git reset --hard - git fetch --all --tags --force --prune --prune-tags - else - rm -rf "$REPO_DIR" - fi - fi - - if [ ! -d "$REPO_DIR/.git" ]; then - mkdir -p "$WORKSPACE_DIR" - git clone "$REPO_URL" "$REPO_DIR" - fi + git clone "$REPO_URL" "$REPO_DIR" if git -C "$REPO_DIR" cat-file -e "${TARGET_SHA}^{commit}" 2>/dev/null; then git -C "$REPO_DIR" checkout -f "$TARGET_SHA" diff --git a/.gitea/workflows/test.yml b/.gitea/workflows/test.yml index ccb83158..fcd9631f 100644 --- a/.gitea/workflows/test.yml +++ b/.gitea/workflows/test.yml @@ -38,33 +38,21 @@ jobs: echo "========================================" REPO_NAME="${{ github.event.repository.name }}" - REPO_DIR="${WORKSPACE_DIR}/${REPO_NAME}" TOKEN="${{ secrets.WORKFLOW }}" TARGET_SHA="${{ github.sha }}" TARGET_REF="${{ github.ref }}" TARGET_REF_NAME="${{ github.ref_name }}" + mkdir -p "$WORKSPACE_DIR" + REPO_DIR="$(mktemp -d "$WORKSPACE_DIR/${REPO_NAME}.XXXXXX")" + if [ -n "$TOKEN" ]; then REPO_URL="https://oauth2:${TOKEN}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git" else REPO_URL="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git" fi - if [ -d "$REPO_DIR" ]; then - if [ -d "$REPO_DIR/.git" ]; then - cd "$REPO_DIR" - git clean -fdx - git reset --hard - git fetch --all --tags --force --prune --prune-tags - else - rm -rf "$REPO_DIR" - fi - fi - - if [ ! -d "$REPO_DIR/.git" ]; then - mkdir -p "$WORKSPACE_DIR" - git clone "$REPO_URL" "$REPO_DIR" - fi + git clone "$REPO_URL" "$REPO_DIR" if git -C "$REPO_DIR" cat-file -e "${TARGET_SHA}^{commit}" 2>/dev/null; then git -C "$REPO_DIR" checkout -f "$TARGET_SHA" diff --git a/.gitea/workflows/update-thirdparty-skills.yml b/.gitea/workflows/update-thirdparty-skills.yml index 196d113b..6429b7ad 100644 --- a/.gitea/workflows/update-thirdparty-skills.yml +++ b/.gitea/workflows/update-thirdparty-skills.yml @@ -33,36 +33,19 @@ jobs: echo "========================================" REPO_NAME="${{ github.event.repository.name }}" - REPO_DIR="${{ env.WORKSPACE_DIR }}/$REPO_NAME" TOKEN="${{ secrets.WORKFLOW }}" + mkdir -p "${{ env.WORKSPACE_DIR }}" + REPO_DIR="$(mktemp -d "${{ env.WORKSPACE_DIR }}/${REPO_NAME}.XXXXXX")" if [ -n "$TOKEN" ]; then REPO_URL="https://oauth2:${TOKEN}@${GITHUB_SERVER_URL#https://}/${{ github.repository }}.git" else REPO_URL="${GITHUB_SERVER_URL}/${{ github.repository }}.git" fi - if [ -d "$REPO_DIR" ]; then - if [ -d "$REPO_DIR/.git" ]; then - cd "$REPO_DIR" - git ls-files -v | awk '/^[a-zS] / {sub(/^[a-zS] /, ""); print}' | while IFS= read -r path; do - git update-index --no-assume-unchanged --no-skip-worktree -- "$path" - done - git clean -fdx - git reset --hard - git fetch --all --tags --force --prune --prune-tags - else - rm -rf "$REPO_DIR" - fi - fi + git clone "$REPO_URL" "$REPO_DIR" - if [ ! -d "$REPO_DIR/.git" ]; then - mkdir -p "${{ env.WORKSPACE_DIR }}" - git clone "$REPO_URL" "$REPO_DIR" - cd "$REPO_DIR" - fi - - git fetch origin main - git checkout -B main origin/main + git -C "$REPO_DIR" fetch origin main + git -C "$REPO_DIR" checkout -B main origin/main git config --global --add safe.directory "$REPO_DIR" echo "REPO_DIR=$REPO_DIR" >> "$GITHUB_ENV" diff --git a/templates/ci/gitea/.gitea/workflows/standards-check.yml b/templates/ci/gitea/.gitea/workflows/standards-check.yml index f7ff140a..1c9eccb5 100644 --- a/templates/ci/gitea/.gitea/workflows/standards-check.yml +++ b/templates/ci/gitea/.gitea/workflows/standards-check.yml @@ -29,46 +29,32 @@ jobs: echo "========================================" REPO_NAME="${{ github.event.repository.name }}" - REPO_DIR="${{ env.WORKSPACE_DIR }}/$REPO_NAME" TOKEN="${{ secrets.WORKFLOW }}" + mkdir -p "${{ env.WORKSPACE_DIR }}" + REPO_DIR="$(mktemp -d "${{ env.WORKSPACE_DIR }}/${REPO_NAME}.XXXXXX")" if [ -n "$TOKEN" ]; then REPO_URL="https://oauth2:${TOKEN}@${GITHUB_SERVER_URL#https://}/${{ github.repository }}.git" else REPO_URL="${GITHUB_SERVER_URL}/${{ github.repository }}.git" fi - if [ -d "$REPO_DIR" ]; then - if [ -d "$REPO_DIR/.git" ]; then - cd "$REPO_DIR" - git clean -fdx - git reset --hard - git fetch --all --tags --force --prune --prune-tags - else - rm -rf "$REPO_DIR" - fi - fi - - if [ ! -d "$REPO_DIR/.git" ]; then - mkdir -p "${{ env.WORKSPACE_DIR }}" - git clone "$REPO_URL" "$REPO_DIR" - cd "$REPO_DIR" - fi + git clone "$REPO_URL" "$REPO_DIR" TARGET_SHA="${{ github.sha }}" TARGET_REF="${{ github.ref }}" - if git cat-file -e "$TARGET_SHA^{commit}" 2>/dev/null; then - git checkout -f "$TARGET_SHA" + if git -C "$REPO_DIR" cat-file -e "$TARGET_SHA^{commit}" 2>/dev/null; then + git -C "$REPO_DIR" checkout -f "$TARGET_SHA" else if [ -n "$TARGET_REF" ]; then - git fetch origin "$TARGET_REF" - git checkout -f FETCH_HEAD + git -C "$REPO_DIR" fetch origin "$TARGET_REF" + git -C "$REPO_DIR" checkout -f FETCH_HEAD else - git checkout -f "${{ github.ref_name }}" + git -C "$REPO_DIR" checkout -f "${{ github.ref_name }}" fi fi git config --global --add safe.directory "$REPO_DIR" - echo "REPO_DIR=$REPO_DIR" >> $GITHUB_ENV + echo "REPO_DIR=$REPO_DIR" >> "$GITHUB_ENV" - name: 🧪 Lint commit message / PR title run: | cd "$REPO_DIR" diff --git a/tests/test_gitea_workflow_bootstrap.py b/tests/test_gitea_workflow_bootstrap.py index 5ad34a28..13a91ccf 100644 --- a/tests/test_gitea_workflow_bootstrap.py +++ b/tests/test_gitea_workflow_bootstrap.py @@ -5,6 +5,10 @@ from pathlib import Path ROOT = Path(__file__).resolve().parents[1] TEST_WORKFLOW = ROOT / ".gitea" / "workflows" / "test.yml" STANDARDS_WORKFLOW = ROOT / ".gitea" / "workflows" / "standards-check.yml" +UPDATE_THIRDPARTY_WORKFLOW = ROOT / ".gitea" / "workflows" / "update-thirdparty-skills.yml" +TEMPLATE_STANDARDS_WORKFLOW = ( + ROOT / "templates" / "ci" / "gitea" / ".gitea" / "workflows" / "standards-check.yml" +) class GiteaWorkflowBootstrapTests(unittest.TestCase): @@ -13,10 +17,27 @@ class GiteaWorkflowBootstrapTests(unittest.TestCase): text = workflow.read_text(encoding="utf-8") with self.subTest(workflow=workflow.name): self.assertNotIn("bash .gitea/ci/prepare_repo.sh", text) - self.assertIn('REPO_DIR="${WORKSPACE_DIR}/${REPO_NAME}"', text) self.assertIn('git clone "$REPO_URL" "$REPO_DIR"', text) self.assertIn('echo "REPO_DIR=$REPO_DIR" >> "$GITHUB_ENV"', text) + def test_workflows_use_isolated_repo_dirs_per_job(self): + for workflow in ( + TEST_WORKFLOW, + STANDARDS_WORKFLOW, + UPDATE_THIRDPARTY_WORKFLOW, + TEMPLATE_STANDARDS_WORKFLOW, + ): + text = workflow.read_text(encoding="utf-8") + with self.subTest(workflow=workflow.name): + self.assertNotIn('REPO_DIR="${WORKSPACE_DIR}/${REPO_NAME}"', text) + self.assertNotIn('REPO_DIR="${{ env.WORKSPACE_DIR }}/$REPO_NAME"', text) + self.assertIn('mktemp -d', text) + self.assertTrue( + 'mkdir -p "$WORKSPACE_DIR"' in text + or 'mkdir -p "${{ env.WORKSPACE_DIR }}"' in text + ) + self.assertIn('echo "REPO_DIR=$REPO_DIR" >>', text) + if __name__ == "__main__": unittest.main()