csh
/
playbook
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🐛 fix(ci): isolate gitea workflow repos 

use a fresh per-job checkout directory for test, standards, and
thirdparty update workflows instead of reusing a shared repo path.

align the Gitea standards-check template with the same isolation
strategy and expand workflow bootstrap regression coverage.
This commit is contained in:
csh 2026-05-19 09:59:30 +08:00
parent 588b81dae4
commit d2f9356e6a
5 changed files with 44 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
.gitea/workflows/standards-check.yml
View File

@ -31,33 +31,21 @@ jobs:
echo "========================================"
REPO_NAME="${{ github.event.repository.name }}"
REPO_DIR="${WORKSPACE_DIR}/${REPO_NAME}"
TOKEN="${{ secrets.WORKFLOW }}"
TARGET_SHA="${{ github.sha }}"
TARGET_REF="${{ github.ref }}"
TARGET_REF_NAME="${{ github.ref_name }}"
mkdir -p "$WORKSPACE_DIR"
REPO_DIR="$(mktemp -d "$WORKSPACE_DIR/${REPO_NAME}.XXXXXX")"
if [ -n "$TOKEN" ]; then
REPO_URL="https://oauth2:${TOKEN}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git"
else
REPO_URL="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git"
fi
if [ -d "$REPO_DIR" ]; then
if [ -d "$REPO_DIR/.git" ]; then
cd "$REPO_DIR"
git clean -fdx
git reset --hard
git fetch --all --tags --force --prune --prune-tags
else
rm -rf "$REPO_DIR"
fi
fi
if [ ! -d "$REPO_DIR/.git" ]; then
mkdir -p "$WORKSPACE_DIR"
git clone "$REPO_URL" "$REPO_DIR"
fi
if git -C "$REPO_DIR" cat-file -e "${TARGET_SHA}^{commit}" 2>/dev/null; then
git -C "$REPO_DIR" checkout -f "$TARGET_SHA"

18
.gitea/workflows/test.yml
View File

@ -38,33 +38,21 @@ jobs:
echo "========================================"
REPO_NAME="${{ github.event.repository.name }}"
REPO_DIR="${WORKSPACE_DIR}/${REPO_NAME}"
TOKEN="${{ secrets.WORKFLOW }}"
TARGET_SHA="${{ github.sha }}"
TARGET_REF="${{ github.ref }}"
TARGET_REF_NAME="${{ github.ref_name }}"
mkdir -p "$WORKSPACE_DIR"
REPO_DIR="$(mktemp -d "$WORKSPACE_DIR/${REPO_NAME}.XXXXXX")"
if [ -n "$TOKEN" ]; then
REPO_URL="https://oauth2:${TOKEN}@${GITHUB_SERVER_URL#https://}/${GITHUB_REPOSITORY}.git"
else
REPO_URL="${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}.git"
fi
if [ -d "$REPO_DIR" ]; then
if [ -d "$REPO_DIR/.git" ]; then
cd "$REPO_DIR"
git clean -fdx
git reset --hard
git fetch --all --tags --force --prune --prune-tags
else
rm -rf "$REPO_DIR"
fi
fi
if [ ! -d "$REPO_DIR/.git" ]; then
mkdir -p "$WORKSPACE_DIR"
git clone "$REPO_URL" "$REPO_DIR"
fi
if git -C "$REPO_DIR" cat-file -e "${TARGET_SHA}^{commit}" 2>/dev/null; then
git -C "$REPO_DIR" checkout -f "$TARGET_SHA"

25
.gitea/workflows/update-thirdparty-skills.yml
View File

@ -33,36 +33,19 @@ jobs:
echo "========================================"
REPO_NAME="${{ github.event.repository.name }}"
REPO_DIR="${{ env.WORKSPACE_DIR }}/$REPO_NAME"
TOKEN="${{ secrets.WORKFLOW }}"
mkdir -p "${{ env.WORKSPACE_DIR }}"
REPO_DIR="$(mktemp -d "${{ env.WORKSPACE_DIR }}/${REPO_NAME}.XXXXXX")"
if [ -n "$TOKEN" ]; then
REPO_URL="https://oauth2:${TOKEN}@${GITHUB_SERVER_URL#https://}/${{ github.repository }}.git"
else
REPO_URL="${GITHUB_SERVER_URL}/${{ github.repository }}.git"
fi
if [ -d "$REPO_DIR" ]; then
if [ -d "$REPO_DIR/.git" ]; then
cd "$REPO_DIR"
git ls-files -v | awk '/^[a-zS] / {sub(/^[a-zS] /, ""); print}' | while IFS= read -r path; do
git update-index --no-assume-unchanged --no-skip-worktree -- "$path"
done
git clean -fdx
git reset --hard
git fetch --all --tags --force --prune --prune-tags
else
rm -rf "$REPO_DIR"
fi
fi
if [ ! -d "$REPO_DIR/.git" ]; then
mkdir -p "${{ env.WORKSPACE_DIR }}"
git clone "$REPO_URL" "$REPO_DIR"
cd "$REPO_DIR"
fi
git fetch origin main
git checkout -B main origin/main
git -C "$REPO_DIR" fetch origin main
git -C "$REPO_DIR" checkout -B main origin/main
git config --global --add safe.directory "$REPO_DIR"
echo "REPO_DIR=$REPO_DIR" >> "$GITHUB_ENV"

30
templates/ci/gitea/.gitea/workflows/standards-check.yml
View File

@ -29,46 +29,32 @@ jobs:
echo "========================================"
REPO_NAME="${{ github.event.repository.name }}"
REPO_DIR="${{ env.WORKSPACE_DIR }}/$REPO_NAME"
TOKEN="${{ secrets.WORKFLOW }}"
mkdir -p "${{ env.WORKSPACE_DIR }}"
REPO_DIR="$(mktemp -d "${{ env.WORKSPACE_DIR }}/${REPO_NAME}.XXXXXX")"
if [ -n "$TOKEN" ]; then
REPO_URL="https://oauth2:${TOKEN}@${GITHUB_SERVER_URL#https://}/${{ github.repository }}.git"
else
REPO_URL="${GITHUB_SERVER_URL}/${{ github.repository }}.git"
fi
if [ -d "$REPO_DIR" ]; then
if [ -d "$REPO_DIR/.git" ]; then
cd "$REPO_DIR"
git clean -fdx
git reset --hard
git fetch --all --tags --force --prune --prune-tags
else
rm -rf "$REPO_DIR"
fi
fi
if [ ! -d "$REPO_DIR/.git" ]; then
mkdir -p "${{ env.WORKSPACE_DIR }}"
git clone "$REPO_URL" "$REPO_DIR"
cd "$REPO_DIR"
fi
TARGET_SHA="${{ github.sha }}"
TARGET_REF="${{ github.ref }}"
if git cat-file -e "$TARGET_SHA^{commit}" 2>/dev/null; then
git checkout -f "$TARGET_SHA"
if git -C "$REPO_DIR" cat-file -e "$TARGET_SHA^{commit}" 2>/dev/null; then
git -C "$REPO_DIR" checkout -f "$TARGET_SHA"
else
if [ -n "$TARGET_REF" ]; then
git fetch origin "$TARGET_REF"
git checkout -f FETCH_HEAD
git -C "$REPO_DIR" fetch origin "$TARGET_REF"
git -C "$REPO_DIR" checkout -f FETCH_HEAD
else
git checkout -f "${{ github.ref_name }}"
git -C "$REPO_DIR" checkout -f "${{ github.ref_name }}"
fi
fi
git config --global --add safe.directory "$REPO_DIR"
echo "REPO_DIR=$REPO_DIR" >> $GITHUB_ENV
echo "REPO_DIR=$REPO_DIR" >> "$GITHUB_ENV"
- name: 🧪 Lint commit message / PR title
run: |
cd "$REPO_DIR"

23
tests/test_gitea_workflow_bootstrap.py
View File

@ -5,6 +5,10 @@ from pathlib import Path
ROOT = Path(__file__).resolve().parents[1]
TEST_WORKFLOW = ROOT / ".gitea" / "workflows" / "test.yml"
STANDARDS_WORKFLOW = ROOT / ".gitea" / "workflows" / "standards-check.yml"
UPDATE_THIRDPARTY_WORKFLOW = ROOT / ".gitea" / "workflows" / "update-thirdparty-skills.yml"
TEMPLATE_STANDARDS_WORKFLOW = (
ROOT / "templates" / "ci" / "gitea" / ".gitea" / "workflows" / "standards-check.yml"
)
class GiteaWorkflowBootstrapTests(unittest.TestCase):
@ -13,10 +17,27 @@ class GiteaWorkflowBootstrapTests(unittest.TestCase):
text = workflow.read_text(encoding="utf-8")
with self.subTest(workflow=workflow.name):
self.assertNotIn("bash .gitea/ci/prepare_repo.sh", text)
self.assertIn('REPO_DIR="${WORKSPACE_DIR}/${REPO_NAME}"', text)
self.assertIn('git clone "$REPO_URL" "$REPO_DIR"', text)
self.assertIn('echo "REPO_DIR=$REPO_DIR" >> "$GITHUB_ENV"', text)
def test_workflows_use_isolated_repo_dirs_per_job(self):
for workflow in (
TEST_WORKFLOW,
STANDARDS_WORKFLOW,
UPDATE_THIRDPARTY_WORKFLOW,
TEMPLATE_STANDARDS_WORKFLOW,
):
text = workflow.read_text(encoding="utf-8")
with self.subTest(workflow=workflow.name):
self.assertNotIn('REPO_DIR="${WORKSPACE_DIR}/${REPO_NAME}"', text)
self.assertNotIn('REPO_DIR="${{ env.WORKSPACE_DIR }}/$REPO_NAME"', text)
self.assertIn('mktemp -d', text)
self.assertTrue(
'mkdir -p "$WORKSPACE_DIR"' in text
or 'mkdir -p "${{ env.WORKSPACE_DIR }}"' in text
)
self.assertIn('echo "REPO_DIR=$REPO_DIR" >>', text)
if __name__ == "__main__":
unittest.main()