diff --git a/.forgejo/prepare-end-to-end/action.yml b/.forgejo/prepare-end-to-end/action.yml index d85eb6f6..8ae5cdd8 100644 --- a/.forgejo/prepare-end-to-end/action.yml +++ b/.forgejo/prepare-end-to-end/action.yml @@ -15,7 +15,7 @@ runs: /usr/local/bin/garage key: S3 - - uses: https://data.forgejo.org/actions/setup-forgejo@v3.0.6 + - uses: https://data.forgejo.org/actions/setup-forgejo@v3.1.6 with: install-only: true - run: forgejo-binary.sh ensure_user forgejo diff --git a/.forgejo/workflows/end-to-end.yml b/.forgejo/workflows/end-to-end.yml index 27c917a6..eab71f76 100644 --- a/.forgejo/workflows/end-to-end.yml +++ b/.forgejo/workflows/end-to-end.yml @@ -15,14 +15,15 @@ jobs: build: runs-on: docker container: - image: 'data.forgejo.org/oci/node:20-bookworm' + image: 'data.forgejo.org/oci/node:24-trixie' outputs: built: "${{ steps.build.outputs.built }}" + forgejo_versions_json: "${{ steps.build.outputs.forgejo_versions_json }}" steps: - uses: https://data.forgejo.org/actions/checkout@v4 - uses: https://data.forgejo.org/actions/setup-go@v5 with: - go-version: "1.22" + go-version: "1.25" - name: lib/build.sh id: build run: | @@ -31,6 +32,8 @@ jobs: if ! test -f forgejo/build-from-sources; then echo forgejo/build-from-sources is not present, do not build any version from source + source lib/lib.sh + echo "forgejo_versions_json=$(node -p "JSON.stringify(process.argv[1].split(' '))" "$RELEASE_NUMBERS")" >> $FORGEJO_OUTPUT echo "built=no" >> $FORGEJO_OUTPUT exit 0 fi @@ -52,6 +55,7 @@ jobs: mv $forgejo /tmp/forgejo-upload/forgejo-$version done + echo "forgejo_versions_json=$(node -p "JSON.stringify(process.argv[1].split(' '))" "$(cat forgejo/build-from-sources)")" >> $FORGEJO_OUTPUT echo "built=yes" >> $FORGEJO_OUTPUT - name: steps context dump for debug @@ -70,12 +74,15 @@ jobs: packages: needs: [build] runs-on: lxc-trixie + strategy: + matrix: + forgejo_version: ${{ fromJSON(needs.build.outputs.forgejo_versions_json) }} steps: - uses: https://data.forgejo.org/actions/checkout@v4 - uses: ./.forgejo/prepare-end-to-end with: built: ${{ needs.build.outputs.built }} - - run: su forgejo -c "./end-to-end.sh test_packages" + - run: su forgejo -c "./end-to-end.sh test_packages ${{ matrix.forgejo_version }}" - if: ${{ needs.build.outputs.built == 'yes' }} uses: ./.forgejo/upload-coverage with: @@ -87,13 +94,16 @@ jobs: actions: needs: [build] runs-on: lxc-trixie + strategy: + matrix: + forgejo_version: ${{ fromJSON(needs.build.outputs.forgejo_versions_json) }} steps: - uses: https://data.forgejo.org/actions/checkout@v4 - uses: ./.forgejo/prepare-end-to-end with: built: ${{ needs.build.outputs.built }} - run: ./end-to-end.sh prepare_dockerd - - run: su forgejo -c "./end-to-end.sh test_actions" + - run: su forgejo -c "./end-to-end.sh test_actions ${{ matrix.forgejo_version }}" - if: ${{ needs.build.outputs.built == 'yes' }} uses: ./.forgejo/upload-coverage with: diff --git a/Dockerfile b/Dockerfile index 781aa497..e31cb6d8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM data.forgejo.org/oci/node:22-trixie +FROM data.forgejo.org/oci/node:24-trixie ENV PATH=$PATH:/setup-forgejo ENV _CONTAINERS_USERNS_CONFIGURED="" diff --git a/actions/actions.sh b/actions/actions.sh index 5ddffd1f..0b200824 100755 --- a/actions/actions.sh +++ b/actions/actions.sh @@ -143,7 +143,7 @@ function test_actions() { done fi - for example in echo matrix needs workflow-call lxc config-options cache cache-pull-request checkout service container expression local-action docker-action if if-fail push tag push-cancel artifacts pull-request context; do + for example in echo matrix needs workflow-call lxc config-options cache cache-pull-request checkout service container expression local-action docker-action if if-fail push tag push-cancel artifacts pull-request context private-workflow-call create-runner-file; do run actions_verify_example $example done @@ -180,5 +180,10 @@ function test_actions() { if dpkg --compare-versions $version ge 14.0; then run actions_verify_example matrix-dynamic fi + + if dpkg --compare-versions $version ge 15.0; then + run actions_verify_example workflow-call-expansion + run actions_verify_example id-tokens + fi done } diff --git a/actions/example-cache-pull-request/.forgejo/workflows/test.yml b/actions/example-cache-pull-request/.forgejo/workflows/test.yml index aad6b08b..43a96d41 100644 --- a/actions/example-cache-pull-request/.forgejo/workflows/test.yml +++ b/actions/example-cache-pull-request/.forgejo/workflows/test.yml @@ -79,6 +79,7 @@ jobs: - name: determine if the PR is from a fork id: forked run: | + set -x if test ${{ forge.event.pull_request.base.repo.full_name }} = ${{ forge.event.pull_request.head.repo.full_name }} ; then echo value=false >> $FORGEJO_OUTPUT else @@ -87,6 +88,7 @@ jobs: - name: save event run: | + set -x d=/srv/example/cache-pull-request/contexts/${{ forgejo.event.pull_request.head.repo.owner.username }}/$FORGEJO_EVENT_NAME mkdir -p $d cat > $d/forgejo-${{ forgejo.event.action }} <<'EOF' diff --git a/actions/example-cache-pull-request/run.sh b/actions/example-cache-pull-request/run.sh index 544b652a..85020281 100755 --- a/actions/example-cache-pull-request/run.sh +++ b/actions/example-cache-pull-request/run.sh @@ -53,6 +53,7 @@ function main() { # wait for the opened event to succeed using the cache on all pull requests # if ! forgejo.sh retry $EXAMPLE_DIR/assert-contexts-opened.sh; then + echo "assert-contexts-opened.sh failed; printing related logs and information:" find $d sed -e 's/^/[RUNNER LOGS]/' <$FORGEJO_RUNNER_LOGS return 1 @@ -69,6 +70,7 @@ function main() { # wait for the closed event to succeed using the cache on all pull requests # if ! forgejo.sh retry $EXAMPLE_DIR/assert-contexts-closed.sh; then + echo "assert-contexts-closed.sh failed; printing related logs and information:" find $d sed -e 's/^/[RUNNER LOGS]/' <$FORGEJO_RUNNER_LOGS return 1 diff --git a/actions/example-container/.forgejo/workflows/test.yml b/actions/example-container/.forgejo/workflows/test.yml index ded75cd8..ecf04290 100644 --- a/actions/example-container/.forgejo/workflows/test.yml +++ b/actions/example-container/.forgejo/workflows/test.yml @@ -3,6 +3,6 @@ jobs: test: runs-on: docker container: - image: code.forgejo.org/oci/alpine:3.21 + image: data.forgejo.org/oci/alpine:3.23 steps: - run: grep Alpine /etc/os-release diff --git a/actions/example-create-runner-file/.forgejo/workflows/test.yaml b/actions/example-create-runner-file/.forgejo/workflows/test.yaml new file mode 100644 index 00000000..e44397dd --- /dev/null +++ b/actions/example-create-runner-file/.forgejo/workflows/test.yaml @@ -0,0 +1,9 @@ +on: + push: + +jobs: + test: + runs-on: create-runner-file + steps: + - run: | + echo "OK" diff --git a/actions/example-create-runner-file/run.sh b/actions/example-create-runner-file/run.sh new file mode 100644 index 00000000..637132e5 --- /dev/null +++ b/actions/example-create-runner-file/run.sh @@ -0,0 +1,40 @@ +source "lib/lib.sh" + +api="$url/api/v1" + +function main() { + local repo + repo="root/example-$example" + + secret="$(openssl rand -hex 20)" + runner_name="runner-$(openssl rand -hex 5)" + + create_offline_registration_token "$runner_name" root "$secret" + + # Changing to $DIR is necessary so that `.runner` gets created there. Otherwise, `forgejo-runner` would not pick it up. + pushd "$DIR" || exit 1 + ./forgejo-runner -c "$EXAMPLE_DIR/runner-config.yaml" create-runner-file --instance "http://$IP:3000" --name "$runner_name" --secret "$secret" --connect + popd || exit 1 + + FORGEJO_RUNNER_CONFIG="$EXAMPLE_DIR/runner-config.yaml" forgejo-runner.sh reload + + label_count=$(jq '.labels | length ' "$DIR/.runner") + if [[ "$label_count" != "1" ]] ; then + echo "Unexpected number of labels in .runner file: $label_count instead of 1" >&2 + exit 1 + fi + + runner_label=$(jq -r '.labels[0]' "$DIR/.runner") + if [[ "$runner_label" != "create-runner-file:docker://code.forgejo.org/oci/node:24-trixie" ]] ; then + echo "Unexpected runner label: '$runner_label' instead of create-runner-file:docker://code.forgejo.org/oci/node:24-trixie" >&2 + exit 1 + fi + + forgejo-test-helper.sh push_workflow "actions/example-$example" "$url" root "example-$example" setup-forgejo "$token" + + local sha + sha="$(forgejo-test-helper.sh branch_tip "$url" "$repo" main)" + forgejo-test-helper.sh wait_success "$url" "$repo" "$sha" +} + +main diff --git a/actions/example-create-runner-file/runner-config.yaml b/actions/example-create-runner-file/runner-config.yaml new file mode 100644 index 00000000..7096728f --- /dev/null +++ b/actions/example-create-runner-file/runner-config.yaml @@ -0,0 +1,31 @@ + +log: + level: debug + +runner: + file: .runner + capacity: 1 + env_file: .env + timeout: 3h + insecure: false + fetch_timeout: 5s + fetch_interval: 2s + labels: + - "create-runner-file:docker://code.forgejo.org/oci/node:24-trixie" + +cache: + enabled: true + dir: "/srv/example/cache" + host: "" + port: 0 + +container: + network: "bridge" + privileged: false + options: + workdir_parent: + valid_volumes: ["/srv/example"] + docker_host: "" + +host: + workdir_parent: diff --git a/actions/example-cron/.forgejo/workflows/test.yml b/actions/example-cron/.forgejo/workflows/test.yml index 8b23779a..58ae70a6 100644 --- a/actions/example-cron/.forgejo/workflows/test.yml +++ b/actions/example-cron/.forgejo/workflows/test.yml @@ -6,7 +6,7 @@ jobs: test: runs-on: docker container: - image: code.forgejo.org/oci/debian:trixie + image: data.forgejo.org/oci/debian:trixie options: "--volume /srv/example:/srv/example" steps: diff --git a/actions/example-id-tokens/.forgejo/workflows/test.yml b/actions/example-id-tokens/.forgejo/workflows/test.yml new file mode 100644 index 00000000..31c49156 --- /dev/null +++ b/actions/example-id-tokens/.forgejo/workflows/test.yml @@ -0,0 +1,78 @@ +on: [push] + +env: + JWT_CLI_VERSION: 6.2.0 # renovate: datasource=github-releases depName=jwt-cli packageName=mike-engel/jwt-cli + +jobs: + generation-allowed: + enable-openid-connect: true + runs-on: docker + container: + image: data.forgejo.org/oci/ci:1 + steps: + - run: curl -L -o jwt-linux.tar.gz https://github.com/mike-engel/jwt-cli/releases/download/${{ env.JWT_CLI_VERSION }}/jwt-linux-musl.tar.gz && tar -xvzf ./jwt-linux.tar.gz && chmod a+x ./jwt + - name: validate token generation works + run: | + RAW_JWT=$(curl -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "$ACTIONS_ID_TOKEN_REQUEST_URL&audience=exampleAudience" | jq -r ".value") + if [[ -z "RAW_JWT" ]]; then + echo "Error: RAW_JWT should be set" + exit 1 + fi + + DECODED_JWT_BODY=$(echo $RAW_JWT | jq -R 'split(".") | .[1] | @base64d | fromjson') + if [[ -z "$DECODED_JWT_BODY" ]]; then + echo "Error: DECODED_JWT_BODY should be set" + exit 1 + fi + + ISS=$(echo $DECODED_JWT_BODY | jq -r '.iss') + if [[ -z "$ISS" ]]; then + echo "Error: ISS should be set" + exit 1 + fi + + curl "$ISS/.well-known/keys" > jwks.json + JWKS=$(cat ./jwks.json) + if [[ -z "$JWKS" ]]; then + echo "Error: JWKS should be set" + exit 1 + fi + + # Verify that the JWT decodes with the JWKS data + ./jwt decode -S @./jwks.json -A RS256 $RAW_JWT || (echo "Error: failed signature validation" && exit 1) + + WORKFLOW=$(echo $DECODED_JWT_BODY | jq -r '.workflow') + AUD=$(echo $DECODED_JWT_BODY | jq -r '.aud') + EVENT_NAME=$(echo $DECODED_JWT_BODY | jq -r '.event_name') + SUB=$(echo $DECODED_JWT_BODY | jq -r '.sub') + if [[ "$WORKFLOW" != "test.yml" ]]; then + echo "Error: WORKFLOW should be test.yml but is $WORKFLOW" + exit 1 + fi + if [[ "$AUD" != "exampleAudience" ]]; then + echo "Error: AUD should be exampleAudience but is $AUD" + exit 1 + fi + if [[ "$EVENT_NAME" != "push" ]]; then + echo "Error: EVENT_NAME should be push but is $EVENT_NAME" + exit 1 + fi + if [[ "$SUB" != "repo:root/example-id-tokens:ref:refs/heads/main" ]]; then + echo "Error: SUB should be repo:root/example-id-tokens:ref:refs/heads/main but is $SUB" + exit 1 + fi + + generation-not-allowed: + enable-openid-connect: false + runs-on: docker + steps: + - name: check variables are unset + run: | + if [[ -n "$ACTIONS_ID_TOKEN_REQUEST_TOKEN" ]]; then + echo "Error: ACTIONS_ID_TOKEN_REQUEST_TOKEN should be unset" + exit 1 + fi + if [[ -n "$ACTIONS_ID_TOKEN_REQUEST_URL" ]]; then + echo "Error: ACTIONS_ID_TOKEN_REQUEST_TOKEN should be unset" + exit 1 + fi diff --git a/actions/example-post-7-0-schedule/.forgejo/workflows/test.yml b/actions/example-post-7-0-schedule/.forgejo/workflows/test.yml index 202382dc..94eb4961 100644 --- a/actions/example-post-7-0-schedule/.forgejo/workflows/test.yml +++ b/actions/example-post-7-0-schedule/.forgejo/workflows/test.yml @@ -6,7 +6,7 @@ jobs: test: runs-on: ${{ vars.TEST_SCHEDULE_RUNSON }} container: - image: code.forgejo.org/oci/debian:trixie + image: data.forgejo.org/oci/debian:trixie options: "--volume /srv/example:/srv/example" steps: diff --git a/actions/example-private-workflow-call/.forgejo/workflows/reusable.yaml b/actions/example-private-workflow-call/.forgejo/workflows/reusable.yaml new file mode 100644 index 00000000..48832449 --- /dev/null +++ b/actions/example-private-workflow-call/.forgejo/workflows/reusable.yaml @@ -0,0 +1,10 @@ +on: + workflow_call: + +jobs: + build: + runs-on: "docker" + container: + image: data.forgejo.org/oci/node:24-trixie + steps: + - run: echo 'OK' diff --git a/actions/example-private-workflow-call/.forgejo/workflows/test.yaml b/actions/example-private-workflow-call/.forgejo/workflows/test.yaml new file mode 100644 index 00000000..9bb279b3 --- /dev/null +++ b/actions/example-private-workflow-call/.forgejo/workflows/test.yaml @@ -0,0 +1,11 @@ +on: + push: + +jobs: + test: + # `runs-on` disables workflow expansion. We want that in this case, because then Forgejo Runner has to authenticate + # itself to access the reusable workflow. + runs-on: docker + container: + image: data.forgejo.org/oci/node:24-trixie + uses: ./.forgejo/workflows/reusable.yaml diff --git a/actions/example-private-workflow-call/run.sh b/actions/example-private-workflow-call/run.sh new file mode 100644 index 00000000..e71dc991 --- /dev/null +++ b/actions/example-private-workflow-call/run.sh @@ -0,0 +1,42 @@ +api="$url/api/v1" +export d=/srv/example/private-workflow-call + +function main() { + mkdir -p "$d" + + local repo + repo="root/example-$example" + + forgejo-test-helper.sh push_workflow "actions/example-$example" "$url" root "example-$example" setup-forgejo "$token" + + # push_workflow creates the repository and triggers a first workflow run. Wait for it to succeed. Ensures that the + # workflow is valid. + local sha + sha="$(forgejo-test-helper.sh branch_tip "$url" "$repo" main)" + forgejo-test-helper.sh wait_success "$url" "$repo" "$sha" + + # Make the repository private. That is necessary to verify that Forgejo Runner includes the correct credentials when + # cloning the workflow. + forgejo-curl.sh api_json -X PATCH --data-raw '{"private":true}' "$api/repos/root/example-$example" + + # Create a new commit that triggers a new workflow run that can be identified uniquely. + ( + cd "$d" || exit 1 + git clone "$url/root/example-$example" + cd "example-$example" || exit 1 + git config user.email root@example.com + git config user.name username + echo "A new file" > test.txt + git add . + git commit -m 'Commit a new file' + git push + ) + + # Wait for the workflow pulled from the private repository to succeed. + local new_sha + new_sha="$(forgejo-test-helper.sh branch_tip "$url" "$repo" main)" + [[ "$new_sha" != "$sha" ]] || exit 1 + forgejo-test-helper.sh wait_success "$url" "$repo" "$new_sha" +} + +main diff --git a/actions/example-private-workflow-call/setup.sh b/actions/example-private-workflow-call/setup.sh new file mode 100644 index 00000000..fd443948 --- /dev/null +++ b/actions/example-private-workflow-call/setup.sh @@ -0,0 +1 @@ +mkdir -p /srv/example/private-workflow-call diff --git a/actions/example-schedule-noncancel/.forgejo/workflows/schedule_continue.yml b/actions/example-schedule-noncancel/.forgejo/workflows/schedule_continue.yml index 76ee59b8..7cc5bdb3 100644 --- a/actions/example-schedule-noncancel/.forgejo/workflows/schedule_continue.yml +++ b/actions/example-schedule-noncancel/.forgejo/workflows/schedule_continue.yml @@ -5,7 +5,7 @@ jobs: test: runs-on: docker container: - image: code.forgejo.org/oci/debian:trixie + image: data.forgejo.org/oci/debian:trixie volumes: - /srv/example:/srv/example steps: diff --git a/actions/example-service/.forgejo/workflows/test.yml b/actions/example-service/.forgejo/workflows/test.yml index 1eeb3ec5..11132c96 100644 --- a/actions/example-service/.forgejo/workflows/test.yml +++ b/actions/example-service/.forgejo/workflows/test.yml @@ -8,7 +8,7 @@ jobs: runs-on: docker services: pgsql: - image: code.forgejo.org/oci/postgres:15 + image: data.forgejo.org/oci/postgres:15 env: POSTGRES_DB: test POSTGRES_PASSWORD: postgres @@ -23,11 +23,11 @@ jobs: simple: runs-on: docker container: - image: code.forgejo.org/oci/debian:trixie + image: data.forgejo.org/oci/debian:trixie services: pgsql: - image: code.forgejo.org/oci/postgres:15 + image: data.forgejo.org/oci/postgres:15 env: POSTGRES_DB: test POSTGRES_PASSWORD: postgres @@ -43,7 +43,7 @@ jobs: needs: [simple] runs-on: docker container: - image: code.forgejo.org/oci/debian:trixie + image: data.forgejo.org/oci/debian:trixie options: "--volume /srv/example-service-volume-valid:/srv/example-service-volume-valid --volume /srv/example-service-volume-invalid:/srv/example-service-volume-invalid" steps: @@ -58,12 +58,12 @@ jobs: needs: [volume-on-step] runs-on: docker container: - image: code.forgejo.org/oci/debian:trixie + image: data.forgejo.org/oci/debian:trixie options: "--volume /srv/example-service-volume-valid:/srv/example-service-volume-valid" services: myservice: - image: code.forgejo.org/oci/debian:trixie + image: data.forgejo.org/oci/debian:trixie options: "--volume /srv/example-service-volume-valid:/srv/example-service-volume-valid" cmd: ["bash", "-c", "echo -n SUCCESS > /srv/example-service-volume-valid ; sleep infinity"] diff --git a/actions/example-shell/.forgejo/workflows/test.yml b/actions/example-shell/.forgejo/workflows/test.yml index cede5140..5dad0b6e 100644 --- a/actions/example-shell/.forgejo/workflows/test.yml +++ b/actions/example-shell/.forgejo/workflows/test.yml @@ -25,7 +25,7 @@ jobs: needs: [sh-fallback] runs-on: docker container: - image: code.forgejo.org/oci/alpine:latest + image: data.forgejo.org/oci/alpine:latest steps: - name: default is bash but with a fallback to sh in case it does not exist run: | @@ -47,7 +47,7 @@ jobs: needs: [alpine] runs-on: docker container: - image: code.forgejo.org/oci/python:slim + image: data.forgejo.org/oci/python:slim steps: - name: python => python {0} shell: python diff --git a/actions/example-with-docker-host/.forgejo/workflows/test.yml b/actions/example-with-docker-host/.forgejo/workflows/test.yml index 277114e6..454a10da 100644 --- a/actions/example-with-docker-host/.forgejo/workflows/test.yml +++ b/actions/example-with-docker-host/.forgejo/workflows/test.yml @@ -4,7 +4,7 @@ jobs: build: runs-on: docker container: - image: code.forgejo.org/oci/docker:28-cli + image: data.forgejo.org/oci/docker:28-cli steps: - run: ls -l /var/run/docker.sock - run: docker ps diff --git a/actions/example-with-docker-socket/.forgejo/workflows/test.yml b/actions/example-with-docker-socket/.forgejo/workflows/test.yml index 277114e6..454a10da 100644 --- a/actions/example-with-docker-socket/.forgejo/workflows/test.yml +++ b/actions/example-with-docker-socket/.forgejo/workflows/test.yml @@ -4,7 +4,7 @@ jobs: build: runs-on: docker container: - image: code.forgejo.org/oci/docker:28-cli + image: data.forgejo.org/oci/docker:28-cli steps: - run: ls -l /var/run/docker.sock - run: docker ps diff --git a/actions/example-workflow-call-expansion/.forgejo/workflows/reusable-layer-1.yml b/actions/example-workflow-call-expansion/.forgejo/workflows/reusable-layer-1.yml new file mode 100644 index 00000000..649392c1 --- /dev/null +++ b/actions/example-workflow-call-expansion/.forgejo/workflows/reusable-layer-1.yml @@ -0,0 +1,74 @@ +on: + workflow_call: + inputs: + input1: + required: true + type: string + input3: + required: true + type: string + outputs: + output1: + value: ${{ jobs.callee-1.outputs.job-output }} + output2: + value: ${{ jobs.callee-2.outputs.job-output }} + output3: + value: ${{ jobs.layer-2.outputs.output3 }} + output4: + value: ${{ jobs.layer-2.outputs.output4 }} + +jobs: + callee-1: + runs-on: docker + outputs: + job-output: callee-1-output + container: + image: data.forgejo.org/oci/node:22-bookworm + volumes: + - /srv/example:/srv/example + steps: + - name: verify workflow inputs + run: | + set -x + test "top-level-input1" = "${{ inputs.input1 }}" + test "dynamic output" = "${{ inputs.input3 }}" + - name: verify workflow secrets + run: | + set -x + test "AAAA" = "${{ secrets.secret1 }}" + test "BBBB1234" = "${{ secrets.secret2 }}" + test "" = "${{ secrets.secret3 }}" # wasn't specified to the workflow, should be absent + - name: indicate callee-1 hit + run: touch /srv/example/callee-1 + + layer-2: + needs: [callee-1] + uses: ./.forgejo/workflows/reusable-layer-2.yml + with: + input1: ${{ inputs.input1 }} + input2: mid-level-input2 + input3: ${{ inputs.input3 }} + input4: ${{ needs.callee-1.outputs.job-output }} + secrets: inherit + + callee-2: + needs: [callee-1, layer-2] + runs-on: docker + outputs: + job-output: callee-2-output + container: + image: data.forgejo.org/oci/node:22-bookworm + volumes: + - /srv/example:/srv/example + steps: + - name: verify callee-1 completed + run: | + set -x + test -f /srv/example/callee-1 + - name: verify layer-2 completed + run: | + set -x + test -f /srv/example/callee-3 + test -f /srv/example/callee-4 + - name: indicate callee-2 hit + run: touch /srv/example/callee-2 diff --git a/actions/example-workflow-call-expansion/.forgejo/workflows/reusable-layer-2.yml b/actions/example-workflow-call-expansion/.forgejo/workflows/reusable-layer-2.yml new file mode 100644 index 00000000..3b633ebd --- /dev/null +++ b/actions/example-workflow-call-expansion/.forgejo/workflows/reusable-layer-2.yml @@ -0,0 +1,63 @@ +on: + workflow_call: + inputs: + input1: + required: true + type: string + input2: + required: true + type: string + input3: + required: true + type: string + input4: + required: true + type: string + outputs: + output3: + value: ${{ jobs.callee-3.outputs.job-output }} + output4: + value: ${{ jobs.callee-4.outputs.job-output }} + +jobs: + callee-3: + runs-on: docker + outputs: + job-output: callee-3-output + container: + image: data.forgejo.org/oci/node:22-bookworm + volumes: + - /srv/example:/srv/example + steps: + - name: verify workflow inputs + run: | + set -x + test "top-level-input1" = "${{ inputs.input1 }}" + test "mid-level-input2" = "${{ inputs.input2 }}" + test "dynamic output" = "${{ inputs.input3 }}" + test "callee-1-output" = "${{ inputs.input4 }}" + - name: verify workflow secrets inherited + run: | + set -x + test "AAAA" = "${{ secrets.secret1 }}" + test "BBBB1234" = "${{ secrets.secret2 }}" + test "" = "${{ secrets.secret3 }}" # wasn't specified to the workflow, should be absent + - name: indicate callee-3 hit + run: touch /srv/example/callee-3 + + callee-4: + needs: callee-3 + runs-on: docker + outputs: + job-output: callee-4-output + container: + image: data.forgejo.org/oci/node:22-bookworm + volumes: + - /srv/example:/srv/example + steps: + - name: verify callee-3 completed + run: | + set -x + test -f /srv/example/callee-3 + - name: indicate callee-4 hit + run: touch /srv/example/callee-4 diff --git a/actions/example-workflow-call-expansion/.forgejo/workflows/test.yml b/actions/example-workflow-call-expansion/.forgejo/workflows/test.yml new file mode 100644 index 00000000..cd9290a2 --- /dev/null +++ b/actions/example-workflow-call-expansion/.forgejo/workflows/test.yml @@ -0,0 +1,53 @@ +on: + push: + +jobs: + pre-job: + runs-on: docker + container: + image: data.forgejo.org/oci/node:22-bookworm + outputs: + dynamic: "${{ steps.dynamic-step.outputs.dynamic }}" + steps: + - id: dynamic-step + run: echo "dynamic=dynamic output" >> $FORGEJO_OUTPUT + + layer-1: + needs: [pre-job] + uses: ./.forgejo/workflows/reusable-layer-1.yml + with: + input1: top-level-input1 + input3: ${{ needs.pre-job.outputs.dynamic }} + secrets: + secret1: AAAA + secret2: BBBB1234 + + verify: + needs: [layer-1] + runs-on: docker + container: + image: data.forgejo.org/oci/node:22-bookworm + volumes: + - /srv/example:/srv/example + steps: + - name: verify test config secret + run: | + set -x + # SECRET3 is set on the repo, but not passed into `reusable-layer-1.yml` so that we can test secrets don't + # leak into the workflow if they're not explicitly defined. This check verifies that the test environment has + # that secret, otherwise the test assertions that it isn't present within the workflow would be meaningless. + test "CCCC" = "${{ secrets.secret3 }}" + - name: verify callee-[0-4] completed + run: | + set -x + test -f /srv/example/callee-1 + test -f /srv/example/callee-2 + test -f /srv/example/callee-3 + test -f /srv/example/callee-4 + - name: verify workflow outputs + run: | + set -x + test "callee-1-output" = "${{ needs.layer-1.outputs.output1 }}" + test "callee-2-output" = "${{ needs.layer-1.outputs.output2 }}" + test "callee-3-output" = "${{ needs.layer-1.outputs.output3 }}" + test "callee-4-output" = "${{ needs.layer-1.outputs.output4 }}" diff --git a/actions/example-workflow-call-expansion/run.sh b/actions/example-workflow-call-expansion/run.sh new file mode 100644 index 00000000..07ca4cb7 --- /dev/null +++ b/actions/example-workflow-call-expansion/run.sh @@ -0,0 +1,12 @@ +repo=root/example-$example +api=$url/api/v1 + +# Prepare test repo +forgejo-test-helper.sh push_workflow actions/example-$example $url root example-$example setup-forgejo $token +sha=$(forgejo-test-helper.sh branch_tip $url $repo main) + +# Install a repo secret +forgejo-curl.sh api_json -X PUT --data-raw '{"data":"CCCC"}' $api/repos/$repo/actions/secrets/SECRET3 + +# Wait for action to complete +forgejo-test-helper.sh wait_success $url root/example-$example $sha diff --git a/actions/example-workflow-dispatch/.forgejo/workflows/test.yml b/actions/example-workflow-dispatch/.forgejo/workflows/test.yml index 766b21d8..3839f7b5 100644 --- a/actions/example-workflow-dispatch/.forgejo/workflows/test.yml +++ b/actions/example-workflow-dispatch/.forgejo/workflows/test.yml @@ -44,7 +44,7 @@ jobs: test: runs-on: docker container: - image: code.forgejo.org/oci/debian:trixie + image: data.forgejo.org/oci/debian:trixie options: "--volume /srv/example:/srv/example" steps: diff --git a/federation/federation.sh b/federation/federation.sh index 5dbc596d..4d7c09a5 100755 --- a/federation/federation.sh +++ b/federation/federation.sh @@ -78,6 +78,8 @@ function test_federation() { # NOTE: newline seperated, not comma :> scenarios=( "star 7.1" + "mastodon 14.0" + "gotosocial 14.0" ) for scenario_version_str in "${scenarios[@]}"; do diff --git a/federation/scenario-gotosocial/.gitignore b/federation/scenario-gotosocial/.gitignore new file mode 100644 index 00000000..e69de29b diff --git a/federation/scenario-gotosocial/run.sh b/federation/scenario-gotosocial/run.sh new file mode 100644 index 00000000..9fd57a7b --- /dev/null +++ b/federation/scenario-gotosocial/run.sh @@ -0,0 +1,16 @@ +#!/usr/bin/env bash + +source "$DIR/federation_scenario-$scenario-env" + +if [[ -z "$password" ]]; then + exit 1 +fi + +if [[ -z "$port" ]]; then + exit 1 +fi + +status_code="$(curl -o /dev/null -w '%{http_code}' "http://localhost:$port/")" +if [[ "$status_code" != "200" ]]; then + exit 1 +fi diff --git a/federation/scenario-gotosocial/setup.sh b/federation/scenario-gotosocial/setup.sh new file mode 100644 index 00000000..fcf9a432 --- /dev/null +++ b/federation/scenario-gotosocial/setup.sh @@ -0,0 +1,58 @@ +#!/usr/bin/env bash + +source $SCENARIO_DIR/../../lib/lib.sh + +GTS_VERSION="0.20.0" # renovate: datasource=docker depName=data.forgejo.org/oci/gotosocial + +echo "setting up gotosocial" + +tmpdir="$(mktemp --tmpdir -d gts.XXXXXXXXXX)" +cat << EOF > "$tmpdir/config.yaml" +host: "localhost:8080" +protocol: http +db-type: sqlite +db-address: /mount/gts.db3 + +http-client: + allow-ips: ["0.0.0.0/0", "::/0"] + insecure-outgoing: true +EOF + +podman unshare \ + chown 1000:1000 -R $tmpdir + +container_id="$( + podman run \ + -d \ + --env "GTS_CONFIG_PATH=/mount/config.yaml" \ + -v "$tmpdir:/mount" \ + -p "8080:8080" \ + --network=host \ + "data.forgejo.org/oci/gotosocial:$GTS_VERSION" \ + server start +)" + +function wait_gts_ready() { + http_status=$(curl -s -w \ + "%{http_code}" -o /dev/null \ + "http://localhost:8080/" + ) + + [[ "$http_status" == 200 ]] && echo "ready" +} + +retry wait_gts_ready + +password="verysecurepassword" +podman exec -it "$container_id" /gotosocial/gotosocial admin \ + account create \ + --username "test" \ + --email "test@localhost" \ + --password "$password" + +cat << EOF > "$DIR/federation_scenario-gotosocial-env" +password="$password" +port="8080" +container_id="$container_id" +EOF + diff --git a/federation/scenario-gotosocial/teardown.sh b/federation/scenario-gotosocial/teardown.sh new file mode 100644 index 00000000..6e6d556a --- /dev/null +++ b/federation/scenario-gotosocial/teardown.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +source "$DIR/federation_scenario-gotosocial-env" + +if [[ -z "$container_id" ]]; then + echo "gotosocial container ID not found, container may not be stopped" + exit 1 +fi + +podman stop "$container_id" +rm "$DIR/federation_scenario-gotosocial-env" + diff --git a/federation/scenario-mastodon/.gitignore b/federation/scenario-mastodon/.gitignore new file mode 100644 index 00000000..041e9d6f --- /dev/null +++ b/federation/scenario-mastodon/.gitignore @@ -0,0 +1,3 @@ +/resources/certs/forgejo* +/forgejo/certs/* +!/forgejo/certs/.gitkeep diff --git a/federation/scenario-mastodon/TEST_INSTRUCTION.md b/federation/scenario-mastodon/TEST_INSTRUCTION.md new file mode 100644 index 00000000..82d957b0 --- /dev/null +++ b/federation/scenario-mastodon/TEST_INSTRUCTION.md @@ -0,0 +1,38 @@ +# Manual testing + +1. compile forgejo binary to test on a debian/ubuntu system +2. start applications + * local forgejo: + ```sh + cd federation/scenario-mastodon + # create cert & startup & create test accounts + SCENARIO_DIR="." ./setup.sh + # Mastodon password in "/tmp/forgejo-end-to-end/federation_scenario-mastodon-env" + # Bind forgejo to localhost:3003 and set the domain to `forgejo` + ``` + * containerized forgejo: + ```sh + cd federation/scenario-mastodon + # Generate self-signed certs on first run + source ./functions.sh + generate_certs forgejo "./resources/certs" + mv "./resources/certs/forgejo"* "forgejo/certs" + + # Setup container + export FORGEJO_PATH="/path/to/forgejo/binary" + export COMPOSE_PROFILES="forgejo_container" + export MASTODON_HOST="mastodon-app" + + podman-compose up -d + podman-compose exec forgejo-app bash -c "/init/create_test_account.sh" + # Mastodon password is the last line of the output + podman-compose exec mastodon-app bash -c "/init/create_test_account.sh" + ``` +3. login to mastodon: http://localhost:4000 + 1. test@localhost - password from start app. +4. search for forgejo user: `https://forgejo/api/v1/activitypub/user-id/1` +5. Press follow +6. FYI: + 1. login to forgejo: http://localhost:3003/ + 2. me - me + 3. swagger-uri: http://localhost:3003/api/swagger#/activitypub diff --git a/federation/scenario-mastodon/compose.yaml b/federation/scenario-mastodon/compose.yaml new file mode 100644 index 00000000..ea7c28a6 --- /dev/null +++ b/federation/scenario-mastodon/compose.yaml @@ -0,0 +1,95 @@ +networks: + external_network: + internal_network: + internal: true + +services: + forgejo: + image: data.forgejo.org/oci/alpine:latest + volumes: + - ./forgejo/certs/:/usr/local/share/ca-certificates/ + - ./forgejo/init/:/init/ + - ./forgejo/etc/lighttpd.conf:/etc/lighttpd.conf + restart: unless-stopped + entrypoint: "sh /init/init.sh" + networks: + - external_network + - internal_network + + forgejo-app: + profiles: + - forgejo_container + # built from https://code.forgejo.org/federation/build-mastodon/src/branch/main/debian-containerfile + image: data.forgejo.org/federation/debian:trixie-cacerts + tmpfs: + - /data + volumes: + - ./forgejo-app/init/:/init/ + - ./forgejo-app/config/:/config/ + - ./resources/certs/:/usr/local/share/ca-certificates/ + - "${FORGEJO_PATH}:/usr/local/bin/forgejo" + ports: + - 3003:3003 + entrypoint: "sh /init/init.sh" + networks: + - external_network + - internal_network + + postgres: + image: data.forgejo.org/oci/postgres:14 + tmpfs: + - /var/lib/postgresql/data + environment: + POSTGRES_USER: postgres + POSTGRES_DB: postgres + POSTGRES_PASSWORD: postgres + POSTGRES_HOST_AUTH_METHOD: trust + networks: + - internal_network + + redis: + image: data.forgejo.org/oci/redis:7.2 + tmpfs: + - /var/lib/redis/ + networks: + - internal_network + + mastodon-app: + # built from https://code.forgejo.org/federation/build-mastodon/src/branch/main/mastodon-containerfile + image: data.forgejo.org/federation/mastodon:v4.5-test + volumes: + - ./resources/certs:/usr/local/share/ca-certificates/ + - ./mastodon-app/init/:/init/ + environment: &mastodon_env + DB_HOST: postgres + DB_USER: postgres + DB_PASS: postgres + REDIS_HOST: redis + PORT: 4000 + LOCAL_DOMAIN: ${MASTODON_HOST}:4000 + ALTERNATE_DOMAINS: ${MASTODON_HOST},localhost + EMAIL_DOMAIN_ALLOWLIST: localhost + AUTHORIZED_FETCH: "true" + ALLOWED_PRIVATE_ADDRESSES: 0.0.0.0/0,::/0 + SECRET_KEY_BASE: bc1bdb4d3d57a2c292a8f145d5d3c921 + ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY: fkSxKD2bF396kdQbrP1EJ7WbU7ZgNokR + ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT: r0hvVmzBVsjxC7AMlwhOzmtc36ZCOS1E + ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY: PhdFyyfy5xJ7WVd2lWBpcPScRQHzRTNr + ports: + - "4000:4000" + entrypoint: "sh /init/init.sh" + networks: + - external_network + - internal_network + + mastodon-sidekiq: + # built from https://code.forgejo.org/federation/build-mastodon/src/branch/main/mastodon-containerfile + image: data.forgejo.org/federation/mastodon:v4.5-test + volumes: + - ./resources/certs:/usr/local/share/ca-certificates/ + - ./mastodon-sidekiq/init/:/init/ + restart: unless-stopped + environment: *mastodon_env + entrypoint: "sh /init/init.sh" + networks: + - internal_network diff --git a/federation/scenario-mastodon/forgejo-app/config/app.ini b/federation/scenario-mastodon/forgejo-app/config/app.ini new file mode 100644 index 00000000..55ef4f61 --- /dev/null +++ b/federation/scenario-mastodon/forgejo-app/config/app.ini @@ -0,0 +1,32 @@ +RUN_MODE = prod + +[server] +APP_DATA_PATH = /data +DOMAIN = forgejo +ROOT_URL = https://forgejo/ +HTTP_PORT = 3003 +PROTOCOL = http + +[queue] +TYPE = immediate + +[database] +DB_TYPE = sqlite3 +PATH = /data/forgejo.db + +[log] +MODE = console +LEVEL = debug + +[security] +INSTALL_LOCK = true + +[repository] +ENABLE_PUSH_CREATE_USER = true +DEFAULT_PUSH_CREATE_PRIVATE = false + +[federation] +ENABLED = true + +[session] +COOKIE_SECURE = false diff --git a/federation/scenario-mastodon/forgejo-app/init/create_test_account.sh b/federation/scenario-mastodon/forgejo-app/init/create_test_account.sh new file mode 100755 index 00000000..33fc4807 --- /dev/null +++ b/federation/scenario-mastodon/forgejo-app/init/create_test_account.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +sleep 10 + +/usr/local/bin/forgejo -c /etc/forgejo/app.ini admin user create --username me --password me --email "me@example.com" --admin --must-change-password=false +/usr/local/bin/forgejo -c /etc/forgejo/app.ini admin user create --username to-be-followd --password to-be-followd --email "to-be-followd@example.com" --admin --must-change-password=false +/usr/local/bin/forgejo -c /etc/forgejo/app.ini admin user generate-access-token -u me -t token --scopes write:activitypub,write:repository,write:user diff --git a/federation/scenario-mastodon/forgejo-app/init/init.sh b/federation/scenario-mastodon/forgejo-app/init/init.sh new file mode 100755 index 00000000..3848fa53 --- /dev/null +++ b/federation/scenario-mastodon/forgejo-app/init/init.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash + +sudo update-ca-certificates + +sudo mkdir -p /data/forgejo +sudo chown forgejo:forgejo /data/forgejo +sudo install -D -o forgejo -g forgejo /config/app.ini /etc/forgejo/app.ini + +/usr/local/bin/forgejo -c /etc/forgejo/app.ini + diff --git a/federation/scenario-mastodon/forgejo/certs/.gitkeep b/federation/scenario-mastodon/forgejo/certs/.gitkeep new file mode 100644 index 00000000..e69de29b diff --git a/federation/scenario-mastodon/forgejo/etc/lighttpd.conf b/federation/scenario-mastodon/forgejo/etc/lighttpd.conf new file mode 100644 index 00000000..325779ad --- /dev/null +++ b/federation/scenario-mastodon/forgejo/etc/lighttpd.conf @@ -0,0 +1,22 @@ +server.document-root = "/var/www" + +server.modules = ( + "mod_openssl", + "mod_proxy" +) + +$SERVER["socket"] == ":443" { + ssl.engine = "enable" + ssl.pemfile = "/usr/local/share/ca-certificates/forgejo-snakeoil.crt" + ssl.privkey = "/usr/local/share/ca-certificates/forgejo-snakeoil.key" +} + +proxy.server = ( + "" => ( + "forgejo" => ( + "host" => "host.containers.internal", + "port" => 3003, + ) + ) +) + diff --git a/federation/scenario-mastodon/forgejo/init/init.sh b/federation/scenario-mastodon/forgejo/init/init.sh new file mode 100755 index 00000000..6660768d --- /dev/null +++ b/federation/scenario-mastodon/forgejo/init/init.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env sh + +apk add lighttpd + +lighttpd -D -f /etc/lighttpd.conf + diff --git a/federation/scenario-mastodon/functions.sh b/federation/scenario-mastodon/functions.sh new file mode 100644 index 00000000..507131cc --- /dev/null +++ b/federation/scenario-mastodon/functions.sh @@ -0,0 +1,32 @@ +function generate_certs() { + + host=${1} + cert_location=${2} + + rootCertificate="${cert_location}/custom-snakeoil-rootCA.crt" + rootCertKey="${cert_location}/custom-snakeoil-rootCA.key" + extensionFile="${cert_location}/${host}-snakeoil.ext" + keyFile="${cert_location}/${host}-snakeoil.key" + csrFile="${cert_location}/${host}-snakeoil.csr" + crtAltSubFile="${cert_location}/${host}-snakeoil.crt" + + cat << EOF > ${extensionFile} +authorityKeyIdentifier=keyid,issuer +basicConstraints=CA:FALSE +subjectAltName = @alt_names +[alt_names] +DNS.1 = ${host} +DNS.2 = localhost +EOF + + # Create CSR + openssl req -newkey rsa:2048 -nodes -keyout ${keyFile} \ + -out ${csrFile} -subj "/CN=${host}" -addext "subjectAltName=DNS:localhost" + + # Sign Our CSR with the root CA cert + openssl x509 -req -CA ${rootCertificate} \ + -CAkey ${rootCertKey} \ + -in ${csrFile} \ + -out ${crtAltSubFile} \ + -days 3650 -CAcreateserial -extfile ${extensionFile} +} \ No newline at end of file diff --git a/federation/scenario-mastodon/mastodon-app/init/create_test_account.sh b/federation/scenario-mastodon/mastodon-app/init/create_test_account.sh new file mode 100755 index 00000000..283000fb --- /dev/null +++ b/federation/scenario-mastodon/mastodon-app/init/create_test_account.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +account_create="$(tootctl accounts create test --email test@localhost --role Owner --confirmed)" +tootctl account modify test --approve + +echo "${account_create}" + +password=$(echo "${account_create}" | + tail -n 1 | + sed 's/New password: //' | + sed 's/\r//' +) + +echo "$password" diff --git a/federation/scenario-mastodon/mastodon-app/init/init.sh b/federation/scenario-mastodon/mastodon-app/init/init.sh new file mode 100755 index 00000000..731aa55d --- /dev/null +++ b/federation/scenario-mastodon/mastodon-app/init/init.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +sudo update-ca-certificates +sudo touch /opt/mastodon/log/prod.log +sudo chown mastodon: /opt/mastodon/log/prod.log +rails db:setup +bundle exec puma -C config/puma.rb +#sleep 2h diff --git a/federation/scenario-mastodon/mastodon-sidekiq/init/init.sh b/federation/scenario-mastodon/mastodon-sidekiq/init/init.sh new file mode 100755 index 00000000..af9c5190 --- /dev/null +++ b/federation/scenario-mastodon/mastodon-sidekiq/init/init.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +sudo update-ca-certificates +sudo touch /opt/mastodon/log/prod.log +sudo chown mastodon: /opt/mastodon/log/prod.log +bundle exec sidekiq +#sleep 2h diff --git a/federation/scenario-mastodon/resources/certs/custom-snakeoil-rootCA.crt b/federation/scenario-mastodon/resources/certs/custom-snakeoil-rootCA.crt new file mode 100644 index 00000000..91a0d144 --- /dev/null +++ b/federation/scenario-mastodon/resources/certs/custom-snakeoil-rootCA.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDGTCCAgGgAwIBAgIUU+o53CfULAHTgPuCq/Ua8JRTWLIwDQYJKoZIhvcNAQEL +BQAwGzEZMBcGA1UEAwwQY29kZS5mb3JnZWpvLm9yZzAgFw0yNTEwMjMwODI2NTVa +GA8yMTI1MDkyOTA4MjY1NVowGzEZMBcGA1UEAwwQY29kZS5mb3JnZWpvLm9yZzCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKJl1YjGLoYK5J7wCbgL7WCZ +DGznwmp2SxpxJx/9Y6Pldt1QXTp0/VrR/H8iu3bNh13jmupXTKyGHU94MTNHER1T +/jbGw8LRPWCIYNjpYFZU17glTGs/DOieh7acuuvu+imoamk1oRLVaaHDewz09Tc2 +wkklCH+2ME2TC6mHIqpHOLO//ESEU0Glo+/mVMEcTJf9zdDhSGhZPKhXEaWgrLMo +EV3r0hpxHCE21OeaRrOKjMtOfp6/v0yKAsJ0QbLHXw1JDauiMWHUxp1H3jIHGgtc +0ALdiS1fhYi8zX3bkbMfctjREVtbhO0Aqps5pvDjhjTNyTmSQ3dkkU37W7Mz+WkC +AwEAAaNTMFEwHQYDVR0OBBYEFKXOSikliKVL6VYbbcaOR3k3khKyMB8GA1UdIwQY +MBaAFKXOSikliKVL6VYbbcaOR3k3khKyMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBADE4RGzIXT3LsLGxqRiuOPrXnOTy6izD0sXraJGPWOTEm0MB +H+MnV1YmqRiafwCTbKyiTfzF50JX0zwa6NnkK7k7tyht7O2B0/1VfsrIaXGBP05B +pZMC1bMSaDEu+zvRUDFvNiE5Oxkw0LGy44o36e3SNCEXMCYU3fiTX/5IxfB/a1Bk ++5tNfpK4CKwyk2/pb8ClgBldYGxfp/hyzTVh7y4c5bSRzoawGxq2ipfmJbSBYEme +vyySFXJI1W9ih8utE2sQKbRS7YrwxSNS9Uj6qwixTlHB5a/MzlFmD630VkmkI1qq +5VkQxq7dJSTlVHX8qiQqvGoPPIp5ucbBDmyj2A8= +-----END CERTIFICATE----- diff --git a/federation/scenario-mastodon/resources/certs/custom-snakeoil-rootCA.key b/federation/scenario-mastodon/resources/certs/custom-snakeoil-rootCA.key new file mode 100644 index 00000000..b4b13057 --- /dev/null +++ b/federation/scenario-mastodon/resources/certs/custom-snakeoil-rootCA.key @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCiZdWIxi6GCuSe +8Am4C+1gmQxs58JqdksacScf/WOj5XbdUF06dP1a0fx/Irt2zYdd45rqV0yshh1P +eDEzRxEdU/42xsPC0T1giGDY6WBWVNe4JUxrPwzonoe2nLrr7vopqGppNaES1Wmh +w3sM9PU3NsJJJQh/tjBNkwuphyKqRzizv/xEhFNBpaPv5lTBHEyX/c3Q4UhoWTyo +VxGloKyzKBFd69IacRwhNtTnmkaziozLTn6ev79MigLCdEGyx18NSQ2rojFh1Mad +R94yBxoLXNAC3YktX4WIvM1925GzH3LY0RFbW4TtAKqbOabw44Y0zck5kkN3ZJFN ++1uzM/lpAgMBAAECggEAAdGmR0j0k/ISyfhYnFJfFAfBN+x0a1wl7rOjDP/Tg7r9 +Ln21yzYTJJcfnu5TaOfLH84KrRwrT6JhhfaYn64PC8PmH/rXDftPsFSOt/DZo2+B +vaSgGyWcMVqdnNOOep6IXq36rr3krwQra14Rmbbm36AYihh+iuzbB4w0vPvpwDwv +G9DITTLrIwDRbXReZ13FjqphP5dqT6jG7BnRLe7vyQ7CJwYdUDLkg2YLykwbHvco +DISS3IoYgF5R7KaGpwH2iFmeHYwXaVH9Y0RyjEvxp87iK8Awvm4yn7hWBx9NsMm2 +of7107TlFBU81JbG09KQZ+mS3S4C9XfQScqBoP66tQKBgQDYS4QhwkYFNusN8z+U +63IGMxJXMF0bvF1zqjhrfkdX16jDD7v8cMbZAjk80obmRdhFpNiuaCT7dbnXpt7L +Ppfu6IkcJsAJc32lbWGc56XzfzDnNecvQbCbMnRYI5GDzcTTY+ObgyhJv4SwuD3E +kdHhxOFPuxlLFey9eg9vC6ADnQKBgQDANX5oEqvVty8gn+cOU3fEiqQ+ZqvcgMcL +CUQYIAUDvXjZuXTbU0cSzgZnZi3JwtEVwj0u+0eXXlju6AVgKC/yd4aIpQ2f6hXO +UlODWIqiNq3lVgjatO6zQ2CXuBeV7crX6odNrhkvSwSPNlC2Ra7QZ8Uk0PpX0sTm +JyuMA/WBPQKBgQCkqulPYj44nhTZrAUN9Sn7+knOQy2/feqPsln9zEe4YqFCz+nI +SHu6nuzAl27IRQhgDR5BuVvebUQtIAeiKGc3JaWs3vt4topDtUCJWfqHpJ+whuMY +oSQ5I3Jb38ha1f8xCG0x6ep0KvB0MfAkhPeKsH7wWnrpJSn1HsY9PlZ2KQKBgQCS +/xZKb6UdEDipocDqkukw1bsgwhLD03TmOtLqBGrxXlFzacM2DW14sznwkBOKj0Sq +eF+kc6Zf3Fb1d1rNHE73B3RLQre1yiedIBcgh3GW92xszSx+XwuC64+O2Mqo7jBI +iuOpg/Fc2umEwUxe6dH1Lrd2HaCn09ikD+bc8RYsHQKBgQDXfAiAf3MdzG8+4zgD +kzfZsUXRUm3ACqrkhlUOzPsh2y5yGO0gxkrUR4ps2+wn0aapwYi+JdbEHpDqI4Ze +vE3d8ZgLF4ER+uuiayuItMIFa8T0AiH1oJMptUY4kgj1AaG0b3+ZxU/uGXjpciyA +a7/psxJ+in3AQ005JGir8rx+gA== +-----END PRIVATE KEY----- diff --git a/federation/scenario-mastodon/run.sh b/federation/scenario-mastodon/run.sh new file mode 100644 index 00000000..7e07a1b8 --- /dev/null +++ b/federation/scenario-mastodon/run.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +source "$DIR/federation_scenario-$scenario-env" + +if [[ -z "$password" ]]; then + exit 1 +fi + +if [[ -z "$port" ]]; then + exit 1 +fi + +status_code="$(curl -o /dev/null -w '%{http_code}' "http://localhost:$port/")" +if [[ "$status_code" != "200" ]]; then + exit 1 +fi + diff --git a/federation/scenario-mastodon/setup.sh b/federation/scenario-mastodon/setup.sh new file mode 100755 index 00000000..cb9efb98 --- /dev/null +++ b/federation/scenario-mastodon/setup.sh @@ -0,0 +1,48 @@ +#!/usr/bin/env bash + +source "$SCENARIO_DIR/../../lib/lib.sh" +source "$SCENARIO_DIR/functions.sh" + +echo "Setting up Forgejo x Mastodon" + +if [[ ! -d "$DIR" ]]; then + mkdir -p "$DIR" +fi + +echo "Generating forgejo & mastodon self-signed certificate" + +generate_certs forgejo "$SCENARIO_DIR/resources/certs" + +mv "$SCENARIO_DIR/resources/certs/forgejo"* "$SCENARIO_DIR/forgejo/certs/" + +export MASTODON_HOST="localhost" + +podman-compose \ + -f "$SCENARIO_DIR/compose.yaml" \ + up -d + +function wait_up() { + command="$(podman-compose \ + -f "$SCENARIO_DIR/compose.yaml" \ + exec mastodon-app \ + bin/tootctl accounts + )" + + first="$(head -n 1 <<< "$command")" + [[ "$first" == *"Commands:"* ]] && echo "ready" +} + +retry wait_up + +password="$(podman-compose \ + -f "$SCENARIO_DIR/compose.yaml" \ + exec mastodon-app \ + bash -c "/init/create_test_account.sh" | \ + tail -n 1 | \ + sed 's/\r//' +)" + +cat << EOF > "$DIR/federation_scenario-mastodon-env" +password="$password" +port="4000" +EOF diff --git a/federation/scenario-mastodon/teardown.sh b/federation/scenario-mastodon/teardown.sh new file mode 100644 index 00000000..5e5d35f4 --- /dev/null +++ b/federation/scenario-mastodon/teardown.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +podman-compose \ + -f "$SCENARIO_DIR/compose.yaml" \ + down + +rm "$DIR/federation_scenario-mastodon-env" + diff --git a/forgejo/sources/15.0 b/forgejo/sources/15.0 new file mode 100644 index 00000000..595283d3 --- /dev/null +++ b/forgejo/sources/15.0 @@ -0,0 +1 @@ +https://codeberg.org/forgejo/forgejo forgejo 15.0.0 diff --git a/lib/RELEASE_NUMBERS b/lib/RELEASE_NUMBERS deleted file mode 100644 index c4adc700..00000000 --- a/lib/RELEASE_NUMBERS +++ /dev/null @@ -1 +0,0 @@ -11.0 13.0 14.0 diff --git a/lib/lib.sh b/lib/lib.sh index 0d5f07a7..b1e9409f 100644 --- a/lib/lib.sh +++ b/lib/lib.sh @@ -26,7 +26,7 @@ IP=$(hostname -I | cut -f1 -d' ') # # Forgejo releases for which a branch exists (7.0/forgejo etc.) # -RELEASE_NUMBERS=$(cat $LIB_DIR/RELEASE_NUMBERS) +RELEASE_NUMBERS="11.0 14.0 15.0" PREFIX=============== export DIR=/tmp/forgejo-end-to-end @@ -415,6 +415,17 @@ EOF cp -a $DOT_FORGEJO_CURL $work_path/forgejo-curl } +function create_offline_registration_token() { + local name="$1" + local scope="$2" + local secret="$3" + + local work_path + work_path="$DIR/$(work_path_base "$config")" + + "$work_path/forgejocli" forgejo-cli actions register --name "$name" --scope "$scope" --secret "$secret" +} + function stop_daemon() { local daemon=$1 diff --git a/packages/alpine-10.0 b/packages/alpine-10.0 deleted file mode 120000 index b34295a0..00000000 --- a/packages/alpine-10.0 +++ /dev/null @@ -1 +0,0 @@ -alpine-7.0 \ No newline at end of file diff --git a/packages/alpine.sh b/packages/alpine.sh index c8679a51..ce5c4ac8 100644 --- a/packages/alpine.sh +++ b/packages/alpine.sh @@ -7,7 +7,7 @@ function test_packages_alpine_version() { reset_forgejo $PACKAGES_DIR/alpine-app.ini start_forgejo $forgejo_version - local d=$PACKAGES_DIR/alpine-$forgejo_version + local d=$PACKAGES_DIR/alpine local token=$(cat $DIR/forgejo-curl/token) local url=http://${HOST_PORT} @@ -16,8 +16,10 @@ function test_packages_alpine_version() { } function test_packages_alpine() { - for alpine_version in 3.20 3.21; do - for forgejo_version in 7.0 10.0; do + local forgejo_versions="${1:-$RELEASE_NUMBERS}" + + for alpine_version in 3.22 3.23; do + for forgejo_version in $forgejo_versions; do test_packages_alpine_version $alpine_version $forgejo_version done done diff --git a/packages/alpine-7.0/package-source/forgejo-2173/APKBUILD b/packages/alpine/package-source/forgejo-2173/APKBUILD similarity index 100% rename from packages/alpine-7.0/package-source/forgejo-2173/APKBUILD rename to packages/alpine/package-source/forgejo-2173/APKBUILD diff --git a/packages/alpine-7.0/package-source/forgejo-2173/forgejo_2173 b/packages/alpine/package-source/forgejo-2173/forgejo_2173 similarity index 100% rename from packages/alpine-7.0/package-source/forgejo-2173/forgejo_2173 rename to packages/alpine/package-source/forgejo-2173/forgejo_2173 diff --git a/packages/alpine-7.0/package-source/forgejo-2173/forgejo_2173.init b/packages/alpine/package-source/forgejo-2173/forgejo_2173.init similarity index 100% rename from packages/alpine-7.0/package-source/forgejo-2173/forgejo_2173.init rename to packages/alpine/package-source/forgejo-2173/forgejo_2173.init diff --git a/packages/alpine-7.0/package-source/forgejo-2174/APKBUILD b/packages/alpine/package-source/forgejo-2174/APKBUILD similarity index 100% rename from packages/alpine-7.0/package-source/forgejo-2174/APKBUILD rename to packages/alpine/package-source/forgejo-2174/APKBUILD diff --git a/packages/alpine-7.0/package-source/forgejo-2174/forgejo_2174 b/packages/alpine/package-source/forgejo-2174/forgejo_2174 similarity index 100% rename from packages/alpine-7.0/package-source/forgejo-2174/forgejo_2174 rename to packages/alpine/package-source/forgejo-2174/forgejo_2174 diff --git a/packages/alpine-7.0/package-source/forgejo-2174/forgejo_2174.init b/packages/alpine/package-source/forgejo-2174/forgejo_2174.init similarity index 100% rename from packages/alpine-7.0/package-source/forgejo-2174/forgejo_2174.init rename to packages/alpine/package-source/forgejo-2174/forgejo_2174.init diff --git a/packages/alpine-7.0/test.sh b/packages/alpine/test.sh similarity index 100% rename from packages/alpine-7.0/test.sh rename to packages/alpine/test.sh diff --git a/packages/packages.sh b/packages/packages.sh index 002ed796..4fc9c6a4 100644 --- a/packages/packages.sh +++ b/packages/packages.sh @@ -7,5 +7,7 @@ PACKAGES_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" source $PACKAGES_DIR/alpine.sh function test_packages() { - run test_packages_alpine + local forgejo_versions="${1:-$RELEASE_NUMBERS}" + + run test_packages_alpine $forgejo_versions } diff --git a/renovate.json b/renovate.json index cd7ea572..6b4cadc2 100644 --- a/renovate.json +++ b/renovate.json @@ -2,5 +2,13 @@ "$schema": "https://docs.renovatebot.com/renovate-schema.json", "extends": [ "local>forgejo/renovate-config" + ], + "packageRules": [ + { + "description": "Separate test actions", + "matchFileNames": ["actions/**"], + "additionalBranchPrefix": "actions", + "commitMessageTopic": "{{depName}} (test actions)" + } ] } diff --git a/run.sh b/run.sh new file mode 100755 index 00000000..92a91611 --- /dev/null +++ b/run.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +podman build -t forgejo-e2e . +patchelf ../forgejo/forgejo --set-interpreter /lib64/ld-linux-x86-64.so.2 +podman run \ + -it --privileged \ + -v ../forgejo/gitea:/srv/forgejo-binaries/forgejo-14.0 \ + -p 3001-3003:3001-3003 \ + -p 4000:4000 \ + -p 8080:8080 \ + forgejo-e2e