ci(forgejo): generate banlist history graph\n\n- Add scripts/banlist_metrics.py to compute counts from git history and render chart\n- Add Forgejo workflow using demisto/matplotlib image + warm-workspace checkout\n- Keep GitHub workflow for portability; remove old .gitea workflow\n- Update README with embedded SVG and CSV link
Some checks failed
Generate banlist history graph / build (push) Failing after 1s
Some checks failed
Generate banlist history graph / build (push) Failing after 1s
This commit is contained in:
codex-bot
parent
b719be8d6e
commit
3a8d73edcd
4 changed files with 352 additions and 0 deletions
135
.forgejo/workflows/generate-banlist-graph.yml
Normal file
135
.forgejo/workflows/generate-banlist-graph.yml
Normal file
|
|
@ -0,0 +1,135 @@
|
|||
name: Generate banlist history graph
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ main ]
|
||||
paths:
|
||||
- 'banned.txt'
|
||||
- 'scripts/banlist_metrics.py'
|
||||
- '.forgejo/workflows/generate-banlist-graph.yml'
|
||||
schedule:
|
||||
- cron: '17 3 * * *'
|
||||
workflow_dispatch: {}
|
||||
|
||||
jobs:
|
||||
build:
|
||||
# Match your Forgejo runner label
|
||||
runs-on: docker
|
||||
# Use a prebuilt image with matplotlib preinstalled (cached on runner)
|
||||
container: demisto/matplotlib:latest
|
||||
steps:
|
||||
- name: Ensure git is available (minimal)
|
||||
run: |
|
||||
set -euo pipefail
|
||||
if ! command -v git >/dev/null 2>&1; then
|
||||
apt-get update
|
||||
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
|
||||
git ca-certificates
|
||||
fi
|
||||
|
||||
- name: Checkout repository (warm or clone)
|
||||
run: |
|
||||
set -euo pipefail
|
||||
|
||||
# Determine remote URL
|
||||
REMOTE_URL="${CI_REPOSITORY_URL:-}"
|
||||
if [ -z "$REMOTE_URL" ]; then
|
||||
if [ -n "${GITHUB_SERVER_URL:-}" ] && [ -n "${GITHUB_REPOSITORY:-}" ]; then
|
||||
REMOTE_URL="${GITHUB_SERVER_URL%/}/${GITHUB_REPOSITORY}.git"
|
||||
elif [ -n "${GITHUB_REPOSITORY:-}" ]; then
|
||||
# Fallback host; adjust to your Forgejo host if needed
|
||||
REMOTE_URL="https://git.jordanwages.com/${GITHUB_REPOSITORY}.git"
|
||||
else
|
||||
echo "Unable to determine repository URL from CI environment" >&2
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
# Try with token if available by embedding basic auth in the URL
|
||||
AUTH_URL="$REMOTE_URL"
|
||||
if [ -n "${GITHUB_TOKEN:-}" ]; then
|
||||
ACTOR="${GITHUB_ACTOR:-oauth2}"
|
||||
AUTH_URL=$(printf '%s' "$REMOTE_URL" | sed -E "s#^https://#https://${ACTOR}:${GITHUB_TOKEN}@#")
|
||||
fi
|
||||
|
||||
if [ -d .git ]; then
|
||||
echo "Reusing existing workspace (.git found)"
|
||||
# Ensure origin exists and points to AUTH_URL
|
||||
if git remote get-url origin >/dev/null 2>&1; then
|
||||
git remote set-url origin "$AUTH_URL"
|
||||
else
|
||||
git remote add origin "$AUTH_URL"
|
||||
fi
|
||||
git config --global --add safe.directory "$(pwd)"
|
||||
# Fetch updates and tags, prune deleted refs
|
||||
git fetch --all --tags --prune
|
||||
|
||||
# Decide target
|
||||
if [ -n "${GITHUB_SHA:-}" ]; then
|
||||
TARGET="$GITHUB_SHA"
|
||||
git checkout -q "$TARGET" || true
|
||||
git reset --hard "$TARGET"
|
||||
elif [ -n "${GITHUB_REF_NAME:-}" ]; then
|
||||
BRANCH="$GITHUB_REF_NAME"
|
||||
git checkout -q -B "$BRANCH" "origin/$BRANCH" || git checkout -q "$BRANCH" || true
|
||||
git reset --hard "origin/$BRANCH" || true
|
||||
else
|
||||
# Fallback to main
|
||||
git checkout -q -B main origin/main || git checkout -q main || true
|
||||
git reset --hard origin/main || true
|
||||
fi
|
||||
# Clean untracked files
|
||||
git clean -fdx
|
||||
else
|
||||
echo "Cloning from: $REMOTE_URL"
|
||||
if ! git clone "$AUTH_URL" .; then
|
||||
echo "Auth clone failed; trying anonymous clone..." >&2
|
||||
git clone "$REMOTE_URL" .
|
||||
fi
|
||||
git config --global --add safe.directory "$(pwd)"
|
||||
|
||||
# Checkout the requested ref if provided
|
||||
if [ -n "${GITHUB_SHA:-}" ]; then
|
||||
git fetch origin "$GITHUB_SHA" || true
|
||||
git checkout -q "$GITHUB_SHA" || true
|
||||
elif [ -n "${GITHUB_REF_NAME:-}" ]; then
|
||||
git fetch origin "$GITHUB_REF_NAME" || true
|
||||
git checkout -q "$GITHUB_REF_NAME" || true
|
||||
fi
|
||||
fi
|
||||
|
||||
- name: Generate metrics and chart
|
||||
env:
|
||||
MPLBACKEND: Agg
|
||||
TZ: UTC
|
||||
run: |
|
||||
set -euo pipefail
|
||||
python scripts/banlist_metrics.py \
|
||||
--file banned.txt \
|
||||
--csv metrics/banlist_counts.csv \
|
||||
--image assets/banlist_history.svg
|
||||
|
||||
- name: Commit and push changes (if any)
|
||||
run: |
|
||||
set -euo pipefail
|
||||
git config user.name "forgejo-actions-bot"
|
||||
git config user.email "actions@noreply.local"
|
||||
if [ -n "$(git status --porcelain -- metrics assets)" ]; then
|
||||
git add -A metrics assets
|
||||
git commit -m "chore: update banlist history graph [skip ci]"
|
||||
# Push to the same remote we cloned from; token is in the origin URL if present
|
||||
git push || {
|
||||
echo "First push failed; trying to embed token in remote..." >&2
|
||||
if [ -n "${GITHUB_TOKEN:-}" ]; then
|
||||
ACTOR="${GITHUB_ACTOR:-oauth2}"
|
||||
ORIGIN_URL=$(git remote get-url origin)
|
||||
AUTH_URL=$(printf '%s' "$ORIGIN_URL" | sed -E "s#^https://#https://${ACTOR}:${GITHUB_TOKEN}@#")
|
||||
git remote set-url origin "$AUTH_URL"
|
||||
git push
|
||||
else
|
||||
false
|
||||
fi
|
||||
}
|
||||
else
|
||||
echo "No changes to commit."
|
||||
fi
|
||||
Loading…
Add table
Add a link
Reference in a new issue