a2bbfe62b5
All checks were successful
Generate banlist history graph / build (push) Successful in 6s
161 lines
6.3 KiB
YAML
161 lines
6.3 KiB
YAML
name: Generate banlist history graph
|
|
|
|
on:
|
|
push:
|
|
branches: [ main ]
|
|
paths:
|
|
- 'banned.txt'
|
|
- 'scripts/banlist_metrics.py'
|
|
- '.forgejo/workflows/generate-banlist-graph.yml'
|
|
schedule:
|
|
- cron: '17 3 * * *'
|
|
workflow_dispatch: {}
|
|
|
|
jobs:
|
|
build:
|
|
# Match your Forgejo runner label
|
|
runs-on: docker
|
|
# Use a prebuilt image with matplotlib preinstalled (cached on runner)
|
|
container: demisto/matplotlib:1.0.0.64685
|
|
steps:
|
|
- name: Ensure git is available (minimal)
|
|
run: |
|
|
set -euo pipefail
|
|
if command -v git >/dev/null 2>&1; then
|
|
exit 0
|
|
fi
|
|
echo "git not found; attempting install..."
|
|
if command -v apt-get >/dev/null 2>&1; then
|
|
apt-get update
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends git ca-certificates
|
|
elif command -v apk >/dev/null 2>&1; then
|
|
apk add --no-cache git ca-certificates
|
|
update-ca-certificates || true
|
|
elif command -v microdnf >/dev/null 2>&1; then
|
|
microdnf install -y git ca-certificates || microdnf install -y git
|
|
elif command -v dnf >/dev/null 2>&1; then
|
|
dnf -y install git ca-certificates || dnf -y install git
|
|
elif command -v yum >/dev/null 2>&1; then
|
|
yum -y install git ca-certificates || yum -y install git
|
|
else
|
|
echo "No supported package manager found to install git" >&2
|
|
exit 1
|
|
fi
|
|
|
|
- name: Checkout repository (warm or clone)
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
# Determine remote URL
|
|
REMOTE_URL="${CI_REPOSITORY_URL:-}"
|
|
if [ -z "$REMOTE_URL" ]; then
|
|
if [ -n "${GITHUB_SERVER_URL:-}" ] && [ -n "${GITHUB_REPOSITORY:-}" ]; then
|
|
REMOTE_URL="${GITHUB_SERVER_URL%/}/${GITHUB_REPOSITORY}.git"
|
|
elif [ -n "${GITHUB_REPOSITORY:-}" ]; then
|
|
# Fallback host; adjust to your Forgejo host if needed
|
|
REMOTE_URL="https://git.jordanwages.com/${GITHUB_REPOSITORY}.git"
|
|
else
|
|
echo "Unable to determine repository URL from CI environment" >&2
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
# Try with token if available by embedding basic auth in the URL
|
|
AUTH_URL="$REMOTE_URL"
|
|
if [ -n "${GITHUB_TOKEN:-}" ]; then
|
|
ACTOR="${GITHUB_ACTOR:-oauth2}"
|
|
AUTH_URL=$(printf '%s' "$REMOTE_URL" | sed -E "s#^https://#https://${ACTOR}:${GITHUB_TOKEN}@#")
|
|
fi
|
|
|
|
if [ -d .git ]; then
|
|
echo "Reusing existing workspace (.git found)"
|
|
# Ensure origin exists and points to AUTH_URL
|
|
if git remote get-url origin >/dev/null 2>&1; then
|
|
git remote set-url origin "$AUTH_URL"
|
|
else
|
|
git remote add origin "$AUTH_URL"
|
|
fi
|
|
git config --global --add safe.directory "$(pwd)"
|
|
# Fetch updates and tags, prune deleted refs
|
|
git fetch --all --tags --prune
|
|
|
|
# Decide target (prefer branch name to avoid detached HEAD)
|
|
if [ -n "${GITHUB_REF_NAME:-}" ]; then
|
|
BRANCH="$GITHUB_REF_NAME"
|
|
git checkout -q -B "$BRANCH" "origin/$BRANCH" || git checkout -q "$BRANCH" || true
|
|
git reset --hard "origin/$BRANCH" || true
|
|
elif [ -n "${GITHUB_SHA:-}" ]; then
|
|
TARGET="$GITHUB_SHA"
|
|
git checkout -q "$TARGET" || true
|
|
git reset --hard "$TARGET"
|
|
else
|
|
# Fallback to main
|
|
git checkout -q -B main origin/main || git checkout -q main || true
|
|
git reset --hard origin/main || true
|
|
fi
|
|
# Clean untracked files
|
|
git clean -fdx
|
|
else
|
|
echo "Cloning from: $REMOTE_URL"
|
|
if ! git clone "$AUTH_URL" .; then
|
|
echo "Auth clone failed; trying anonymous clone..." >&2
|
|
git clone "$REMOTE_URL" .
|
|
fi
|
|
git config --global --add safe.directory "$(pwd)"
|
|
|
|
# Checkout the requested ref if provided (prefer branch)
|
|
if [ -n "${GITHUB_REF_NAME:-}" ]; then
|
|
git fetch origin "$GITHUB_REF_NAME" || true
|
|
git checkout -q "$GITHUB_REF_NAME" || true
|
|
elif [ -n "${GITHUB_SHA:-}" ]; then
|
|
git fetch origin "$GITHUB_SHA" || true
|
|
git checkout -q "$GITHUB_SHA" || true
|
|
fi
|
|
fi
|
|
|
|
- name: Generate metrics and chart
|
|
env:
|
|
MPLBACKEND: Agg
|
|
TZ: UTC
|
|
run: |
|
|
set -euo pipefail
|
|
python scripts/banlist_metrics.py \
|
|
--file banned.txt \
|
|
--csv metrics/banlist_counts.csv \
|
|
--image assets/banlist_history.svg
|
|
|
|
- name: Commit and push changes (if any)
|
|
run: |
|
|
set -euo pipefail
|
|
git config user.name "forgejo-actions-bot"
|
|
git config user.email "actions@noreply.local"
|
|
if [ -n "$(git status --porcelain -- metrics assets)" ]; then
|
|
git add -A metrics assets
|
|
git commit -m "chore: update banlist history graph [skip ci]"
|
|
# Determine target branch (handles detached HEAD) and push
|
|
TARGET_BRANCH="${GITHUB_REF_NAME:-}"
|
|
if [ -z "$TARGET_BRANCH" ] || [ "$TARGET_BRANCH" = "HEAD" ]; then
|
|
CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD || echo HEAD)
|
|
if [ "$CURRENT_BRANCH" != "HEAD" ]; then
|
|
TARGET_BRANCH="$CURRENT_BRANCH"
|
|
else
|
|
TARGET_BRANCH="main"
|
|
fi
|
|
fi
|
|
|
|
# Push to the same remote we cloned from; token is in the origin URL if present
|
|
git push origin HEAD:"refs/heads/$TARGET_BRANCH" || {
|
|
echo "First push failed; trying to embed token in remote..." >&2
|
|
if [ -n "${GITHUB_TOKEN:-}" ]; then
|
|
ACTOR="${GITHUB_ACTOR:-oauth2}"
|
|
ORIGIN_URL=$(git remote get-url origin)
|
|
AUTH_URL=$(printf '%s' "$ORIGIN_URL" | sed -E "s#^https://#https://${ACTOR}:${GITHUB_TOKEN}@#")
|
|
git remote set-url origin "$AUTH_URL"
|
|
git push origin HEAD:"refs/heads/$TARGET_BRANCH"
|
|
else
|
|
false
|
|
fi
|
|
}
|
|
else
|
|
echo "No changes to commit."
|
|
fi
|