every-channel/every.channel
1
0
Fork 0
Code Releases Activity Actions 2

ops: move to forgejo-primary hosting with mirror-only codeberg/github

Browse source
This commit is contained in:
every.channel 2026-02-28 00:48:12 -08:00
parent a5bc6c5226
commit 043b1730dc
No known key found for this signature in database
18 changed files with 336 additions and 66 deletions
Download patch file Download diff file Expand all files Collapse all files

49
scripts/fj-enforce-branch-protection.sh
View file

@ -4,7 +4,7 @@ set -euo pipefail
root="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
cd "${root}"
host="${EVERY_CHANNEL_FORGE_HOST:-https://codeberg.org}"
host="${EVERY_CHANNEL_FORGE_HOST:-https://forge.every.channel}"
repo="${EVERY_CHANNEL_FORGE_REPO:-every-channel/every.channel}"
branch="${EVERY_CHANNEL_PROTECTED_BRANCH:-main}"
required_checks_csv="${EVERY_CHANNEL_REQUIRED_CHECKS:-ci-gates / checks}"
@ -13,26 +13,35 @@ require_signed_commits_raw="${EVERY_CHANNEL_REQUIRE_SIGNED_COMMITS:-true}"
rules_file="${EVERY_CHANNEL_AGE_RULES_FILE:-./secrets.nix}"
identity_file="${EVERY_CHANNEL_AGE_IDENTITY_FILE:-$HOME/.config/every.channel/keys/founder_ed25519}"
token_file_primary="${EVERY_CHANNEL_FORGE_TOKEN_FILE:-secrets/forge-token.age}"
token_file_compat="${EVERY_CHANNEL_CODEBERG_TOKEN_FILE:-secrets/codeberg-token.age}"
if [[ -z "${CODEBERG_TOKEN:-}" && -f secrets/codeberg-token.age && -f "${identity_file}" ]]; then
token="${EVERY_CHANNEL_FORGE_TOKEN:-${FORGE_TOKEN:-${CODEBERG_TOKEN:-}}}"
load_token_from_file() {
local candidate="$1"
[[ -f "${candidate}" && -f "${identity_file}" ]] || return 1
if command -v agenix >/dev/null 2>&1; then
token="$(RULES="${rules_file}" agenix -d secrets/codeberg-token.age -i "${identity_file}" 2>/dev/null || true)"
if [[ -n "${token}" ]]; then
export CODEBERG_TOKEN
CODEBERG_TOKEN="${token}"
fi
elif command -v age >/dev/null 2>&1; then
token="$(age -d -i "${identity_file}" secrets/codeberg-token.age 2>/dev/null || true)"
if [[ -n "${token}" ]]; then
export CODEBERG_TOKEN
CODEBERG_TOKEN="${token}"
fi
RULES="${rules_file}" agenix -d "${candidate}" -i "${identity_file}" 2>/dev/null || return 1
return 0
fi
if command -v age >/dev/null 2>&1; then
age -d -i "${identity_file}" "${candidate}" 2>/dev/null || return 1
return 0
fi
return 1
}
if [[ -z "${token}" ]]; then
token="$(load_token_from_file "${token_file_primary}" || true)"
fi
if [[ -z "${token}" ]]; then
token="$(load_token_from_file "${token_file_compat}" || true)"
fi
if [[ -z "${CODEBERG_TOKEN:-}" ]]; then
echo "error: CODEBERG_TOKEN is not set" >&2
echo "hint: set CODEBERG_TOKEN or configure secrets/codeberg-token.age" >&2
if [[ -z "${token}" ]]; then
echo "error: forge token is not set" >&2
echo "hint: set EVERY_CHANNEL_FORGE_TOKEN/FORGE_TOKEN or configure ${token_file_primary}" >&2
exit 2
fi
@ -90,18 +99,18 @@ JSON
)"
status="$(curl -sS -o /dev/null -w '%{http_code}' \
-H "Authorization: token ${CODEBERG_TOKEN}" \
-H "Authorization: token ${token}" \
"${api}/${branch}" || true)"
if [[ "${status}" == "404" ]]; then
curl -fsSL -X POST \
-H "Authorization: token ${CODEBERG_TOKEN}" \
-H "Authorization: token ${token}" \
-H "content-type: application/json" \
"${api}" \
-d "${payload}" >/dev/null
elif [[ "${status}" == "200" ]]; then
curl -fsSL -X PATCH \
-H "Authorization: token ${CODEBERG_TOKEN}" \
-H "Authorization: token ${token}" \
-H "content-type: application/json" \
"${api}/${branch}" \
-d "${payload}" >/dev/null
@ -111,7 +120,7 @@ else
fi
current="$(curl -fsSL \
-H "Authorization: token ${CODEBERG_TOKEN}" \
-H "Authorization: token ${token}" \
"${api}/${branch}")"
if ! printf '%s' "${current}" | rg -q '"enable_status_check":\s*true'; then