setup-forgejo/testdata/example-pull-request/.forgejo/workflows/test.yml
2023-09-29 22:44:24 +02:00

123 lines
4.3 KiB
YAML

on:
pull_request:
pull_request_target:
types:
- opened
- synchronize
jobs:
test:
runs-on: docker
container:
image: code.forgejo.org/oci/debian:bookworm
options: "--volume /srv/example-pull-request:/srv/example-pull-request"
steps:
- name: setup
shell: bash
run: |
set -x
test $GITHUB_TOKEN = ${{ env.GITHUB_TOKEN }}
test $GITHUB_TOKEN = ${{ github.token }}
export DEBIAN_FRONTEND=noninteractive ; apt-get -qq update ; apt-get install -y -qq curl git >& /dev/null
curl -sS -o /usr/local/bin/forgejo-curl.sh https://code.forgejo.org/forgejo/forgejo-curl/raw/branch/main/forgejo-curl.sh && chmod +x /usr/local/bin/forgejo-curl.sh
forgejo-curl.sh --token "$GITHUB_TOKEN" login $GITHUB_SERVER_URL
forgejo-curl.sh api_json $GITHUB_SERVER_URL/api/v1/user
- name: secrets
shell: bash
run: |
set -x
if test ${{ github.event.pull_request.base.repo.full_name }} = ${{ github.event.pull_request.head.repo.full_name }} ; then
forked=false
else
forked=true
fi
case $GITHUB_EVENT_NAME in
pull_request_target)
#
# all PRs: secrets
#
test "${{ secrets.SECRET }}"
;;
pull_request)
if $forked ; then
#
# PRs from forked repositories: no secrets
#
test -z "${{ secrets.SECRET }}"
else
#
# PRs from the same repository: secrets
#
test "${{ secrets.SECRET }}"
fi
;;
*)
echo unexpected event $GITHUB_EVENT_NAME
false
;;
esac
- name: PR TOKEN scopes
shell: bash
run: |
set -x
if test ${{ github.event.pull_request.base.repo.full_name }} = ${{ github.event.pull_request.head.repo.full_name }} ; then
forked=false
else
forked=true
fi
function assert_fail_if_forked() {
if "$@" ; then
! $forked
else
$forked
fi
}
#
# create an issue
#
base_repo=${{ github.event.pull_request.base.repo.full_name }}
forgejo-curl.sh api_json --data-raw '{"title":"ISSUE"}' $GITHUB_SERVER_URL/api/v1/repos/$base_repo/issues
url=$(echo $GITHUB_SERVER_URL | sed -e "s|://|://$GITHUB_TOKEN@|")
git clone $url/$base_repo base
branch=B$RANDOM
(
cd base
git checkout -b $branch
git config user.email root@example.com
git config user.name username
echo CHANGE >> README
git add .
git commit -m 'change'
case $GITHUB_EVENT_NAME in
pull_request_target|pull_request)
#
# repository write scope via http git passthrough
#
assert_fail_if_forked git push --force -u origin $branch
#
# repository write scope via the API
#
assert_fail_if_forked forgejo-curl.sh api_json --data-raw '{"title":"PR","base":"main","head":"'$branch'"}' $GITHUB_SERVER_URL/api/v1/repos/$base_repo/pulls
assert_fail_if_forked forgejo-curl.sh api_json --data-raw '{"color":"#ffffff","name":"labelname"}' $GITHUB_SERVER_URL/api/v1/repos/$base_repo/labels
#
# See https://codeberg.org/forgejo/forgejo/issues/1525
#
! forgejo-curl.sh api_json --data-raw '{"new_branch_name":"B'$RANDOM'"}' $GITHUB_SERVER_URL/api/v1/repos/$base_repo/branches
;;
*)
echo unexpected event $GITHUB_EVENT_NAME
false
;;
esac
)
- name: save event
run: |
d=/srv/example-pull-request/${{ github.event.pull_request.head.repo.owner.username }}/$GITHUB_EVENT_NAME/${{ github.event.action }}
mkdir -p $d
cat > $d/event <<EOF
${{ toJSON(github.event) }}
EOF