d-bis/proxmox
4
0
Fork 0
Code Issues 2 Pull Requests 13 Actions Packages Projects Releases Wiki Activity

chore(ci): Phase 5 — port .github/workflows to .gitea/workflows, remove GitHub CI (Phase 5)
Some checks failed
Validate Token List / Validate Token List (push) Failing after 21s
Details
AI Code Review / claude-review (pull_request) Failing after 49s
Details
Validate Config / Config & validation (pull_request) Successful in 8s
Details
Validate OMNL Rail / OMNL rail checks (pull_request) Failing after 12s
Details
Validate Token List / Validate Token List (pull_request) Failing after 12s
Details

Browse Source 
Gitea is the canonical host (AGENTS.md); no GitHub mirror exists for
d-bis/proxmox (403/404 on all tested orgs). The 4 workflows under
.github/workflows/ never ran from this repo.

Ported:
  .github/workflows/validate-config.yml   → .gitea/workflows/validate-config.yml
  .github/workflows/validate-omnl-rail.yml → .gitea/workflows/validate-omnl-rail.yml
  .github/workflows/validate-pr.yml       → .gitea/workflows/validate-token-list.yml
  .github/workflows/release.yml           → .gitea/workflows/release-token-list.yml

Key changes during port:
- ${{ github.* }} → ${{ gitea.* }} where values differ
- $GITHUB_REF / $GITHUB_OUTPUT → $GITEA_REF / $GITEA_OUTPUT
- softprops/action-gh-release replaced with curl to Gitea releases API
- actions/github-script PR-comment step dropped (ai-review.yml already posts)
- pnpm/action-setup@v4 added explicitly (no implicit corepack assumption)

Added:
- .gitea/workflows/README.md — workflow index, runner-readiness check,
  migration notes, and instructions for adding new workflows.

Runner prerequisite: at least one act_runner with ubuntu-latest label must
be registered. Bootstrap: bash scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh
See docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md.

Tracking: #1
Co-Authored-By: Nakamoto, S <defi@defi-oracle.io>
This commit is contained in:
Devin AI
2026-04-18 20:13:43 +00:00
parent d63efcb315
commit 9e7c0afaec
7 changed files with 238 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
.gitea/workflows/README.md Normal file
View File

@@ -0,0 +1,47 @@
# .gitea/workflows
Gitea Actions is the **canonical** CI for `d-bis/proxmox` per [AGENTS.md](../../AGENTS.md). These workflows run on `act_runner` hosts registered with Gitea, **not** GitHub Actions.
## Runner readiness (required before any workflow here can run)
At least one `act_runner` with the `ubuntu-latest` label must be registered against either this repo or the `d-bis` org. Check at:
- https://gitea.d-bis.org/-/admin/actions/runners (admin view)
- https://gitea.d-bis.org/d-bis/settings/actions/runners (org view)
If no runner is online, bootstrap one from the proxmox repo root:
```bash
bash scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh
```
Full runbook: [`docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md`](../../docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md).
## Workflows
| File | Trigger | Purpose |
|---|---|---|
| `ai-review.yml` | pull_request: opened / synchronize | Claude AI code review comment via `markwylde/claude-code-gitea-action`. Requires `ANTHROPIC_API_KEY` + `GITEA_TOKEN` secrets. |
| `deploy-to-phoenix.yml` | push to `main` / `master` | POST to `PHOENIX_DEPLOY_URL` to trigger Phoenix deployment. Requires `PHOENIX_DEPLOY_URL` + `PHOENIX_DEPLOY_TOKEN` secrets. |
| `validate-config.yml` | pull_request / push on `config/**`, `scripts/validation/**`, `token-lists/**` | R14 config validation + completable-tasks dry-run + optional shellcheck. |
| `validate-omnl-rail.yml` | pull_request / push on `scripts/omnl/**` | OMNL rail `.gitignore` + resolve_ids + transaction-package smoke + shellcheck. |
| `validate-token-list.yml` | pull_request / push on `token-lists/**` | JSON-schema + checksum + logo + on-chain validation of `dbis-138.tokenlist.json`. |
| `release-token-list.yml` | tag `v*` or workflow_dispatch | Build + sign + release the dbis-138 token list as a **Gitea release** (not GitHub release). Requires `GITEA_TOKEN` + `MINISIGN_PRIVATE_KEY`. |
## Phase 5 migration notes (2026-04-18)
The first 4 validation / release workflows were ported here from `.github/workflows/` during Phase 5 of the [sequenced cleanup](https://gitea.d-bis.org/d-bis/proxmox/issues/1). GitHub mirrors of this repo do not exist (`d-bis/proxmox` on GitHub returns 403/404), so the `.github/workflows/` copies never ran — they were removed in the same PR.
Key porting adjustments:
- `${{ github.* }}``${{ gitea.* }}` where the value differs (e.g. `gitea.event_name`, `gitea.event.inputs.*`).
- `$GITHUB_REF`, `$GITHUB_OUTPUT`, `$GITHUB_REPOSITORY``$GITEA_REF`, `$GITEA_OUTPUT`, `$GITEA_REPOSITORY`.
- `softprops/action-gh-release@v1` (GitHub-only) replaced with direct `curl` calls to Gitea's releases API in `release-token-list.yml`.
- `actions/github-script@v7` PR-comment step dropped from `validate-token-list.yml`; the in-tree `ai-review.yml` already posts PR comments.
- `pnpm install` steps now explicitly install `pnpm` via `pnpm/action-setup@v4` (no implicit `corepack` assumption).
## Adding a new workflow
1. Copy one of the existing files and adjust the `on:`, `name:`, and steps.
2. Verify it works on a feature branch before merging to `master` — Gitea will show the run under the PR's Checks tab.
3. If it needs secrets, add them under **Repository settings → Actions → Secrets**.
4. Update this README's workflow table.

126
.gitea/workflows/release-token-list.yml Normal file
View File

@@ -0,0 +1,126 @@
# Release the dbis-138 token list to a Gitea release when a v* tag is pushed.
# Ported from .github/workflows/release.yml during Phase 5 CI reconciliation (2026-04-18).
# The original workflow targeted `softprops/action-gh-release`, which only creates
# GitHub releases. This Gitea port uses the Gitea `POST /api/v1/repos/{owner}/{repo}/releases`
# API and uploads assets via `POST .../releases/{id}/assets`.
#
# Runner readiness: requires a Gitea act_runner with label `ubuntu-latest`.
# Bootstrap: `bash scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh`.
#
# Required secrets (set in Gitea repo or org actions settings):
# - GITEA_TOKEN — Gitea token with `write:repository` to this repo.
# - MINISIGN_PRIVATE_KEY — minisign private key used by token-lists/scripts/sign-list.sh.
name: Release Token List
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
version:
description: 'Version tag (e.g., v1.2.0)'
required: true
type: string
jobs:
release:
name: Release Token List
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 9
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'pnpm'
- name: Install dependencies
run: pnpm install
- name: Validate token list
run: node token-lists/scripts/validate-token-list.js token-lists/lists/dbis-138.tokenlist.json
- name: Validate address checksums
run: node token-lists/scripts/checksum-addresses.js token-lists/lists/dbis-138.tokenlist.json
- name: Validate logos
run: node token-lists/scripts/validate-logos.js token-lists/lists/dbis-138.tokenlist.json
continue-on-error: true
- name: On-chain verification (required)
run: node token-lists/scripts/verify-on-chain.js token-lists/lists/dbis-138.tokenlist.json --required
- name: Determine version
id: version
run: |
if [ "${{ gitea.event_name }}" = "workflow_dispatch" ]; then
VERSION="${{ gitea.event.inputs.version }}"
VERSION=${VERSION#v}
else
VERSION=${GITEA_REF#refs/tags/v}
fi
echo "version=$VERSION" >> "$GITEA_OUTPUT"
echo "tag=v$VERSION" >> "$GITEA_OUTPUT"
echo "Version: $VERSION"
- name: Generate checksums
run: |
cd token-lists/lists
sha256sum dbis-138.tokenlist.json > SHA256SUMS
cat SHA256SUMS
- name: Sign token list
env:
MINISIGN_PRIVATE_KEY: ${{ secrets.MINISIGN_PRIVATE_KEY }}
run: |
cd token-lists
chmod +x scripts/sign-list.sh
./scripts/sign-list.sh sign
continue-on-error: true
- name: Create Gitea release
id: create_release
env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
run: |
set -euo pipefail
TAG="${{ steps.version.outputs.tag }}"
BODY_FILE="token-lists/docs/CHANGELOG.md"
[ -f "$BODY_FILE" ] || BODY_FILE=/dev/null
BODY=$(python3 -c "import json,sys; print(json.dumps(open(sys.argv[1]).read()))" "$BODY_FILE")
RESP=$(curl -sSf -X POST \
-H "Authorization: token ${GITEA_TOKEN}" \
-H "Content-Type: application/json" \
-d "{\"tag_name\":\"${TAG}\",\"name\":\"Release ${TAG}\",\"body\":${BODY},\"draft\":false,\"prerelease\":false}" \
"${GITEA_SERVER_URL:-https://gitea.d-bis.org}/api/v1/repos/${GITEA_REPOSITORY}/releases")
RELEASE_ID=$(echo "$RESP" | python3 -c "import json,sys; print(json.load(sys.stdin)['id'])")
echo "release_id=$RELEASE_ID" >> "$GITEA_OUTPUT"
- name: Upload release assets
env:
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
run: |
set -euo pipefail
REL_ID="${{ steps.create_release.outputs.release_id }}"
for f in \
token-lists/lists/dbis-138.tokenlist.json \
token-lists/lists/dbis-138.tokenlist.json.sig \
token-lists/lists/SHA256SUMS
do
[ -f "$f" ] || { echo "skip missing $f"; continue; }
curl -sSf -X POST \
-H "Authorization: token ${GITEA_TOKEN}" \
-F "attachment=@${f}" \
"${GITEA_SERVER_URL:-https://gitea.d-bis.org}/api/v1/repos/${GITEA_REPOSITORY}/releases/${REL_ID}/assets?name=$(basename "$f")"
done

8
.github/workflows/validate-config.yml → .gitea/workflows/validate-config.yml
View File

@@ -1,4 +1,8 @@
# R14: Config and validation in pipeline. Run when config/ or scripts/validation/ or scripts/verify/ change.
# Ported from .github/workflows/validate-config.yml during Phase 5 CI reconciliation (2026-04-18).
# Runner readiness: requires a Gitea act_runner with label `ubuntu-latest` registered against this repo
# or the `d-bis` org. Bootstrap with `bash scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh`.
# Verification checklist: see docs/04-configuration/GITEA_ACT_RUNNER_SETUP.md.
name: Validate Config
on:
@@ -8,7 +12,7 @@ on:
- 'scripts/validation/**'
- 'scripts/verify/run-all-validation.sh'
- 'scripts/run-completable-tasks-from-anywhere.sh'
- '.github/workflows/validate-config.yml'
- '.gitea/workflows/validate-config.yml'
- 'token-lists/**'
- 'explorer-monorepo/backend/api/rest/config/metamask/**'
push:
@@ -16,7 +20,7 @@ on:
paths:
- 'config/**'
- 'scripts/validation/**'
- '.github/workflows/validate-config.yml'
- '.gitea/workflows/validate-config.yml'
- 'token-lists/**'
- 'explorer-monorepo/backend/api/rest/config/metamask/**'

7
.github/workflows/validate-omnl-rail.yml → .gitea/workflows/validate-omnl-rail.yml
View File

@@ -1,4 +1,7 @@
# Validate OMNL operator rail: .gitignore, resolve_ids pattern, shellcheck on scripts/omnl.
# Ported from .github/workflows/validate-omnl-rail.yml during Phase 5 CI reconciliation (2026-04-18).
# Runner readiness: requires a Gitea act_runner with label `ubuntu-latest`.
# Bootstrap: `bash scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh`.
name: Validate OMNL Rail
on:
@@ -7,14 +10,14 @@ on:
- 'scripts/omnl/**'
- 'docs/04-configuration/mifos-omnl-central-bank/**'
- '.gitignore'
- '.github/workflows/validate-omnl-rail.yml'
- '.gitea/workflows/validate-omnl-rail.yml'
push:
branches: [master]
paths:
- 'scripts/omnl/**'
- 'docs/04-configuration/mifos-omnl-central-bank/**'
- '.gitignore'
- '.github/workflows/validate-omnl-rail.yml'
- '.gitea/workflows/validate-omnl-rail.yml'
jobs:
validate-omnl-rail:

54
.gitea/workflows/validate-token-list.yml Normal file
View File

@@ -0,0 +1,54 @@
# Validate the dbis-138 token list on every PR touching token-lists/.
# Ported from .github/workflows/validate-pr.yml during Phase 5 CI reconciliation (2026-04-18).
# Runner readiness: requires a Gitea act_runner with label `ubuntu-latest`.
# Bootstrap: `bash scripts/dev-vm/bootstrap-gitea-act-runner-site-wide.sh`.
name: Validate Token List
on:
pull_request:
paths:
- 'token-lists/**'
- '.gitea/workflows/validate-token-list.yml'
push:
branches:
- '**'
paths:
- 'token-lists/**'
- '.gitea/workflows/validate-token-list.yml'
jobs:
validate:
name: Validate Token List
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 9
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'pnpm'
- name: Install dependencies
run: pnpm install
- name: Validate JSON schema
run: node token-lists/scripts/validate-token-list.js token-lists/lists/dbis-138.tokenlist.json
- name: Validate address checksums
run: node token-lists/scripts/checksum-addresses.js token-lists/lists/dbis-138.tokenlist.json
- name: Validate logos
run: node token-lists/scripts/validate-logos.js token-lists/lists/dbis-138.tokenlist.json
continue-on-error: true
- name: On-chain verification (optional)
run: node token-lists/scripts/verify-on-chain.js token-lists/lists/dbis-138.tokenlist.json
continue-on-error: true

102
.github/workflows/release.yml vendored
View File

@@ -1,102 +0,0 @@
name: Release Token List
on:
push:
tags:
- 'v*'
workflow_dispatch:
inputs:
version:
description: 'Version tag (e.g., v1.2.0)'
required: true
type: string
jobs:
release:
name: Release Token List
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'pnpm'
- name: Install dependencies
run: pnpm install
working-directory: ${{ github.workspace }}
- name: Validate token list
run: |
node token-lists/scripts/validate-token-list.js token-lists/lists/dbis-138.tokenlist.json
continue-on-error: false
- name: Validate address checksums
run: |
node token-lists/scripts/checksum-addresses.js token-lists/lists/dbis-138.tokenlist.json
continue-on-error: false
- name: Validate logos
run: |
node token-lists/scripts/validate-logos.js token-lists/lists/dbis-138.tokenlist.json
continue-on-error: true
- name: On-chain verification (required)
run: |
node token-lists/scripts/verify-on-chain.js token-lists/lists/dbis-138.tokenlist.json --required
continue-on-error: false
- name: Determine version
id: version
run: |
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
VERSION="${{ github.event.inputs.version }}"
# Remove 'v' prefix if present
VERSION=${VERSION#v}
else
# Extract version from tag
VERSION=${GITHUB_REF#refs/tags/v}
fi
echo "version=$VERSION" >> $GITHUB_OUTPUT
echo "tag=v$VERSION" >> $GITHUB_OUTPUT
echo "Version: $VERSION"
- name: Generate checksums
id: checksums
run: |
cd token-lists/lists
sha256sum dbis-138.tokenlist.json > SHA256SUMS
echo "checksums_file=token-lists/lists/SHA256SUMS" >> $GITHUB_OUTPUT
cat SHA256SUMS
- name: Sign token list
id: sign
run: |
cd token-lists
chmod +x scripts/sign-list.sh
export MINISIGN_PRIVATE_KEY="${{ secrets.MINISIGN_PRIVATE_KEY }}"
./scripts/sign-list.sh sign
continue-on-error: true
- name: Create release
uses: softprops/action-gh-release@v1
with:
files: |
token-lists/lists/dbis-138.tokenlist.json
token-lists/lists/dbis-138.tokenlist.json.sig
token-lists/lists/SHA256SUMS
name: Release ${{ steps.version.outputs.tag }}
tag_name: ${{ steps.version.outputs.tag }}
body_path: token-lists/docs/CHANGELOG.md
generate_release_notes: true
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

81
.github/workflows/validate-pr.yml vendored
View File

@@ -1,81 +0,0 @@
name: Validate Token List
on:
pull_request:
paths:
- 'token-lists/**'
- '.github/workflows/validate-pr.yml'
push:
branches:
- '**'
paths:
- 'token-lists/**'
- '.github/workflows/validate-pr.yml'
jobs:
validate:
name: Validate Token List
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: '20'
cache: 'pnpm'
- name: Install dependencies
run: pnpm install
working-directory: ${{ github.workspace }}
- name: Validate JSON schema
run: |
node token-lists/scripts/validate-token-list.js token-lists/lists/dbis-138.tokenlist.json
continue-on-error: false
- name: Validate address checksums
run: |
node token-lists/scripts/checksum-addresses.js token-lists/lists/dbis-138.tokenlist.json
continue-on-error: false
- name: Validate logos
run: |
node token-lists/scripts/validate-logos.js token-lists/lists/dbis-138.tokenlist.json
continue-on-error: true
- name: On-chain verification (optional)
run: |
node token-lists/scripts/verify-on-chain.js token-lists/lists/dbis-138.tokenlist.json
continue-on-error: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Comment PR with results
if: github.event_name == 'pull_request'
uses: actions/github-script@v7
with:
script: |
const fs = require('fs');
const path = 'token-lists/lists/dbis-138.tokenlist.json';
if (fs.existsSync(path)) {
const tokenList = JSON.parse(fs.readFileSync(path, 'utf-8'));
const body = `## Token List Validation Results ✅
**List**: ${tokenList.name}
**Version**: ${tokenList.version.major}.${tokenList.version.minor}.${tokenList.version.patch}
**Tokens**: ${tokenList.tokens.length}
All validation checks passed! 🎉`;
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: body
});
}