From 69eb028438116a8ebef682eb3124d6bfb45b8109 Mon Sep 17 00:00:00 2001
From: Antoine Martin <dev@ayakael.net>
Date: Fri, 16 Aug 2024 01:16:26 -0400
Subject: [PATCH] forgejo-ci: initial

---
 .forgejo/bin/deploy.sh             |  33 +++++++
 .forgejo/patches/build.patch       | 140 +++++++++++++++++++++++++++++
 .forgejo/workflows/build-edge.yaml |  52 +++++++++++
 .forgejo/workflows/lint.yaml       |  21 +++++
 4 files changed, 246 insertions(+)
 create mode 100755 .forgejo/bin/deploy.sh
 create mode 100644 .forgejo/patches/build.patch
 create mode 100644 .forgejo/workflows/build-edge.yaml
 create mode 100644 .forgejo/workflows/lint.yaml

diff --git a/.forgejo/bin/deploy.sh b/.forgejo/bin/deploy.sh
new file mode 100755
index 0000000..05de4d6
--- /dev/null
+++ b/.forgejo/bin/deploy.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# shellcheck disable=SC3040
+set -eu -o pipefail
+
+readonly BASEBRANCH=$(grep PRETTY_NAME /etc/os-release | awk '{print $3}' | tr -d '"')
+readonly TARGET_REPO=$CI_ALPINE_REPO
+
+get_qubes_release() {
+ 	case $GITHUB_BASE_REF in
+		r*) echo $GITHUB_BASE_REF;;
+		main) echo r4.3;;
+ 	esac
+}
+
+readonly QUBES_REL=$(get_qubes_release)
+
+apkgs=$(find package -type f -name "*.apk")
+
+for apk in $apkgs; do
+	arch=$(echo $apk | awk -F '/' '{print $3}')
+	name=$(echo $apk | awk -F '/' '{print $4}')
+
+	echo "Sending $name of arch $arch to $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL"
+	return=$(curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL 2>&1)
+	echo $return
+	if [ "$return" == "package file already exists" ]; then
+		echo "Package already exists, refreshing..."
+		curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN -X DELETE $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL/$arch/$name
+		curl -s --user $FORGE_REPO_USER:$FORGE_REPO_TOKEN --upload-file $apk $TARGET_REPO/$BASEBRANCH/qubes-$QUBES_REL
+	fi
+done
+
diff --git a/.forgejo/patches/build.patch b/.forgejo/patches/build.patch
new file mode 100644
index 0000000..eb17134
--- /dev/null
+++ b/.forgejo/patches/build.patch
@@ -0,0 +1,140 @@
+diff --git a/usr/local/bin/build.sh.orig b/usr/local/bin/build.sh
+old mode 100644
+new mode 100755
+index c3b8f7a..0b1c9a5
+--- a/usr/local/bin/build.sh.orig
++++ b/usr/local/bin/build.sh
+@@ -7,13 +7,14 @@
+ set -eu -o pipefail
+ 
+ readonly APORTSDIR=$CI_PROJECT_DIR
+-readonly REPOS="main community testing non-free"
++readonly REPOS="main community testing"
+ readonly ARCH=$(apk --print-arch)
+ # gitlab variables
+ readonly BASEBRANCH=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME
+ 
+ : "${REPODEST:=$HOME/packages}"
+-: "${MIRROR:=https://dl-cdn.alpinelinux.org/alpine}"
++: "${MIRROR:=https://ayakael.net/api/packages/forge/alpine}"
++: "${ALPINE_MIRROR:=http://dl-cdn.alpinelinux.org/alpine}"
+ : "${MAX_ARTIFACT_SIZE:=300000000}" #300M
+ : "${CI_DEBUG_BUILD:=}"
+ 
+@@ -67,13 +68,32 @@ report() {
+ }
+ 
+ get_release() {
++	echo $(grep PRETTY_NAME /etc/os-release | awk '{print $3}' | tr -d '"')
++}
++
++
++get_qubes_release() {
+ 	case $BASEBRANCH in
+-		*-stable) echo v"${BASEBRANCH%-*}";;
+-		master) echo edge;;
+-		*) die "Branch \"$BASEBRANCH\" not supported!"
++		r*) echo $BASEBRANCH;;
++		main) echo r4.3;;
+ 	esac
+ }
+ 
++changed_aports() {
++	: "${APORTSDIR?APORTSDIR missing}"
++	: "${BASEBRANCH?BASEBRANCH missing}"
++
++	cd "$APORTSDIR"
++	local aports
++
++	aports=$(git diff --name-only --diff-filter=ACMR \
++		"$BASEBRANCH"...HEAD -- "*/APKBUILD" | xargs -rn1 dirname)
++
++	# shellcheck disable=2086
++	ap builddirs -d "$APORTSDIR" $aports 2>/dev/null | xargs -rn1 basename
++}
++
++
+ build_aport() {
+ 	local repo="$1" aport="$2"
+ 	cd "$APORTSDIR/$repo/$aport"
+@@ -99,13 +119,13 @@ set_repositories_for() {
+ 	local release
+ 
+ 	release=$(get_release)
+-	for repo in $REPOS; do
++	for repo in qubes-$(get_qubes_release); do
+ 		[ "$repo" = "non-free" ] && continue
+-		[ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
++		[ "$release" == "edge" ] && [ "$repo" == "backports" ] && continue
+ 		repos="$repos $MIRROR/$release/$repo $REPODEST/$repo"
+ 		[ "$repo" = "$target_repo" ] && break
+ 	done
+-	doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
++	doas sh -c "printf '%s\n' $repos >> /etc/apk/repositories"
+ 	doas apk update
+ }
+ 
+@@ -118,7 +138,15 @@ apply_offset_limit() {
+ }
+ 
+ setup_system() {
+-	doas sh -c "echo $MIRROR/$(get_release)/main > /etc/apk/repositories"
++	local repos='' repo=''
++	local release
++
++	release=$(get_release)
++	for repo in $REPOS; do
++		[ "$release" != "edge" ] && [ "$repo" == "testing" ] && continue
++		repos="$repos $ALPINE_MIRROR/$release/$repo"
++	done
++	doas sh -c "printf '%s\n' $repos > /etc/apk/repositories"
+ 	doas apk -U upgrade -a || apk fix || die "Failed to up/downgrade system"
+ 	abuild-keygen -ain
+ 	doas sed -i -E 's/export JOBS=[0-9]+$/export JOBS=$(nproc)/' /etc/abuild.conf
+@@ -192,32 +220,22 @@ section_end setup
+ build_start=$CI_ALPINE_BUILD_OFFSET
+ build_limit=$CI_ALPINE_BUILD_LIMIT
+ 
+-for repo in $(changed_repos); do
+-	set_repositories_for "$repo"
+-	built_aports=0
+-	changed_aports_in_repo=$(changed_aports "$repo")
+-	changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
+-	changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
++set_repositories_for $(get_qubes_release)
++built_aports=0
++changed_aports_in_repo=$(changed_aports $BASEBRANCH)
++changed_aports_in_repo_count=$(echo "$changed_aports_in_repo" | wc -l)
++changed_aports_to_build=$(echo "$changed_aports_in_repo" | apply_offset_limit "$build_start" "$build_limit")
+ 
+-	msg "Changed aports in $repo:"
+-	# shellcheck disable=SC2086 # Splitting is expected here
+-	printf " - %s\n" $changed_aports_to_build
+-	for pkgname in $changed_aports_to_build; do
+-		section_start "build_$pkgname" "Building package $pkgname"
+-		built_aports=$((built_aports+1))
+-		if check_aport "$repo" "$pkgname"; then
+-			build_aport "$repo" "$pkgname"
+-		fi
+-		section_end "build_$pkgname"
+-	done
+-
+-	build_start=$((build_start-(changed_aports_in_repo_count-built_aports)))
+-	build_limit=$((build_limit-built_aports))
+-
+-	if [ $build_limit -le 0 ]; then
+-		msg "Limit reached, breaking"
+-		break
++msg "Changed aports:"
++# shellcheck disable=SC2086 # Splitting is expected here
++printf " - %s\n" $changed_aports_to_build
++for pkgname in $changed_aports_to_build; do
++	section_start "build_$pkgname" "Building package $pkgname"
++	built_aports=$((built_aports+1))
++	if check_aport . "$pkgname"; then
++		build_aport . "$pkgname"
+ 	fi
++	section_end "build_$pkgname"
+ done
+ 
+ section_start artifacts "Handeling artifacts" collapse
diff --git a/.forgejo/workflows/build-edge.yaml b/.forgejo/workflows/build-edge.yaml
new file mode 100644
index 0000000..d077e49
--- /dev/null
+++ b/.forgejo/workflows/build-edge.yaml
@@ -0,0 +1,52 @@
+on: 
+  pull_request:
+    types: [ assigned, opened, synchronize, reopened ]
+
+jobs:
+  build-edge:
+    runs-on: x86_64
+    container:
+      image: alpinelinux/alpine-gitlab-ci:latest
+    env:
+      CI_PROJECT_DIR: ${{ github.workspace }}
+      CI_DEBUG_BUILD: ${{ runner.debug }}
+      CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
+      CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
+    steps:
+      - name: Environment setup
+        run: |
+          doas apk add nodejs git patch curl
+          cd /etc/apk/keys
+          doas curl -JO https://ayakael.net/api/packages/forge/alpine/key
+      - name: Repo pull
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 500
+      - name: Package build
+        run: |
+          doas patch -d / -p1 -i ${{ github.workspace }}/.forgejo/patches/build.patch
+          build.sh
+      - name: Package upload
+        uses: forgejo/upload-artifact@v3
+        with:
+          name: package
+          path: packages
+
+  deploy-edge:
+    needs: [build-edge]
+    runs-on: x86_64
+    container:
+      image: alpine:latest
+    env:
+      CI_ALPINE_REPO: 'https://ayakael.net/api/packages/forge/alpine'
+      FORGE_REPO_TOKEN: ${{ secrets.FORGE_REPO_TOKEN }}
+      FORGE_REPO_USER: ${{ vars.FORGE_REPO_USER }}
+    steps:
+      - name: Setting up environment
+        run: apk add nodejs curl findutils git gawk
+      - name: Repo pull
+        uses: actions/checkout@v4
+      - name: Package download
+        uses: forgejo/download-artifact@v3
+      - name: Package deployment
+        run: ${{ github.workspace }}/.forgejo/bin/deploy.sh
diff --git a/.forgejo/workflows/lint.yaml b/.forgejo/workflows/lint.yaml
new file mode 100644
index 0000000..3614deb
--- /dev/null
+++ b/.forgejo/workflows/lint.yaml
@@ -0,0 +1,21 @@
+on: 
+  pull_request:
+    types: [ assigned, opened, synchronize, reopened ]
+
+jobs:
+  lint:
+    run-name: lint
+    runs-on: x86_64
+    container:
+      image: alpinelinux/apkbuild-lint-tools:latest
+    env:
+      CI_PROJECT_DIR: ${{ github.workspace }}
+      CI_DEBUG_BUILD: ${{ runner.debug }}
+      CI_MERGE_REQUEST_PROJECT_URL: ${{ github.server_url }}/${{ github.repository }}
+      CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.base_ref }}
+    steps:
+      - run: doas apk add nodejs git
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 500
+      - run: lint