AcadeNice/corentin_wakdo
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(ci): gate auto-merge by label via API shell check (Forgejo if-expression matched even unlabeled)
All checks were successful
CI / static-tests (pull_request) Successful in 34s
Details
CI / auto-merge (push) Has been skipped
Details
CI / auto-merge (pull_request) Successful in 4s
Details
CI / secret-scan (push) Successful in 7s
Details
CI / php-lint (push) Successful in 16s
Details
CI / static-tests (push) Successful in 30s
Details
CI / secret-scan (pull_request) Successful in 8s
Details
CI / php-lint (pull_request) Successful in 18s
Details

Browse source
This commit is contained in:
Imugiii 2026-06-15 14:36:29 +00:00
parent cc726a00b8
commit 9c0ea4a345
1 changed files with 16 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
.forgejo/workflows/ci.yml
View file

@ -97,24 +97,33 @@ jobs:
auto-merge: auto-merge:
# Fusion automatique OPT-IN : poser le label `auto-merge` sur la PR. # Fusion automatique OPT-IN : poser le label `auto-merge` sur la PR.
# Ne s'execute que si les 3 checks passent (needs) ET si le label est present. # Ne s'execute que si les 3 checks passent (needs).
# Plus fiable que le merge_when_checks_succeed natif de Forgejo (qui ne se # IMPORTANT : le filtrage par label se fait DANS le step via l'API, pas dans
# declenche pas toujours au passage au vert). Fusionne via l'API REST. # `if:` — l'expression contains(github.event.pull_request.labels.*.name, ...)
# de Forgejo n'est pas fiable (elle s'evalue a vrai meme sans label, ce qui
# fusionnait toute PR verte). La verification shell sur l'API est le vrai gate.
needs: [secret-scan, php-lint, static-tests] needs: [secret-scan, php-lint, static-tests]
if: github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'auto-merge') if: github.event_name == 'pull_request'
runs-on: docker runs-on: docker
steps: steps:
- name: Install curl - name: Install curl
run: apt-get update -qq && apt-get install -y -qq curl ca-certificates >/dev/null run: apt-get update -qq && apt-get install -y -qq curl ca-certificates >/dev/null
- name: Merge PR (squash) once CI is green - name: Merge PR (squash) si label auto-merge present et CI verte
run: | run: |
API="${{ github.server_url }}/api/v1/repos/${{ github.repository }}" API="${{ github.server_url }}/api/v1/repos/${{ github.repository }}"
PR="${{ github.event.pull_request.number }}" PR="${{ github.event.pull_request.number }}"
TOKEN="${{ secrets.FORGEJO_TOKEN }}"
labels=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels")
if ! printf '%s' "$labels" | grep -q '"name"[[:space:]]*:[[:space:]]*"auto-merge"'; then
echo "Pas de label 'auto-merge' sur la PR #$PR -> relecture manuelle, pas de fusion auto."
exit 0
fi
echo "Label 'auto-merge' present + CI verte -> fusion de la PR #$PR"
code=$(curl -s -o /tmp/resp -w "%{http_code}" -X POST \ code=$(curl -s -o /tmp/resp -w "%{http_code}" -X POST \
-H "Authorization: token ${{ secrets.FORGEJO_TOKEN }}" \ -H "Authorization: token $TOKEN" \
-H "Content-Type: application/json" \ -H "Content-Type: application/json" \
-d '{"Do":"squash","delete_branch_after_merge":true}' \ -d '{"Do":"squash","delete_branch_after_merge":true}' \
"$API/pulls/$PR/merge") "$API/pulls/$PR/merge")
echo "merge HTTP $code"; cat /tmp/resp || true; echo echo "merge HTTP $code"; cat /tmp/resp || true; echo
[ "$code" = "200" ] || { echo "auto-merge failed (HTTP $code)"; exit 1; } [ "$code" = "200" ] || { echo "auto-merge failed (HTTP $code)"; exit 1; }
echo "PR #$PR merged." echo "PR #$PR mergee."