#!/usr/bin/env bash set -euo pipefail # ============================================================================= # phase5_migrate_pipelines.sh — Copy GitHub Actions → Gitea Actions workflows # Depends on: Phase 4 complete (repos exist on Gitea primary) # For each repo: # 1. Clone from Gitea to temp directory # 2. Copy .github/workflows/*.yml → .gitea/workflows/ # 3. Apply compatibility fixes (github.* → gitea.* context vars) # 4. Add migration header comment # 5. Commit and push # Idempotent: skips repos that already have .gitea/workflows/ with files. # ============================================================================= SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)" source "${SCRIPT_DIR}/lib/common.sh" load_env require_vars GITEA_ADMIN_TOKEN GITEA_INTERNAL_URL GITEA_ORG_NAME \ GITEA_ADMIN_USER REPO_NAMES phase_header 5 "Migrate Pipelines (GitHub → Gitea Actions)" read -ra REPOS <<< "$REPO_NAMES" TEMP_BASE="/tmp/gitea-migration" MIGRATION_HEADER="# Migrated from GitHub Actions — review for Gitea compatibility" GITEA_BASE_URL="${GITEA_INTERNAL_URL%/}" ASKPASS_SCRIPT="" # Clean up temp directory on exit (even on failure) cleanup() { rm -rf "$TEMP_BASE" if [[ -n "$ASKPASS_SCRIPT" ]]; then rm -f "$ASKPASS_SCRIPT" fi } trap cleanup EXIT # Use ephemeral askpass auth so tokens are never embedded in git remote URLs. setup_git_auth() { ASKPASS_SCRIPT=$(mktemp) cat > "$ASKPASS_SCRIPT" <<'EOF' #!/usr/bin/env sh case "$1" in *sername*) printf '%s\n' "$GITEA_GIT_USERNAME" ;; *assword*) printf '%s\n' "$GITEA_GIT_TOKEN" ;; *) printf '\n' ;; esac EOF chmod 700 "$ASKPASS_SCRIPT" } git_with_auth() { GIT_TERMINAL_PROMPT=0 \ GIT_ASKPASS="$ASKPASS_SCRIPT" \ GITEA_GIT_USERNAME="$GITEA_ADMIN_USER" \ GITEA_GIT_TOKEN="$GITEA_ADMIN_TOKEN" \ "$@" } SUCCESS=0 SKIPPED=0 FAILED=0 setup_git_auth for repo in "${REPOS[@]}"; do log_info "--- Processing repo: ${repo} ---" # ------------------------------------------------------------------------- # Idempotency: check if .gitea/workflows already exists via API # The Gitea contents API returns 200 if the path exists. # ------------------------------------------------------------------------- if gitea_api GET "/repos/${GITEA_ORG_NAME}/${repo}/contents/.gitea/workflows" >/dev/null 2>&1; then log_info ".gitea/workflows/ already exists in ${repo} — skipping" SKIPPED=$((SKIPPED + 1)) continue fi # ------------------------------------------------------------------------- # Step 1: Clone the repo to a temp directory # Uses token-based auth in the clone URL so git can push later. # ------------------------------------------------------------------------- CLONE_DIR="${TEMP_BASE}/${repo}" rm -rf "$CLONE_DIR" mkdir -p "$CLONE_DIR" REPO_URL="${GITEA_BASE_URL}/${GITEA_ORG_NAME}/${repo}.git" log_info "Cloning ${repo}..." git_with_auth git clone -q "$REPO_URL" "$CLONE_DIR" # ------------------------------------------------------------------------- # Step 2: Check for GitHub workflows # If the repo has no .github/workflows, log a warning and skip. # This is expected — not every repo has CI pipelines. # ------------------------------------------------------------------------- if [[ ! -d "${CLONE_DIR}/.github/workflows" ]]; then log_warn "No .github/workflows/ found in ${repo} — skipping" SKIPPED=$((SKIPPED + 1)) continue fi # Count workflow files to verify there's something to migrate WORKFLOW_FILES=$(find "${CLONE_DIR}/.github/workflows" -name "*.yml" -o -name "*.yaml" | wc -l | xargs) if [[ "$WORKFLOW_FILES" -eq 0 ]]; then log_warn "No .yml/.yaml files in .github/workflows/ for ${repo} — skipping" SKIPPED=$((SKIPPED + 1)) continue fi log_info "Found ${WORKFLOW_FILES} workflow file(s) to migrate" # ------------------------------------------------------------------------- # Step 3: Create .gitea/workflows and copy files # ------------------------------------------------------------------------- mkdir -p "${CLONE_DIR}/.gitea/workflows" for wf in "${CLONE_DIR}/.github/workflows/"*.yml "${CLONE_DIR}/.github/workflows/"*.yaml; do # Skip glob pattern if no files matched (nullglob not set) [[ -f "$wf" ]] || continue local_name=$(basename "$wf") dest="${CLONE_DIR}/.gitea/workflows/${local_name}" cp "$wf" "$dest" # ----------------------------------------------------------------- # Step 4: Apply compatibility fixes # Gitea Actions is mostly GitHub-compatible, but context variables # use "gitea" prefix instead of "github". These replacements handle # the most common cases. Marketplace actions (actions/checkout etc.) # work as-is since Gitea mirrors them. # ----------------------------------------------------------------- # Add migration header comment at the top of the file # Using a temp file to prepend since sed -i on macOS has quirks tmpwf=$(mktemp) printf '%s\n' "$MIGRATION_HEADER" > "$tmpwf" cat "$dest" >> "$tmpwf" mv "$tmpwf" "$dest" # Replace GitHub-specific context variables with Gitea equivalents. # Only match inside ${{ ... }} expression delimiters to avoid mangling # URLs, comments, or other strings that happen to contain "github.". # Two patterns: with spaces (${{ github.X }}) and without (${{github.X}}). # Character class [a-z_.] covers nested contexts like github.event.pull_request.number. tmpwf=$(mktemp) sed \ -e 's/\${{ github\.\([a-z_.]*\) }}/\${{ gitea.\1 }}/g' \ -e 's/\${{github\.\([a-z_.]*\)}}/\${{gitea.\1}}/g' \ "$dest" > "$tmpwf" mv "$tmpwf" "$dest" log_info " Migrated: ${local_name}" done # ------------------------------------------------------------------------- # Step 5: Commit and push # Configure git user for the commit (required for fresh clones) # ------------------------------------------------------------------------- cd "$CLONE_DIR" git config user.name "Gitea Migration" git config user.email "migration@gitea.local" git add .gitea/ git commit -q -m "Migrate workflows to Gitea Actions" git_with_auth git push -q origin HEAD cd "$SCRIPT_DIR" log_success "Workflows migrated for ${repo}" SUCCESS=$((SUCCESS + 1)) done # --------------------------------------------------------------------------- # Known limitations — print as informational warnings # --------------------------------------------------------------------------- printf '\n' log_warn "Known limitations (review manually):" log_warn " - GitHub-specific marketplace actions may not work in Gitea" log_warn " - Self-hosted runner tool caches may differ from GitHub-hosted" log_warn " - OIDC/secrets need to be re-configured in Gitea repo settings" # --------------------------------------------------------------------------- # Summary # --------------------------------------------------------------------------- printf '\n' TOTAL=${#REPOS[@]} log_info "Results: ${SUCCESS} migrated, ${SKIPPED} skipped, ${FAILED} failed (out of ${TOTAL})" if [[ $FAILED -gt 0 ]]; then log_error "Some repos failed — check logs above" exit 1 fi log_success "Phase 5 complete — pipelines migrated"