diff --git a/.forgejo/Dockerfile b/.forgejo/Dockerfile index 73d5916..39766ae 100644 --- a/.forgejo/Dockerfile +++ b/.forgejo/Dockerfile @@ -6,12 +6,6 @@ # ExecStart=/usr/local/bin/forgejo-runner daemon --config /etc/forgejo/config.yml FROM ghcr.io/catthehacker/ubuntu:go-24.04 -# Infrastructure tools required by CI workflows -RUN apt-get update && apt-get install -y --no-install-recommends \ - stunnel4 \ - netcat-openbsd \ - && rm -rf /var/lib/apt/lists/* - # Dagger CLI — pinned to match the engine version on the runner host RUN curl -fsSL https://dl.dagger.io/dagger/install.sh \ | DAGGER_VERSION=0.20.8 BIN_DIR=/usr/local/bin sh diff --git a/.forgejo/workflows/deploy.yml b/.forgejo/workflows/deploy.yml index 888a153..722de6a 100644 --- a/.forgejo/workflows/deploy.yml +++ b/.forgejo/workflows/deploy.yml @@ -106,14 +106,10 @@ jobs: run: | command -v dagger >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; } command -v task >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; } - dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; } - - name: Setup Dagger Remote Engine (via stunnel) + - name: Setup Dagger Remote Engine env: - DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }} - DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }} - DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }} - DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }} + SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }} run: scripts/setup_dagger_remote.sh - name: Publish Android to Play Store @@ -125,9 +121,6 @@ jobs: DAGGER_NO_NAG: "1" run: task publish-android - - name: Cleanup TLS credentials - if: always() - run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid deploy-apk: name: Build & Deploy APK to Server @@ -145,14 +138,10 @@ jobs: run: | command -v dagger >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; } command -v task >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; } - dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; } - - name: Setup Dagger Remote Engine (via stunnel) + - name: Setup Dagger Remote Engine env: - DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }} - DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }} - DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }} - DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }} + SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }} run: scripts/setup_dagger_remote.sh - name: Build & Deploy APK to server @@ -167,9 +156,6 @@ jobs: DAGGER_NO_NAG: "1" run: task deploy-apk - - name: Cleanup TLS credentials - if: always() - run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid build-linux: name: Build Linux Release @@ -187,14 +173,10 @@ jobs: run: | command -v dagger >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; } command -v task >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; } - dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; } - - name: Setup Dagger Remote Engine (via stunnel) + - name: Setup Dagger Remote Engine env: - DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }} - DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }} - DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }} - DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }} + SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }} run: scripts/setup_dagger_remote.sh - name: Build & Deploy Linux to server @@ -207,9 +189,6 @@ jobs: DAGGER_NO_NAG: "1" run: task deploy-linux - - name: Cleanup TLS credentials - if: always() - run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid label-deploy-health: name: Update Deploy Health Label diff --git a/.forgejo/workflows/firebase-tests.yml b/.forgejo/workflows/firebase-tests.yml index 5a4b277..e7df92f 100644 --- a/.forgejo/workflows/firebase-tests.yml +++ b/.forgejo/workflows/firebase-tests.yml @@ -58,14 +58,10 @@ jobs: run: | command -v dagger >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; } command -v task >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; } - dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; } - - name: Setup Dagger Remote Engine (via stunnel) + - name: Setup Dagger Remote Engine env: - DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }} - DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }} - DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }} - DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }} + SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }} run: scripts/setup_dagger_remote.sh - name: Run Android Tests on Firebase Test Lab @@ -76,10 +72,6 @@ jobs: DAGGER_NO_NAG: "1" run: task test-android-firebase - - name: Cleanup TLS credentials - if: always() - run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid - - name: Create issue on test failure if: failure() env: diff --git a/.forgejo/workflows/renovate.yml b/.forgejo/workflows/renovate.yml index 759d5eb..4467e42 100644 --- a/.forgejo/workflows/renovate.yml +++ b/.forgejo/workflows/renovate.yml @@ -18,14 +18,10 @@ jobs: run: | command -v dagger >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; } command -v task >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; } - dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; } - - name: Setup Dagger Remote Engine (via stunnel) + - name: Setup Dagger Remote Engine env: - DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }} - DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }} - DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }} - DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }} + SOPS_AGE_KEY: ${{ secrets.SOPS_AGE_KEY }} run: scripts/setup_dagger_remote.sh - name: Run Renovate @@ -33,7 +29,3 @@ jobs: DAGGER_NO_NAG: "1" RENOVATE_FORGEJO_TOKEN: ${{ secrets.RENOVATE_FORGEJO_TOKEN }} run: task renovate - - - name: Cleanup TLS credentials - if: always() - run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid diff --git a/.forgejo/workflows/website.yml b/.forgejo/workflows/website.yml index 2adfc33..7e47bd2 100644 --- a/.forgejo/workflows/website.yml +++ b/.forgejo/workflows/website.yml @@ -26,7 +26,6 @@ jobs: run: | command -v dagger >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; } command -v task >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; } - dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; } - name: Setup Dagger Remote Engine env: @@ -48,7 +47,3 @@ jobs: env: SSH_HOST: ${{ secrets.WEBSITE_SSH_HOST }} run: scripts/website-verify.sh - - - name: Cleanup TLS credentials - if: always() - run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid