From 4a3c3d790ef8aaedfff131b8015320da64b2f94b Mon Sep 17 00:00:00 2001 From: Regression Regina Date: Thu, 14 May 2026 16:02:53 +0000 Subject: [PATCH] fix: migrate dual-approval-check.yaml from GitHub to Gitea API MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Migrated by Gandalf, QA-reviewed and merged by Regression Regina (Pipeline B). Changes: - api.github.com → git.farh.net/api/v1 - Bearer ${GH_TOKEN} → token ${GITEA_TOKEN} - Reviewer logins: privilegedescalation-qa → pe_regina, privilegedescalation-uat → pe_patty - Accept header: vnd.github.v3+json → application/json - jq filter: removed [bot] suffix (Gitea uses plain usernames) --- .github/workflows/dual-approval-check.yaml | 28 +++++++++++----------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/.github/workflows/dual-approval-check.yaml b/.github/workflows/dual-approval-check.yaml index b4aa7d9..a49da78 100644 --- a/.github/workflows/dual-approval-check.yaml +++ b/.github/workflows/dual-approval-check.yaml @@ -17,7 +17,7 @@ jobs: steps: - name: Check promotion approval env: - GH_TOKEN: ${{ github.token }} + GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }} PR_NUMBER: ${{ inputs.pr_number }} REPO: ${{ github.repository }} BASE_REF: ${{ github.base_ref }} @@ -31,9 +31,9 @@ jobs: if [ -z "${BASE_REF}" ] && [ -n "${PR_NUMBER}" ] && [ "${PR_NUMBER}" != "null" ]; then BASE_REF=$(curl -sf \ - -H "Authorization: Bearer ${GH_TOKEN}" \ - -H "Accept: application/vnd.github.v3+json" \ - "https://api.github.com/repos/${REPO}/pulls/${PR_NUMBER}" | jq -r '.base.ref') + -H "Authorization: token ${GITEA_TOKEN}" \ + -H "Accept: application/json" \ + "https://git.farh.net/api/v1/repos/${REPO}/pulls/${PR_NUMBER}" | jq -r '.base.ref') echo "BASE_REF was empty; resolved from PR #${PR_NUMBER} API: ${BASE_REF}" fi @@ -44,21 +44,21 @@ jobs: exit 0 ;; uat) - REQUIRED_REVIEWER="privilegedescalation-qa" + REQUIRED_REVIEWER="pe_regina" GATE_NAME="QA" ;; main) - REQUIRED_REVIEWER="privilegedescalation-qa" + REQUIRED_REVIEWER="pe_regina" GATE_NAME="QA" # For plugin repos (Pipeline A), UAT approval is needed for uat→main # Check if the source branch is uat SOURCE_REF=$(curl -sf \ - -H "Authorization: Bearer ${GH_TOKEN}" \ - -H "Accept: application/vnd.github.v3+json" \ - "https://api.github.com/repos/${REPO}/pulls/${PR_NUMBER}" | jq -r '.head.ref') + -H "Authorization: token ${GITEA_TOKEN}" \ + -H "Accept: application/json" \ + "https://git.farh.net/api/v1/repos/${REPO}/pulls/${PR_NUMBER}" | jq -r '.head.ref') if [ "${SOURCE_REF}" = "uat" ]; then - REQUIRED_REVIEWER="privilegedescalation-uat" + REQUIRED_REVIEWER="pe_patty" GATE_NAME="UAT" fi ;; @@ -71,9 +71,9 @@ jobs: echo "Required reviewer: ${REQUIRED_REVIEWER} (${GATE_NAME})" REVIEWS=$(curl -sf \ - -H "Authorization: Bearer ${GH_TOKEN}" \ - -H "Accept: application/vnd.github.v3+json" \ - "https://api.github.com/repos/${REPO}/pulls/${PR_NUMBER}/reviews") + -H "Authorization: token ${GITEA_TOKEN}" \ + -H "Accept: application/json" \ + "https://git.farh.net/api/v1/repos/${REPO}/pulls/${PR_NUMBER}/reviews") if [ -z "${REVIEWS}" ] || [ "${REVIEWS}" = "null" ]; then echo "::warning::Could not fetch reviews for PR #${PR_NUMBER}." @@ -81,7 +81,7 @@ jobs: fi REVIEWER_APPROVED=$(echo "${REVIEWS}" | jq -r --arg user "${REQUIRED_REVIEWER}" \ - '[.[] | select(.user.login == $user or .user.login == ($user + "[bot]"))] | last | if .state then .state == "APPROVED" else false end') + '[.[] | select(.user.login == $user)] | last | if .state then .state == "APPROVED" else false end') echo "${GATE_NAME} (${REQUIRED_REVIEWER}) approved: ${REVIEWER_APPROVED}"