brit/.github/workflows/sync-upstream.yml at main · ethosengine/brit · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# Sync gix-main branch with upstream/main.
#
# gix-main is a pristine mirror of GitoxideLabs/gitoxide's main branch.
# It MUST stay fast-forward-only. If a fast-forward fails, something
# has gone wrong and we want to know about it immediately rather than
# papering over it with a merge commit.
#
# Branch protection for gix-main should forbid direct pushes from
# anyone but this workflow.
name: sync-gix-main

on:
  schedule:
    # Every 6 hours. Upstream moves at a few commits per day, this is enough
    # cadence to have gix-main be fresh without burning Actions minutes.
    - cron: "17 */6 * * *"
  workflow_dispatch: {}

permissions:
  contents: write

jobs:
  sync:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout gix-main
        uses: actions/checkout@v4
        with:
          ref: gix-main
          fetch-depth: 0
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Configure git identity
        run: |
          git config user.name  "gix-main sync bot"
          git config user.email "ci@ethosengine.invalid"

      - name: Add upstream remote
        run: |
          git remote add upstream https://github.com/GitoxideLabs/gitoxide.git
          git fetch upstream main --tags

      - name: Fast-forward gix-main to upstream/main
        id: ff
        run: |
          set -eu
          before="$(git rev-parse HEAD)"
          target="$(git rev-parse upstream/main)"
          if [ "$before" = "$target" ]; then
            echo "Already up-to-date at $before."
            echo "changed=false" >> "$GITHUB_OUTPUT"
            exit 0
          fi
          # Fast-forward only. If this fails, gix-main has diverged from
          # upstream/main — that should never happen and is worth a loud failure.
          git merge --ff-only upstream/main
          after="$(git rev-parse HEAD)"
          echo "Advanced gix-main: $before -> $after"
          echo "changed=true" >> "$GITHUB_OUTPUT"

      - name: Push updated gix-main
        if: steps.ff.outputs.changed == 'true'
        run: git push origin gix-main

      # Tags are nice-to-have but not critical for our sync purposes.
      # Upstream has 6000+ tags; a single collision or protected-tag rule
      # would otherwise kill the whole run. Best-effort push, report in logs.
      - name: Push mirrored tags (best effort)
        if: steps.ff.outputs.changed == 'true'
        continue-on-error: true
        run: |
          set +e
          git push origin --tags 2>&1 | tee push-tags.log
          status=${PIPESTATUS[0]}
          if [ "$status" -ne 0 ]; then
            echo "::warning::Tag mirror push exited with status $status; some tags may not have synced. See push-tags.log above."
          fi
          exit 0