monitor: add support for Forgejo Actions

delan · delan · commit 1dba744a3472 · 2025-12-06T18:41:08.000+08:00
diff --git a/.env.example b/.env.example
@@ -1,4 +1,4 @@
-GITHUB_TOKEN=gho_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+GITHUB_OR_FORGEJO_TOKEN=gho_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 LIBVIRT_DEFAULT_URI=qemu:///system
 
 # Accept requests with this API token only.
diff --git a/monitor.toml.example b/monitor.toml.example
@@ -4,8 +4,14 @@ listen_on = ["::1", "192.168.100.1"]
 # Prepend this to any internal URL in our own responses. Must end with trailing slash.
 external_base_url = "http://[::1]:8000/"
 
-# GitHub Actions runner scope (`/repos/<owner>/<repo>` or `/orgs/<owner>`).
-github_api_scope = "/repos/delan/servo"
+# GitHub Actions runner scope, as a full URL including the domain of the forge. For example:
+# - `https://api.github.com/repos/<owner>/<repo>`
+# - `https://api.github.com/orgs/<org>`
+# - `https://codeberg.org/api/v1/repos/<owner>/<repo>`
+# - `https://codeberg.org/api/v1/orgs/<org>`
+# - `https://codeberg.org/api/v1/user`
+github_api_scope_url = "https://api.github.com/repos/delan/servo"
+github_api_is_forgejo = false
 
 # For tokenless runner select, qualified repos must start with this prefix.
 allowed_qualified_repo_prefix = "delan/"
diff --git a/monitor/settings/src/lib.rs b/monitor/settings/src/lib.rs
@@ -53,7 +53,7 @@ pub static TOML: LazyLock<Toml> = LazyLock::new(|| {
 
 #[derive(Default)]
 pub struct Dotenv {
-    // GITHUB_TOKEN not used
+    pub github_or_forgejo_token: String,
     // LIBVIRT_DEFAULT_URI not used
     pub monitor_api_token_raw_value: String,
     pub monitor_api_token_authorization_value: String,
@@ -64,7 +64,8 @@ pub struct Dotenv {
 pub struct Toml {
     pub listen_on: Vec<String>,
     pub external_base_url: String,
-    pub github_api_scope: String,
+    pub github_api_scope_url: String,
+    pub github_api_is_forgejo: bool,
     pub allowed_qualified_repo_prefix: String,
     pub github_api_suffix: String,
     monitor_poll_interval: u64,
@@ -94,6 +95,7 @@ impl Dotenv {
     pub fn load() -> Self {
         let monitor_api_token = env_string("SERVO_CI_MONITOR_API_TOKEN");
         let result = Self {
+            github_or_forgejo_token: env_string("GITHUB_OR_FORGEJO_TOKEN"),
             monitor_api_token_raw_value: monitor_api_token.clone(),
             monitor_api_token_authorization_value: Self::monitor_api_token_authorization_value(
                 &monitor_api_token,
@@ -106,6 +108,7 @@ impl Dotenv {
 
     #[cfg(any(test, feature = "test"))]
     fn load_for_tests() -> Self {
+        let mut github_or_forgejo_token = None;
         let mut monitor_data_path = None;
 
         // TODO: find a way to do this without a temporary file
@@ -122,6 +125,7 @@ impl Dotenv {
         for entry in dotenv::from_path_iter(env_path).expect("Failed to load temporary env file") {
             let (key, value) = entry.expect("Failed to load entry");
             match &*key {
+                "GITHUB_OR_FORGEJO_TOKEN" => github_or_forgejo_token = Some(value),
                 "SERVO_CI_MONITOR_API_TOKEN" => { /* do nothing (see below) */ }
                 "SERVO_CI_MONITOR_DATA_PATH" => monitor_data_path = Some(value),
                 _ => { /* do nothing */ }
@@ -132,6 +136,8 @@ impl Dotenv {
         let monitor_api_token = "ChangedMe";
 
         let result = Self {
+            github_or_forgejo_token: github_or_forgejo_token
+                .expect("Bad contents of monitor.toml.example"),
             monitor_api_token_raw_value: monitor_api_token.to_owned(),
             monitor_api_token_authorization_value: Self::monitor_api_token_authorization_value(
                 monitor_api_token,
diff --git a/monitor/src/github.rs b/monitor/src/github.rs
@@ -7,7 +7,7 @@ use chrono::{DateTime, FixedOffset};
 use cmd_lib::{run_cmd, run_fun};
 use jane_eyre::eyre::{self, Context};
 use serde::{Deserialize, Serialize};
-use settings::TOML;
+use settings::{DOTENV, TOML};
 use tracing::trace;
 
 #[derive(Clone, Debug, Deserialize, Serialize)]
@@ -107,10 +107,19 @@ impl<Response: Clone + Debug> Cache<Response> {
 }
 
 fn list_registered_runners() -> eyre::Result<Vec<ApiRunner>> {
-    let github_api_scope = &TOML.github_api_scope;
-    let result = run_fun!(gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28"
-    "$github_api_scope/actions/runners" --paginate -q ".runners[]"
-    | jq -s .)?;
+    let github_or_forgejo_token = &DOTENV.github_or_forgejo_token;
+    let github_api_scope_url = &TOML.github_api_scope_url;
+    let result = if TOML.github_api_is_forgejo {
+        // FIXME: this leaks the token in logs when the command fails
+        run_fun!(curl -fsSH "Authorization: token $github_or_forgejo_token"
+            "$github_api_scope_url/actions/runners" // TODO: pagination?
+            | jq -er ".runners")?
+    } else {
+        run_fun!(GITHUB_TOKEN=$github_or_forgejo_token gh api
+            -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28"
+            "$github_api_scope_url/actions/runners" --paginate -q ".runners[]"
+            | jq -s .)?
+    };
 
     Ok(serde_json::from_str(&result).wrap_err("Failed to parse JSON")?)
 }
@@ -127,20 +136,37 @@ pub fn list_registered_runners_for_host() -> eyre::Result<Vec<ApiRunner>> {
 }
 
 pub fn register_runner(runner_name: &str, label: &str, work_folder: &str) -> eyre::Result<String> {
+    let github_or_forgejo_token = &DOTENV.github_or_forgejo_token;
+    let github_api_scope_url = &TOML.github_api_scope_url;
     let github_api_suffix = &TOML.github_api_suffix;
-    let github_api_scope = &TOML.github_api_scope;
-    let result = run_fun!(gh api --method POST -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28"
-    "$github_api_scope/actions/runners/generate-jitconfig"
-    -f "name=$runner_name@$github_api_suffix" -F "runner_group_id=1" -f "work_folder=$work_folder"
-    -f "labels[]=self-hosted" -f "labels[]=X64" -f "labels[]=$label")?;
+    let result = if TOML.github_api_is_forgejo {
+        // FIXME: this leaks the token in logs when the command fails
+        // TODO: this doesn’t actually register a runner, it just gets a registration token
+        run_fun!(curl -fsSH "Authorization: token $github_or_forgejo_token"
+            -X POST "$github_api_scope_url/actions/runners/registration-token/TODO")?
+    } else {
+        run_fun!(GITHUB_TOKEN=$github_or_forgejo_token gh api
+            -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28"
+            --method POST "$github_api_scope_url/actions/runners/generate-jitconfig"
+            -f "name=$runner_name@$github_api_suffix" -F "runner_group_id=1" -f "work_folder=$work_folder"
+            -f "labels[]=self-hosted" -f "labels[]=X64" -f "labels[]=$label")?
+    };
 
     Ok(result)
 }
 
 pub fn unregister_runner(id: usize) -> eyre::Result<()> {
-    let github_api_scope = &TOML.github_api_scope;
-    run_cmd!(gh api --method DELETE -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28"
-        "$github_api_scope/actions/runners/$id")?;
+    let github_or_forgejo_token = &DOTENV.github_or_forgejo_token;
+    let github_api_scope_url = &TOML.github_api_scope_url;
+    if TOML.github_api_is_forgejo {
+        // FIXME: this leaks the token in logs when the command fails
+        run_cmd!(curl -fsSH "Authorization: token $github_or_forgejo_token"
+            -X DELETE "$github_api_scope_url/actions/runners/$id")?;
+    } else {
+        run_cmd!(GITHUB_TOKEN=$github_or_forgejo_token gh api
+            -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28"
+            --method DELETE "$github_api_scope_url/actions/runners/$id")?;
+    }
 
     Ok(())
 }
@@ -151,13 +177,19 @@ pub fn reserve_runner(
     reserved_since: SystemTime,
     reserved_by: &str,
 ) -> eyre::Result<()> {
-    let github_api_scope = &TOML.github_api_scope;
+    let github_or_forgejo_token = &DOTENV.github_or_forgejo_token;
+    let github_api_scope_url = &TOML.github_api_scope_url;
     let reserved_since = reserved_since.duration_since(UNIX_EPOCH)?.as_secs();
-    run_cmd!(gh api --method POST -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28"
-        "$github_api_scope/actions/runners/$id/labels"
-        -f "labels[]=reserved-for:$unique_id"
-        -f "labels[]=reserved-since:$reserved_since"
-        -f "labels[]=reserved-by:$reserved_by")?;
+    if TOML.github_api_is_forgejo {
+        todo!()
+    } else {
+        run_cmd!(GITHUB_TOKEN=$github_or_forgejo_token gh api
+            -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28"
+            --method POST "$github_api_scope_url/actions/runners/$id/labels"
+            -f "labels[]=reserved-for:$unique_id"
+            -f "labels[]=reserved-since:$reserved_since"
+            -f "labels[]=reserved-by:$reserved_by")?;
+    }
 
     Ok(())
 }

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-GITHUB_TOKEN=gho_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX`
	`1`	`+GITHUB_OR_FORGEJO_TOKEN=gho_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX`
`2`	`2`	`LIBVIRT_DEFAULT_URI=qemu:///system`
`3`	`3`
`4`	`4`	`# Accept requests with this API token only.`