monitor: add support for Forgejo Actions

delan · delan · commit fdb25933f09f · 2025-12-06T18:28:31.000+08:00
diff --git a/.env.example b/.env.example
@@ -1,4 +1,4 @@
-GITHUB_TOKEN=gho_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+GITHUB_OR_FORGEJO_TOKEN=gho_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 LIBVIRT_DEFAULT_URI=qemu:///system
 
 # Accept requests with this API token only.
diff --git a/monitor.toml.example b/monitor.toml.example
@@ -4,8 +4,14 @@ listen_on = ["::1", "192.168.100.1"]
 # Prepend this to any internal URL in our own responses. Must end with trailing slash.
 external_base_url = "http://[::1]:8000/"
 
-# GitHub Actions runner scope (`/repos/<owner>/<repo>` or `/orgs/<owner>`).
-github_api_scope = "/repos/delan/servo"
+# GitHub Actions runner scope, as a full URL including the domain of the forge. For example:
+# - `https://api.github.com/repos/<owner>/<repo>`
+# - `https://api.github.com/orgs/<org>`
+# - `https://codeberg.org/api/v1/repos/<owner>/<repo>`
+# - `https://codeberg.org/api/v1/orgs/<org>`
+# - `https://codeberg.org/api/v1/user`
+github_api_scope_url = "https://api.github.com/repos/delan/servo"
+github_api_is_forgejo = false
 
 # For tokenless runner select, qualified repos must start with this prefix.
 allowed_qualified_repo_prefix = "delan/"
diff --git a/monitor/settings/src/lib.rs b/monitor/settings/src/lib.rs
@@ -53,7 +53,7 @@ pub static TOML: LazyLock<Toml> = LazyLock::new(|| {
 
 #[derive(Default)]
 pub struct Dotenv {
-    // GITHUB_TOKEN not used
+    pub github_or_forgejo_token: String,
     // LIBVIRT_DEFAULT_URI not used
     pub monitor_api_token_raw_value: String,
     pub monitor_api_token_authorization_value: String,
@@ -64,7 +64,8 @@ pub struct Dotenv {
 pub struct Toml {
     pub listen_on: Vec<String>,
     pub external_base_url: String,
-    pub github_api_scope: String,
+    pub github_api_scope_url: String,
+    pub github_api_is_forgejo: bool,
     pub allowed_qualified_repo_prefix: String,
     pub github_api_suffix: String,
     monitor_poll_interval: u64,
@@ -94,6 +95,7 @@ impl Dotenv {
     pub fn load() -> Self {
         let monitor_api_token = env_string("SERVO_CI_MONITOR_API_TOKEN");
         let result = Self {
+            github_or_forgejo_token: env_string("GITHUB_OR_FORGEJO_TOKEN"),
             monitor_api_token_raw_value: monitor_api_token.clone(),
             monitor_api_token_authorization_value: Self::monitor_api_token_authorization_value(
                 &monitor_api_token,
diff --git a/monitor/src/github.rs b/monitor/src/github.rs
@@ -7,7 +7,7 @@ use chrono::{DateTime, FixedOffset};
 use cmd_lib::{run_cmd, run_fun};
 use jane_eyre::eyre::{self, Context};
 use serde::{Deserialize, Serialize};
-use settings::TOML;
+use settings::{DOTENV, TOML};
 use tracing::trace;
 
 #[derive(Clone, Debug, Deserialize, Serialize)]
@@ -107,10 +107,19 @@ impl<Response: Clone + Debug> Cache<Response> {
 }
 
 fn list_registered_runners() -> eyre::Result<Vec<ApiRunner>> {
-    let github_api_scope = &TOML.github_api_scope;
-    let result = run_fun!(gh api -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28"
-    "$github_api_scope/actions/runners" --paginate -q ".runners[]"
-    | jq -s .)?;
+    let github_or_forgejo_token = &DOTENV.github_or_forgejo_token;
+    let github_api_scope_url = &TOML.github_api_scope_url;
+    let result = if TOML.github_api_is_forgejo {
+        // FIXME: this leaks the token in logs when the command fails
+        run_fun!(curl -fsSH "Authorization: token $github_or_forgejo_token"
+            "$github_api_scope_url/actions/runners" // TODO: pagination?
+            | jq -er ".runners")?
+    } else {
+        run_fun!(GITHUB_TOKEN=$github_or_forgejo_token gh api
+            -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28"
+            "$github_api_scope_url/actions/runners" --paginate -q ".runners[]"
+            | jq -s .)?
+    };
 
     Ok(serde_json::from_str(&result).wrap_err("Failed to parse JSON")?)
 }
@@ -126,19 +135,19 @@ pub fn list_registered_runners_for_host() -> eyre::Result<Vec<ApiRunner>> {
 
 pub fn register_runner(runner_name: &str, label: &str, work_folder: &str) -> eyre::Result<String> {
     let github_api_suffix = &TOML.github_api_suffix;
-    let github_api_scope = &TOML.github_api_scope;
+    let github_api_scope_url = &TOML.github_api_scope_url;
     let result = run_fun!(gh api --method POST -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28"
-    "$github_api_scope/actions/runners/generate-jitconfig"
+    "$github_api_scope_url/actions/runners/generate-jitconfig"
     -f "name=$runner_name@$github_api_suffix" -F "runner_group_id=1" -f "work_folder=$work_folder"
     -f "labels[]=self-hosted" -f "labels[]=X64" -f "labels[]=$label")?;
 
     Ok(result)
 }
 
 pub fn unregister_runner(id: usize) -> eyre::Result<()> {
-    let github_api_scope = &TOML.github_api_scope;
+    let github_api_scope_url = &TOML.github_api_scope_url;
     run_cmd!(gh api --method DELETE -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28"
-        "$github_api_scope/actions/runners/$id")?;
+        "$github_api_scope_url/actions/runners/$id")?;
 
     Ok(())
 }
@@ -149,10 +158,10 @@ pub fn reserve_runner(
     reserved_since: SystemTime,
     reserved_by: &str,
 ) -> eyre::Result<()> {
-    let github_api_scope = &TOML.github_api_scope;
+    let github_api_scope_url = &TOML.github_api_scope_url;
     let reserved_since = reserved_since.duration_since(UNIX_EPOCH)?.as_secs();
     run_cmd!(gh api --method POST -H "Accept: application/vnd.github+json" -H "X-GitHub-Api-Version: 2022-11-28"
-        "$github_api_scope/actions/runners/$id/labels"
+        "$github_api_scope_url/actions/runners/$id/labels"
         -f "labels[]=reserved-for:$unique_id"
         -f "labels[]=reserved-since:$reserved_since"
         -f "labels[]=reserved-by:$reserved_by")?;

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-GITHUB_TOKEN=gho_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX`
	`1`	`+GITHUB_OR_FORGEJO_TOKEN=gho_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX`
`2`	`2`	`LIBVIRT_DEFAULT_URI=qemu:///system`
`3`	`3`
`4`	`4`	`# Accept requests with this API token only.`