add support for Forgejo Actions

.env.example

@@ -1,4 +1,4 @@
-GITHUB_TOKEN=gho_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
+GITHUB_OR_FORGEJO_TOKEN=gho_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 LIBVIRT_DEFAULT_URI=qemu:///system
 
 # Accept requests with this API token only.

.forgejo/workflows/self-test-codeberg.yml

@@ -0,0 +1,50 @@
+on: workflow_dispatch
+
+jobs:
+  runner-select:
+    runs-on: codeberg-tiny
+    outputs:
+      unique-id: ${{ steps.select.outputs.unique-id }}
+      selected-runner-label: ${{ steps.select.outputs.selected-runner-label }}
+      runner-type-label: ${{ steps.select.outputs.runner-type-label }}
+      is-self-hosted: ${{ steps.select.outputs.is-self-hosted }}
+    steps:
+      - uses: actions/checkout@v4
+      - name: Runner select
+        id: select
+        uses: ./actions/runner-select
+        with:
+          forge-is-forgejo: true
+          queue-api-base-url: http://home.daz.cat:8002
+          GITHUB_TOKEN: ${{ github.token }}
+          # Before updating the GH action runner image for the nightly job, ensure
+          # that the system has a glibc version that is compatible with the one
+          # used by the wpt.fyi runners.
+          github-hosted-runner-label: codeberg-tiny
+          self-hosted-image-name: base-ubuntu2204
+          # You can disable self-hosted runners globally by creating a repository variable named
+          # NO_SELF_HOSTED_RUNNERS with any non-empty value.
+          # <https://github.com/servo/servo/settings/variables/actions>
+          NO_SELF_HOSTED_RUNNERS: ${{ vars.NO_SELF_HOSTED_RUNNERS }}
+          # Any other boolean conditions that disable self-hosted runners go here.
+          force-github-hosted-runner: ${{ inputs.upload || inputs.force-github-hosted-runner }}
+  runner-timeout:
+    needs:
+      - runner-select
+    if: ${{ fromJSON(needs.runner-select.outputs.is-self-hosted) }}
+    runs-on: codeberg-tiny
+    steps:
+      - uses: actions/checkout@v4
+      - name: Runner timeout
+        uses: ./actions/runner-timeout
+        with:
+          github_token: '${{ secrets.GITHUB_TOKEN }}'
+          unique-id: '${{ needs.runner-select.outputs.unique-id }}'
+
+  build:
+    needs:
+      - runner-select
+    name: build [${{ needs.runner-select.outputs.unique-id }}]
+    runs-on: ${{ needs.runner-select.outputs.selected-runner-label }}
+    steps:
+      - uses: actions/checkout@v4

.github/workflows/self-test.yml

@@ -14,6 +14,8 @@ jobs:
         id: select
         uses: ./actions/runner-select
         with:
+          forge-is-forgejo: false
+          queue-api-base-url: https://ci0.servo.org/queue
           GITHUB_TOKEN: ${{ github.token }}
           # Before updating the GH action runner image for the nightly job, ensure
           # that the system has a glibc version that is compatible with the one

actions/runner-select/action.yml

@@ -1,5 +1,11 @@
 name: Select Self-hosted Runner
 inputs:
+  forge-is-forgejo:
+    required: true
+    type: boolean
+  queue-api-base-url:
+    required: true
+    type: string
   GITHUB_TOKEN:
     required: true
     type: string
@@ -41,6 +47,19 @@ runs:
 
         set -euo pipefail
 
+        apt_install() {
+            # Install distro packages, but only if one or more are not already installed.
+            # Update the package lists first, to avoid failures when rebaking old images.
+            if ! dpkg -s "$@" > /dev/null 2>&1; then
+                apt update
+                # DEBIAN_FRONTEND needed to avoid hang when installing tshark
+                DEBIAN_FRONTEND=noninteractive apt install -y "$@"
+            fi
+        }
+
+        # Already installed on GitHub ubuntu-24.04, but not Codeberg codeberg-tiny.
+        apt_install uuid-runtime
+
         # Generate a unique id that allows the workload job to find the runner
         # we are reserving for it (via runner labels), and allows the timeout
         # job to find the workload job run (via the job’s friendly name), even
@@ -78,7 +97,7 @@ runs:
     - id: artifact
       name: Publish artifact with args
       if: ${{ !fromJSON(steps.init.outputs.disabled) }}
-      uses: actions/upload-artifact@v4
+      uses: ${{ inputs.forge-is-forgejo && 'forgejo/upload-artifact@v4' || 'actions/upload-artifact@v4' }}
       with:
         name: servo-ci-runners_${{ steps.init.outputs.unique_id }}
         path: ${{ steps.init.outputs.artifact_path }}
@@ -88,6 +107,7 @@ runs:
       name: Find a server and reserve a runner
       shell: bash
       run: |
+        queue_api_base_url='${{ inputs.queue-api-base-url }}'
         github_hosted_runner_label='${{ inputs.github-hosted-runner-label }}'
         self_hosted_image_name='${{ inputs.self-hosted-image-name }}'
         disabled='${{ steps.init.outputs.disabled }}'
@@ -107,7 +127,6 @@ runs:
           fall_back_to_github_hosted
         fi
 
-        queue_api_base_url=https://ci0.servo.org/queue
         # Use the queue API to enqueue this job.
         enqueue_url=$queue_api_base_url/enqueue\?unique_id=$unique_id\&qualified_repo=${{ github.repository }}\&run_id=${{ github.run_id }}
         result=$(mktemp)

monitor.toml.example

@@ -4,8 +4,14 @@ listen_on = ["::1", "192.168.100.1"]
 # Prepend this to any internal URL in our own responses. Must end with trailing slash.
 external_base_url = "http://[::1]:8000/"
 
-# GitHub Actions runner scope (`/repos/<owner>/<repo>` or `/orgs/<owner>`).
-github_api_scope = "/repos/delan/servo"
+# GitHub Actions runner scope, as a full URL including the domain of the forge. For example:
+# - `https://api.github.com/repos/<owner>/<repo>`
+# - `https://api.github.com/orgs/<org>`
+# - `https://codeberg.org/api/v1/repos/<owner>/<repo>`
+# - `https://codeberg.org/api/v1/orgs/<org>`
+# - `https://codeberg.org/api/v1/user`
+github_api_scope_url = "https://api.github.com/repos/delan/servo"
+github_api_is_forgejo = false
 
 # For tokenless runner select, qualified repos must start with this prefix.
 allowed_qualified_repo_prefix = "delan/"

monitor/Cargo.toml

@@ -31,6 +31,7 @@ tracing = { workspace = true }
 tracing-subscriber = { workspace = true }
 web = { workspace = true }
 rand = "0.9.1"
+url = "2.5.7"
 
 [dev-dependencies]
 settings = { workspace = true, features = ["test"] }

monitor/settings/Cargo.toml

@@ -15,3 +15,4 @@ mktemp = { workspace = true }
 serde = { workspace = true }
 toml = { workspace = true }
 tracing = { workspace = true }
+url = { version = "2.5.7", features = ["serde"] }

monitor/settings/src/lib.rs

@@ -16,6 +16,7 @@ use std::{
 use chrono::TimeDelta;
 use jane_eyre::eyre::{self, bail};
 use serde::Deserialize;
+use url::Url;
 
 use crate::{profile::Profile, queue::QueueConfig, units::MemorySize};
 
@@ -53,7 +54,7 @@ pub static TOML: LazyLock<Toml> = LazyLock::new(|| {
 
 #[derive(Default)]
 pub struct Dotenv {
-    // GITHUB_TOKEN not used
+    pub github_or_forgejo_token: String,
     // LIBVIRT_DEFAULT_URI not used
     pub monitor_api_token_raw_value: String,
     pub monitor_api_token_authorization_value: String,
@@ -64,7 +65,8 @@ pub struct Dotenv {
 pub struct Toml {
     pub listen_on: Vec<String>,
     pub external_base_url: String,
-    pub github_api_scope: String,
+    pub github_api_scope_url: Url,
+    pub github_api_is_forgejo: bool,
     pub allowed_qualified_repo_prefix: String,
     pub github_api_suffix: String,
     monitor_poll_interval: u64,
@@ -94,6 +96,7 @@ impl Dotenv {
     pub fn load() -> Self {
         let monitor_api_token = env_string("SERVO_CI_MONITOR_API_TOKEN");
         let result = Self {
+            github_or_forgejo_token: env_string("GITHUB_OR_FORGEJO_TOKEN"),
             monitor_api_token_raw_value: monitor_api_token.clone(),
             monitor_api_token_authorization_value: Self::monitor_api_token_authorization_value(
                 &monitor_api_token,
@@ -106,6 +109,7 @@ impl Dotenv {
 
     #[cfg(any(test, feature = "test"))]
     fn load_for_tests() -> Self {
+        let mut github_or_forgejo_token = None;
         let mut monitor_data_path = None;
 
         // TODO: find a way to do this without a temporary file
@@ -122,6 +126,7 @@ impl Dotenv {
         for entry in dotenv::from_path_iter(env_path).expect("Failed to load temporary env file") {
             let (key, value) = entry.expect("Failed to load entry");
             match &*key {
+                "GITHUB_OR_FORGEJO_TOKEN" => github_or_forgejo_token = Some(value),
                 "SERVO_CI_MONITOR_API_TOKEN" => { /* do nothing (see below) */ }
                 "SERVO_CI_MONITOR_DATA_PATH" => monitor_data_path = Some(value),
                 _ => { /* do nothing */ }
@@ -132,6 +137,8 @@ impl Dotenv {
         let monitor_api_token = "ChangedMe";
 
         let result = Self {
+            github_or_forgejo_token: github_or_forgejo_token
+                .expect("Bad contents of monitor.toml.example"),
             monitor_api_token_raw_value: monitor_api_token.to_owned(),
             monitor_api_token_authorization_value: Self::monitor_api_token_authorization_value(
                 monitor_api_token,