d0693206c3
* feat: add autoMirrorStarred toggle for selective starred repo mirroring (#205) Add `githubConfig.autoMirrorStarred` (default: false) to control whether starred repos are included in automatic mirroring operations. Manual per-repo actions always work regardless of this toggle. Bug fixes: - Cleanup service no longer orphans starred repos when includeStarred is disabled (prevents data loss) - First-boot auto-start now gates initial mirror behind autoMirror config (previously mirrored everything unconditionally) - "Mirror All" button now respects autoMirrorStarred setting - Bulk mirror and getAvailableActions now include pending-approval status Changes span schema, config mapping, env loader, scheduler, cleanup service, UI settings toggle, and repository components. * fix: log activity when repos are auto-imported during scheduled sync Auto-discovered repositories (including newly starred ones) were inserted into the database without creating activity log entries, so they appeared in the dashboard but not in the activity log. * ci: set 10-minute timeout on all CI jobs
GitHub Workflows for Gitea Mirror
This directory contains GitHub Actions workflows that automate the build, test, and deployment processes for the Gitea Mirror application.
Workflow Overview
| Workflow | File | Purpose |
|---|---|---|
| Astro Build and Test | astro-build-test.yml |
Builds and tests the Astro application for all branches and PRs |
| Docker Build and Push | docker-build.yml |
Builds and pushes Docker images only for the main branch |
| Docker Security Scan | docker-scan.yml |
Scans Docker images for security vulnerabilities |
Workflow Details
Astro Build and Test (astro-build-test.yml)
This workflow runs on all branches and pull requests. It:
- Builds the Astro project
- Runs all tests
- Uploads build artifacts for potential use in other workflows
When it runs:
-
On push to any branch (except changes to README.md and docs)
-
On pull requests to any branch (except changes to README.md and docs)
-
Uses Bun for dependency installation
-
Caches dependencies to speed up builds
-
Uploads build artifacts for 7 days
Docker Build and Push (docker-build.yml)
This workflow builds Docker images on pushes and pull requests, and pushes to GitHub Container Registry (ghcr.io) when permissions allow (main/tags and same-repo PRs).
When it runs:
- On push to the main branch
- On tag creation (v*)
- On pull requests (build + scan; push only for same-repo PRs)
Key features:
- Builds multi-architecture images (amd64 and arm64)
- Pushes images for main/tags and same-repo PRs
- Skips registry push for fork PRs (avoids package write permission failures)
- Uses build caching to speed up builds
- Creates multiple tags for each image (latest, semver, sha)
Docker Security Scan (docker-scan.yml)
This workflow scans Docker images for security vulnerabilities using Trivy.
When it runs:
- On push to the main branch that affects Docker-related files
- Weekly on Sunday at midnight (scheduled)
Key features:
- Scans for critical and high severity vulnerabilities
- Fails the build if vulnerabilities are found
- Ignores unfixed vulnerabilities
CI/CD Pipeline Philosophy
Our CI/CD pipeline follows these principles:
- Fast feedback for developers: The Astro build and test workflow runs on all branches and PRs to provide quick feedback.
- Efficient resource usage: Docker images are only built when changes are merged to main, not for every PR.
- Security first: Regular security scanning ensures our Docker images are free from known vulnerabilities.
- Multi-architecture support: All Docker images are built for both amd64 and arm64 architectures.
Adding or Modifying Workflows
When adding or modifying workflows:
- Ensure the workflow follows the existing patterns
- Test the workflow on a branch before merging to main
- Update this README if you add a new workflow or significantly change an existing one
- Consider the impact on CI resources and build times
Troubleshooting
If a workflow fails:
- Check the workflow logs in the GitHub Actions tab
- Common issues include:
- Test failures
- Build errors
- Docker build issues
- Security vulnerabilities
For persistent issues, consider opening an issue in the repository.
Helm Test (helm-test.yml)
This workflow run on the main branch and pull requests. it:
- Run yamllint to keep the formating unified
- Run helm template with different value files