text-extract/.forgejo/workflows/ci.yml
flemming-it c4119169af
Some checks failed
CI / Linux x86_64 (Forgejo) (push) Failing after 2s
ci: clone fai/module-sdk anonymously, not with cross-org token
Initial CI run on commit cc72db04 failed in 2 seconds because
the workflow used the repo-scoped GITHUB_TOKEN to clone the
sibling fai/module-sdk repository. That token is scoped to the
current repo (fai-modules/text-extract) and could not read a
private repo in a different org (fai/), so git fetch returned
401 and aborted the run.

fai/module-sdk has been made public — the SDK is the
authoring-surface for module developers and contains nothing
that needs to stay private. With the SDK public, an anonymous
clone is sufficient and avoids the cross-org token-scope
friction entirely.

The text-extract repo itself stays private; only the
authoring-surface SDK is public.

Bumps the module patch version 0.1.0 -> 0.1.1 per the
per-commit policy.

Signed-off-by: flemming-it <sf@flemming.it>
2026-05-01 17:14:53 +02:00

92 lines
2.9 KiB
YAML

name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
CARGO_TERM_COLOR: always
RUSTFLAGS: "-D warnings"
RUST_TOOLCHAIN: "1.86"
jobs:
ci:
name: Linux x86_64 (Forgejo)
runs-on: ubuntu-latest
steps:
# Manual external-URL checkout — see fai/platform CI for
# background. Lays this repo at $GITHUB_WORKSPACE.
- name: Checkout text-extract via external URL
run: |
set -eu
mkdir -p "$GITHUB_WORKSPACE"
cd "$GITHUB_WORKSPACE"
git init -q
git remote add origin \
"https://x-access-token:${GITHUB_TOKEN}@git.flemming.ws/${GITHUB_REPOSITORY}.git"
git fetch --depth=1 origin "$GITHUB_SHA"
git checkout -q FETCH_HEAD
# text-extract depends on fai-module-sdk via a sibling-path
# dependency: ../../module_sdk/crates/fai-module-sdk
# We materialize that layout by cloning module-sdk two
# levels up from $GITHUB_WORKSPACE. This is a transient
# arrangement until the SDK is published as a versioned
# git tag or registry crate.
- name: Checkout fai/module-sdk into sibling layout
run: |
set -eu
parent="$(dirname "$GITHUB_WORKSPACE")"
grandparent="$(dirname "$parent")"
sdk_dir="$grandparent/module_sdk"
mkdir -p "$sdk_dir"
cd "$sdk_dir"
git init -q
# The SDK lives in a different Forgejo org (fai/) and the
# repo-scoped GITHUB_TOKEN cannot read it. The SDK is
# public, so an anonymous clone is sufficient and avoids
# cross-org token-scope friction.
git remote add origin \
"https://git.flemming.ws/fai/module-sdk.git"
git fetch --depth=1 origin main
git checkout -q FETCH_HEAD
echo "module-sdk checked out at: $sdk_dir"
- name: Install system dependencies
run: |
apt-get update -qq
apt-get install -y --no-install-recommends \
curl \
ca-certificates \
build-essential \
pkg-config \
libssl-dev \
git
- name: Install Rust toolchain
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs \
| sh -s -- -y \
--profile minimal \
--default-toolchain "$RUST_TOOLCHAIN" \
--target wasm32-wasip2 \
--component rustfmt \
--component clippy
echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"
- name: Cargo fmt --check
run: cargo fmt --all -- --check
- name: Cargo clippy
run: cargo clippy --all-targets -- -D warnings
- name: Cargo build (host)
run: cargo build --all-targets
- name: Cargo test (host)
run: cargo test --all-targets
- name: Cargo build (wasm32-wasip2)
run: cargo build --release --target wasm32-wasip2