ci: upstream-sync workflow; retire upstream's GitHub-specific workflows

Daily cron at 12:00 UTC (plus manual dispatch) that: 1. Fetches from the Sulkta-Coop/element-x-upstream pull-mirror 2. Fast-forwards main to upstream/develop if it has advanced 3. Measures how many commits behind main the wallet branch is now 4. Posts a ping to the Infra Matrix room so we know a rebase is due Uses the house-bot (Matrix) account for notifications; token lives in the repo's MATRIX_HOUSE_BOT_TOKEN Actions secret. Removed .github/workflows/* — upstream's 18 workflows are GitHub-specific (GITHUB_TOKEN scopes, Firebase / Sonar / Sentry / Localazy secrets we don't have, macOS runners, etc). They were triggering on every push and failing immediately, flooding the runner log. We're not proposing these back upstream — we're a fork that doesn't publish to Play/F-Droid, so their CI isn't ours to run. If we ever need to see upstream's workflow definitions for reference, they're one click away on github.com/element-hq/element-x-android.
2026-04-17 10:49:26 -07:00 · 2026-04-17 10:49:26 -07:00 · b61ebd2f11
commit b61ebd2f11
parent de2edafe61
27 changed files with 96 additions and 2002 deletions
--- a/.gitea/workflows/upstream-sync.yml
+++ b/.gitea/workflows/upstream-sync.yml
@ -0,0 +1,96 @@
+name: Upstream sync
+
+# Daily check against the upstream mirror. Fast-forwards `main` to
+# `upstream/develop` when upstream has advanced, then pings the Infra
+# Matrix room so we know the wallet branch is due for a rebase.
+#
+# See SYNC.md on the wallet branch for the full topology + procedure
+# this job implements.
+
+on:
+  schedule:
+    # 12:00 UTC daily — quiet time for all our time zones, avoids the
+    # morning-meeting window where an unexpected Matrix ping is noise.
+    - cron: '0 12 * * *'
+  workflow_dispatch:  # manual trigger from the Actions UI too
+
+jobs:
+  sync-main:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout main
+        uses: actions/checkout@v4
+        with:
+          ref: main
+          fetch-depth: 0
+          # Built-in token Gitea hands us — scoped to this repo, has push.
+          token: ${{ secrets.GITEA_TOKEN }}
+
+      - name: Wire upstream mirror + fetch wallet
+        run: |
+          set -euo pipefail
+          # Sulkta-Coop/element-x-upstream is a read-only pull-mirror of
+          # github.com/element-hq/element-x-android. Kept local for
+          # LAN-speed fetches and offline resilience.
+          git remote add upstream http://192.168.0.5:3001/Sulkta-Coop/element-x-upstream.git
+          git fetch upstream develop
+          git fetch origin wallet:refs/remotes/origin/wallet
+
+      - name: Fast-forward main
+        id: ff
+        run: |
+          set -euo pipefail
+          git config user.name "sulkta-bot"
+          git config user.email "bot@sulkta.com"
+          OLD=$(git rev-parse --short HEAD)
+          echo "main was at $OLD"
+          if git merge --ff-only upstream/develop; then
+            NEW=$(git rev-parse --short HEAD)
+            if [ "$OLD" = "$NEW" ]; then
+              echo "main already up to date with upstream/develop"
+              echo "advanced=false" >> "$GITHUB_OUTPUT"
+            else
+              echo "main advanced: $OLD -> $NEW"
+              git push origin main
+              echo "advanced=true" >> "$GITHUB_OUTPUT"
+              echo "old=$OLD" >> "$GITHUB_OUTPUT"
+              echo "new=$NEW" >> "$GITHUB_OUTPUT"
+            fi
+          else
+            echo "::warning::main could not fast-forward to upstream/develop — someone committed to main directly?"
+            echo "advanced=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Measure wallet drift
+        if: steps.ff.outputs.advanced == 'true'
+        id: drift
+        run: |
+          set -euo pipefail
+          MB=$(git merge-base refs/remotes/origin/wallet main)
+          BEHIND=$(git rev-list --count "$MB..main")
+          NEW_ADDED=$(git rev-list --count "$MB..upstream/develop")
+          echo "behind=$BEHIND" >> "$GITHUB_OUTPUT"
+          echo "new_added=$NEW_ADDED" >> "$GITHUB_OUTPUT"
+          echo "wallet is $BEHIND commits behind main now; $NEW_ADDED new upstream commits this run"
+
+      - name: Matrix notification (Infra room)
+        if: steps.ff.outputs.advanced == 'true'
+        env:
+          MATRIX_TOKEN: ${{ secrets.MATRIX_HOUSE_BOT_TOKEN }}
+        run: |
+          set -euo pipefail
+          TXN=$(date +%s%N)
+          ROOM='!rvxiUrWpgvMTAwzjGm:sulkta.com'  # Infra
+          BODY="element-x upstream advanced · main ${{ steps.ff.outputs.old }} → ${{ steps.ff.outputs.new }} (${{ steps.drift.outputs.new_added }} commits). wallet is ${{ steps.drift.outputs.behind }} commits behind — rebase before next build."
+
+          # jq keeps the body properly JSON-escaped; safer than shell interp
+          # shellcheck disable=SC2086
+          PAYLOAD=$(printf '%s' "$BODY" | jq -Rs '{msgtype: "m.text", body: .}')
+
+          curl --fail -s -X PUT \
+            -H "Authorization: Bearer $MATRIX_TOKEN" \
+            -H "Content-Type: application/json" \
+            "https://chat.sulkta.com/_matrix/client/v3/rooms/${ROOM}/send/m.room.message/${TXN}" \
+            -d "$PAYLOAD"
+          echo "notified"