From b49f1f170a95500ba3252e3b67e46d4526bbb620 Mon Sep 17 00:00:00 2001 From: alpha-nerd Date: Mon, 11 May 2026 17:55:58 +0200 Subject: [PATCH 1/3] =?UTF-8?q?.forgejo/workflows/opencode.yml=20hinzugef?= =?UTF-8?q?=C3=BCgt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit add opencode bot for automatic issue management --- .forgejo/workflows/opencode.yml | 62 +++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 .forgejo/workflows/opencode.yml diff --git a/.forgejo/workflows/opencode.yml b/.forgejo/workflows/opencode.yml new file mode 100644 index 0000000..6d126d3 --- /dev/null +++ b/.forgejo/workflows/opencode.yml @@ -0,0 +1,62 @@ +name: opencode +on: + issue_comment: + types: [created] + pull_request_review_comment: + types: [created] + pull_request_review: + types: [submitted] + +jobs: + opencode: + if: | + contains(github.event.comment.body, '/oc') || + contains(github.event.comment.body, '/opencode') + runs-on: docker-amd64 + container: + image: node:lts-bookworm + permissions: + id-token: write + contents: write + pull-requests: write + issues: write + steps: + - name: Install git, curl and Docker + run: | + apt-get update -qq + apt-get install -y -qq git curl unzip docker.io + + - name: Start Docker daemon + run: | + dockerd --host=unix:///var/run/docker.sock --iptables=false --dns=8.8.8.8 --dns=8.8.4.4 > /tmp/dockerd.log 2>&1 & + for i in $(seq 1 30); do + sleep 2 + docker info > /dev/null 2>&1 && echo "Docker daemon ready" && exit 0 + echo "Waiting for Docker daemon... ($i/30)" + done + echo "=== dockerd failed to start, logs: ===" + cat /tmp/dockerd.log + exit 1 + + - name: Checkout repository + run: | + git clone --depth=1 --branch "${{ github.ref_name }}" \ + "https://oauth2:${{ github.token }}@bitfreedom.net/code/${{ github.repository }}.git" \ + . + + - name: Fetch action source + run: | + git clone --depth=1 --branch v1 \ + "https://oauth2:${{ github.token }}@bitfreedom.net/code/nomyo-ai/actions.git" \ + ./.opencode-action + + - name: Run opencode + uses: ./.opencode-action + with: + nomyo_api_key: ${{ secrets.NOMYO_API_KEY }} + model: nomyo/unsloth/Qwen3.6-35B-A3B-GGUF:UD-Q4_K_M + forgejo_api_url: https://bitfreedom.net/code/ + forgejo_token: ${{ secrets.FORGEJO_TOKEN }} + forgejo_push_token: ${{ secrets.FORGEJO_PUSH_TOKEN }} + + -- 2.43.0 From 69253a7e0db71993bf99776df63c715d5d30dd46 Mon Sep 17 00:00:00 2001 From: alpha-nerd Date: Wed, 13 May 2026 07:18:17 +0200 Subject: [PATCH 2/3] nyx security scanner integration --- .forgejo/workflows/nyxscanner.yml | 44 +++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 .forgejo/workflows/nyxscanner.yml diff --git a/.forgejo/workflows/nyxscanner.yml b/.forgejo/workflows/nyxscanner.yml new file mode 100644 index 0000000..7c9313f --- /dev/null +++ b/.forgejo/workflows/nyxscanner.yml @@ -0,0 +1,44 @@ +name: NYX Security Scan + +on: + pull_request: + branches: [main, master] + +jobs: + nyx-scan: + runs-on: docker-amd64 # eine Architektur reicht für SAST + + steps: + - name: Checkout target repo + uses: actions/checkout@v4 + + - name: Checkout nyx from Forgejo mirror + uses: actions/checkout@v4 + with: + repository: apunkt/nyx + # URL deiner Forgejo-Instanz: + server_url: https://bitfreedom.net/code/ + ref: master + path: .nyx-src + + - name: Install Rust + uses: https://github.com/actions-rust-lang/setup-rust-toolchain@v1 + with: + toolchain: stable + + - name: Build nyx from source + run: | + cd .nyx-src + cargo build --release + sudo cp target/release/nyx /usr/local/bin/nyx + + - name: Run NYX scan + run: | + nyx scan --format sarif --fail-on MEDIUM > nyx-results.sarif + + - name: Upload results + if: always() + uses: actions/upload-artifact@v4 + with: + name: nyx-sarif-report + path: nyx-results.sarif \ No newline at end of file -- 2.43.0 From f4bc272e0b39a2f1dc206e643c77dd0f213a984e Mon Sep 17 00:00:00 2001 From: alpha-nerd Date: Wed, 13 May 2026 10:15:16 +0200 Subject: [PATCH 3/3] .forgejo/workflows/nyxscanner.yml aktualisiert --- .forgejo/workflows/nyxscanner.yml | 46 ++++++++++++------------------- 1 file changed, 17 insertions(+), 29 deletions(-) diff --git a/.forgejo/workflows/nyxscanner.yml b/.forgejo/workflows/nyxscanner.yml index 7c9313f..2ee672c 100644 --- a/.forgejo/workflows/nyxscanner.yml +++ b/.forgejo/workflows/nyxscanner.yml @@ -6,39 +6,27 @@ on: jobs: nyx-scan: - runs-on: docker-amd64 # eine Architektur reicht für SAST + runs-on: docker-amd64 steps: - - name: Checkout target repo - uses: actions/checkout@v4 - - - name: Checkout nyx from Forgejo mirror - uses: actions/checkout@v4 - with: - repository: apunkt/nyx - # URL deiner Forgejo-Instanz: - server_url: https://bitfreedom.net/code/ - ref: master - path: .nyx-src - - - name: Install Rust - uses: https://github.com/actions-rust-lang/setup-rust-toolchain@v1 - with: - toolchain: stable - - - name: Build nyx from source + - name: Checkout PR run: | - cd .nyx-src - cargo build --release - sudo cp target/release/nyx /usr/local/bin/nyx + git clone --depth=1 \ + "https://oauth2:${{ github.token }}@bitfreedom.net/code/${{ github.repository }}.git" \ + . + git fetch --depth=1 origin ${{ github.sha }} + git checkout ${{ github.sha }} - - name: Run NYX scan + - name: Fetch action source run: | - nyx scan --format sarif --fail-on MEDIUM > nyx-results.sarif + git clone --depth=1 --branch master \ + "https://oauth2:${{ github.token }}@bitfreedom.net/code/nomyo-ai/actions.git" \ + ./.nyx-action - - name: Upload results - if: always() - uses: actions/upload-artifact@v4 + - uses: ./.nyx-action/nyx-scan with: - name: nyx-sarif-report - path: nyx-results.sarif \ No newline at end of file + forgejo_push_token: ${{ secrets.FORGEJO_PUSH_TOKEN }} + repository: ${{ github.repository }} + pr_number: ${{ github.event.pull_request.number }} + sha: ${{ github.sha }} + fail_on: HIGH \ No newline at end of file -- 2.43.0