From c26777778aa803c46ff1bd738a06d38e72738293 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E8=A2=81=E9=9C=87?= <yuan@yuanzhendeMac-mini.local>
Date: Mon, 6 Apr 2026 14:19:00 +0800
Subject: [PATCH] feat: add daily full repo management workflow

---
 .gitea/workflows/generate-rules.yml    |  11 --
 .gitea/workflows/publish-rules.yml     |   2 -
 .gitea/workflows/repo-manage-daily.yml | 136 +++++++++++++++++++++++++
 README.md                              |  36 +++++--
 4 files changed, 164 insertions(+), 21 deletions(-)
 create mode 100644 .gitea/workflows/repo-manage-daily.yml

diff --git a/.gitea/workflows/generate-rules.yml b/.gitea/workflows/generate-rules.yml
index 4b5e7b40c..801766239 100644
--- a/.gitea/workflows/generate-rules.yml
+++ b/.gitea/workflows/generate-rules.yml
@@ -2,17 +2,6 @@ name: Generate Rules
 
 on:
   workflow_dispatch:
-  schedule:
-    - cron: "0 3 * * *"
-  push:
-    branches:
-      - main
-    paths:
-      - main.py
-      - scripts/sync_surge_full.sh
-      - config.toml
-      - config.json
-      - .gitea/workflows/generate-rules.yml
 
 permissions:
   contents: read
diff --git a/.gitea/workflows/publish-rules.yml b/.gitea/workflows/publish-rules.yml
index dcf9cc720..ff9a3215b 100644
--- a/.gitea/workflows/publish-rules.yml
+++ b/.gitea/workflows/publish-rules.yml
@@ -2,8 +2,6 @@ name: Publish Rules To External Repo
 
 on:
   workflow_dispatch:
-  schedule:
-    - cron: "15 3 * * *"
 
 permissions:
   contents: read
diff --git a/.gitea/workflows/repo-manage-daily.yml b/.gitea/workflows/repo-manage-daily.yml
new file mode 100644
index 000000000..f811b40d4
--- /dev/null
+++ b/.gitea/workflows/repo-manage-daily.yml
@@ -0,0 +1,136 @@
+name: Full Repo Management Daily
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "5 2 * * *"
+
+permissions:
+  contents: write
+
+concurrency:
+  group: full-repo-management
+  cancel-in-progress: false
+
+jobs:
+  manage:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout builder repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          github-server-url: https://git.halonice.com
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Validate token
+        shell: bash
+        env:
+          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+        run: |
+          if [ -z "${GITEA_TOKEN}" ]; then
+            echo "Missing secret GITEA_TOKEN" >&2
+            exit 1
+          fi
+
+      - name: Prepare config
+        shell: bash
+        run: |
+          if [ -f config.toml ]; then
+            echo "Use existing config.toml"
+          elif [ -f config.json ]; then
+            echo "Use existing config.json"
+          elif [ -f config.example.toml ]; then
+            cp config.example.toml config.toml
+            echo "Generated config.toml from example"
+          else
+            echo "No config file found" >&2
+            exit 1
+          fi
+
+      - name: Sync upstream and generate rules
+        shell: bash
+        env:
+          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+          UPSTREAM_REF: ${{ vars.UPSTREAM_REF }}
+        run: |
+          set -euo pipefail
+          UPSTREAM_REF="${UPSTREAM_REF:-master}"
+          bash scripts/sync_surge_full.sh
+          if [ -f config.toml ]; then
+            python3 main.py --config config.toml
+          else
+            python3 main.py --config config.json
+          fi
+
+      - name: Commit and push builder updates
+        shell: bash
+        env:
+          GITEA_BASE_URL: ${{ vars.GITEA_BASE_URL }}
+          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+        run: |
+          set -euo pipefail
+          base="${GITEA_BASE_URL:-https://git.halonice.com}"
+          base="${base%/}"
+          branch="${GITHUB_REF_NAME:-main}"
+          repo_path="${GITHUB_REPOSITORY}"
+          if [ -z "${repo_path}" ]; then
+            echo "GITHUB_REPOSITORY is empty" >&2
+            exit 1
+          fi
+
+          if [[ "${base}" == https://* ]]; then
+            authed_repo_url="https://${GITEA_TOKEN}@${base#https://}/${repo_path}.git"
+          elif [[ "${base}" == http://* ]]; then
+            authed_repo_url="http://${GITEA_TOKEN}@${base#http://}/${repo_path}.git"
+          else
+            echo "GITEA_BASE_URL must start with http:// or https://" >&2
+            exit 1
+          fi
+
+          git config user.name "gitea-actions[bot]"
+          git config user.email "gitea-actions@localhost"
+          git add -A
+          if git diff --cached --quiet; then
+            echo "No builder changes"
+            echo "builder_changed=false" >> "$GITHUB_ENV"
+          else
+            git commit -m "chore: daily sync and generate rules"
+            git remote set-url origin "${authed_repo_url}"
+            git push origin "HEAD:${branch}"
+            echo "builder_changed=true" >> "$GITHUB_ENV"
+          fi
+
+      - name: Publish dist to release repo
+        shell: bash
+        env:
+          GITEA_BASE_URL: ${{ vars.GITEA_BASE_URL }}
+          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+          TARGET_OWNER: ${{ vars.TARGET_OWNER }}
+          TARGET_REPO: ${{ vars.TARGET_REPO }}
+          TARGET_BRANCH: ${{ vars.TARGET_BRANCH }}
+        run: |
+          set -euo pipefail
+          base="${GITEA_BASE_URL:-https://git.halonice.com}"
+          base="${base%/}"
+          owner="${TARGET_OWNER:-yuanzhen869}"
+          repo="${TARGET_REPO:-shunt-rules-release}"
+          branch="${TARGET_BRANCH:-main}"
+
+          if [[ "${base}" == https://* ]]; then
+            release_url="https://${GITEA_TOKEN}@${base#https://}/${owner}/${repo}.git"
+          elif [[ "${base}" == http://* ]]; then
+            release_url="http://${GITEA_TOKEN}@${base#http://}/${owner}/${repo}.git"
+          else
+            echo "GITEA_BASE_URL must start with http:// or https://" >&2
+            exit 1
+          fi
+
+          RELEASE_REPO_URL="${release_url}" \
+          TARGET_BRANCH="${branch}" \
+          COMMIT_MESSAGE="chore: daily publish generated rules" \
+          bash scripts/release_dist.sh
diff --git a/README.md b/README.md
index 6e2ca6542..07de78054 100644
--- a/README.md
+++ b/README.md
@@ -103,20 +103,38 @@ bash scripts/release_dist.sh
 
 ## 自动化
 
-### 1) 生成工作流
+### 1) 全仓库自动管理（推荐）
+
+文件：`.gitea/workflows/repo-manage-daily.yml`
+
+- 触发：每天一次（`cron: 5 2 * * *`，UTC）+ 手动触发
+- 流程：
+  1. 同步上游 Surge 源
+  2. 生成 `dist/` 规则
+  3. 自动提交并推送 builder 仓库变更
+  4. 自动发布 `dist/` 到 `shunt-rules-release`
+
+需要配置：
+
+- `secrets.GITEA_TOKEN`（必需）
+- `vars.GITEA_BASE_URL`（可选，默认 `https://git.halonice.com`）
+- `vars.TARGET_OWNER`（可选，默认 `yuanzhen869`）
+- `vars.TARGET_REPO`（可选，默认 `shunt-rules-release`）
+- `vars.TARGET_BRANCH`（可选，默认 `main`）
+- `vars.UPSTREAM_REF`（可选，默认 `master`）
+
+### 2) 手动生成工作流（备用）
 
 文件：`.gitea/workflows/generate-rules.yml`
 
-- 触发：`push` / `schedule` / 手动触发
-- 流程：
-  1. `scripts/sync_surge_full.sh`
-  2. `python3 main.py --config ...`
-  3. 若 `dist/` 有变化则自动提交
+- 触发：手动触发
+- 流程：同步上游并生成规则（不自动发布）
 
-### 2) 发布工作流（独立发布仓库）
+### 3) 手动发布工作流（备用）
 
 文件：`.gitea/workflows/publish-rules.yml`
 
+- 触发：手动触发
 - 适合“生成仓库”和“发布仓库”分离
 - 将 `dist/` 同步到目标仓库分支（如 `main` / `rules`）
 
@@ -129,7 +147,8 @@ shunt-rules-builder/
 ├── config.example.toml
 ├── config.example.json
 ├── scripts/
-│   └── sync_surge_full.sh
+│   ├── sync_surge_full.sh
+│   └── release_dist.sh
 ├── upstream/                # 本地上游缓存（自动生成，默认忽略）
 │   └── rule/Surge/...
 ├── dist/
@@ -138,6 +157,7 @@ shunt-rules-builder/
 │   ├── clash/
 │   └── mihomo/
 └── .gitea/workflows/
+    ├── repo-manage-daily.yml
     ├── generate-rules.yml
     └── publish-rules.yml
 ```