feat: add daily full repo management workflow

.gitea/workflows/generate-rules.yml

@@ -2,17 +2,6 @@ name: Generate Rules
 
 on:
   workflow_dispatch:
-  schedule:
-    - cron: "0 3 * * *"
-  push:
-    branches:
-      - main
-    paths:
-      - main.py
-      - scripts/sync_surge_full.sh
-      - config.toml
-      - config.json
-      - .gitea/workflows/generate-rules.yml
 
 permissions:
   contents: read

.gitea/workflows/publish-rules.yml

@@ -2,8 +2,6 @@ name: Publish Rules To External Repo
 
 on:
   workflow_dispatch:
-  schedule:
-    - cron: "15 3 * * *"
 
 permissions:
   contents: read

.gitea/workflows/repo-manage-daily.yml

@@ -0,0 +1,136 @@
+name: Full Repo Management Daily
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "5 2 * * *"
+
+permissions:
+  contents: write
+
+concurrency:
+  group: full-repo-management
+  cancel-in-progress: false
+
+jobs:
+  manage:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout builder repo
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          github-server-url: https://git.halonice.com
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Validate token
+        shell: bash
+        env:
+          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+        run: |
+          if [ -z "${GITEA_TOKEN}" ]; then
+            echo "Missing secret GITEA_TOKEN" >&2
+            exit 1
+          fi
+
+      - name: Prepare config
+        shell: bash
+        run: |
+          if [ -f config.toml ]; then
+            echo "Use existing config.toml"
+          elif [ -f config.json ]; then
+            echo "Use existing config.json"
+          elif [ -f config.example.toml ]; then
+            cp config.example.toml config.toml
+            echo "Generated config.toml from example"
+          else
+            echo "No config file found" >&2
+            exit 1
+          fi
+
+      - name: Sync upstream and generate rules
+        shell: bash
+        env:
+          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+          UPSTREAM_REF: ${{ vars.UPSTREAM_REF }}
+        run: |
+          set -euo pipefail
+          UPSTREAM_REF="${UPSTREAM_REF:-master}"
+          bash scripts/sync_surge_full.sh
+          if [ -f config.toml ]; then
+            python3 main.py --config config.toml
+          else
+            python3 main.py --config config.json
+          fi
+
+      - name: Commit and push builder updates
+        shell: bash
+        env:
+          GITEA_BASE_URL: ${{ vars.GITEA_BASE_URL }}
+          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+        run: |
+          set -euo pipefail
+          base="${GITEA_BASE_URL:-https://git.halonice.com}"
+          base="${base%/}"
+          branch="${GITHUB_REF_NAME:-main}"
+          repo_path="${GITHUB_REPOSITORY}"
+          if [ -z "${repo_path}" ]; then
+            echo "GITHUB_REPOSITORY is empty" >&2
+            exit 1
+          fi
+
+          if [[ "${base}" == https://* ]]; then
+            authed_repo_url="https://${GITEA_TOKEN}@${base#https://}/${repo_path}.git"
+          elif [[ "${base}" == http://* ]]; then
+            authed_repo_url="http://${GITEA_TOKEN}@${base#http://}/${repo_path}.git"
+          else
+            echo "GITEA_BASE_URL must start with http:// or https://" >&2
+            exit 1
+          fi
+
+          git config user.name "gitea-actions[bot]"
+          git config user.email "gitea-actions@localhost"
+          git add -A
+          if git diff --cached --quiet; then
+            echo "No builder changes"
+            echo "builder_changed=false" >> "$GITHUB_ENV"
+          else
+            git commit -m "chore: daily sync and generate rules"
+            git remote set-url origin "${authed_repo_url}"
+            git push origin "HEAD:${branch}"
+            echo "builder_changed=true" >> "$GITHUB_ENV"
+          fi
+
+      - name: Publish dist to release repo
+        shell: bash
+        env:
+          GITEA_BASE_URL: ${{ vars.GITEA_BASE_URL }}
+          GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
+          TARGET_OWNER: ${{ vars.TARGET_OWNER }}
+          TARGET_REPO: ${{ vars.TARGET_REPO }}
+          TARGET_BRANCH: ${{ vars.TARGET_BRANCH }}
+        run: |
+          set -euo pipefail
+          base="${GITEA_BASE_URL:-https://git.halonice.com}"
+          base="${base%/}"
+          owner="${TARGET_OWNER:-yuanzhen869}"
+          repo="${TARGET_REPO:-shunt-rules-release}"
+          branch="${TARGET_BRANCH:-main}"
+
+          if [[ "${base}" == https://* ]]; then
+            release_url="https://${GITEA_TOKEN}@${base#https://}/${owner}/${repo}.git"
+          elif [[ "${base}" == http://* ]]; then
+            release_url="http://${GITEA_TOKEN}@${base#http://}/${owner}/${repo}.git"
+          else
+            echo "GITEA_BASE_URL must start with http:// or https://" >&2
+            exit 1
+          fi
+
+          RELEASE_REPO_URL="${release_url}" \
+          TARGET_BRANCH="${branch}" \
+          COMMIT_MESSAGE="chore: daily publish generated rules" \
+          bash scripts/release_dist.sh