From 827edfed26cc8ac56d9958ebe6b99aad3953b3a6 Mon Sep 17 00:00:00 2001 From: ilia Date: Fri, 29 May 2026 16:19:54 -0500 Subject: [PATCH 1/6] ci: add homelab Gitea Actions workflow (ci-baseline.yml) --- .gitea/workflows/ci.yml | 121 ++++++++++------------------------------ 1 file changed, 29 insertions(+), 92 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index b789287..4b98171 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -1,102 +1,39 @@ +--- +# Homelab CI — baseline secret scan (git-ci-02) name: CI on: push: - branches: [ main, master, develop, feature/** ] + branches: [master, main] pull_request: - # Trigger on all pull requests regardless of target branch - workflow_dispatch: + types: [opened, synchronize, reopened] jobs: - lint: - name: Lint with ruff - runs-on: ubuntu-latest - + skip-ci-check: + runs-on: [homelab, self-hosted, linux] + outputs: + should-skip: ${{ steps.check.outputs.skip }} steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: '3.11' - - - name: Install ruff - run: | - python -m pip install --upgrade pip - pip install ruff>=0.1.0 - - - name: Run ruff check - run: | - ruff check nanobot/ - - - name: Run ruff format check - run: | - ruff format --check nanobot/ + - uses: actions/checkout@v4 + with: + fetch-depth: 1 + - id: check + run: | + SKIP=0 + BRANCH="${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" + MSG="${GITHUB_EVENT_HEAD_COMMIT_MESSAGE:-$(git log -1 --pretty=%B 2>/dev/null || true)}" + echo "$BRANCH" "$MSG" | grep -qi '@skipci' && SKIP=1 + echo "skip=$SKIP" >> $GITHUB_OUTPUT - test: - name: Test Python ${{ matrix.python-version }} - runs-on: ubuntu-latest - strategy: - matrix: - python-version: ['3.11', '3.12'] - + secret-scan: + needs: skip-ci-check + if: needs.skip-ci-check.outputs.should-skip != '1' + runs-on: [homelab, self-hosted, linux, heavy] steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Python ${{ matrix.python-version }} - uses: actions/setup-python@v5 - with: - python-version: ${{ matrix.python-version }} - - - name: Install dependencies - run: | - python -m pip install --upgrade pip - # Install nanobot with all dependencies and dev dependencies - pip install -e ".[dev]" - # Verify key dependencies are installed - pip list | grep -E "(pytest|ruff|pydantic|typer|litellm)" - - - name: Run tests - run: | - pytest tests/ -v --tb=short - - - name: Check package can be imported - run: | - python -c "import nanobot; print(f'nanobot version check passed')" - - build: - name: Build package - runs-on: ubuntu-latest - needs: [lint, test] - - steps: - - name: Checkout code - uses: actions/checkout@v4 - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: '3.11' - - - name: Install build dependencies - run: | - python -m pip install --upgrade pip - pip install build hatchling - - - name: Build package - run: | - python -m build - - - name: Check build artifacts - run: | - ls -lh dist/ - - - name: Upload build artifacts - uses: actions/upload-artifact@v4 - with: - name: dist-packages - path: dist/ - retention-days: 7 - + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Gitleaks + run: | + docker run --rm -v "$PWD:/repo" ghcr.io/gitleaks/gitleaks:latest \ + detect --source /repo --no-banner --redact From 57ea0ced6842c1ac10143feba48b4ad4c50f688f Mon Sep 17 00:00:00 2001 From: ilia Date: Fri, 29 May 2026 20:14:53 -0500 Subject: [PATCH 2/6] ci: sync workflow template (node container + host fixes) --- .gitea/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 4b98171..dadb7bd 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -11,6 +11,8 @@ on: jobs: skip-ci-check: runs-on: [homelab, self-hosted, linux] + container: + image: node:20-bookworm outputs: should-skip: ${{ steps.check.outputs.skip }} steps: From 4b4ef944b76c335daf2cb3bc76936de16a2edd38 Mon Sep 17 00:00:00 2001 From: ilia Date: Fri, 29 May 2026 20:20:34 -0500 Subject: [PATCH 3/6] ci: refresh workflow (re-run pipelines) --- .gitea/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index dadb7bd..d589126 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -1,4 +1,5 @@ --- +# ci-sync: 2026-05-30T01:20:40Z # Homelab CI — baseline secret scan (git-ci-02) name: CI From d1c8fbb6e982280ae914f885ab1891466780ac21 Mon Sep 17 00:00:00 2001 From: ilia Date: Fri, 29 May 2026 20:26:05 -0500 Subject: [PATCH 4/6] ci: sync workflow template --- .gitea/workflows/ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index d589126..dadb7bd 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -1,5 +1,4 @@ --- -# ci-sync: 2026-05-30T01:20:40Z # Homelab CI — baseline secret scan (git-ci-02) name: CI From 67059d1d754593eab845e01bc5b2b25bb22ee33e Mon Sep 17 00:00:00 2001 From: ilia Date: Fri, 29 May 2026 20:28:25 -0500 Subject: [PATCH 5/6] ci: refresh workflow (re-run pipelines) --- .gitea/workflows/ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index dadb7bd..b56f846 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -1,4 +1,5 @@ --- +# ci-sync: 2026-05-30T01:28:32Z # Homelab CI — baseline secret scan (git-ci-02) name: CI From d06eede044befb829db59dfddcfc56c541016fcf Mon Sep 17 00:00:00 2001 From: ilia Date: Fri, 29 May 2026 20:30:48 -0500 Subject: [PATCH 6/6] ci: refresh workflow (re-run pipelines) --- .gitea/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index b56f846..5cc62b3 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -1,5 +1,5 @@ --- -# ci-sync: 2026-05-30T01:28:32Z +# ci-sync: 2026-05-30T01:30:53Z # Homelab CI — baseline secret scan (git-ci-02) name: CI