From 0c0adef90d91e4e046c8a4ee736ef8856061562c Mon Sep 17 00:00:00 2001 From: user Date: Sun, 22 Feb 2026 06:15:42 +0100 Subject: [PATCH] feat: run CI jobs in podman containers, add requirements-dev.txt - Use container: directive for gitleaks, lint, and test jobs - Build job stays on host (needs podman for image build/push) - Add requirements-dev.txt for unified dev/test dependency install Co-Authored-By: Claude Opus 4.6 --- .gitea/workflows/ci.yml | 52 ++++++++++++++++++++--------------------- requirements-dev.txt | 4 ++++ 2 files changed, 30 insertions(+), 26 deletions(-) create mode 100644 requirements-dev.txt diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index a7d1dc3..8dfb27c 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -7,60 +7,60 @@ on: jobs: gitleaks: - runs-on: ubuntu-latest + runs-on: linux:host + container: + image: ghcr.io/gitleaks/gitleaks:latest + options: --entrypoint "" steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - - name: Install gitleaks - run: | - VERSION=$(curl -sI https://github.com/gitleaks/gitleaks/releases/latest | grep -i '^location:' | grep -oP 'v[\d.]+') - curl -sSL "https://github.com/gitleaks/gitleaks/releases/download/${VERSION}/gitleaks_${VERSION#v}_linux_x64.tar.gz" \ - | tar xz -C /usr/local/bin gitleaks - name: Scan for secrets run: gitleaks detect --source . --verbose lint: - runs-on: ubuntu-latest + runs-on: linux:host + container: + image: python:3.13-alpine steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - python-version: "3.13" - - run: pip install -e . && pip install ruff - - run: ruff check src/ tests/ plugins/ + - name: Install deps + run: pip install -q -r requirements-dev.txt + - name: Lint + run: ruff check src/ tests/ plugins/ test: - runs-on: ubuntu-latest + runs-on: linux:host needs: [lint] strategy: matrix: python-version: ["3.11", "3.12", "3.13"] + container: + image: python:${{ matrix.python-version }}-alpine steps: - uses: actions/checkout@v4 - - uses: actions/setup-python@v5 - with: - python-version: ${{ matrix.python-version }} - - run: sudo apt-get update && sudo apt-get install -y libopus0 - - run: pip install -e . && pip install pymumble pytest - - run: pytest -v + - name: Install system deps + run: apk add --no-cache opus-dev + - name: Install Python deps + run: pip install -q -r requirements-dev.txt + - name: Test + run: pytest -v build: - runs-on: ubuntu-latest + runs-on: linux:host if: github.event_name == 'push' && github.ref == 'refs/heads/master' needs: [gitleaks, test] steps: - uses: actions/checkout@v4 - name: Login to Harbor run: >- - echo "${{ secrets.HARBOR_PASS }}" | - docker login harbor.mymx.me + podman login harbor.mymx.me -u "${{ secrets.HARBOR_USER }}" - --password-stdin + -p "${{ secrets.HARBOR_PASS }}" - name: Build and push run: | TAG="harbor.mymx.me/library/derp:${GITHUB_SHA::8}" LATEST="harbor.mymx.me/library/derp:latest" - docker build -t "$TAG" -t "$LATEST" . - docker push "$TAG" - docker push "$LATEST" + podman build -t "$TAG" -t "$LATEST" . + podman push "$TAG" + podman push "$LATEST" diff --git a/requirements-dev.txt b/requirements-dev.txt new file mode 100644 index 0000000..bc0de6a --- /dev/null +++ b/requirements-dev.txt @@ -0,0 +1,4 @@ +-e . +pymumble>=1.6 +pytest>=7.0 +ruff>=0.4