actions/checkout@v4 requires node, which isn't available in
alpine or gitleaks images. Use plain git clone instead for
containerized jobs; keep actions/checkout for the host build job.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Use container: directive for gitleaks, lint, and test jobs
- Build job stays on host (needs podman for image build/push)
- Add requirements-dev.txt for unified dev/test dependency install
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- gitleaks flagged fake api_key in test fixtures as a secret leak;
allowlist tests/ directory since it contains only mock data
- Install libopus0 in test runner for pymumble/opuslib import chain
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Dynamically resolve latest gitleaks version from GitHub releases
instead of hardcoded tarball URL that 404'd
- Add pymumble to test job install (needed by derp.mumble import
chain, not in pyproject.toml base deps)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Build and push to harbor.mymx.me/library/derp after gitleaks
and test jobs pass. Only runs on push to master. Tags with
short SHA and latest.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add gitleaks secret scanning (full history)
- Separate lint (ruff, Python 3.13 only) from test matrix
- Test job gates on lint; gitleaks runs in parallel
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
