From 3e2c431f49e3dbefba8565c042c9ad43beee2781 Mon Sep 17 00:00:00 2001
From: user <user@rpios.local>
Date: Sun, 22 Feb 2026 06:33:32 +0100
Subject: [PATCH] feat: switch CI to linux runner with podman containers

Replace ubuntu-latest runner with linux label and migrate all
container operations from docker to podman. Add requirements.txt
as single source of truth for runtime dependencies.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/ci.yaml | 30 +++++++++++++++---------------
 Containerfile            |  7 ++++---
 requirements.txt         |  1 +
 3 files changed, 20 insertions(+), 18 deletions(-)
 create mode 100644 requirements.txt

diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml
index b30ffd6..f33101a 100644
--- a/.gitea/workflows/ci.yaml
+++ b/.gitea/workflows/ci.yaml
@@ -6,38 +6,38 @@ on:
 
 jobs:
   test:
-    runs-on: ubuntu-latest
+    runs-on: linux
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
-        with:
-          python-version: '3.13'
-      - run: pip install pyyaml ruff pytest
-      - run: ruff check src/ tests/
-      - run: PYTHONPATH=src pytest tests/ -v
+      - run: |
+          podman run --rm \
+            -v "$PWD:/app:ro" \
+            -w /app \
+            python:3.13-alpine \
+            sh -c "pip install --no-cache-dir -r requirements.txt ruff pytest && \
+                   ruff check src/ tests/ && \
+                   PYTHONPATH=src pytest tests/ -v"
 
   secrets:
-    runs-on: ubuntu-latest
+    runs-on: linux
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - run: |
-          docker run --rm \
+          podman run --rm \
             -v "$PWD:/scan:ro" \
             ghcr.io/gitleaks/gitleaks:latest \
             detect --source /scan -v
 
   build:
     needs: [test, secrets]
-    runs-on: ubuntu-latest
+    runs-on: linux
     steps:
       - uses: actions/checkout@v4
-      - run: |
-          mkdir -p ~/.docker
-          AUTH=$(printf '%s:%s' "$HARBOR_USER" "$HARBOR_PASS" | base64 -w0)
-          printf '{"auths":{"harbor.mymx.me":{"auth":"%s"}}}\n' "$AUTH" > ~/.docker/config.json
+      - run: echo "$HARBOR_PASS" | podman login -u "$HARBOR_USER" --password-stdin harbor.mymx.me
         env:
           HARBOR_USER: ${{ secrets.HARBOR_USER }}
           HARBOR_PASS: ${{ secrets.HARBOR_PASS }}
-      - run: docker build --push -t harbor.mymx.me/s5p/s5p:latest -f Containerfile .
+      - run: podman build -t harbor.mymx.me/s5p/s5p:latest -f Containerfile .
+      - run: podman push harbor.mymx.me/s5p/s5p:latest
diff --git a/Containerfile b/Containerfile
index 6e5eabd..822ac7a 100644
--- a/Containerfile
+++ b/Containerfile
@@ -1,10 +1,11 @@
 FROM python:3.13-alpine
 
-RUN pip install --no-cache-dir --upgrade pip && \
-    pip install --no-cache-dir pyyaml>=6.0
-
 WORKDIR /app
 
+COPY requirements.txt .
+RUN pip install --no-cache-dir --upgrade pip && \
+    pip install --no-cache-dir -r requirements.txt
+
 ENV PYTHONUNBUFFERED=1 \
     PYTHONDONTWRITEBYTECODE=1 \
     PYTHONPATH=/app/src
diff --git a/requirements.txt b/requirements.txt
new file mode 100644
index 0000000..3aecde9
--- /dev/null
+++ b/requirements.txt
@@ -0,0 +1 @@
+pyyaml>=6.0