diff --git a/.github/dependabot.yml b/.github/dependabot.yml deleted file mode 100644 index 8ab34f7..0000000 --- a/.github/dependabot.yml +++ /dev/null @@ -1,34 +0,0 @@ -version: 2 -updates: - - package-ecosystem: github-actions - directory: / - schedule: - interval: weekly - groups: - github-actions: - patterns: - - "*" - cooldown: - default-days: 7 - - - package-ecosystem: gomod - directory: / - schedule: - interval: weekly - groups: - gomod: - patterns: - - "*" - cooldown: - default-days: 7 - - - package-ecosystem: npm - directory: / - schedule: - interval: weekly - groups: - npm: - patterns: - - "*" - cooldown: - default-days: 7 diff --git a/.github/workflows/asset-verification.yml b/.github/workflows/asset-verification.yml deleted file mode 100644 index f659503..0000000 --- a/.github/workflows/asset-verification.yml +++ /dev/null @@ -1,72 +0,0 @@ -name: Asset Build Verification - -on: - push: - branches: ["main"] - pull_request: - branches: ["main"] - -permissions: - contents: read - -jobs: - asset_verification: - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - - - name: build essential - run: | - sudo apt-get update - sudo apt-get install -y build-essential - - - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - with: - node-version: '24.11.0' - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - with: - go-version: '1.25.4' - - - name: install node deps - run: | - npm ci - - - name: Check for uncommitted changes before asset build - id: check-changes-before - run: | - if [[ -n $(git status --porcelain) ]]; then - echo "has_changes=true" >> $GITHUB_OUTPUT - else - echo "has_changes=false" >> $GITHUB_OUTPUT - fi - - - name: Fail if there are uncommitted changes before build - if: steps.check-changes-before.outputs.has_changes == 'true' - run: | - echo "There are uncommitted changes before running npm run assets" - git status - exit 1 - - - name: Run asset build - run: | - npm run assets - - - name: Check for uncommitted changes after asset build - id: check-changes-after - run: | - if [[ -n $(git status --porcelain) ]]; then - echo "has_changes=true" >> $GITHUB_OUTPUT - else - echo "has_changes=false" >> $GITHUB_OUTPUT - fi - - - name: Fail if assets generated changes - if: steps.check-changes-after.outputs.has_changes == 'true' - run: | - echo "npm run assets generated uncommitted changes. This indicates the repository has outdated generated files." - echo "Please run 'npm run assets' locally and commit the changes." - git status - git diff - exit 1 diff --git a/.github/workflows/docker-pr.yml b/.github/workflows/docker-pr.yml deleted file mode 100644 index 25e086e..0000000 --- a/.github/workflows/docker-pr.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: Docker image builds (pull requests) - -on: - pull_request: - branches: ["main"] - -env: - DOCKER_METADATA_SET_OUTPUT_ENV: "true" - -permissions: - contents: read - -jobs: - build: - runs-on: ubuntu-24.04 - steps: - - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-tags: true - fetch-depth: 0 - persist-credentials: false - - - name: build essential - run: | - sudo apt-get update - sudo apt-get install -y build-essential - - - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - with: - node-version: '24.11.0' - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - with: - go-version: '1.25.4' - - - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - - - name: Docker meta - id: meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 - with: - images: ghcr.io/${{ github.repository }} - - - name: Build and push - id: build - run: | - npm ci - npm run container - env: - PULL_REQUEST_ID: ${{ github.event.number }} - DOCKER_REPO: ghcr.io/${{ github.repository }} - SLOG_LEVEL: debug - - - run: | - echo "Test this with:" - echo "docker pull ${DOCKER_IMAGE}" - env: - DOCKER_IMAGE: ${{ steps.build.outputs.docker_image }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 1954ba8..75da429 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -18,7 +18,7 @@ permissions: jobs: build: - runs-on: ubuntu-24.04 + # runs-on: ubuntu-24.04 steps: - name: Checkout code uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 @@ -34,21 +34,21 @@ jobs: - name: Set lowercase image name run: | - echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV + echo "IMAGE=git.sad.ovh/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 with: - node-version: '24.11.0' + node-version: "24.11.0" - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 with: - go-version: '1.25.4' + go-version: "1.25.4" - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - name: Log into registry uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 with: - registry: ghcr.io + registry: git.sad.ovh username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/docs-deploy.yml b/.github/workflows/docs-deploy.yml deleted file mode 100644 index fffce13..0000000 --- a/.github/workflows/docs-deploy.yml +++ /dev/null @@ -1,67 +0,0 @@ -name: Docs deploy - -on: - workflow_dispatch: - push: - branches: ["main"] - -permissions: - contents: read - packages: write - attestations: write - id-token: write - -jobs: - build: - if: github.repository == 'sophie/nuke' - runs-on: ubuntu-24.04 - - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - - - name: Log into registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 - with: - registry: ghcr.io - username: sophie - password: ${{ secrets.GITHUB_TOKEN }} - - - name: Docker meta - id: meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 - with: - images: git.sad.ovh/sophie/nuke/docs - tags: | - type=sha,enable=true,priority=100,prefix=,suffix=,format=long - main - - - name: Build and push - id: build - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 - with: - context: ./docs - cache-to: type=gha - cache-from: type=gha - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64 - push: true - - - name: Apply k8s manifests to limsa lominsa - uses: actions-hub/kubectl@f6d776bd78f4523e36d6c74d34f9941c242b2213 # v1.35.0 - env: - KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }} - with: - args: apply -k docs/manifest - - - name: Apply k8s manifests to limsa lominsa - uses: actions-hub/kubectl@f6d776bd78f4523e36d6c74d34f9941c242b2213 # v1.35.0 - env: - KUBE_CONFIG: ${{ secrets.LIMSA_LOMINSA_KUBECONFIG }} - with: - args: rollout restart -n default deploy/nuke-docs diff --git a/.github/workflows/docs-test.yml b/.github/workflows/docs-test.yml deleted file mode 100644 index 9523926..0000000 --- a/.github/workflows/docs-test.yml +++ /dev/null @@ -1,42 +0,0 @@ -name: Docs test build - -on: - pull_request: - branches: ["main"] - -permissions: - contents: read - actions: write - -jobs: - build: - runs-on: ubuntu-24.04 - - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - - - name: Docker meta - id: meta - uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0 - with: - images: git.sad.ovh/sophie/nuke/docs - tags: | - type=sha,enable=true,priority=100,prefix=,suffix=,format=long - main - - - name: Build and push - id: build - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 - with: - context: ./docs - cache-to: type=gha - cache-from: type=gha - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64 - push: false diff --git a/.github/workflows/go-mod-tidy-check.yml b/.github/workflows/go-mod-tidy-check.yml deleted file mode 100644 index 5eb3a2e..0000000 --- a/.github/workflows/go-mod-tidy-check.yml +++ /dev/null @@ -1,76 +0,0 @@ -name: Go Mod Tidy Check - -on: - push: - branches: ["main"] - pull_request: - branches: ["main"] - -permissions: - contents: read - -jobs: - go_mod_tidy_check: - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - with: - go-version: '1.25.4' - - - name: Check go.mod and go.sum in main directory - run: | - # Store original file state - cp go.mod go.mod.orig - cp go.sum go.sum.orig - - # Run go mod tidy - go mod tidy - - # Check if files changed - if ! diff -q go.mod.orig go.mod > /dev/null 2>&1; then - echo "ERROR: go.mod in main directory has changed after running 'go mod tidy'" - echo "Please run 'go mod tidy' locally and commit the changes" - diff go.mod.orig go.mod - exit 1 - fi - - if ! diff -q go.sum.orig go.sum > /dev/null 2>&1; then - echo "ERROR: go.sum in main directory has changed after running 'go mod tidy'" - echo "Please run 'go mod tidy' locally and commit the changes" - diff go.sum.orig go.sum - exit 1 - fi - - echo "SUCCESS: go.mod and go.sum in main directory are tidy" - - - name: Check go.mod and go.sum in test directory - run: | - cd test - - # Store original file state - cp go.mod go.mod.orig - cp go.sum go.sum.orig - - # Run go mod tidy - go mod tidy - - # Check if files changed - if ! diff -q go.mod.orig go.mod > /dev/null 2>&1; then - echo "ERROR: go.mod in test directory has changed after running 'go mod tidy'" - echo "Please run 'go mod tidy' locally and commit the changes" - diff go.mod.orig go.mod - exit 1 - fi - - if ! diff -q go.sum.orig go.sum > /dev/null 2>&1; then - echo "ERROR: go.sum in test directory has changed after running 'go mod tidy'" - echo "Please run 'go mod tidy' locally and commit the changes" - diff go.sum.orig go.sum - exit 1 - fi - - echo "SUCCESS: go.mod and go.sum in test directory are tidy" diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml deleted file mode 100644 index 96f0cf4..0000000 --- a/.github/workflows/go.yml +++ /dev/null @@ -1,64 +0,0 @@ -name: Go - -on: - push: - branches: ["main"] - pull_request: - branches: ["main"] - -permissions: - contents: read - actions: write - -jobs: - go_tests: - #runs-on: alrest-sophie - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - - - name: build essential - run: | - sudo apt-get update - sudo apt-get install -y build-essential - - - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - with: - node-version: "24.11.0" - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - with: - go-version: "1.25.4" - - - name: Cache playwright binaries - uses: actions/cache@8b402f58fbc84540c8b491a91e594a4576fec3d7 # v5.0.2 - id: playwright-cache - with: - path: | - ~/.cache/ms-playwright - key: ${{ runner.os }}-playwright-${{ hashFiles('**/go.sum') }} - - - name: install node deps - run: | - npm ci - - - name: install playwright browsers - run: | - npx --no-install playwright@1.52.0 install --with-deps - npx --no-install playwright@1.52.0 run-server --port 9001 & - - - name: Build - run: npm run build - - - name: Test - run: npm run test - - - name: Lint with staticcheck - uses: dominikh/staticcheck-action@024238d2898c874f26d723e7d0ff4308c35589a2 # v1.4.0 - with: - version: "latest" - - - name: Govulncheck - run: | - go tool govulncheck ./... diff --git a/.github/workflows/package-builds-stable.yml b/.github/workflows/package-builds-stable.yml deleted file mode 100644 index 2f411c1..0000000 --- a/.github/workflows/package-builds-stable.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: Package builds (stable) - -on: - workflow_dispatch: - # release: - # types: [published] - -permissions: - contents: write - actions: write - -jobs: - package_builds: - #runs-on: alrest-sophie - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - fetch-tags: true - fetch-depth: 0 - - - name: build essential - run: | - sudo apt-get update - sudo apt-get install -y build-essential - - - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - with: - node-version: "24.11.0" - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - with: - go-version: "1.25.4" - - - name: install node deps - run: | - npm ci - - - name: Build Packages - run: | - go tool yeet - - - name: Upload released artifacts - env: - GITHUB_TOKEN: ${{ github.TOKEN }} - RELEASE_VERSION: ${{github.event.release.tag_name}} - shell: bash - run: | - RELEASE="${RELEASE_VERSION}" - cd var - for file in *; do - gh release upload $RELEASE $file - done diff --git a/.github/workflows/package-builds-unstable.yml b/.github/workflows/package-builds-unstable.yml deleted file mode 100644 index 11cc060..0000000 --- a/.github/workflows/package-builds-unstable.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: Package builds (unstable) - -on: - push: - branches: ["main"] - pull_request: - branches: ["main"] - -permissions: - contents: read - actions: write - -jobs: - package_builds: - #runs-on: alrest-techarohq - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - fetch-tags: true - fetch-depth: 0 - - - name: build essential - run: | - sudo apt-get update - sudo apt-get install -y build-essential - - - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - with: - node-version: '24.11.0' - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - with: - go-version: '1.25.4' - - - name: install node deps - run: | - npm ci - - - name: Build Packages - run: | - go tool yeet - - - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 - with: - name: packages - path: var/* diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml deleted file mode 100644 index a7df66e..0000000 --- a/.github/workflows/smoke-tests.yml +++ /dev/null @@ -1,64 +0,0 @@ -name: Smoke tests - -on: - push: - branches: ["main"] - pull_request: - branches: ["main"] - -permissions: - contents: read - -jobs: - smoke-test: - strategy: - matrix: - test: - - default-config-macro - - docker-registry - - double_slash - - forced-language - - git-clone - - git-push - - healthcheck - - i18n - - log-file - - nginx - - palemoon/amd64 - #- palemoon/i386 - - robots_txt - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - - - uses: actions/setup-node@6044e13b5dc448c55e2357c09f80417699197238 # v6.2.0 - with: - node-version: "24.11.0" - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - with: - go-version: "1.25.4" - - - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9 - - - name: Install utils - run: | - go install ./utils/cmd/... - - - name: Run test - run: | - cd test/${{ matrix.test }} - backoff-retry --try-count 10 ./test.sh - - - name: Sanitize artifact name - if: always() - run: echo "ARTIFACT_NAME=${{ matrix.test }}" | sed 's|/|-|g' >> $GITHUB_ENV - - - name: Upload artifact - uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f - if: always() - with: - name: ${{ env.ARTIFACT_NAME }} - path: test/${{ matrix.test }}/var diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml deleted file mode 100644 index 6ce8bd8..0000000 --- a/.github/workflows/spelling.yml +++ /dev/null @@ -1,118 +0,0 @@ -name: Check Spelling - -# Comment management is handled through a secondary job, for details see: -# https://github.com/check-spelling/check-spelling/wiki/Feature%3A-Restricted-Permissions -# -# `jobs.comment-push` runs when a push is made to a repository and the `jobs.spelling` job needs to make a comment -# (in odd cases, it might actually run just to collapse a comment, but that's fairly rare) -# it needs `contents: write` in order to add a comment. -# -# `jobs.comment-pr` runs when a pull_request is made to a repository and the `jobs.spelling` job needs to make a comment -# or collapse a comment (in the case where it had previously made a comment and now no longer needs to show a comment) -# it needs `pull-requests: write` in order to manipulate those comments. - -# Updating pull request branches is managed via comment handling. -# For details, see: https://github.com/check-spelling/check-spelling/wiki/Feature:-Update-expect-list -# -# These elements work together to make it happen: -# -# `on.issue_comment` -# This event listens to comments by users asking to update the metadata. -# -# `jobs.update` -# This job runs in response to an issue_comment and will push a new commit -# to update the spelling metadata. -# -# `with.experimental_apply_changes_via_bot` -# Tells the action to support and generate messages that enable it -# to make a commit to update the spelling metadata. -# -# `with.ssh_key` -# In order to trigger workflows when the commit is made, you can provide a -# secret (typically, a write-enabled github deploy key). -# -# For background, see: https://github.com/check-spelling/check-spelling/wiki/Feature:-Update-with-deploy-key - -# SARIF reporting -# -# Access to SARIF reports is generally restricted (by GitHub) to members of the repository. -# -# Requires enabling `security-events: write` -# and configuring the action with `use_sarif: 1` -# -# For information on the feature, see: https://github.com/check-spelling/check-spelling/wiki/Feature:-SARIF-output - -# Minimal workflow structure: -# -# on: -# push: -# ... -# pull_request_target: -# ... -# jobs: -# # you only want the spelling job, all others should be omitted -# spelling: -# # remove `security-events: write` and `use_sarif: 1` -# # remove `experimental_apply_changes_via_bot: 1` -# ... otherwise adjust the `with:` as you wish - -on: - push: - branches: - - '**' - tags-ignore: - - '**' - pull_request: - branches: - - '**' - types: - - 'opened' - - 'reopened' - - 'synchronize' - -jobs: - spelling: - name: Check Spelling - permissions: - contents: read - pull-requests: read - actions: read - security-events: write - outputs: - followup: ${{ steps.spelling.outputs.followup }} - runs-on: ubuntu-latest - if: ${{ contains(github.event_name, 'pull_request') || github.event_name == 'push' }} - concurrency: - group: spelling-${{ github.event.pull_request.number || github.ref }} - # note: If you use only_check_changed_files, you do not want cancel-in-progress - cancel-in-progress: true - steps: - - name: check-spelling - id: spelling - uses: check-spelling/check-spelling@c635c2f3f714eec2fcf27b643a1919b9a811ef2e # v0.0.25 - with: - suppress_push_for_open_pull_request: ${{ github.actor != 'dependabot[bot]' && 1 }} - checkout: true - check_file_names: 1 - post_comment: 0 - use_magic_file: 1 - warnings: bad-regex,binary-file,deprecated-feature,ignored-expect-variant,large-file,limited-references,no-newline-at-eof,noisy-file,non-alpha-in-dictionary,token-is-substring,unexpected-line-ending,whitespace-in-dictionary,minified-file,unsupported-configuration,no-files-to-check,unclosed-block-ignore-begin,unclosed-block-ignore-end - use_sarif: ${{ (!github.event.pull_request || (github.event.pull_request.head.repo.full_name == github.repository)) && 1 }} - check_extra_dictionaries: "" - dictionary_source_prefixes: > - { - "cspell": "https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20241114/dictionaries/" - } - extra_dictionaries: | - cspell:software-terms/softwareTerms.txt - cspell:golang/go.txt - cspell:npm/npm.txt - cspell:k8s/k8s.txt - cspell:python/python/python-lib.txt - cspell:aws/aws.txt - cspell:node/node.txt - cspell:html/html.txt - cspell:filetypes/filetypes.txt - cspell:python/common/extra.txt - cspell:docker/docker-words.txt - cspell:fullstack/fullstack.txt diff --git a/.github/workflows/ssh-ci-runner-cron.yml b/.github/workflows/ssh-ci-runner-cron.yml deleted file mode 100644 index bbbd4cf..0000000 --- a/.github/workflows/ssh-ci-runner-cron.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: Regenerate ssh ci runner image - -on: - # pull_request: - # branches: ["main"] - schedule: - - cron: "0 0 1,8,15,22 * *" - workflow_dispatch: - -permissions: - pull-requests: write - contents: write - packages: write - -jobs: - ssh-ci-rebuild: - if: github.repository == 'sophie/nuke' - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-tags: true - fetch-depth: 0 - persist-credentials: false - - name: Log into registry - uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3.12.0 - - name: Build and push - run: | - cd ./test/ssh-ci - docker buildx bake --push diff --git a/.github/workflows/ssh-ci.yml b/.github/workflows/ssh-ci.yml deleted file mode 100644 index 951b1ad..0000000 --- a/.github/workflows/ssh-ci.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: SSH CI - -on: - push: - branches: ["main"] - # pull_request: - # branches: ["main"] - -permissions: - contents: read - -jobs: - ssh: - if: github.repository == 'sophie/nuke' - runs-on: alrest-sophie - strategy: - matrix: - host: - - riscv64 - - ppc64le - - aarch64-4k - - aarch64-16k - steps: - - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - fetch-tags: true - fetch-depth: 0 - persist-credentials: false - - - name: Install CI target SSH key - uses: shimataro/ssh-key-action@d4fffb50872869abe2d9a9098a6d9c5aa7d16be4 # v2.7.0 - with: - key: ${{ secrets.CI_SSH_KEY }} - name: id_rsa - known_hosts: ${{ secrets.CI_SSH_KNOWN_HOSTS }} - - - uses: actions/setup-go@7a3fe6cf4cb3a834922a1244abfce67bcef6a0c5 # v6.2.0 - with: - go-version: "1.25.4" - - - name: Run CI - run: go run ./utils/cmd/backoff-retry bash test/ssh-ci/rigging.sh ${{ matrix.host }} - env: - GITHUB_RUN_ID: ${{ github.run_id }} diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml deleted file mode 100644 index 2c0da87..0000000 --- a/.github/workflows/zizmor.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: zizmor - -on: - push: - paths: - - '.github/workflows/*.ya?ml' - pull_request: - paths: - - '.github/workflows/*.ya?ml' - -jobs: - zizmor: - name: zizmor latest via PyPI - runs-on: ubuntu-24.04 - permissions: - security-events: write - steps: - - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - with: - persist-credentials: false - - - name: Install the latest version of uv - uses: astral-sh/setup-uv@61cb8a9741eeb8a550a1b8544337180c0fc8476b # v7.2.0 - - - name: Run zizmor 🌈 - run: uvx zizmor --format sarif . > results.sarif - env: - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Upload SARIF file - uses: github/codeql-action/upload-sarif@5d4e8d1aca955e8d8589aabd499c5cae939e33c7 # v4.31.9 - with: - sarif_file: results.sarif - category: zizmor diff --git a/README.md b/README.md index c36c423..4b66293 100644 --- a/README.md +++ b/README.md @@ -6,8 +6,8 @@ features removed: - all of "thoth", which is techaro.lol's weird ASN / geoip resolver (slopware) will be replaced with ipify.org or proxycheck.io eventually - docs, follow anubis docs +- all of the CI, it is excessive to the max 💯💯💯 features soon removed: - most testing jigs, this is tested like this is being used by fortune 500 companies and should be closed source roflmfao -- all of the CI, it is excessive to the max 💯💯💯 - anubis mascot because i'm like 95% sure it's under license so i can't use it