From 659912e0afc2bc0ad1f0aa8d31dabf12aa9b5335 Mon Sep 17 00:00:00 2001 From: Emma Thorpe Date: Tue, 2 Jun 2026 15:29:59 +0000 Subject: [PATCH] ci: add Gitea Actions CI and Renovate coverage CI workflow gates on nixfmt formatting and evaluates all three host toplevels (aarch64 evaluates without emulation; no full builds in CI). renovate.json enables the nix manager and weekly lockFileMaintenance for flake.lock, plus grouped github-actions updates (Renovate matches .gitea/workflows). A self-hosted Renovate workflow runs it on Gitea, since Gitea has no built-in Renovate; it needs a RENOVATE_TOKEN secret. --- .gitea/workflows/ci.yaml | 37 ++++++++++++++++++++++++++++++++++ .gitea/workflows/renovate.yaml | 31 ++++++++++++++++++++++++++++ renovate.json | 30 +++++++++++++++++++++++++++ 3 files changed, 98 insertions(+) create mode 100644 .gitea/workflows/ci.yaml create mode 100644 .gitea/workflows/renovate.yaml create mode 100644 renovate.json diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml new file mode 100644 index 0000000..f6fc574 --- /dev/null +++ b/.gitea/workflows/ci.yaml @@ -0,0 +1,37 @@ +# Flake CI: formatting gate + evaluation of every host configuration. +name: CI + +on: + push: + branches: [main] + pull_request: + +jobs: + flake: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install Nix + uses: cachix/install-nix-action@v30 + with: + extra_nix_config: | + experimental-features = nix-command flakes + accept-flake-config = true + + - name: Check formatting + run: nix build --print-build-logs '.#checks.x86_64-linux.formatting' + + # Evaluate (not build) each host's toplevel so eval errors fail CI cheaply. + # aarch64 hosts evaluate fine on an x86_64 runner; only building would need + # emulation, which we deliberately avoid here. + - name: Evaluate host configurations + run: | + set -euo pipefail + for host in lyrathorpe-mbp lyrathorpe-x1c emmathorpe-edaas; do + echo "::group::eval $host" + nix eval --raw ".#nixosConfigurations.$host.config.system.build.toplevel.drvPath" + echo + echo "::endgroup::" + done diff --git a/.gitea/workflows/renovate.yaml b/.gitea/workflows/renovate.yaml new file mode 100644 index 0000000..8b6dab1 --- /dev/null +++ b/.gitea/workflows/renovate.yaml @@ -0,0 +1,31 @@ +# Self-hosted Renovate. Gitea has no built-in Renovate, so it runs here on a +# schedule (and on demand). Requires a repo/org secret RENOVATE_TOKEN holding a +# Gitea PAT with read/write on this repository and read on packages. +# If a central Renovate bot already autodiscovers this repo, delete this file; +# renovate.json alone is enough to configure it. +name: Renovate + +on: + schedule: + - cron: "0 4 * * 1" # Mondays 04:00 UTC + workflow_dispatch: + +jobs: + renovate: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Run Renovate + uses: renovatebot/github-action@v40.3.6 + with: + configurationFile: renovate.json + token: ${{ secrets.RENOVATE_TOKEN }} + env: + RENOVATE_PLATFORM: gitea + RENOVATE_ENDPOINT: ${{ env.GITHUB_SERVER_URL }}/api/v1 + RENOVATE_AUTODISCOVER: "false" + RENOVATE_REPOSITORIES: ${{ github.repository }} + RENOVATE_GIT_AUTHOR: "Renovate Bot " + LOG_LEVEL: info diff --git a/renovate.json b/renovate.json new file mode 100644 index 0000000..5024f5f --- /dev/null +++ b/renovate.json @@ -0,0 +1,30 @@ +{ + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + "config:recommended", + ":dependencyDashboard", + ":semanticCommits" + ], + "nix": { + "enabled": true + }, + "lockFileMaintenance": { + "enabled": true, + "schedule": ["before 6am on monday"] + }, + "git-submodules": { + "enabled": false + }, + "packageRules": [ + { + "description": "Group all flake input bumps from lockFileMaintenance into one PR.", + "matchManagers": ["nix"], + "groupName": "flake inputs" + }, + { + "description": "Group Gitea Actions workflow updates.", + "matchManagers": ["github-actions"], + "groupName": "gitea actions" + } + ] +}