diff --git a/.gitea/README.md b/.gitea/README.md index 6b414fb21..851cc64a6 100644 --- a/.gitea/README.md +++ b/.gitea/README.md @@ -2,17 +2,78 @@ Comprehensive CI/CD infrastructure for the StellaOps platform using Gitea Actions. +> **Note (2026-02-01):** All 118 original workflow files have been moved to +> `.gitea/workflows-archived/`. Only the `local-ci-verify.yml` verification +> pipeline remains active. See [Archived Workflows](#archived-workflows) below +> for details and restoration instructions. + ## Quick Reference | Resource | Location | |----------|----------| -| Workflows | `.gitea/workflows/` (96 workflows) | +| Active workflows | `.gitea/workflows/` (1 workflow) | +| Archived workflows | `.gitea/workflows-archived/` (118 workflows) | +| Reusable templates | `.gitea/workflows/templates/` | | Scripts | `.gitea/scripts/` | | Documentation | `.gitea/docs/` | | DevOps Configs | `devops/` | | Release Manifests | `devops/releases/` | -## Workflow Categories +## Active Workflows + +| Workflow | File | Trigger | Description | +|----------|------|---------|-------------| +| Local CI Verification | `local-ci-verify.yml` | `workflow_dispatch` | Validates local CI scaffolding, builds the CI image, and smoke-tests archived workflows using act | + +### How to run + +Trigger from the Gitea UI (**Actions > Local CI Verification > Run workflow**) or via API: + +```bash +curl -X POST \ + -H "Authorization: token $GITEA_TOKEN" \ + "https://git.stella-ops.org/api/v1/repos///actions/workflows/local-ci-verify.yml/dispatches" \ + -d '{"ref":"main","inputs":{"workflow":"test-matrix.yml","dry_run":"true"}}' +``` + +Inputs: +- **workflow** (optional): archived workflow file to dry-run (e.g. `test-matrix.yml`) +- **dry_run** (default `true`): pass `-n` to act + +## Archived Workflows + +All 118 production workflows have been moved to `.gitea/workflows-archived/` to +decouple active CI from the large workflow catalog while the local CI +scaffolding is validated. + +### Restoring a workflow + +To reactivate an archived workflow, move it back to `.gitea/workflows/`: + +```bash +# Restore a single workflow +mv .gitea/workflows-archived/test-matrix.yml .gitea/workflows/ + +# Restore all workflows +mv .gitea/workflows-archived/*.yml .gitea/workflows/ +mv .gitea/workflows-archived/*.yaml .gitea/workflows/ +``` + +### Running archived workflows locally with act + +Archived workflows can still be run locally — act accepts any path: + +```bash +act -l -W .gitea/workflows-archived/test-matrix.yml +act -W .gitea/workflows-archived/test-matrix.yml -n +``` + +Or use the `local-ci-verify.yml` pipeline with the `workflow` input to dry-run +an archived workflow via Gitea Actions. + +## Archived Workflow Reference + +The following tables document all 118 archived workflows by category. ### Core Build & Test diff --git a/.gitea/workflows/advisory-ai-release.yml b/.gitea/workflows-archived/advisory-ai-release.yml similarity index 100% rename from .gitea/workflows/advisory-ai-release.yml rename to .gitea/workflows-archived/advisory-ai-release.yml diff --git a/.gitea/workflows/airgap-sealed-ci.yml b/.gitea/workflows-archived/airgap-sealed-ci.yml similarity index 100% rename from .gitea/workflows/airgap-sealed-ci.yml rename to .gitea/workflows-archived/airgap-sealed-ci.yml diff --git a/.gitea/workflows/aoc-backfill-release.yml b/.gitea/workflows-archived/aoc-backfill-release.yml similarity index 100% rename from .gitea/workflows/aoc-backfill-release.yml rename to .gitea/workflows-archived/aoc-backfill-release.yml diff --git a/.gitea/workflows/aoc-guard.yml b/.gitea/workflows-archived/aoc-guard.yml similarity index 100% rename from .gitea/workflows/aoc-guard.yml rename to .gitea/workflows-archived/aoc-guard.yml diff --git a/.gitea/workflows/api-governance.yml b/.gitea/workflows-archived/api-governance.yml similarity index 100% rename from .gitea/workflows/api-governance.yml rename to .gitea/workflows-archived/api-governance.yml diff --git a/.gitea/workflows/artifact-signing.yml b/.gitea/workflows-archived/artifact-signing.yml similarity index 100% rename from .gitea/workflows/artifact-signing.yml rename to .gitea/workflows-archived/artifact-signing.yml diff --git a/.gitea/workflows/attestation-bundle.yml b/.gitea/workflows-archived/attestation-bundle.yml similarity index 100% rename from .gitea/workflows/attestation-bundle.yml rename to .gitea/workflows-archived/attestation-bundle.yml diff --git a/.gitea/workflows/attestation-linkage.yml b/.gitea/workflows-archived/attestation-linkage.yml similarity index 100% rename from .gitea/workflows/attestation-linkage.yml rename to .gitea/workflows-archived/attestation-linkage.yml diff --git a/.gitea/workflows/authority-key-rotation.yml b/.gitea/workflows-archived/authority-key-rotation.yml similarity index 100% rename from .gitea/workflows/authority-key-rotation.yml rename to .gitea/workflows-archived/authority-key-rotation.yml diff --git a/.gitea/workflows/bench-determinism.yml b/.gitea/workflows-archived/bench-determinism.yml similarity index 100% rename from .gitea/workflows/bench-determinism.yml rename to .gitea/workflows-archived/bench-determinism.yml diff --git a/.gitea/workflows/benchmark-vs-competitors.yml b/.gitea/workflows-archived/benchmark-vs-competitors.yml similarity index 100% rename from .gitea/workflows/benchmark-vs-competitors.yml rename to .gitea/workflows-archived/benchmark-vs-competitors.yml diff --git a/.gitea/workflows/build-test-deploy.yml b/.gitea/workflows-archived/build-test-deploy.yml similarity index 100% rename from .gitea/workflows/build-test-deploy.yml rename to .gitea/workflows-archived/build-test-deploy.yml diff --git a/.gitea/workflows/cli-build.yml b/.gitea/workflows-archived/cli-build.yml similarity index 100% rename from .gitea/workflows/cli-build.yml rename to .gitea/workflows-archived/cli-build.yml diff --git a/.gitea/workflows/cli-chaos-parity.yml b/.gitea/workflows-archived/cli-chaos-parity.yml similarity index 100% rename from .gitea/workflows/cli-chaos-parity.yml rename to .gitea/workflows-archived/cli-chaos-parity.yml diff --git a/.gitea/workflows/cold-warm-latency.yml b/.gitea/workflows-archived/cold-warm-latency.yml similarity index 100% rename from .gitea/workflows/cold-warm-latency.yml rename to .gitea/workflows-archived/cold-warm-latency.yml diff --git a/.gitea/workflows/competitor-parity.yml b/.gitea/workflows-archived/competitor-parity.yml similarity index 100% rename from .gitea/workflows/competitor-parity.yml rename to .gitea/workflows-archived/competitor-parity.yml diff --git a/.gitea/workflows/concelier-attestation-tests.yml b/.gitea/workflows-archived/concelier-attestation-tests.yml similarity index 100% rename from .gitea/workflows/concelier-attestation-tests.yml rename to .gitea/workflows-archived/concelier-attestation-tests.yml diff --git a/.gitea/workflows/concelier-store-aoc-19-005.yml b/.gitea/workflows-archived/concelier-store-aoc-19-005.yml similarity index 100% rename from .gitea/workflows/concelier-store-aoc-19-005.yml rename to .gitea/workflows-archived/concelier-store-aoc-19-005.yml diff --git a/.gitea/workflows/connector-fixture-drift.yml b/.gitea/workflows-archived/connector-fixture-drift.yml similarity index 100% rename from .gitea/workflows/connector-fixture-drift.yml rename to .gitea/workflows-archived/connector-fixture-drift.yml diff --git a/.gitea/workflows/console-ci.yml b/.gitea/workflows-archived/console-ci.yml similarity index 100% rename from .gitea/workflows/console-ci.yml rename to .gitea/workflows-archived/console-ci.yml diff --git a/.gitea/workflows/console-runner-image.yml b/.gitea/workflows-archived/console-runner-image.yml similarity index 100% rename from .gitea/workflows/console-runner-image.yml rename to .gitea/workflows-archived/console-runner-image.yml diff --git a/.gitea/workflows/container-scan.yml b/.gitea/workflows-archived/container-scan.yml similarity index 100% rename from .gitea/workflows/container-scan.yml rename to .gitea/workflows-archived/container-scan.yml diff --git a/.gitea/workflows/containers-multiarch.yml b/.gitea/workflows-archived/containers-multiarch.yml similarity index 100% rename from .gitea/workflows/containers-multiarch.yml rename to .gitea/workflows-archived/containers-multiarch.yml diff --git a/.gitea/workflows/control-plane-chaos.yml b/.gitea/workflows-archived/control-plane-chaos.yml similarity index 100% rename from .gitea/workflows/control-plane-chaos.yml rename to .gitea/workflows-archived/control-plane-chaos.yml diff --git a/.gitea/workflows/cross-platform-determinism.yml b/.gitea/workflows-archived/cross-platform-determinism.yml similarity index 100% rename from .gitea/workflows/cross-platform-determinism.yml rename to .gitea/workflows-archived/cross-platform-determinism.yml diff --git a/.gitea/workflows/crypto-compliance.yml b/.gitea/workflows-archived/crypto-compliance.yml similarity index 100% rename from .gitea/workflows/crypto-compliance.yml rename to .gitea/workflows-archived/crypto-compliance.yml diff --git a/.gitea/workflows/crypto-sim-smoke.yml b/.gitea/workflows-archived/crypto-sim-smoke.yml similarity index 100% rename from .gitea/workflows/crypto-sim-smoke.yml rename to .gitea/workflows-archived/crypto-sim-smoke.yml diff --git a/.gitea/workflows/cryptopro-linux-csp.yml b/.gitea/workflows-archived/cryptopro-linux-csp.yml similarity index 100% rename from .gitea/workflows/cryptopro-linux-csp.yml rename to .gitea/workflows-archived/cryptopro-linux-csp.yml diff --git a/.gitea/workflows/cryptopro-optin.yml b/.gitea/workflows-archived/cryptopro-optin.yml similarity index 100% rename from .gitea/workflows/cryptopro-optin.yml rename to .gitea/workflows-archived/cryptopro-optin.yml diff --git a/.gitea/workflows/dead-path-detection.yml b/.gitea/workflows-archived/dead-path-detection.yml similarity index 100% rename from .gitea/workflows/dead-path-detection.yml rename to .gitea/workflows-archived/dead-path-detection.yml diff --git a/.gitea/workflows/dependency-license-gate.yml b/.gitea/workflows-archived/dependency-license-gate.yml similarity index 100% rename from .gitea/workflows/dependency-license-gate.yml rename to .gitea/workflows-archived/dependency-license-gate.yml diff --git a/.gitea/workflows/dependency-security-scan.yml b/.gitea/workflows-archived/dependency-security-scan.yml similarity index 100% rename from .gitea/workflows/dependency-security-scan.yml rename to .gitea/workflows-archived/dependency-security-scan.yml diff --git a/.gitea/workflows/deploy-keyless-verify.yml b/.gitea/workflows-archived/deploy-keyless-verify.yml similarity index 100% rename from .gitea/workflows/deploy-keyless-verify.yml rename to .gitea/workflows-archived/deploy-keyless-verify.yml diff --git a/.gitea/workflows/determinism-gate.yml b/.gitea/workflows-archived/determinism-gate.yml similarity index 100% rename from .gitea/workflows/determinism-gate.yml rename to .gitea/workflows-archived/determinism-gate.yml diff --git a/.gitea/workflows/devportal-offline.yml b/.gitea/workflows-archived/devportal-offline.yml similarity index 100% rename from .gitea/workflows/devportal-offline.yml rename to .gitea/workflows-archived/devportal-offline.yml diff --git a/.gitea/workflows/docker-regional-builds.yml b/.gitea/workflows-archived/docker-regional-builds.yml similarity index 100% rename from .gitea/workflows/docker-regional-builds.yml rename to .gitea/workflows-archived/docker-regional-builds.yml diff --git a/.gitea/workflows/docs.yml b/.gitea/workflows-archived/docs.yml old mode 100755 new mode 100644 similarity index 100% rename from .gitea/workflows/docs.yml rename to .gitea/workflows-archived/docs.yml diff --git a/.gitea/workflows/e2e-reproducibility.yml b/.gitea/workflows-archived/e2e-reproducibility.yml similarity index 100% rename from .gitea/workflows/e2e-reproducibility.yml rename to .gitea/workflows-archived/e2e-reproducibility.yml diff --git a/.gitea/workflows/ebpf-reachability-determinism.yml b/.gitea/workflows-archived/ebpf-reachability-determinism.yml similarity index 100% rename from .gitea/workflows/ebpf-reachability-determinism.yml rename to .gitea/workflows-archived/ebpf-reachability-determinism.yml diff --git a/.gitea/workflows/epss-ingest-perf.yml b/.gitea/workflows-archived/epss-ingest-perf.yml similarity index 100% rename from .gitea/workflows/epss-ingest-perf.yml rename to .gitea/workflows-archived/epss-ingest-perf.yml diff --git a/.gitea/workflows/evidence-locker.yml b/.gitea/workflows-archived/evidence-locker.yml similarity index 100% rename from .gitea/workflows/evidence-locker.yml rename to .gitea/workflows-archived/evidence-locker.yml diff --git a/.gitea/workflows/export-ci.yml b/.gitea/workflows-archived/export-ci.yml similarity index 100% rename from .gitea/workflows/export-ci.yml rename to .gitea/workflows-archived/export-ci.yml diff --git a/.gitea/workflows/export-compat.yml b/.gitea/workflows-archived/export-compat.yml similarity index 100% rename from .gitea/workflows/export-compat.yml rename to .gitea/workflows-archived/export-compat.yml diff --git a/.gitea/workflows/exporter-ci.yml b/.gitea/workflows-archived/exporter-ci.yml similarity index 100% rename from .gitea/workflows/exporter-ci.yml rename to .gitea/workflows-archived/exporter-ci.yml diff --git a/.gitea/workflows/federation-multisite.yml b/.gitea/workflows-archived/federation-multisite.yml similarity index 100% rename from .gitea/workflows/federation-multisite.yml rename to .gitea/workflows-archived/federation-multisite.yml diff --git a/.gitea/workflows/findings-ledger-ci.yml b/.gitea/workflows-archived/findings-ledger-ci.yml similarity index 100% rename from .gitea/workflows/findings-ledger-ci.yml rename to .gitea/workflows-archived/findings-ledger-ci.yml diff --git a/.gitea/workflows/golden-corpus-bench.yaml b/.gitea/workflows-archived/golden-corpus-bench.yaml similarity index 100% rename from .gitea/workflows/golden-corpus-bench.yaml rename to .gitea/workflows-archived/golden-corpus-bench.yaml diff --git a/.gitea/workflows/golden-set-validation.yml b/.gitea/workflows-archived/golden-set-validation.yml similarity index 100% rename from .gitea/workflows/golden-set-validation.yml rename to .gitea/workflows-archived/golden-set-validation.yml diff --git a/.gitea/workflows/graph-load.yml b/.gitea/workflows-archived/graph-load.yml similarity index 100% rename from .gitea/workflows/graph-load.yml rename to .gitea/workflows-archived/graph-load.yml diff --git a/.gitea/workflows/graph-ui-sim.yml b/.gitea/workflows-archived/graph-ui-sim.yml similarity index 100% rename from .gitea/workflows/graph-ui-sim.yml rename to .gitea/workflows-archived/graph-ui-sim.yml diff --git a/.gitea/workflows/hlc-distributed.yml b/.gitea/workflows-archived/hlc-distributed.yml similarity index 100% rename from .gitea/workflows/hlc-distributed.yml rename to .gitea/workflows-archived/hlc-distributed.yml diff --git a/.gitea/workflows/icscisa-kisa-refresh.yml b/.gitea/workflows-archived/icscisa-kisa-refresh.yml similarity index 100% rename from .gitea/workflows/icscisa-kisa-refresh.yml rename to .gitea/workflows-archived/icscisa-kisa-refresh.yml diff --git a/.gitea/workflows/integration-tests-gate.yml b/.gitea/workflows-archived/integration-tests-gate.yml similarity index 100% rename from .gitea/workflows/integration-tests-gate.yml rename to .gitea/workflows-archived/integration-tests-gate.yml diff --git a/.gitea/workflows/interop-e2e.yml b/.gitea/workflows-archived/interop-e2e.yml similarity index 100% rename from .gitea/workflows/interop-e2e.yml rename to .gitea/workflows-archived/interop-e2e.yml diff --git a/.gitea/workflows/ledger-oas-ci.yml b/.gitea/workflows-archived/ledger-oas-ci.yml similarity index 100% rename from .gitea/workflows/ledger-oas-ci.yml rename to .gitea/workflows-archived/ledger-oas-ci.yml diff --git a/.gitea/workflows/ledger-packs-ci.yml b/.gitea/workflows-archived/ledger-packs-ci.yml similarity index 100% rename from .gitea/workflows/ledger-packs-ci.yml rename to .gitea/workflows-archived/ledger-packs-ci.yml diff --git a/.gitea/workflows/license-audit.yml b/.gitea/workflows-archived/license-audit.yml similarity index 100% rename from .gitea/workflows/license-audit.yml rename to .gitea/workflows-archived/license-audit.yml diff --git a/.gitea/workflows/lighthouse-ci.yml b/.gitea/workflows-archived/lighthouse-ci.yml similarity index 100% rename from .gitea/workflows/lighthouse-ci.yml rename to .gitea/workflows-archived/lighthouse-ci.yml diff --git a/.gitea/workflows/lnm-backfill.yml b/.gitea/workflows-archived/lnm-backfill.yml similarity index 100% rename from .gitea/workflows/lnm-backfill.yml rename to .gitea/workflows-archived/lnm-backfill.yml diff --git a/.gitea/workflows/lnm-migration-ci.yml b/.gitea/workflows-archived/lnm-migration-ci.yml similarity index 100% rename from .gitea/workflows/lnm-migration-ci.yml rename to .gitea/workflows-archived/lnm-migration-ci.yml diff --git a/.gitea/workflows/lnm-vex-backfill.yml b/.gitea/workflows-archived/lnm-vex-backfill.yml similarity index 100% rename from .gitea/workflows/lnm-vex-backfill.yml rename to .gitea/workflows-archived/lnm-vex-backfill.yml diff --git a/.gitea/workflows/manifest-integrity.yml b/.gitea/workflows-archived/manifest-integrity.yml similarity index 100% rename from .gitea/workflows/manifest-integrity.yml rename to .gitea/workflows-archived/manifest-integrity.yml diff --git a/.gitea/workflows/migration-test.yml b/.gitea/workflows-archived/migration-test.yml similarity index 100% rename from .gitea/workflows/migration-test.yml rename to .gitea/workflows-archived/migration-test.yml diff --git a/.gitea/workflows/mirror-sign.yml b/.gitea/workflows-archived/mirror-sign.yml similarity index 100% rename from .gitea/workflows/mirror-sign.yml rename to .gitea/workflows-archived/mirror-sign.yml diff --git a/.gitea/workflows/mock-dev-release.yml b/.gitea/workflows-archived/mock-dev-release.yml similarity index 100% rename from .gitea/workflows/mock-dev-release.yml rename to .gitea/workflows-archived/mock-dev-release.yml diff --git a/.gitea/workflows/module-publish.yml b/.gitea/workflows-archived/module-publish.yml similarity index 100% rename from .gitea/workflows/module-publish.yml rename to .gitea/workflows-archived/module-publish.yml diff --git a/.gitea/workflows/nightly-regression.yml b/.gitea/workflows-archived/nightly-regression.yml similarity index 100% rename from .gitea/workflows/nightly-regression.yml rename to .gitea/workflows-archived/nightly-regression.yml diff --git a/.gitea/workflows/notify-smoke-test.yml b/.gitea/workflows-archived/notify-smoke-test.yml similarity index 100% rename from .gitea/workflows/notify-smoke-test.yml rename to .gitea/workflows-archived/notify-smoke-test.yml diff --git a/.gitea/workflows/oas-ci.yml b/.gitea/workflows-archived/oas-ci.yml similarity index 100% rename from .gitea/workflows/oas-ci.yml rename to .gitea/workflows-archived/oas-ci.yml diff --git a/.gitea/workflows/obs-slo.yml b/.gitea/workflows-archived/obs-slo.yml similarity index 100% rename from .gitea/workflows/obs-slo.yml rename to .gitea/workflows-archived/obs-slo.yml diff --git a/.gitea/workflows/obs-stream.yml b/.gitea/workflows-archived/obs-stream.yml similarity index 100% rename from .gitea/workflows/obs-stream.yml rename to .gitea/workflows-archived/obs-stream.yml diff --git a/.gitea/workflows/offline-e2e.yml b/.gitea/workflows-archived/offline-e2e.yml similarity index 100% rename from .gitea/workflows/offline-e2e.yml rename to .gitea/workflows-archived/offline-e2e.yml diff --git a/.gitea/workflows/parity-tests.yml b/.gitea/workflows-archived/parity-tests.yml similarity index 100% rename from .gitea/workflows/parity-tests.yml rename to .gitea/workflows-archived/parity-tests.yml diff --git a/.gitea/workflows/policy-lint.yml b/.gitea/workflows-archived/policy-lint.yml similarity index 100% rename from .gitea/workflows/policy-lint.yml rename to .gitea/workflows-archived/policy-lint.yml diff --git a/.gitea/workflows/policy-simulate.yml b/.gitea/workflows-archived/policy-simulate.yml similarity index 100% rename from .gitea/workflows/policy-simulate.yml rename to .gitea/workflows-archived/policy-simulate.yml diff --git a/.gitea/workflows/promote.yml b/.gitea/workflows-archived/promote.yml similarity index 100% rename from .gitea/workflows/promote.yml rename to .gitea/workflows-archived/promote.yml diff --git a/.gitea/workflows/provenance-check.yml b/.gitea/workflows-archived/provenance-check.yml similarity index 100% rename from .gitea/workflows/provenance-check.yml rename to .gitea/workflows-archived/provenance-check.yml diff --git a/.gitea/workflows/reachability-bench.yaml b/.gitea/workflows-archived/reachability-bench.yaml similarity index 100% rename from .gitea/workflows/reachability-bench.yaml rename to .gitea/workflows-archived/reachability-bench.yaml diff --git a/.gitea/workflows/reachability-corpus-ci.yml b/.gitea/workflows-archived/reachability-corpus-ci.yml similarity index 100% rename from .gitea/workflows/reachability-corpus-ci.yml rename to .gitea/workflows-archived/reachability-corpus-ci.yml diff --git a/.gitea/workflows/registry-compatibility.yml b/.gitea/workflows-archived/registry-compatibility.yml similarity index 100% rename from .gitea/workflows/registry-compatibility.yml rename to .gitea/workflows-archived/registry-compatibility.yml diff --git a/.gitea/workflows/release-evidence-pack.yml b/.gitea/workflows-archived/release-evidence-pack.yml similarity index 100% rename from .gitea/workflows/release-evidence-pack.yml rename to .gitea/workflows-archived/release-evidence-pack.yml diff --git a/.gitea/workflows/release-keyless-sign.yml b/.gitea/workflows-archived/release-keyless-sign.yml similarity index 100% rename from .gitea/workflows/release-keyless-sign.yml rename to .gitea/workflows-archived/release-keyless-sign.yml diff --git a/.gitea/workflows/release-manifest-verify.yml b/.gitea/workflows-archived/release-manifest-verify.yml similarity index 100% rename from .gitea/workflows/release-manifest-verify.yml rename to .gitea/workflows-archived/release-manifest-verify.yml diff --git a/.gitea/workflows/release-suite.yml b/.gitea/workflows-archived/release-suite.yml similarity index 100% rename from .gitea/workflows/release-suite.yml rename to .gitea/workflows-archived/release-suite.yml diff --git a/.gitea/workflows/release-validation.yml b/.gitea/workflows-archived/release-validation.yml similarity index 100% rename from .gitea/workflows/release-validation.yml rename to .gitea/workflows-archived/release-validation.yml diff --git a/.gitea/workflows/release.yml b/.gitea/workflows-archived/release.yml similarity index 100% rename from .gitea/workflows/release.yml rename to .gitea/workflows-archived/release.yml diff --git a/.gitea/workflows/renovate.yml b/.gitea/workflows-archived/renovate.yml similarity index 100% rename from .gitea/workflows/renovate.yml rename to .gitea/workflows-archived/renovate.yml diff --git a/.gitea/workflows/replay-verification.yml b/.gitea/workflows-archived/replay-verification.yml similarity index 100% rename from .gitea/workflows/replay-verification.yml rename to .gitea/workflows-archived/replay-verification.yml diff --git a/.gitea/workflows/risk-bundle-ci.yml b/.gitea/workflows-archived/risk-bundle-ci.yml similarity index 100% rename from .gitea/workflows/risk-bundle-ci.yml rename to .gitea/workflows-archived/risk-bundle-ci.yml diff --git a/.gitea/workflows/rollback-lag.yml b/.gitea/workflows-archived/rollback-lag.yml similarity index 100% rename from .gitea/workflows/rollback-lag.yml rename to .gitea/workflows-archived/rollback-lag.yml diff --git a/.gitea/workflows/rollback.yml b/.gitea/workflows-archived/rollback.yml similarity index 100% rename from .gitea/workflows/rollback.yml rename to .gitea/workflows-archived/rollback.yml diff --git a/.gitea/workflows/router-chaos.yml b/.gitea/workflows-archived/router-chaos.yml similarity index 100% rename from .gitea/workflows/router-chaos.yml rename to .gitea/workflows-archived/router-chaos.yml diff --git a/.gitea/workflows/sast-scan.yml b/.gitea/workflows-archived/sast-scan.yml similarity index 100% rename from .gitea/workflows/sast-scan.yml rename to .gitea/workflows-archived/sast-scan.yml diff --git a/.gitea/workflows/scanner-analyzers-release.yml b/.gitea/workflows-archived/scanner-analyzers-release.yml similarity index 100% rename from .gitea/workflows/scanner-analyzers-release.yml rename to .gitea/workflows-archived/scanner-analyzers-release.yml diff --git a/.gitea/workflows/scanner-analyzers.yml b/.gitea/workflows-archived/scanner-analyzers.yml similarity index 100% rename from .gitea/workflows/scanner-analyzers.yml rename to .gitea/workflows-archived/scanner-analyzers.yml diff --git a/.gitea/workflows/scanner-determinism.yml b/.gitea/workflows-archived/scanner-determinism.yml similarity index 100% rename from .gitea/workflows/scanner-determinism.yml rename to .gitea/workflows-archived/scanner-determinism.yml diff --git a/.gitea/workflows/schema-evolution.yml b/.gitea/workflows-archived/schema-evolution.yml similarity index 100% rename from .gitea/workflows/schema-evolution.yml rename to .gitea/workflows-archived/schema-evolution.yml diff --git a/.gitea/workflows/schema-validation.yml b/.gitea/workflows-archived/schema-validation.yml similarity index 100% rename from .gitea/workflows/schema-validation.yml rename to .gitea/workflows-archived/schema-validation.yml diff --git a/.gitea/workflows/sdk-generator.yml b/.gitea/workflows-archived/sdk-generator.yml similarity index 100% rename from .gitea/workflows/sdk-generator.yml rename to .gitea/workflows-archived/sdk-generator.yml diff --git a/.gitea/workflows/sdk-publish.yml b/.gitea/workflows-archived/sdk-publish.yml similarity index 100% rename from .gitea/workflows/sdk-publish.yml rename to .gitea/workflows-archived/sdk-publish.yml diff --git a/.gitea/workflows/secrets-bundle-release.yml b/.gitea/workflows-archived/secrets-bundle-release.yml similarity index 100% rename from .gitea/workflows/secrets-bundle-release.yml rename to .gitea/workflows-archived/secrets-bundle-release.yml diff --git a/.gitea/workflows/secrets-scan.yml b/.gitea/workflows-archived/secrets-scan.yml similarity index 100% rename from .gitea/workflows/secrets-scan.yml rename to .gitea/workflows-archived/secrets-scan.yml diff --git a/.gitea/workflows/service-release.yml b/.gitea/workflows-archived/service-release.yml similarity index 100% rename from .gitea/workflows/service-release.yml rename to .gitea/workflows-archived/service-release.yml diff --git a/.gitea/workflows/signals-ci.yml b/.gitea/workflows-archived/signals-ci.yml similarity index 100% rename from .gitea/workflows/signals-ci.yml rename to .gitea/workflows-archived/signals-ci.yml diff --git a/.gitea/workflows/signals-dsse-sign.yml b/.gitea/workflows-archived/signals-dsse-sign.yml similarity index 100% rename from .gitea/workflows/signals-dsse-sign.yml rename to .gitea/workflows-archived/signals-dsse-sign.yml diff --git a/.gitea/workflows/signals-evidence-locker.yml b/.gitea/workflows-archived/signals-evidence-locker.yml similarity index 100% rename from .gitea/workflows/signals-evidence-locker.yml rename to .gitea/workflows-archived/signals-evidence-locker.yml diff --git a/.gitea/workflows/signals-reachability.yml b/.gitea/workflows-archived/signals-reachability.yml similarity index 100% rename from .gitea/workflows/signals-reachability.yml rename to .gitea/workflows-archived/signals-reachability.yml diff --git a/.gitea/workflows/sm-remote-ci.yml b/.gitea/workflows-archived/sm-remote-ci.yml similarity index 100% rename from .gitea/workflows/sm-remote-ci.yml rename to .gitea/workflows-archived/sm-remote-ci.yml diff --git a/.gitea/workflows/spec-diff-gate.yml b/.gitea/workflows-archived/spec-diff-gate.yml similarity index 100% rename from .gitea/workflows/spec-diff-gate.yml rename to .gitea/workflows-archived/spec-diff-gate.yml diff --git a/.gitea/workflows/symbols-ci.yml b/.gitea/workflows-archived/symbols-ci.yml similarity index 100% rename from .gitea/workflows/symbols-ci.yml rename to .gitea/workflows-archived/symbols-ci.yml diff --git a/.gitea/workflows/symbols-release.yml b/.gitea/workflows-archived/symbols-release.yml similarity index 100% rename from .gitea/workflows/symbols-release.yml rename to .gitea/workflows-archived/symbols-release.yml diff --git a/.gitea/workflows/test-blast-radius.yml b/.gitea/workflows-archived/test-blast-radius.yml similarity index 100% rename from .gitea/workflows/test-blast-radius.yml rename to .gitea/workflows-archived/test-blast-radius.yml diff --git a/.gitea/workflows/test-infrastructure.yml b/.gitea/workflows-archived/test-infrastructure.yml similarity index 100% rename from .gitea/workflows/test-infrastructure.yml rename to .gitea/workflows-archived/test-infrastructure.yml diff --git a/.gitea/workflows/test-lanes.yml b/.gitea/workflows-archived/test-lanes.yml similarity index 100% rename from .gitea/workflows/test-lanes.yml rename to .gitea/workflows-archived/test-lanes.yml diff --git a/.gitea/workflows/test-matrix.yml b/.gitea/workflows-archived/test-matrix.yml similarity index 100% rename from .gitea/workflows/test-matrix.yml rename to .gitea/workflows-archived/test-matrix.yml diff --git a/.gitea/workflows/unknowns-budget-gate.yml b/.gitea/workflows-archived/unknowns-budget-gate.yml similarity index 100% rename from .gitea/workflows/unknowns-budget-gate.yml rename to .gitea/workflows-archived/unknowns-budget-gate.yml diff --git a/.gitea/workflows/verify-reproducibility.yml b/.gitea/workflows-archived/verify-reproducibility.yml similarity index 100% rename from .gitea/workflows/verify-reproducibility.yml rename to .gitea/workflows-archived/verify-reproducibility.yml diff --git a/.gitea/workflows/vex-proof-bundles.yml b/.gitea/workflows-archived/vex-proof-bundles.yml similarity index 100% rename from .gitea/workflows/vex-proof-bundles.yml rename to .gitea/workflows-archived/vex-proof-bundles.yml diff --git a/.gitea/workflows/local-ci-verify.yml b/.gitea/workflows/local-ci-verify.yml new file mode 100644 index 000000000..bc7f543c5 --- /dev/null +++ b/.gitea/workflows/local-ci-verify.yml @@ -0,0 +1,137 @@ +# Local CI Verification Pipeline +# Manual-dispatch only — validates devops/ci-local/ scaffolding and CI image. +# Triggers: workflow_dispatch (Gitea UI or API). +name: Local CI Verification + +on: + workflow_dispatch: + inputs: + workflow: + description: 'Archived workflow file to dry-run (e.g. test-matrix.yml). Leave empty to skip.' + required: false + default: '' + dry_run: + description: 'Pass -n (dry-run) to act' + required: false + default: 'true' + +jobs: + validate-scaffolding: + name: Validate CI scaffolding + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Check devops/ci-local files exist + run: | + echo "::group::Checking required files" + errors=0 + + for f in \ + devops/ci-local/.env.local.template \ + devops/ci-local/run-act.sh \ + devops/ci-local/run-act.ps1 \ + devops/ci-local/README.md \ + devops/ci-local/events/push.json \ + devops/ci-local/events/pull-request.json \ + devops/docker/Dockerfile.ci \ + .actrc; do + if [ -f "$f" ]; then + echo "✓ $f" + else + echo "✗ MISSING: $f" + errors=$((errors + 1)) + fi + done + + echo "::endgroup::" + if [ "$errors" -gt 0 ]; then + echo "::error::$errors required file(s) missing" + exit 1 + fi + + - name: Lint event JSON files + run: | + echo "::group::Validating JSON payloads" + for f in devops/ci-local/events/*.json; do + if python3 -m json.tool "$f" > /dev/null 2>&1; then + echo "✓ $f — valid JSON" + else + echo "✗ $f — invalid JSON" + exit 1 + fi + done + echo "::endgroup::" + + - name: Verify runner scripts are executable + run: | + if [ ! -x devops/ci-local/run-act.sh ]; then + echo "::warning::run-act.sh is not executable (chmod +x recommended)" + fi + + build-ci-image: + name: Build stellaops-ci image + runs-on: ubuntu-latest + needs: validate-scaffolding + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Build CI image + run: | + docker build \ + -t stellaops-ci:local \ + -f devops/docker/Dockerfile.ci \ + . + + - name: Verify image exists + run: | + docker image inspect stellaops-ci:local > /dev/null 2>&1 + echo "stellaops-ci:local built successfully" + docker image ls stellaops-ci:local + + dry-run-smoke: + name: Dry-run smoke test + runs-on: ubuntu-latest + needs: build-ci-image + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install act + run: | + curl -sSL https://raw.githubusercontent.com/nektos/act/master/install.sh | sudo bash + + - name: List jobs from archived test-matrix + run: | + act -l -W .gitea/workflows-archived/test-matrix.yml \ + -P ubuntu-latest=stellaops-ci:local \ + --env-file devops/ci-local/.env.local.template + + - name: Dry-run archived test-matrix + run: | + act -W .gitea/workflows-archived/test-matrix.yml -n \ + -P ubuntu-latest=stellaops-ci:local \ + --env-file devops/ci-local/.env.local.template \ + -e devops/ci-local/events/push.json + + - name: Dry-run user-specified workflow + if: ${{ github.event.inputs.workflow != '' }} + run: | + WORKFLOW="${{ github.event.inputs.workflow }}" + ARCHIVE_PATH=".gitea/workflows-archived/${WORKFLOW}" + + if [ ! -f "$ARCHIVE_PATH" ]; then + echo "::error::Workflow not found: $ARCHIVE_PATH" + exit 1 + fi + + ACT_ARGS="-W $ARCHIVE_PATH -P ubuntu-latest=stellaops-ci:local --env-file devops/ci-local/.env.local.template -e devops/ci-local/events/push.json" + + if [ "${{ github.event.inputs.dry_run }}" = "true" ]; then + ACT_ARGS="$ACT_ARGS -n" + fi + + echo "Running: act $ACT_ARGS" + act $ACT_ARGS diff --git a/devops/ci-local/README.md b/devops/ci-local/README.md index 9c5ae4d6d..0356e46b2 100644 --- a/devops/ci-local/README.md +++ b/devops/ci-local/README.md @@ -23,8 +23,8 @@ cp devops/ci-local/.env.local.template devops/ci-local/.env.local # 3. List available jobs act -l -# 4. Dry-run a workflow -act -W .gitea/workflows/test-matrix.yml -n +# 4. Dry-run a workflow (archived workflows) +act -W .gitea/workflows-archived/test-matrix.yml -n ``` ### Windows (PowerShell) @@ -54,17 +54,47 @@ The `local-ci.sh` script supports additional modes beyond raw act invocation: ./devops/scripts/local-ci.sh module --module Scanner ``` +## Gitea CI verification pipeline + +The `local-ci-verify.yml` workflow (in `.gitea/workflows/`) provides a one-click +way to validate your local CI setup from within Gitea Actions itself. + +**Trigger:** Manual dispatch only (Gitea UI: **Actions > Local CI Verification > Run workflow**). + +**Inputs:** +| Input | Default | Description | +|-------|---------|-------------| +| `workflow` | _(empty)_ | Archived workflow file to dry-run (e.g. `test-matrix.yml`) | +| `dry_run` | `true` | Pass `-n` (dry-run) to act | + +**Jobs:** +1. **validate-scaffolding** — Checks that all `devops/ci-local/` files exist and event JSON is valid. +2. **build-ci-image** — Builds `stellaops-ci:local` from `devops/docker/Dockerfile.ci`. +3. **dry-run-smoke** — Runs `act -l` and `act -n` against `test-matrix.yml` from the archive, plus an optional user-specified workflow. + +**API trigger example:** + +```bash +curl -X POST \ + -H "Authorization: token $GITEA_TOKEN" \ + "https://git.stella-ops.org/api/v1/repos///actions/workflows/local-ci-verify.yml/dispatches" \ + -d '{"ref":"main","inputs":{"workflow":"test-matrix.yml","dry_run":"true"}}' +``` + ## Common workflows +> **Note:** Workflows have been archived to `.gitea/workflows-archived/`. The +> paths below reflect the archive location. + | Workflow | What it tests | Example | |----------|--------------|---------| -| `test-matrix.yml` | Unit + integration test matrix | `act -W .gitea/workflows/test-matrix.yml -n` | -| `build-test-deploy.yml` | Full build/test/deploy pipeline | `act -W .gitea/workflows/build-test-deploy.yml -n` | -| `scanner-analyzers.yml` | Scanner analyzer suite | `act -W .gitea/workflows/scanner-analyzers.yml -n` | -| `parity-tests.yml` | Cross-platform parity checks | `act -W .gitea/workflows/parity-tests.yml -n` | -| `integration-tests-gate.yml` | Integration test gate | `act -W .gitea/workflows/integration-tests-gate.yml -n` | -| `schema-validation.yml` | JSON/OAS schema validation | `act -W .gitea/workflows/schema-validation.yml -n` | -| `determinism-gate.yml` | Deterministic output checks | `act -W .gitea/workflows/determinism-gate.yml -n` | +| `test-matrix.yml` | Unit + integration test matrix | `act -W .gitea/workflows-archived/test-matrix.yml -n` | +| `build-test-deploy.yml` | Full build/test/deploy pipeline | `act -W .gitea/workflows-archived/build-test-deploy.yml -n` | +| `scanner-analyzers.yml` | Scanner analyzer suite | `act -W .gitea/workflows-archived/scanner-analyzers.yml -n` | +| `parity-tests.yml` | Cross-platform parity checks | `act -W .gitea/workflows-archived/parity-tests.yml -n` | +| `integration-tests-gate.yml` | Integration test gate | `act -W .gitea/workflows-archived/integration-tests-gate.yml -n` | +| `schema-validation.yml` | JSON/OAS schema validation | `act -W .gitea/workflows-archived/schema-validation.yml -n` | +| `determinism-gate.yml` | Deterministic output checks | `act -W .gitea/workflows-archived/determinism-gate.yml -n` | ## Environment variables diff --git a/docs/implplan/SPRINT_20260201_005_CICD_act_local_ci_verification.md b/docs/implplan/SPRINT_20260201_005_CICD_act_local_ci_verification.md index a22c4d5c7..672f57ee6 100644 --- a/docs/implplan/SPRINT_20260201_005_CICD_act_local_ci_verification.md +++ b/docs/implplan/SPRINT_20260201_005_CICD_act_local_ci_verification.md @@ -97,6 +97,38 @@ Completion criteria: - [x] Sprint file follows the standard template - [x] All tasks tracked +### T7 - Create local-ci-verify.yml pipeline +Status: DONE +Dependency: T1-T5 +Owners: Developer +Task description: +- Create `.gitea/workflows/local-ci-verify.yml` — a `workflow_dispatch`-only pipeline that validates the local CI scaffolding. +- Three jobs: `validate-scaffolding` (check files exist, lint JSON), `build-ci-image` (build Dockerfile.ci), `dry-run-smoke` (act list + dry-run against archived workflows). +- Inputs: `workflow` (optional archived workflow to dry-run), `dry_run` (boolean, default true). + +Completion criteria: +- [x] Workflow file exists at `.gitea/workflows/local-ci-verify.yml` +- [x] Only triggered by `workflow_dispatch` +- [x] Three jobs with correct dependency chain +- [x] Supports optional dry-run of user-specified archived workflow + +### T8 - Archive all existing workflow files +Status: DONE +Dependency: T7 +Owners: Developer +Task description: +- Move all 118 `.yml`/`.yaml` workflow files from `.gitea/workflows/` to `.gitea/workflows-archived/`. +- Keep only `local-ci-verify.yml` and `templates/` subdirectory in `.gitea/workflows/`. +- Update `.gitea/README.md` to document the archive state, active workflows, and restoration instructions. +- Update `devops/ci-local/README.md` with pipeline trigger instructions. + +Completion criteria: +- [x] 118 files moved to `.gitea/workflows-archived/` +- [x] Only `local-ci-verify.yml` remains in `.gitea/workflows/` +- [x] `templates/` subdirectory preserved in `.gitea/workflows/` +- [x] `.gitea/README.md` updated with archive note, active workflows section, and restoration instructions +- [x] `devops/ci-local/README.md` updated with pipeline section + ## Execution Log | Date (UTC) | Update | Owner | | --- | --- | --- | @@ -125,6 +157,9 @@ Completion criteria: | 15 | `run-act.sh` syntax check (`bash -n`) | PASS | No syntax errors | | 16 | `.env.local` auto-creation | PASS | Copied from template on first `run-act.ps1` run | +| 2026-02-01 | T7: Created `local-ci-verify.yml` with 3-job pipeline (validate-scaffolding, build-ci-image, dry-run-smoke). | Developer | +| 2026-02-01 | T8: Archived 118 workflow files to `.gitea/workflows-archived/`. Updated `.gitea/README.md` and `devops/ci-local/README.md`. | Developer | + ## Decisions & Risks - Event payloads use minimal fields; some workflows may expect additional fields (e.g., `repository`, `sender`). Developers can extend the JSON files as needed. - `.env.local.template` covers the most commonly referenced vars; module-specific vars may need to be added over time.