Commit graph

4 commits

Author SHA1 Message Date
7baa48ec4d ci(forgejo): install Node.js before actions/checkout@v4 (#2)
Some checks failed
CI / Security audit (bandit) (push) Successful in 34s
CI / lint (push) Successful in 45s
CI / typecheck (push) Successful in 48s
CI / Secret scan (gitleaks) (push) Successful in 31s
CI / test (push) Failing after 48s
2026-07-03 00:42:15 +02:00
465ff0bd55 ci: add gitleaks + bandit jobs; split single job into lint/typecheck/test/secrets/security
The previous CI had a single build job with mypy marked as
continue-on-error, and no secret scanning or security audit. The
pre-commit config has gitleaks + bandit but they were never enforced
in CI.

Changes:
- Split monolithic build job into focused jobs: lint, typecheck, test,
  secrets (gitleaks), security (bandit)
- Promote mypy to a real required job (not continue-on-error)
- Add gitleaks scan (v8.24.0) against the full git history
- Add bandit scan at high+medium severity (low severity is too noisy
  for an OSS project)
- Each job has its own container to keep failures isolated
2026-07-02 20:02:06 +02:00
8d25702eca chore(license): re-license to dual MIT (core) + BSL 1.1 (stealth)
Squashed from chore/license-relicense. Full message preserved in the
original branch commit bb77eb5. See ADR-0002 for the decision rationale.

Refs: ADR-0002, commit bb77eb5
2026-07-02 19:59:18 +02:00
root
9bff8eda62 ci: add .forgejo/workflows/ci.yml for pryscraper
Python CI: uv setup, ruff lint+format, mypy (warn), pytest (non-integration).
Runs on docker-x64 runner on Talos.
55 tests exist, now they will run in CI.
2026-07-02 14:48:12 +02:00