feat(ci): migrar .github/workflows → .forgejo/workflows (Forgejo Actions)

2026-04-25 20:03:15 -03:00 · 2026-04-25 20:03:15 -03:00 · fe5c3a4d1a
commit fe5c3a4d1a
parent 180efcdff7
1 changed files with 82 additions and 0 deletions
--- a/.forgejo/workflows/ci.yml
+++ b/.forgejo/workflows/ci.yml
@ -0,0 +1,82 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  ts:
+    name: TypeScript (lint + test + build)
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '24'
+      - run: npm ci
+      - run: npm run lint
+      - run: npm test
+      - run: npm run build
+
+  py:
+    name: Python (lint + test)
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        python-version: ['3.11', '3.12', '3.13']
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: ${{ matrix.python-version }}
+      - run: python -m pip install --upgrade pip
+      - run: pip install -e ".[dev]"
+      - run: ruff check src tests
+      - run: pytest
+
+  gitleaks:
+    name: Secret scan
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Install gitleaks CLI
+        run: |
+          GL_VERSION=8.24.3
+          curl -sSL -o /tmp/gitleaks.tar.gz \
+            "https://github.com/zricethezav/gitleaks/releases/download/v${GL_VERSION}/gitleaks_${GL_VERSION}_linux_x64.tar.gz"
+          tar -xzf /tmp/gitleaks.tar.gz -C /tmp
+          sudo mv /tmp/gitleaks /usr/local/bin/gitleaks
+      - name: Scan working tree (prevent NEW leaks)
+        run: gitleaks detect --source . --no-git --redact --verbose --exit-code 1
+
+  # CodeQL: desabilitado em repo private sem GitHub Advanced Security addon.
+  # Reativar quando repo tornar-se público ou GHAS for contratado.
+  # codeql:
+  #   name: CodeQL
+  #   runs-on: ubuntu-latest
+  #   permissions: { security-events: write }
+  #   steps:
+  #     - uses: actions/checkout@v4
+  #     - uses: github/codeql-action/init@v3
+  #       with: { languages: javascript, python }
+  #     - uses: github/codeql-action/analyze@v3
+
+  bench:
+    name: Benchmark (informational)
+    runs-on: ubuntu-latest
+    needs: ts
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '24'
+      - run: npm ci
+      - run: npm run bench