1. only trigger docker-dryrun arm64&riscv64 when dockerfile changes
2. de-duplicate "contents: read" permission for most workflows
3. merge various "lint-*" jobs into one job
4. add missing lint targets to the "lint" (all) target
Replaces Dependabot with Renovate. The new setup:
- One PR per ecosystem (GitHub Actions, Go modules + Makefile go-tool
pins, npm, Python via uv, Nix flake), opened weekly on Mondays with a
5-day release-age cooldown. Vulnerability PRs ship next-day via daily
cron + Renovate's `vulnerabilityAlerts` schedule bypass.
- All `uses:` action refs SHA-pinned with patch-level version comments
(same format as #36971, which this supersedes);
`helpers:pinGitHubActionDigests` keeps future bumps in that format.
- `renovatebot/github-action` runtime image pinned via the
upstream-recommended `RENOVATE_VERSION` env + magic comment +
`customManagers:githubActionsVersions` preset, so Renovate keeps the pin
updated.
- Custom regex manager tracks the `*_PACKAGE ?= <import-path>@<version>`
lines in `Makefile` (golangci-lint, swagger, actionlint, etc.) and
groups them into the same Go PR via `matchDatasources: ["go"]`.
- Post-upgrade tasks regenerate `assets/go-licenses.json` (`make tidy`)
and the SVG sprite (`make svg`), gated by an env-level command
allowlist.
- Replaces the standalone `cron-flake-updater` workflow — Renovate's nix
manager tracks `flake.nix` inputs and produces the same `flake.lock`
bump PRs on the regular weekly schedule.
- npm and gomod-replace pins live in `renovate.json5` only;
`updates@17.16.3` reads them from there too, so the standalone
`updates.config.ts` is gone and one source of truth covers both tools.
Fixes: https://github.com/go-gitea/gitea/issues/33386
Signed-off-by: silverwind <me@silverwind.io>
Signed-off-by: TheFox0x7 <thefox0x7@gmail.com>
Co-authored-by: Claude (Opus 4.6) <noreply@anthropic.com>
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-authored-by: Nicolas <bircni@icloud.com>
Co-authored-by: Giteabot <teabot@gitea.io>
Cache includes go, lint and unittests. Integration tests with their
standalone binaries are uncacheable with their current architecture.
Every Go job uses a new composite action (`.github/actions/go-cache`)
that restores and saves the Go module cache, a shared build cache, and
the golangci-lint cache. A `cache-seeder` workflow runs on `push: main`
to pre-populate those slots; PRs read them via GitHub's default-branch
fallback, so the common case is warm from the first commit.
Also dropped `-coverprofile` from `test-unit` (it silently disabled Go's
test result cache), and `-race` from `test-pgsql` and `test-mysql` (kept
on `test-unit` and `test-sqlite`).
Signed-off-by: silverwind <me@silverwind.io>
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
Co-authored-by: Nicolas <bircni@icloud.com>
1. stabilize flaky e2e test from
2f5b5a9e9c
2. increase ci timeout factor to 4 as 3 was not enough
3. add a `e2e` category to files-changed so e2e-test-only changes
trigger ci
---
This PR was written with the help of Claude Opus 4.7
---------
Co-authored-by: Claude (Opus 4.7) <noreply@anthropic.com>
- Replace the e2e tests initialization with a simple bash script,
removing the previous Go harness.
- `make test-e2e` is the single entry point. It always starts a fully
isolated ephemeral Gitea instance with its own temp directory, SQLite
database, and config — no interference with the developer's running
instance.
- A separate `gitea-e2e` binary is built via `EXECUTABLE_E2E` using
`TEST_TAGS` (auto-includes sqlite with `CGO_ENABLED=1`), keeping the
developer's regular `gitea` binary untouched.
- No more split into database-specific e2e tests. Test timeouts are
strict, can be relaxed later if needed.
- Simplified and streamlined the playwright config and test files.
- Remove all output generation of playwright and all references to
visual testing.
- Tests run on Chrome locally, Chrome + Firefox on CI.
- Simplified CI workflow — visible separate steps for frontend, backend,
and test execution.
- All exported env vars use `GITEA_TEST_E2E_*` prefix.
- Use `GITEA_TEST_E2E_FLAGS` to pass flags to playwright, e.g.
`GITEA_TEST_E2E_FLAGS="--ui" make test-e2e` for UI mode or
`GITEA_TEST_E2E_FLAGS="--headed" make test-e2e` for headed mode.
- Use `GITEA_TEST_E2E_DEBUG=1 make test-e2e` to show Gitea server
output.
---------
Signed-off-by: silverwind <me@silverwind.io>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
See https://github.com/actions/setup-node/releases/tag/v5.0.0
Caching is now enabled by default when `packageManager` is present in
package.json, and we have that. `cache-dependency-path` is unneccesary
because the action will automatically detect it.
Update more actions to use nodejs20 runtime and also update the docs for
checkout action usage.
similar to:
- #27836
- #27096
---------
Signed-off-by: Rui Chen <rui@chenrui.dev>
To prevent unwanted surprises with new minor versions of go, lock the
version to minor version using [semver tilde
syntax](https://github.com/npm/node-semver#tilde-ranges-123-12-1). We
were already getting 1.21.0 since yesterday, so use that version now as
minimum.
Inspired by
https://github.com/go-gitea/gitea/pull/24530#issuecomment-1558815301
This PR use a file filter action to do different CI jobs according
changed files types. All types are defined in
`.github/file-filters.yml`. Now there are 4 types, `docs`, `backend`,
`frontend` and `build`. Then if a PR only changed docs files, those CI
jobs which passed the conditions will run, and other types are also like
this.
---------
Co-authored-by: silverwind <me@silverwind.io>
- Remove actions name where command is descriptive enough
- Use kebab-case instead of snake-case for step names
- Use shorter job names because to make PR checks more readable
- Remove duplicate `checks-backend`
---------
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
