ci : workflow updated 12

.gitea/workflows/ci-cd.yml

@@ -6,45 +6,23 @@ on:
   pull_request:
     branches: [main]
 
-# Only one deploy at a time; a newer push cancels an in-progress one
 concurrency:
   group: meezi-cicd-${{ github.ref }}
   cancel-in-progress: true
 
-# ─────────────────────────────────────────────────────────────────────────────
-# HOW THIS WORKS
-# ─────────────────────────────────────────────────────────────────────────────
-# Runner labels (in gitea docker-compose):
-#   ubuntu-latest:docker://node:20-alpine   ← CI jobs run in real Docker containers
-#   self-hosted:host                        ← deploy runs directly on the server
-#
-# WHY we don't use actions/checkout@v4 in container jobs:
-#   actions/checkout is a JS action — needs `node` in the container.
-#   mcr.microsoft.com/dotnet/sdk  → no Node.js → exit 127
-#   node:20-alpine                → no git      → checkout fails
-#   Fix: plain shell git clone via http.extraheader (token never in process list).
-#
-# Local mirrors — Nexus Repository Manager (docker-compose.mirror.yml):
-#   "mirror" hostname → host-gateway (docker bridge IP 172.17.0.1)
-#   NuGet  → http://mirror:8081/repository/nuget-proxy/  (nuget.mirror.config)
-#   npm    → http://mirror:8081/repository/npm-proxy/    (--registry flag)
-#   Docker → http://mirror:8083  (daemon.json registry-mirrors)
-# ─────────────────────────────────────────────────────────────────────────────
-
 jobs:
 
-  # ── Main API ────────────────────────────────────────────────────────────────
   api-build:
     name: "CI · API (dotnet build + test)"
     runs-on: ubuntu-latest
     container:
-      image: mcr.microsoft.com/dotnet/sdk:10.0
+      image: 171.22.25.73:5002/dotnet/sdk:10.0
       options: >-
         --add-host=gitea:host-gateway
         --add-host=mirror:host-gateway
     services:
       postgres:
-        image: postgres:16-alpine
+        image: 171.22.25.73:5000/library/postgres:16-alpine
         env:
           POSTGRES_DB: meezi_test
           POSTGRES_USER: meezi
@@ -55,7 +33,7 @@ jobs:
           --health-timeout 5s
           --health-retries 10
       redis:
-        image: redis:7-alpine
+        image: 171.22.25.73:5000/library/redis:7-alpine
         options: >-
           --health-cmd "redis-cli ping"
           --health-interval 5s
@@ -73,19 +51,15 @@ jobs:
           git fetch --depth=1 origin "${REF}"
           git checkout FETCH_HEAD
 
+      - name: Write NuGet config
+        run: >-
+          python3 -c
+          "open('/tmp/nuget.ci.config','w').write('<?xml version=\"1.0\" encoding=\"utf-8\"?><configuration><packageSources><clear /><add key=\"nexus\" value=\"http://mirror:8081/repository/nuget-group/index.json\" protocolVersion=\"3\" allowInsecureConnections=\"true\" /></packageSources></configuration>')"
+
       - name: Restore
-        run: |
-          cat > /tmp/nuget.ci.config << 'EOF'
-          <?xml version="1.0" encoding="utf-8"?>
-          <configuration>
-            <packageSources>
-              <clear />
-              <add key="nexus" value="http://mirror:8081/repository/nuget-group/index.json"
-                   protocolVersion="3" allowInsecureConnections="true" />
-            </packageSources>
-          </configuration>
-          EOF
-          dotnet restore src/Meezi.API/Meezi.API.csproj --configfile /tmp/nuget.ci.config
+        run: dotnet restore src/Meezi.API/Meezi.API.csproj --configfile /tmp/nuget.ci.config
+        env:
+          DOTNET_CLI_TELEMETRY_OPTOUT: 1
 
       - name: Build
         run: dotnet build src/Meezi.API/Meezi.API.csproj --no-restore -c Release
@@ -96,12 +70,11 @@ jobs:
           ConnectionStrings__DefaultConnection: "Host=postgres;Port=5432;Database=meezi_test;Username=meezi;Password=meezi_test_pass"
           ConnectionStrings__Redis: "redis:6379"
 
-  # ── Admin API ───────────────────────────────────────────────────────────────
   admin-api-build:
     name: "CI · Admin API (dotnet build)"
     runs-on: ubuntu-latest
     container:
-      image: mcr.microsoft.com/dotnet/sdk:10.0
+      image: 171.22.25.73:5002/dotnet/sdk:10.0
       options: >-
         --add-host=gitea:host-gateway
         --add-host=mirror:host-gateway
@@ -117,29 +90,24 @@ jobs:
           git fetch --depth=1 origin "${REF}"
           git checkout FETCH_HEAD
 
+      - name: Write NuGet config
+        run: >-
+          python3 -c
+          "open('/tmp/nuget.ci.config','w').write('<?xml version=\"1.0\" encoding=\"utf-8\"?><configuration><packageSources><clear /><add key=\"nexus\" value=\"http://mirror:8081/repository/nuget-group/index.json\" protocolVersion=\"3\" allowInsecureConnections=\"true\" /></packageSources></configuration>')"
+
       - name: Restore
-        run: |
-          cat > /tmp/nuget.ci.config << 'EOF'
-          <?xml version="1.0" encoding="utf-8"?>
-          <configuration>
-            <packageSources>
-              <clear />
-              <add key="nexus" value="http://mirror:8081/repository/nuget-group/index.json"
-                   protocolVersion="3" allowInsecureConnections="true" />
-            </packageSources>
-          </configuration>
-          EOF
-          dotnet restore src/Meezi.Admin.API/Meezi.Admin.API.csproj --configfile /tmp/nuget.ci.config
+        run: dotnet restore src/Meezi.Admin.API/Meezi.Admin.API.csproj --configfile /tmp/nuget.ci.config
+        env:
+          DOTNET_CLI_TELEMETRY_OPTOUT: 1
 
       - name: Build
         run: dotnet build src/Meezi.Admin.API/Meezi.Admin.API.csproj --no-restore -c Release
 
-  # ── Dashboard ───────────────────────────────────────────────────────────────
   dashboard-check:
     name: "CI · Dashboard (tsc)"
     runs-on: ubuntu-latest
     container:
-      image: node:20-alpine
+      image: 171.22.25.73:5000/library/node:20-alpine
       options: >-
         --add-host=gitea:host-gateway
         --add-host=mirror:host-gateway
@@ -149,8 +117,6 @@ jobs:
           TOKEN: ${{ github.token }}
           SHA: ${{ github.sha }}
         run: |
-          # No apk install needed — wget + tar (busybox) are pre-installed in node:20-alpine.
-          # Downloads the repo tarball directly from Gitea (same machine = instant).
           wget -q \
             --header "Authorization: Bearer ${TOKEN}" \
             "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/archive/${SHA}.tar.gz" \
@@ -168,12 +134,11 @@ jobs:
         env:
           NEXT_PUBLIC_API_URL: http://localhost:5080
 
-  # ── Admin Web ───────────────────────────────────────────────────────────────
   admin-web-check:
     name: "CI · Admin Web (tsc)"
     runs-on: ubuntu-latest
     container:
-      image: node:20-alpine
+      image: 171.22.25.73:5000/library/node:20-alpine
       options: >-
         --add-host=gitea:host-gateway
         --add-host=mirror:host-gateway
@@ -183,8 +148,6 @@ jobs:
           TOKEN: ${{ github.token }}
           SHA: ${{ github.sha }}
         run: |
-          # No apk install needed — wget + tar (busybox) are pre-installed in node:20-alpine.
-          # Downloads the repo tarball directly from Gitea (same machine = instant).
           wget -q \
             --header "Authorization: Bearer ${TOKEN}" \
             "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/archive/${SHA}.tar.gz" \
@@ -202,12 +165,11 @@ jobs:
         env:
           NEXT_PUBLIC_ADMIN_API_URL: http://localhost:5081
 
-  # ── Website ─────────────────────────────────────────────────────────────────
   website-check:
     name: "CI · Website (tsc)"
     runs-on: ubuntu-latest
     container:
-      image: node:20-alpine
+      image: 171.22.25.73:5000/library/node:20-alpine
       options: >-
         --add-host=gitea:host-gateway
         --add-host=mirror:host-gateway
@@ -217,8 +179,6 @@ jobs:
           TOKEN: ${{ github.token }}
           SHA: ${{ github.sha }}
         run: |
-          # No apk install needed — wget + tar (busybox) are pre-installed in node:20-alpine.
-          # Downloads the repo tarball directly from Gitea (same machine = instant).
           wget -q \
             --header "Authorization: Bearer ${TOKEN}" \
             "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/archive/${SHA}.tar.gz" \
@@ -236,12 +196,11 @@ jobs:
         env:
           MEEZI_API_URL: http://localhost:5080
 
-  # ── Finder ──────────────────────────────────────────────────────────────────
   finder-check:
     name: "CI · Finder (tsc)"
     runs-on: ubuntu-latest
     container:
-      image: node:20-alpine
+      image: 171.22.25.73:5000/library/node:20-alpine
       options: >-
         --add-host=gitea:host-gateway
         --add-host=mirror:host-gateway
@@ -251,8 +210,6 @@ jobs:
           TOKEN: ${{ github.token }}
           SHA: ${{ github.sha }}
         run: |
-          # No apk install needed — wget + tar (busybox) are pre-installed in node:20-alpine.
-          # Downloads the repo tarball directly from Gitea (same machine = instant).
           wget -q \
             --header "Authorization: Bearer ${TOKEN}" \
             "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/archive/${SHA}.tar.gz" \
@@ -270,11 +227,6 @@ jobs:
         env:
           NEXT_PUBLIC_API_URL: http://localhost:5080
 
-# ─────────────────────────────────────────────────────────────────────────────
-# DEPLOY — only on push to main, only if ALL CI jobs pass.
-# self-hosted:host — runs directly on your server where Docker is installed.
-# The runner itself (gitea/act_runner) has node+git, so actions/checkout works.
-# ─────────────────────────────────────────────────────────────────────────────
   deploy:
     name: "Deploy · all services"
     runs-on: self-hosted