foundation/actions
Andreas Niemann 35dc008759
All checks were successful
CI / preflight (push) Successful in 5s
CI / typecheck (push) Successful in 15s
ecosystem-selftest / semantic-release-bumptest (push) Successful in 13s
ecosystem-selftest / eslint-gate (push) Successful in 3s
ecosystem-selftest / yamllint-gate (push) Successful in 3s
pulumi-preview / preview (push) Successful in 16s
refactor(ci): composite actions instead of reusable workflows (Forgejo 11)
Forgejo 11.0.15 does NOT support reusable workflows (job-level `uses:` /
`workflow_call`): the call is silently dropped and no run is scheduled (verified
live — a same-repo and a cross-repo reusable call both produced zero runs, while
an equivalent inline job ran green). The working cross-repo reuse primitive here
is the COMPOSITE ACTION referenced by FULL URL (a short-form
`uses: olsitec/foundation/...@master` resolves against the runner's
DEFAULT_ACTIONS_URL = data.forgejo.org, not the local instance, and 404s; the
full-URL form `uses: https://forge.olsitec.net/olsitec/foundation/actions/<x>@master`
was verified green).

- Replace the four reusable-*.yml with composite actions under actions/:
  node-build, docker-build, lint, semantic-release-version (same logic + inputs).
- actions/README.md documents the pattern, the Forgejo-11 limitation, and the
  999_testing candidate coverage (C2/C3/C4 self-contained; C1/C5 blocked on the
  not-yet-published @olsitec package registry).
- ecosystem-selftest paths filter: actions/** (was reusable-*.yml).

The capabilities that need no external repo (semantic-release bump sequence,
eslint/yamllint gates) keep running green via ecosystem-selftest's inline jobs.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-07-01 01:14:51 +02:00
..
docker-build refactor(ci): composite actions instead of reusable workflows (Forgejo 11) 2026-07-01 01:14:51 +02:00
lint refactor(ci): composite actions instead of reusable workflows (Forgejo 11) 2026-07-01 01:14:51 +02:00
node-build refactor(ci): composite actions instead of reusable workflows (Forgejo 11) 2026-07-01 01:14:51 +02:00
semantic-release-version refactor(ci): composite actions instead of reusable workflows (Forgejo 11) 2026-07-01 01:14:51 +02:00
README.md refactor(ci): composite actions instead of reusable workflows (Forgejo 11) 2026-07-01 01:14:51 +02:00

Ecosystem CI — reusable composite actions

These are the shared CI building blocks for Olsitec projects on the foundation forge (documentation/999_testing.md). Downstream repos reference them at step level with a full URL:

# .forgejo/workflows/ci.yml in any project repo
name: ci
on: [push]
jobs:
  build:
    runs-on: docker
    container: { image: foundation-ci:latest }
    steps:
      - uses: actions/checkout@v4
      - uses: https://forge.olsitec.net/olsitec/foundation/actions/node-build@master
        with: { package-manager: bun, build: "bun run build" }

Why composite actions, not reusable workflows

The original plan was reusable workflows (uses: olsitec/foundation/.forgejo/ workflows/x.yml@master, on: workflow_call). Forgejo 11.0.15 does not support reusable workflows — a job-level uses: (or workflow_call) is silently dropped and no run is scheduled (verified live: a same-repo and cross-repo reusable call both produced zero runs, while an equivalent inline job ran green). The working cross-repo reuse primitive on this Forgejo is the composite action, referenced by full URL (a short-form uses: olsitec/foundation/...@master resolves against the runner's DEFAULT_ACTIONS_URL = data.forgejo.org, not the local instance, and 404s).

If the forge is later upgraded to a Forgejo with reusable-workflow support, these can be re-expressed as workflow_call workflows; until then, composite actions are the contract.

Actions

Action Purpose Key inputs
node-build install + build an npm/bun/none project package-manager, build, workdir
docker-build docker build via the host socket (caller mounts it) image, dockerfile, context, build-args, push
lint eslint + yamllint gate (error → non-zero) eslint-paths, yamllint-paths, package-manager
semantic-release-version dry-run next-version probe (conventionalcommits) branch → output version

All run in the baked foundation-ci:latest image (the caller sets container.image). The caller must actions/checkout@v4 first; docker-build callers must also mount /var/run/docker.sock; semantic-release-version callers must checkout with fetch-depth: 0.

Candidate coverage (999_testing)

Candidate Shape Action Status
olsicrypto npm package (tsc) node-build (npm) self-contained ✓
document-engine bun package (tsc) node-build (bun) self-contained ✓
olsitrack/api no-artifact / versioned node-build (empty build) self-contained ✓
seaspots-homepage docker, dep @olsitec/svelte-common docker-build blocked on the package registry (Stage-2)
token-service docker, dep @olsitec/olsicrypto docker-build blocked on the package registry (Stage-2)

The semantic-release bump sequence and the eslint/yamllint gates are continuously proven by .forgejo/workflows/ecosystem-selftest.yml on the foundation's own runner.