sharedinbox/.forgejo/workflows/ci.yml

name: CI

on:
  push:
    branches: [main]
  pull_request:

jobs:
  check:
    name: Full Project Check
    runs-on: ubuntu-latest
    timeout-minutes: 60

    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 50

      - name: Check runner tools
        run: |
          command -v dagger  >/dev/null 2>&1 || { echo "ERROR: dagger is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
          command -v task    >/dev/null 2>&1 || { echo "ERROR: task is not installed in the runner image. Add it to .forgejo/Dockerfile."; exit 1; }
          dpkg -s stunnel4 netcat-openbsd >/dev/null 2>&1 || { echo "ERROR: stunnel4/netcat-openbsd are not installed in the runner image. Add them to .forgejo/Dockerfile."; exit 1; }

      - name: Setup Dagger Remote Engine (via stunnel)
        env:
          DAGGER_STUNNEL_URL: ${{ secrets.DAGGER_STUNNEL_URL }}
          DAGGER_CA_CERT: ${{ secrets.DAGGER_CA_CERT }}
          DAGGER_CLIENT_CERT: ${{ secrets.DAGGER_CLIENT_CERT }}
          DAGGER_CLIENT_KEY: ${{ secrets.DAGGER_CLIENT_KEY }}
        run: scripts/setup_dagger_remote.sh

      - name: Locate Docker daemon for local Dagger engine
        run: |
          # Skip if remote Dagger engine is already configured (preferred path)
          if [ -n "${_DAGGER_RUNNER_HOST:-}" ]; then
            echo "Remote Dagger engine configured, no local Docker needed."
            exit 0
          fi

          # Try host Docker socket (DooD) if runner mounts it
          if [ -S /var/run/docker.sock ]; then
            if DOCKER_HOST=unix:///var/run/docker.sock docker info >/dev/null 2>&1; then
              echo "Docker available via host socket."
              echo "DOCKER_HOST=unix:///var/run/docker.sock" >> "$GITHUB_ENV"
              exit 0
            fi
          fi

          echo "WARNING: No remote Dagger engine and no local Docker found." >&2
          echo "  - Remote engine: check DAGGER_STUNNEL_URL secret and that the host proxy is running." >&2
          echo "  - Local Docker: runner does not expose /var/run/docker.sock." >&2
          echo "CI will likely fail at the Dagger step." >&2

      - name: Prune Dagger cache before check
        env:
          DAGGER_NO_NAG: "1"
        run: dagger query '{ engine { localCache { prune } } }' 2>/dev/null || true

      - name: Run Full Check Suite
        env:
          DAGGER_NO_NAG: "1"
        run: task check-dagger

      - name: Prune Dagger cache after check
        if: always()
        env:
          DAGGER_NO_NAG: "1"
        run: dagger query '{ engine { localCache { prune } } }' 2>/dev/null || true

      - name: Cleanup TLS credentials
        if: always()
        run: rm -rf /tmp/dagger-tls /tmp/stunnel-dagger.conf /tmp/stunnel.pid