From 441860889e01bc03537b425bd294d6997a321537 Mon Sep 17 00:00:00 2001
From: Archicratia <area.technik@proton.me>
Date: Fri, 23 Jan 2026 18:44:19 +0100
Subject: [PATCH] ci: rewrite workflow clean (triggers + build before verify)

---
 .gitea/workflows/ci.yaml | 100 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 100 insertions(+)
 create mode 100644 .gitea/workflows/ci.yaml

diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml
new file mode 100644
index 0000000..663a4a3
--- /dev/null
+++ b/.gitea/workflows/ci.yaml
@@ -0,0 +1,100 @@
+name: CI
+
+on:
+  push:
+  pull_request:
+    branches: [master]
+  workflow_dispatch:
+
+env:
+  NODE_OPTIONS: --dns-result-order=ipv4first
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  build-and-anchors:
+    runs-on: ubuntu-latest
+    container:
+      image: mcr.microsoft.com/devcontainers/javascript-node:22-bookworm
+
+    steps:
+      - name: Tools sanity
+        run: |
+          set -euo pipefail
+          git --version
+          node --version
+          npm --version
+          npm ping --registry=https://registry.npmjs.org
+
+      - name: Checkout (from event.json, no external actions)
+        run: |
+          set -euo pipefail
+          export EVENT_JSON="/var/run/act/workflow/event.json"
+          test -f "$EVENT_JSON" || { echo "❌ Missing $EVENT_JSON"; exit 1; }
+
+          eval "$(node --input-type=module -e 'import fs from "node:fs";
+            const ev = JSON.parse(fs.readFileSync(process.env.EVENT_JSON,"utf8"));
+            const repo =
+              ev?.repository?.clone_url ||
+              (ev?.repository?.html_url ? (ev.repository.html_url.replace(/\/$/,"") + ".git") : "");
+            const sha =
+              ev?.after ||
+              ev?.pull_request?.head?.sha ||
+              ev?.head_commit?.id ||
+              ev?.sha ||
+              "";
+            if (!repo) throw new Error("No repository url in event.json");
+            if (!sha)  throw new Error("No sha in event.json");
+            process.stdout.write(`REPO_URL=${JSON.stringify(repo)}\nSHA=${JSON.stringify(sha)}\n`);
+          ')"
+
+          echo "Repo URL: $REPO_URL"
+          echo "SHA:      $SHA"
+
+          rm -rf .git
+          git init -q
+          git remote add origin "$REPO_URL"
+          git fetch --depth 1 origin "$SHA"
+          git -c advice.detachedHead=false checkout -q FETCH_HEAD
+          git log -1 --oneline
+
+      - name: Anchor aliases schema
+        run: |
+          set -euo pipefail
+          node scripts/check-anchor-aliases.mjs
+
+      - name: NPM harden
+        run: |
+          set -euo pipefail
+          npm config set fetch-retries 5
+          npm config set fetch-retry-mintimeout 20000
+          npm config set fetch-retry-maxtimeout 120000
+          npm config set registry https://registry.npmjs.org
+          npm config get registry
+
+      - name: Install deps
+        run: |
+          set -euo pipefail
+          npm ci
+
+      - name: Inline scripts syntax check
+        run: |
+          set -euo pipefail
+          node scripts/check-inline-js.mjs
+
+      - name: Build (includes postbuild injection + pagefind)
+        run: |
+          set -euo pipefail
+          npm run build
+
+      - name: Anchors contract
+        run: |
+          set -euo pipefail
+          npm run test:anchors
+
+      - name: Verify anchor aliases injected in dist
+        run: |
+          set -euo pipefail
+          node scripts/verify-anchor-aliases-in-dist.mjs