diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 82b2212..b4f0e67 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -10,28 +10,22 @@ jobs: build-and-anchors: runs-on: ubuntu-latest container: - # Image avec node + git déjà présents -> pas d'APT - image: mcr.microsoft.com/devcontainers/javascript-node:20-bookworm - # On force root pour pouvoir écrire /etc/resolv.conf (sinon user "node") + image: node:20-bookworm-slim options: >- - --user root - --add-host gitea.archicratie.trans-hands.synology.me:192.168.1.20 + --dns=192.168.1.1 + --dns=109.0.66.10 + --dns-option=timeout:2 + --dns-option=attempts:2 + --dns-option=use-vc steps: - - name: Force DNS inside job container (DS220+ / act_runner) + - name: Install base tools (git + certs) run: | - set -euo pipefail - echo "== resolv.conf (before) =="; cat /etc/resolv.conf || true - - # IMPORTANT: on enlève 1.1.1.1/9.9.9.9 qui time-out chez toi - cat > /etc/resolv.conf <<'EOF' - nameserver 192.168.1.1 - nameserver 109.0.66.10 - options timeout:2 attempts:2 - EOF - - echo "== resolv.conf (after) =="; cat /etc/resolv.conf - node -e 'require("dns").resolve4("deb.debian.org",(e,a)=>console.log("dns",e||a))' + set -e + apt-get update + apt-get install -y --no-install-recommends git ca-certificates + rm -rf /var/lib/apt/lists/* + git --version - name: Checkout (from Gitea, no external actions) env: @@ -41,6 +35,7 @@ jobs: TOKEN: ${{ secrets.CI_TOKEN }} run: | set -euo pipefail + if [ -n "${TOKEN:-}" ]; then AUTH="$(printf "oauth2:%s" "$TOKEN" | base64 | tr -d '\n')" git -c http.extraHeader="AUTHORIZATION: basic $AUTH" clone "$SERVER/$REPO.git" . @@ -48,6 +43,7 @@ jobs: echo "ℹ️ CI_TOKEN absent → clone sans auth (repo public ou accès runner déjà OK)." git clone "$SERVER/$REPO.git" . fi + git checkout "$SHA" - name: Install deps