From 0c3c549a6aefa35f1247ee0ef02af990c4c175af Mon Sep 17 00:00:00 2001
From: Barcode Betty <betty@cartsnitch.ing>
Date: Thu, 21 May 2026 03:57:49 +0000
Subject: [PATCH] ci: convert GitHub Actions to Gitea Actions (ubuntu-latest)

- Replace runs-on: runners-cartsnitch with ubuntu-latest (6 jobs)
- Remove SARIF upload step (github/codeql-action/upload-sarif)
- Replace GitHub App token with secrets.GITEA_TOKEN in deploy-dev and deploy-uat

Co-Authored-By: Paperclip <noreply@paperclip.ing>
---
 .github/workflows/ci.yml | 40 +++++++++-------------------------------
 1 file changed, 9 insertions(+), 31 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1fc54c6..d0ddc69 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,7 +20,7 @@ env:
 
 jobs:
   lint:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v5
@@ -34,7 +34,7 @@ jobs:
         run: ruff format --check .
 
   typecheck:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     continue-on-error: true
     steps:
       - uses: actions/checkout@v4
@@ -49,7 +49,7 @@ jobs:
         run: mypy src/cartsnitch_api
 
   test:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     services:
       postgres:
         image: postgres:15-alpine
@@ -96,7 +96,7 @@ jobs:
         run: pytest --tb=short -q
 
   build-and-push:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     needs: [lint, test]
     outputs:
       calver_tag: ${{ steps.calver.outputs.version }}
@@ -172,11 +172,7 @@ jobs:
           only-fixed: "true"
           output-format: sarif
 
-      - name: Upload api scan results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v3
-        if: always()
-        with:
-          sarif_file: ${{ steps.scan.outputs.sarif }}
+      
 
       - name: Push Docker image
         if: github.event_name == 'push'
@@ -198,24 +194,15 @@ jobs:
           git push origin "v${{ steps.calver.outputs.version }}"
 
   deploy-dev:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     needs: [build-and-push]
     if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/main')
     steps:
-      - name: Generate GitHub App token
-        id: app-token
-        uses: actions/create-github-app-token@v1
-        with:
-          app-id: ${{ secrets.CARTSNITCH_APP_ID }}
-          private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }}
-          owner: ${{ github.repository_owner }}
-          repositories: infra
-
       - name: Checkout infra repo
         uses: actions/checkout@v4
         with:
           repository: cartsnitch/infra
-          token: ${{ steps.app-token.outputs.token }}
+          token: ${{ secrets.GITEA_TOKEN }}
           ref: main
           path: infra
 
@@ -251,24 +238,15 @@ jobs:
           git push origin main
 
   deploy-uat:
-    runs-on: runners-cartsnitch
+    runs-on: ubuntu-latest
     needs: [build-and-push]
     if: always() && !cancelled() && github.event_name == 'push' && (github.ref == 'refs/heads/uat' || github.ref == 'refs/heads/main')
     steps:
-      - name: Generate GitHub App token
-        id: app-token
-        uses: actions/create-github-app-token@v1
-        with:
-          app-id: ${{ secrets.CARTSNITCH_APP_ID }}
-          private-key: ${{ secrets.CARTSNITCH_APP_PRIVATE_KEY }}
-          owner: ${{ github.repository_owner }}
-          repositories: infra
-
       - name: Checkout infra repo
         uses: actions/checkout@v4
         with:
           repository: cartsnitch/infra
-          token: ${{ steps.app-token.outputs.token }}
+          token: ${{ secrets.GITEA_TOKEN }}
           ref: main
           path: infra