ci: Tidy CI pipeline for readability and performance

Pipeline Modernisation: - Update prefligit to prek (same project, renamed to avoid typosquatting) - Replace custom rust-toolchain action with direct uvx rustup invocation - Remove dependency on install scripts in favour of uvx tool execution - Make sccache conditional on GH_APP_ID and GH_APP_PRIVATE_KEY availability Workflow Restructuring: - Rename workflows for improved clarity: * rust-checks.yml → ci-checks.yml (consolidates Rust + prek) * element.yml → deploy-element.yml * documentation.yml → deploy-docs.yml * release-image.yml → release-builds.yml (Docker + binaries) * mirror-images.yml → docker-mirror.yml - Delete obsolete prefligit-checks.yml (merged into ci-checks.yml) - Combine format and prek checks into single fast-checks job Cache Strategy Improvements (release-builds.yml): - Add restore-keys to Rust registry and cargo target caches - Include Cargo.toml files in cargo-target cache key - Consolidate separate apt-cache and apt-lib steps into single step - Version APT cache with Dockerfile hash instead of static keys - Add platform-specific Docker buildcache tags - Simplify Rust registry paths (remove checkouts/src subdirs) CI Execution Improvements: - Add uv cache for faster uvx tool invocations (prek, rustup) - Enable concurrency control with cancel-in-progress - Fix BOM handling in pre-commit Dependency Management: - Add renovate.yml workflow for scheduled dependency checking - Configure renovate.json to monitor .forgejo/ and .github/ dirs - Group non-major GitHub Actions updates into single PRs - Set PR limits: 3 concurrent, 2 per hour
2025-09-10 21:02:50 +02:00 · 2025-08-12 12:11:33 +01:00 · 2025-08-12 12:11:33 +01:00 · b0ebdb59ed
commit b0ebdb59ed
parent 583cb924f1
10 changed files with 337 additions and 233 deletions
--- a/.forgejo/workflows/docker-mirror.yml
+++ b/.forgejo/workflows/docker-mirror.yml
@ -0,0 +1,47 @@
+name: Deploy / Mirror Images
+
+on:
+  schedule:
+    # Run every 2 hours
+    - cron: "0 */2 * * *"
+  workflow_dispatch:
+    inputs:
+      dry_run:
+        description: 'Dry run (check only, no actual mirroring)'
+        required: false
+        default: false
+        type: boolean
+
+concurrency:
+  group: "mirror-images"
+  cancel-in-progress: true
+
+jobs:
+  mirror-images:
+    runs-on: ubuntu-latest
+    env:
+      BUILTIN_REGISTRY_USER: ${{ vars.BUILTIN_REGISTRY_USER }}
+      BUILTIN_REGISTRY_PASSWORD: ${{ secrets.BUILTIN_REGISTRY_PASSWORD }}
+      GITLAB_USERNAME: ${{ vars.GITLAB_USERNAME }}
+      GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+
+      - name: Install regctl
+        uses: https://forgejo.ellis.link/continuwuation/regclient-actions/regctl-installer@main
+        with:
+          binary: regsync
+
+      - name: Check what images need mirroring
+        run: |
+          echo "Checking images that need mirroring..."
+          regsync check -c .forgejo/regsync/regsync.yml -v info
+
+      - name: Mirror images
+        if: ${{ !inputs.dry_run }}
+        run: |
+          echo "Starting image mirroring..."
+          regsync once -c .forgejo/regsync/regsync.yml -v info