From f7f266b994a1b7d0e3b54e49e640be35b8078bf0 Mon Sep 17 00:00:00 2001
From: Astounds <kirito@disroot.org>
Date: Fri, 29 May 2026 21:28:22 -0500
Subject: Add hardened Docker support and multi-arch CI

Multi-stage Dockerfile (non-root, Tor-ready), compose file, and
entrypoints. Forgejo CI builds linux/amd64+arm64, scans with
checksum-verified Grype, and pins all actions to commit SHA.
Makefile gains venv bootstrap and docker targets; server.py gains
a --bind flag.
---
 .gitea/workflows/ci.yaml       | 27 ---------------------------
 .gitea/workflows/git-sync.yaml | 40 ----------------------------------------
 2 files changed, 67 deletions(-)
 delete mode 100644 .gitea/workflows/ci.yaml
 delete mode 100644 .gitea/workflows/git-sync.yaml

(limited to '.gitea')

diff --git a/.gitea/workflows/ci.yaml b/.gitea/workflows/ci.yaml
deleted file mode 100644
index 77f89a6..0000000
--- a/.gitea/workflows/ci.yaml
+++ /dev/null
@@ -1,27 +0,0 @@
-name: CI
-
-on:
-  push:
-    branches: [master]
-  pull_request:
-    branches: [master]
-
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
-
-      - name: Set up Python
-        uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
-        with:
-          python-version: "3.11"
-
-      - name: Install dependencies
-        run: |
-          pip install --upgrade pip
-          pip install -r requirements-dev.txt
-
-      - name: Run tests
-        run: pytest -v
diff --git a/.gitea/workflows/git-sync.yaml b/.gitea/workflows/git-sync.yaml
deleted file mode 100644
index f1028c5..0000000
--- a/.gitea/workflows/git-sync.yaml
+++ /dev/null
@@ -1,40 +0,0 @@
-name: git-sync-with-mirror
-
-on:
-  push:
-    branches: [ master ]
-  workflow_dispatch:
-
-jobs:
-  git-sync:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: git-sync
-        env:
-          git_sync_source_repo: git@git.fridu.us:heckyel/yt-local.git
-          git_sync_destination_repo: ssh://git@c.fridu.us/software/yt-local.git
-        if: env.git_sync_source_repo && env.git_sync_destination_repo
-        uses: actions/git-sync@v1
-        with:
-          source_repo: git@git.fridu.us:heckyel/yt-local.git
-          source_branch: "master"
-          destination_repo: ssh://git@c.fridu.us/software/yt-local.git
-          destination_branch: "master"
-          source_ssh_private_key: ${{ secrets.GIT_SYNC_SOURCE_SSH_PRIVATE_KEY }}
-          destination_ssh_private_key:  ${{ secrets.GIT_SYNC_DESTINATION_SSH_PRIVATE_KEY }}
-
-      - name: git-sync-sourcehut
-        env:
-          git_sync_source_repo: git@git.fridu.us:heckyel/yt-local.git
-          git_sync_destination_repo: git@git.sr.ht:~heckyel/yt-local
-        if: env.git_sync_source_repo && env.git_sync_destination_repo
-        uses: actions/git-sync@v1
-        with:
-          source_repo: git@git.fridu.us:heckyel/yt-local.git
-          source_branch: "master"
-          destination_repo: git@git.sr.ht:~heckyel/yt-local
-          destination_branch: "master"
-          source_ssh_private_key: ${{ secrets.GIT_SYNC_SOURCE_SSH_PRIVATE_KEY }}
-          destination_ssh_private_key:  ${{ secrets.GIT_SYNC_DESTINATION_SSH_PRIVATE_KEY }}
-        continue-on-error: true
-- 
cgit v1.2.3