Skip to content

ci: run CI on self-hosted vps-ovh runner #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ClodoCapeo merged 4 commits into from
Jun 20, 2026
Merged

ci: run CI on self-hosted vps-ovh runner #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
1ceb218
ci: run CI on self-hosted vps-ovh runner
ClodoCapeo Jun 20, 2026
2a940e7
ci: re-trigger on self-hosted
ClodoCapeo Jun 20, 2026
b1a34e2
ci: add derived zab-queryme label for JIT orchestrator routing
ClodoCapeo Jun 20, 2026
a6bf330
fix(deps): bump idna/msgpack/urllib3/pip to clear advisories
ClodoCapeo Jun 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
34 changes: 21 additions & 13 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ permissions:
jobs:
lint:
name: Lint (ruff)
runs-on: ubuntu-latest
runs-on: [self-hosted, vps-ovh, zab-queryme]
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
Expand All @@ -32,7 +32,7 @@ jobs:

typecheck:
name: Typecheck (mypy)
runs-on: ubuntu-latest
runs-on: [self-hosted, vps-ovh, zab-queryme]
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
Expand All @@ -48,7 +48,7 @@ jobs:

test:
name: Test (pytest)
runs-on: ubuntu-latest
runs-on: [self-hosted, vps-ovh, zab-queryme]
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
Expand All @@ -64,7 +64,7 @@ jobs:

deps-audit:
name: Dependency audit (pip-audit)
runs-on: ubuntu-latest
runs-on: [self-hosted, vps-ovh, zab-queryme]
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
Expand All @@ -80,23 +80,31 @@ jobs:

secret-scan:
name: Secret scan (trufflehog)
runs-on: ubuntu-latest
runs-on: [self-hosted, vps-ovh, zab-queryme]
timeout-minutes: 5
steps:
- uses: actions/checkout@v4
with:
# Full history so the native trufflehog git scan covers the whole
# repository, not just the tip commit.
fetch-depth: 0
- name: Install trufflehog
# The trufflesecurity/trufflehog@main action runs via `docker run`,
# which exits 125 on the JIT self-hosted runner (no Docker daemon).
# Use the native binary instead — pinned, installed in-job, no docker.sock.
run: |
curl -sSfL https://raw.githubusercontent.com/trufflesecurity/trufflehog/main/scripts/install.sh \
| sh -s -- -b "$RUNNER_TEMP/bin" v3.90.10
"$RUNNER_TEMP/bin/trufflehog" --version
- name: TruffleHog scan
uses: trufflesecurity/trufflehog@main
with:
path: ./
base: ""
head: HEAD
extra_args: --results=verified,unknown
# Equivalent scan to the action (verified+unknown), over full git
# history, failing on a detected secret. No Docker dependency.
run: |
"$RUNNER_TEMP/bin/trufflehog" git file://. --fail --no-update --results=verified,unknown

lockfile-check:
name: Lockfile check (uv lock --check)
runs-on: ubuntu-latest
runs-on: [self-hosted, vps-ovh, zab-queryme]
timeout-minutes: 3
steps:
- uses: actions/checkout@v4
Expand All @@ -109,7 +117,7 @@ jobs:

codeowners-check:
name: CODEOWNERS present
runs-on: ubuntu-latest
runs-on: [self-hosted, vps-ovh, zab-queryme]
timeout-minutes: 2
steps:
- uses: actions/checkout@v4
Expand Down
1 change: 1 addition & 0 deletions pyproject.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ dev = [
"pre-commit>=4.0.0",
"pip-audit>=2.7.0",
"detect-secrets>=1.5.0",
"pip>=26.1.2",
]

[tool.hatch.build.targets.wheel]
Expand Down
Loading
Loading