act_runner's job containers live on a temporary bridge network that
does not inherit the runner's own egress path, so apt-get against
Canonical mirrors can time out even on a US host. Remove the apt step,
rely on the tools baked into gitea/runner-images, and fetch the
shellcheck static binary over HTTPS when it is missing.
Also add a short network diagnostics step to make future egress
issues obvious at a glance.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Only install tools that are actually missing (gitea/runner-images
already ships curl/jq/tar), and point apt at mirrors.aliyun.com when
we do need to install something so archive.ubuntu.com timeouts stop
blocking the build. Handles both Noble's DEB822 ubuntu.sources and
the legacy sources.list.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The repository is initialized with the SHA-256 object format, but
actions/checkout runs `git init` in the workspace before fetching.
Without GIT_DEFAULT_HASH=sha256 that init defaults to SHA-1 and fetch
fails with `mismatched algorithms: client sha1; server sha256`.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Align runs-on with the standard Gitea/GitHub-compatible label so
workflows stay portable. The Main label has been replaced by
ubuntu-latest on the registered runner.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Change runs-on to the "Main" label used by Act Runner 1, and make the
toolchain install step work both as root (default in act_runner
containers) and on hosts where sudo is required.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Introduce .gitea/workflows/release.yml driven by workflow_dispatch.
The pipeline runs shellcheck and unit tests, builds a tar.gz + sha256,
generates release notes from git history, and publishes a Gitea Release
via the API. Version defaults to v<YYYY.MM.DD>-<short-sha>.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
