chore(ci): migrate workflows to gitea + consolidate keystore secret
flutter / analyze-test-build (push) Failing after 2s
test-go / test (push) Successful in 33s
android / Build + lint + test (push) Failing after 41s
test-web / test (push) Successful in 41s
android / Build signed release APK (push) Has been skipped
test-go / integration (push) Successful in 11m16s

- rename .forgejo/workflows/ to .gitea/workflows/ (git mv preserves
  history); Gitea Actions reads either path, but the directory now
  matches the active platform
- collapse ANDROID_STORE_PASSWORD + ANDROID_KEY_PASSWORD into a
  single ANDROID_KEYSTORE_PASSWORD secret (PKCS12 keystores require
  the two passwords to be identical, so the duplication carried no
  information); build.gradle.kts still reads two env vars to stay
  format-agnostic, both now sourced from the same secret in CI
- ignore android/*.keystore, android/*.keystore.*, android/*.jks,
  android/keystore.properties so the regenerated signing material
  never reaches a remote on accident
- update prose references from Forgejo to Gitea in CLAUDE.md and
  the docs; the historical "migrated from Forgejo" note in CLAUDE.md
  is kept intentionally; forgejo/upload-artifact@v3 action refs are
  left untouched (canonical artifact action, resolves cleanly under
  Gitea Actions)

Operator side: ANDROID_KEY_ALIAS, ANDROID_KEYSTORE_PASSWORD, and
ANDROID_KEYSTORE_B64 secrets registered in Gitea before this lands.
This commit is contained in:
2026-05-31 23:05:03 -04:00
parent 96caac2f06
commit 3cf829752b
12 changed files with 41 additions and 26 deletions
+4 -3
View File
@@ -44,14 +44,15 @@ exists in Flutter:
## Repo conventions (already in force)
- **No GitHub — Forgejo only.** PR/issue ops via the forgejo MCP; CI runs under
`.forgejo/workflows/`. Never use `gh` or github.com URLs.
- **No GitHub — Gitea only.** PR/issue ops via the gitea MCP (server lives at
git.fabledsword.com, migrated from Forgejo); CI runs under `.gitea/workflows/`.
Never use `gh` or github.com URLs.
- **Git flow:** work on `dev` → PR to protected `main` → tag release. Never push
to `main`.
- **No in-task tests/builds.** Do not run flutter/gradle/npm `test`/`build`/
`analyze` during implementation — CI verifies. Codegen scripts only.
- **CI is operator-side.** After `git push origin dev`, the operator reports the
result; don't poll Forgejo.
result; don't poll Gitea.
- **Specs/plans/audits/parity-map live local.** `docs/superpowers/` is
`.gitignored` — save there for operator review; never commit those.
- **detekt gates CI.** Watch the recurring ones: 60-line `LongMethod`,