From f5d04650ca3a563d729997b77ebe2ddbfbd1d7be Mon Sep 17 00:00:00 2001
From: Alex Lebens <alexanderlebens@gmail.com>
Date: Mon, 10 Nov 2025 22:41:04 -0600
Subject: [PATCH] split push and pull workflows

---
 ...docker.yaml => lint-test-docker-pull.yaml} |  7 --
 .gitea/workflows/lint-test-docker-push.yaml   | 75 ++++++++++++++++++
 ...est-helm.yaml => lint-test-helm-pull.yaml} |  7 --
 .gitea/workflows/lint-test-helm-push.yaml     | 78 +++++++++++++++++++
 4 files changed, 153 insertions(+), 14 deletions(-)
 rename .gitea/workflows/{lint-test-docker.yaml => lint-test-docker-pull.yaml} (96%)
 create mode 100644 .gitea/workflows/lint-test-docker-push.yaml
 rename .gitea/workflows/{lint-test-helm.yaml => lint-test-helm-pull.yaml} (95%)
 create mode 100644 .gitea/workflows/lint-test-helm-push.yaml

diff --git a/.gitea/workflows/lint-test-docker.yaml b/.gitea/workflows/lint-test-docker-pull.yaml
similarity index 96%
rename from .gitea/workflows/lint-test-docker.yaml
rename to .gitea/workflows/lint-test-docker-pull.yaml
index 620439bde..0e6be99d5 100644
--- a/.gitea/workflows/lint-test-docker.yaml
+++ b/.gitea/workflows/lint-test-docker-pull.yaml
@@ -1,13 +1,6 @@
 name: lint-test-docker
 
 on:
-  push:
-    branches:
-      - main
-    paths:
-      - 'hosts/**'
-      - ! 'hosts/archive'
-
   pull_request:
     branches:
       - main
diff --git a/.gitea/workflows/lint-test-docker-push.yaml b/.gitea/workflows/lint-test-docker-push.yaml
new file mode 100644
index 000000000..4b5738f8c
--- /dev/null
+++ b/.gitea/workflows/lint-test-docker-push.yaml
@@ -0,0 +1,75 @@
+name: lint-test-docker
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'hosts/**'
+      - ! 'hosts/archive'
+
+jobs:
+  docker-lint:
+    runs-on: ubuntu-js
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v6
+        with:
+          node-version: '24'
+
+      - name: Lint Docker Compose
+        run: |
+          set -e  # Exit immediately if a command exits with a non-zero status.
+
+          TARGET_BRANCH="origin/main"
+          echo ">> Target branch for diff is: $TARGET_BRANCH"
+
+          CHANGED_FILES=$(git diff --name-only "$TARGET_BRANCH" -- 'hosts/**')
+
+          echo ">> Found changed files:"
+          echo "$CHANGED_FILES"
+
+          # For each changed file, find its parent chart directory (the one with compose.yaml).
+          # Then, create a unique list of those directories.
+          CHANGED_COMPOSE=$(echo "$CHANGED_FILES" | while read -r file; do
+            dir=$(dirname "$file")
+            while [[ "$dir" != "." && ! -f "$dir/compose.yaml" ]]; do
+              dir=$(dirname "$dir")
+            done
+            if [[ "$dir" != "." ]]; then
+              echo "$dir"
+            fi
+          done | sort -u)
+
+          if [[ -z "$CHANGED_COMPOSE" ]]; then
+            echo ">> Could not determine changed compose files. This will happen if only files outside a compose file were changed."
+            exit 0
+          fi
+
+          echo ">> Running dclint on changed compose files:"
+          echo "$CHANGED_COMPOSE"
+
+          echo "$CHANGED_COMPOSE" | while read -r compose; do
+            echo ">> Linting $compose ..."
+            npx dclint $compose
+          done
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Gitea Action'
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'Docker linting for infrastructure repo has failed!'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=lint-test-docker-push.yaml", "clear": true}]'
+          image: true
diff --git a/.gitea/workflows/lint-test-helm.yaml b/.gitea/workflows/lint-test-helm-pull.yaml
similarity index 95%
rename from .gitea/workflows/lint-test-helm.yaml
rename to .gitea/workflows/lint-test-helm-pull.yaml
index 850cf8cc7..b66f293a5 100644
--- a/.gitea/workflows/lint-test-helm.yaml
+++ b/.gitea/workflows/lint-test-helm-pull.yaml
@@ -1,13 +1,6 @@
 name: lint-test-helm
 
 on:
-  push:
-    branches:
-      - main
-    paths:
-      - 'clusters/**'
-      - ! 'clusters/*/archive'
-
   pull_request:
     branches:
       - main
diff --git a/.gitea/workflows/lint-test-helm-push.yaml b/.gitea/workflows/lint-test-helm-push.yaml
new file mode 100644
index 000000000..7c0cd04cd
--- /dev/null
+++ b/.gitea/workflows/lint-test-helm-push.yaml
@@ -0,0 +1,78 @@
+name: lint-test-helm
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - 'clusters/**'
+      - ! 'clusters/*/archive'
+
+jobs:
+  helm-lint:
+    runs-on: ubuntu-js
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+        with:
+          token: ${{ secrets.GITEA_TOKEN }}
+          version: latest
+
+      - name: Lint Helm Chart
+        run: |
+          set -e  # Exit immediately if a command exits with a non-zero status.
+
+          TARGET_BRANCH="origin/main"
+          echo ">> Target branch for diff is: $TARGET_BRANCH"
+
+          CHANGED_FILES=$(git diff --name-only "$TARGET_BRANCH" -- 'clusters/**')
+
+          echo ">> Found changed files:"
+          echo "$CHANGED_FILES"
+
+          # For each changed file, find its parent chart directory (the one with Chart.yaml).
+          # Then, create a unique list of those directories.
+          CHANGED_CHARTS=$(echo "$CHANGED_FILES" | while read -r file; do
+            dir=$(dirname "$file")
+            while [[ "$dir" != "." && ! -f "$dir/Chart.yaml" ]]; do
+              dir=$(dirname "$dir")
+            done
+            if [[ "$dir" != "." ]]; then
+              echo "$dir"
+            fi
+          done | sort -u)
+
+          if [[ -z "$CHANGED_CHARTS" ]]; then
+            echo ">> Could not determine changed charts. This could happen if only files outside a chart were changed."
+            exit 0
+          fi
+
+          echo ">> Running helm lint on changed charts:"
+          echo "$CHANGED_CHARTS"
+
+          echo "$CHANGED_CHARTS" | while read -r chart; do
+            echo ">> Building dependency for "$chart" ..."
+            helm dependency build "$chart"
+            echo ">> Linting $chart..."
+            helm lint "$chart"
+          done
+
+      - name: ntfy Failed
+        uses: niniyas/ntfy-action@master
+        if: failure()
+        with:
+          url: '${{ secrets.NTFY_URL }}'
+          topic: '${{ secrets.NTFY_TOPIC }}'
+          title: 'Gitea Action'
+          priority: 3
+          headers: '{"Authorization": "Bearer ${{ secrets.NTFY_CRED }}"}'
+          tags: action,failed
+          details: 'Helm linting for infrastructure repo has failed!'
+          icon: 'https://cdn.jsdelivr.net/gh/selfhst/icons/png/gitea.png'
+          actions: '[{"action": "view", "label": "Open Gitea", "url": "https://gitea.alexlebens.dev/alexlebens/site-profile/actions?workflow=lint-test-docker-push.yaml", "clear": true}]'
+          image: true