From 75693ebf2e60b0edefe63e344d5d602b307a244d Mon Sep 17 00:00:00 2001
From: Jose <joseraj@gmail.com>
Date: Sat, 14 Feb 2026 08:35:56 +0100
Subject: [PATCH] =?UTF-8?q?refactor=20=E2=99=BB=EF=B8=8F:=20Refactor=20wor?=
 =?UTF-8?q?kflows=20to=20include=20issues=20and=20push=20events,=20add=20P?=
 =?UTF-8?q?R=20check=20workflow?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This commit refactors the existing workflows by removing 'pull_request' triggers from ansible-lint and markdown-lint.yml files. It also adds a new workflow file `.gitea/workflows/pr-check-yaml` for performing checks on pull requests.
---
 .gitea/workflows/ansible-lint.yml  |   2 +-
 .gitea/workflows/gitleaks.yml      |   4 +-
 .gitea/workflows/markdown-lint.yml |   2 +-
 .gitea/workflows/pr-check-yaml     | 163 +++++++++++++++++++++++++++++
 4 files changed, 166 insertions(+), 5 deletions(-)
 create mode 100644 .gitea/workflows/pr-check-yaml

diff --git a/.gitea/workflows/ansible-lint.yml b/.gitea/workflows/ansible-lint.yml
index f1fd650..649b84f 100644
--- a/.gitea/workflows/ansible-lint.yml
+++ b/.gitea/workflows/ansible-lint.yml
@@ -2,7 +2,7 @@
 # .gitea/workflows/ansible-lint.yml
 name: ansible-lint
 
-on: [pull_request, issues, push]
+on: [issues, push]
 
 jobs:
   build:
diff --git a/.gitea/workflows/gitleaks.yml b/.gitea/workflows/gitleaks.yml
index 56f1ac1..528ef5d 100644
--- a/.gitea/workflows/gitleaks.yml
+++ b/.gitea/workflows/gitleaks.yml
@@ -1,9 +1,7 @@
 ---
 name: Gitleaks Scan
 
-on:
-  push:
-  pull_request:
+on: [issues, push]
 
 jobs:
   gitleaks:
diff --git a/.gitea/workflows/markdown-lint.yml b/.gitea/workflows/markdown-lint.yml
index 80a6846..cc37469 100644
--- a/.gitea/workflows/markdown-lint.yml
+++ b/.gitea/workflows/markdown-lint.yml
@@ -2,7 +2,7 @@
 # .gitea/workflows/markdown-lint.yml
 name: Markdown Lint
 
-on: [pull_request, issues, push]
+on: [issues, push]
 
 jobs:
   build:
diff --git a/.gitea/workflows/pr-check-yaml b/.gitea/workflows/pr-check-yaml
new file mode 100644
index 0000000..c7e23f2
--- /dev/null
+++ b/.gitea/workflows/pr-check-yaml
@@ -0,0 +1,163 @@
+# https://github.com/kekxv/pr-check
+name: ai-reviews
+
+on:
+  pull_request:
+    types: [opened, synchronize]
+
+jobs:
+  leak_test:
+    name: Gitleaks
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          github-server-url: ${{ vars.GIT_SERVER_URL }}
+
+      - name: Install Gitleaks
+        run: |
+          curl -sSL https://github.com/gitleaks/gitleaks/releases/download/v8.30.0/gitleaks_8.30.0_linux_x64.tar.gz \
+          | tar -xz
+          sudo mv gitleaks /usr/local/bin/
+
+      - name: Run Gitleaks
+        run: |
+          gitleaks dir . \
+            --redact=10 \
+            --verbose \
+            --exit-code 1
+
+  lint_test:
+    name: lint test
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v6
+        with:
+          github-server-url: ${{ vars.GIT_SERVER_URL }}
+
+      - name: Install Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+
+      - name: Run markdownlint
+        run: npx markdownlint-cli2 "**/*.md" "#node_modules"
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.14"
+
+      - name: Install ansible-lint and yamllint
+        run: |
+          python -m pip install --upgrade pip
+          pip install ansible ansible-lint yamllint
+
+      - name: Run yamllint
+        run: |
+          yamllint .
+
+      - name: Run ansible-lint
+        run: |
+          ansible-lint
+
+handle_failures:
+  runs-on: ubuntu-latest
+  needs: [leak_test, lint_test]
+  if: needs.leak_test.result != 'success' || needs.lint_test.result != 'success'
+
+  steps:
+    - name: Comment, label, and close PR
+      run: |
+        API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}"
+        PR="${{ github.event.pull_request.number }}"
+        TOKEN="${{ secrets.GITEA_TOKEN }}"
+
+        COMMENT_BODY="❌ CI checks failed.\n\nLeak test: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}"
+
+        # Find existing comment
+        EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \
+          "$API/issues/$PR/comments" \
+          | jq -r '.[] | select(.body | test("<!--ci-failed-comment-->")) | .id')
+
+        # Update or create comment
+        if [ -n "$EXISTING_COMMENT_ID" ]; then
+          curl -s -X PATCH \
+            -H "Authorization: token $TOKEN" \
+            -H "Content-Type: application/json" \
+            -d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
+            "$API/issues/$PR/comments/$EXISTING_COMMENT_ID"
+        else
+          curl -s -X POST \
+            -H "Authorization: token $TOKEN" \
+            -H "Content-Type: application/json" \
+            -d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
+            "$API/issues/$PR/comments"
+        fi
+
+        # Add label if missing
+        LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name')
+        if ! echo "$LABELS" | grep -q "^ci-failed$"; then
+          curl -s -X POST \
+            -H "Authorization: token $TOKEN" \
+            -H "Content-Type: application/json" \
+            -d '["ci-failed"]' \
+            "$API/issues/$PR/labels"
+        fi
+
+        # Close PR
+        curl -s -X PATCH \
+          -H "Authorization: token $TOKEN" \
+          -H "Content-Type: application/json" \
+          -d '{"state":"closed"}' \
+          "$API/pulls/$PR"
+
+handle_success:
+  runs-on: ubuntu-latest
+  needs: [leak_test, lint_test]
+  if: needs.leak_test.result == 'success' && needs.lint_test.result == 'success'
+
+  steps:
+    - name: Update comment, remove label, reopen PR
+      run: |
+        API="${{ vars.GIT_SERVER_URL }}/api/v1/repos/${{ github.repository }}"
+        PR="${{ github.event.pull_request.number }}"
+        TOKEN="${{ secrets.GITEA_TOKEN }}"
+
+        COMMENT_BODY="✅ All CI checks passed.\n\nLeak test: ${{ needs.leak_test.result }}\nLint: ${{ needs.lint_test.result }}"
+
+        # Find existing comment
+        EXISTING_COMMENT_ID=$(curl -s -H "Authorization: token $TOKEN" \
+          "$API/issues/$PR/comments" \
+          | jq -r '.[] | select(.body | test("<!--ci-failed-comment-->")) | .id')
+
+        # Update comment if exists
+        if [ -n "$EXISTING_COMMENT_ID" ]; then
+          curl -s -X PATCH \
+            -H "Authorization: token $TOKEN" \
+            -H "Content-Type: application/json" \
+            -d "{\"body\":\"<!--ci-failed-comment-->\n$COMMENT_BODY\"}" \
+            "$API/issues/$PR/comments/$EXISTING_COMMENT_ID"
+        fi
+
+        # Remove label if exists
+        LABELS=$(curl -s -H "Authorization: token $TOKEN" "$API/issues/$PR/labels" | jq -r '.[] | .name')
+        if echo "$LABELS" | grep -q "^ci-failed$"; then
+          curl -s -X DELETE \
+            -H "Authorization: token $TOKEN" \
+            "$API/issues/$PR/labels/ci-failed"
+        fi
+
+        # Reopen PR if closed
+        PR_STATE=$(curl -s -H "Authorization: token $TOKEN" "$API/pulls/$PR" | jq -r '.state')
+        if [ "$PR_STATE" = "closed" ]; then
+          curl -s -X PATCH \
+            -H "Authorization: token $TOKEN" \
+            -H "Content-Type: application/json" \
+            -d '{"state":"open"}' \
+            "$API/pulls/$PR"
+        fi