M5: publish seam + CI/CD pipeline

Browse Source

scripts/new-post.mjs writes schema-valid posts from flags or a JSON event
(the IaC publish seam). Gitea Actions workflow: ci check, audit-ci gate,
build, dist scan, CycloneDX SBOM, buildah build+push, and a least-privilege
digest-bump PR to home-ops (never auto-merged). Renovate + audit allowlist.

...

This commit is contained in:

Jonathon Wright

2026-06-17 17:20:54 +10:00

parent c1db5cec86

commit 83edaf5975

10 changed files with 2503 additions and 4 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

package-lock.json

Generated

+2191 -2

File diff suppressed because it is too large Load Diff