From 79d4ec6eb6beacf7bc6567658df31933c2d50cb2 Mon Sep 17 00:00:00 2001
From: Ruben van Staveren <ruben@verweg.com>
Date: Sun, 15 Mar 2026 11:01:18 +0100
Subject: [PATCH] Rework to use the debian docker based runner

---
 .gitea/workflows/bandit.yml    | 31 +++++++++++++++++++++++++------
 .gitea/workflows/flake8.yml    | 30 ++++++++++++++++++++++++------
 .gitea/workflows/mypy.yml      | 31 +++++++++++++++++++++++++------
 .gitea/workflows/pip-audit.yml |  6 +++---
 .gitea/workflows/pylint.yml    | 30 ++++++++++++++++++++++++------
 5 files changed, 101 insertions(+), 27 deletions(-)

diff --git a/.gitea/workflows/bandit.yml b/.gitea/workflows/bandit.yml
index 36d634e..3290eed 100644
--- a/.gitea/workflows/bandit.yml
+++ b/.gitea/workflows/bandit.yml
@@ -1,17 +1,36 @@
 ---
 name: Bandit
-on: [push]
-
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
 
 # XXX need to do stuff with uv
 jobs:
-  build:
-    runs-on: freebsd
+  audit-runtime-security:
+    runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.11"]
+        python-version:
+          - "3.11"
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '${{ matrix.python-version }}'
+          cache: 'pip'
+          cache-dependency-path: 'requirements.txt'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install --upgrade bandit
+          pip install -r requirements.txt
+
       - name: Analyse code with Bandit
         run: |
           bandit -r .
diff --git a/.gitea/workflows/flake8.yml b/.gitea/workflows/flake8.yml
index a50707e..48396fc 100644
--- a/.gitea/workflows/flake8.yml
+++ b/.gitea/workflows/flake8.yml
@@ -1,17 +1,35 @@
 ---
 name: Flake8
-on: [push]
-
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
 
 # XXX need to do stuff with uv
 jobs:
-  build:
-    runs-on: freebsd
+  audit:
+    runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.11"]
+        python-version:
+          - "3.11"
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '${{ matrix.python-version }}'
+          cache: 'pip'
+          cache-dependency-path: 'requirements.txt'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install --upgrade flake8
+          pip install -r requirements.txt
       - name: Analyse code with Flake8
         run: |
           flake8 $(git ls-files '*.py')
diff --git a/.gitea/workflows/mypy.yml b/.gitea/workflows/mypy.yml
index 94c12ea..ac3438f 100644
--- a/.gitea/workflows/mypy.yml
+++ b/.gitea/workflows/mypy.yml
@@ -1,17 +1,36 @@
 ---
 name: Mypy
-on: [push]
-
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
 
 # XXX need to do stuff with uv
 jobs:
-  build:
-    runs-on: freebsd
+  audit-typing:
+    runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.11"]
+        python-version:
+          - "3.11"
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '${{ matrix.python-version }}'
+          cache: 'pip'
+          cache-dependency-path: 'requirements.txt'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install --upgrade mypy
+          pip install -r requirements.txt
+
       - name: Analyse code with Mypy
         run: |
           mypy --install-types --non-interactive $(git ls-files '*.py')
diff --git a/.gitea/workflows/pip-audit.yml b/.gitea/workflows/pip-audit.yml
index f4795d7..47b1db0 100644
--- a/.gitea/workflows/pip-audit.yml
+++ b/.gitea/workflows/pip-audit.yml
@@ -10,17 +10,17 @@ on:
 
 # XXX need to do stuff with uv
 jobs:
-  build:
+  audit-dependency-security:
     runs-on: ubuntu-latest
     strategy:
       matrix:
         python-version:
           - "3.11"
     steps:
-      - name: Checkout code
+      - name: Checkout repository
         uses: actions/checkout@v4
 
-      - name: Set up Python ${{ matrix.python-version }}
+      - name: Set up Python
         uses: actions/setup-python@v4
         with:
           python-version: '${{ matrix.python-version }}'
diff --git a/.gitea/workflows/pylint.yml b/.gitea/workflows/pylint.yml
index d101f6a..ee4e8de 100644
--- a/.gitea/workflows/pylint.yml
+++ b/.gitea/workflows/pylint.yml
@@ -1,17 +1,35 @@
 ---
 name: Pylint
-on: [push]
-
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
 
 # XXX need to do stuff with uv
 jobs:
-  build:
-    runs-on: freebsd
+  audit-runtime-security:
+    runs-on: ubuntu-latest
     strategy:
       matrix:
-        python-version: ["3.11"]
+        python-version:
+          - "3.11"
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: '${{ matrix.python-version }}'
+          cache: 'pip'
+          cache-dependency-path: 'requirements.txt'
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          python -m pip install --upgrade pylint
+          pip install -r requirements.txt
       - name: Analyse code with Pylint
         run: |
           pylint $(git ls-files '*.py')