From e3cd41b0ba2fee6548a80b522e471f20b1bd42cb Mon Sep 17 00:00:00 2001
From: Lotus Bot <lotus@lotusguild.org>
Date: Thu, 21 May 2026 20:35:40 -0400
Subject: [PATCH] ci: add Gitea Actions build check workflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Runs npm ci + npm run build on every push to lotus and on PRs.
Marks commit as failed if the build breaks — gives early feedback
before the webhook deploy script also catches it.
Source map upload skipped in CI (deploy script handles that).
npm audit runs informational-only (continue-on-error) since known
vulns require upstream fixes.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .gitea/workflows/ci.yml | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 .gitea/workflows/ci.yml

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
new file mode 100644
index 000000000..cc78fb0e2
--- /dev/null
+++ b/.gitea/workflows/ci.yml
@@ -0,0 +1,36 @@
+name: CI
+
+on:
+  push:
+    branches: [lotus]
+  pull_request:
+    branches: [lotus]
+
+jobs:
+  build:
+    name: Build check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: ".node-version"
+          cache: npm
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Build
+        run: npm run build
+        env:
+          NODE_OPTIONS: "--max_old_space_size=4096"
+          # No auth token — skip source map upload in CI (done by deploy script)
+          SENTRY_AUTH_TOKEN: ""
+
+      - name: Audit (high/critical only)
+        run: npm audit --audit-level=high
+        # Informational — don't fail the build on existing known vulns
+        continue-on-error: true