# =============================================================================
# .ci/config.env — Central Configuration (Single Source of Truth)
# =============================================================================
# Repository: ${REPO_NAME}
# Generated from template: ${TEMPLATE_NAME}
# Created: ${YEAR}-${MONTH}-${DAY}
#
# All Gitea Actions workflows source this file at runtime.
# Adjust the toggles below to enable/disable features for YOUR project.
# See docs/CONFIG.md for detailed explanations of every flag.
# =============================================================================

# -----------------------------------------------------------------------------
# CI — Continuous Integration
# -----------------------------------------------------------------------------
# Master switch for CI. If false, the CI workflow exits immediately.
ENABLE_CI=true

# If true, lint/test failures cause the workflow to fail (exit 1).
# If false, failures are logged as warnings but the workflow succeeds.
CI_STRICT=true

# The primary branch name. Used by Docker and other workflows.
DEFAULT_BRANCH=main

# -----------------------------------------------------------------------------
# Docker — Build & Push
# -----------------------------------------------------------------------------
# Master switch for Docker build steps. If false, docker.yml skips entirely.
ENABLE_DOCKER=true

# Whether to actually push images to the registry.
# SAFE DEFAULT: false — images are built but never pushed until you opt in.
DOCKER_PUSH=false

# Push images when a commit lands on DEFAULT_BRANCH?
DOCKER_PUSH_ON_BRANCH=true

# Push images when a semver tag (v*) is pushed?
DOCKER_PUSH_ON_TAG=true

# Registry hostname. For Gitea's built-in container registry this is usually
# the same as your Gitea instance domain.
REGISTRY_HOST=git.hiddenden.cafe

# Image owner (org or user). "auto" = derived at runtime from the repo context.
IMAGE_OWNER=auto

# Image name. "auto" = derived at runtime from the repository name.
IMAGE_NAME=auto

# Tag strategy. Controls which tags are applied to pushed images.
# Options:
#   semver+latest   — tag vX.Y.Z → :X.Y.Z and :latest  (default)
#   semver          — tag vX.Y.Z → :X.Y.Z only
#   branch          — branch pushes only, tagged as :branchname
# Branch pushes always produce :branchname when DOCKER_PUSH_ON_BRANCH=true.
DOCKER_TAG_STRATEGY=semver+latest

# -----------------------------------------------------------------------------
# Security Scanning
# -----------------------------------------------------------------------------
# Master switch for security workflows. SAFE DEFAULT: false.
ENABLE_SECURITY=false

# If true, any finding fails the workflow. If false, findings are warnings only.
STRICT_SECURITY=false

# -----------------------------------------------------------------------------
# Renovate — Automated Dependency Updates
# -----------------------------------------------------------------------------
# Master switch for Renovate. SAFE DEFAULT: false.
ENABLE_RENOVATE=false

# How often Renovate runs. Cron-style or preset: daily, weekly, monthly.
RENOVATE_SCHEDULE=weekly

# Maximum number of open PRs Renovate can create at once.
RENOVATE_PR_LIMIT=5

# -----------------------------------------------------------------------------
# Deploy — Automated Deployment to VPS
# -----------------------------------------------------------------------------
# Master switch for deployment. SAFE DEFAULT: false.
# Deploy NEVER runs unless you explicitly set this to true.
ENABLE_DEPLOY=false

# Deployment mode. Determines HOW the deploy job reaches the VPS.
#   local-runner — The job runs directly on a self-hosted act_runner installed
#                  on the VPS. No SSH needed. The runner is selected by label.
#   ssh          — The job runs on any runner and SSHs into the VPS to execute
#                  deploy commands remotely. Requires SSH secrets.
DEPLOY_MODE=local-runner

# Runner label for local-runner mode. The act_runner on your VPS must be
# registered with this label. Gitea selects the runner via runs-on.
# Examples: deploy-ovh, vps-prod, deploy-hetzner
DEPLOY_RUNNER_LABEL=deploy-ovh

# Working directory on the VPS where your project lives.
# For local-runner mode this is a local path; for ssh mode it's the remote path.
DEPLOY_WORKDIR=/opt/${REPO_NAME}

# Deploy strategy. Determines WHAT happens on the VPS.
#   compose  — cd into DEPLOY_WORKDIR, pull new images, recreate containers
#   systemd  — restart a systemd service
#   script   — run a custom deploy script
DEPLOY_STRATEGY=compose

# (compose) Path to the compose file, relative to DEPLOY_WORKDIR.
DEPLOY_COMPOSE_FILE=docker-compose.yml

# (systemd) Name of the systemd service to restart. Required if strategy=systemd.
DEPLOY_SYSTEMD_SERVICE=

# (script) Path to a custom deploy script, relative to the repo root.
# The script receives DEPLOY_WORKDIR as $1.
DEPLOY_SCRIPT=scripts/deploy.sh

# Also deploy when a semver tag (v*) is pushed? Default: false.
DEPLOY_ON_TAG=false