From fb1968f6102b841ee06e8e0d996176f9ca686656 Mon Sep 17 00:00:00 2001
From: Nicolas Cantu <nicolas.cantu@pm.me>
Date: Thu, 28 Aug 2025 00:22:20 +0200
Subject: [PATCH] ci(runners): use runs-on [self-hosted, linux] across
 workflows; docs: add runner labels setup

---
 .gitea/workflows/ci.yml            | 30 +++++++++++++++---------------
 .gitea/workflows/template-sync.yml |  2 +-
 docs/project/GITEA_SETUP.md        |  6 ++++++
 3 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 224714e..bd5f628 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -16,7 +16,7 @@ jobs:
   # Job de vérification du code
   code-quality:
     name: Code Quality
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
 
     steps:
     - name: Checkout code
@@ -64,7 +64,7 @@ jobs:
   # Job de tests unitaires
   unit-tests:
     name: Unit Tests
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
 
     steps:
     - name: Checkout code
@@ -100,7 +100,7 @@ jobs:
   # Job de tests d'intégration
   integration-tests:
     name: Integration Tests
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
 
     services:
       docker:
@@ -147,7 +147,7 @@ jobs:
   # Job de tests de sécurité
   security-tests:
     name: Security Tests
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
 
     steps:
     - name: Checkout code
@@ -184,7 +184,7 @@ jobs:
   # Job de build et test Docker
   docker-build:
     name: Docker Build & Test
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
 
     services:
       docker:
@@ -227,7 +227,7 @@ jobs:
   # Job de tests de documentation
   documentation-tests:
     name: Documentation Tests
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
 
     steps:
     - name: Checkout code
@@ -242,7 +242,7 @@ jobs:
 
   markdownlint:
     name: Markdown Lint
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
@@ -272,7 +272,7 @@ jobs:
 
   bash-required:
     name: Bash Requirement
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
@@ -289,7 +289,7 @@ jobs:
 
   agents-smoke:
     name: Agents Smoke (no AI)
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
@@ -309,7 +309,7 @@ jobs:
 
   openia-agents:
     name: Agents with OpenIA
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
     if: ${{ secrets.OPENAI_API_KEY != '' }}
     env:
       OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
@@ -333,7 +333,7 @@ jobs:
 
   deployment-checks:
     name: Deployment Checks
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
@@ -350,7 +350,7 @@ jobs:
 
   security-audit:
     name: Security Audit
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
@@ -368,7 +368,7 @@ jobs:
   # Job de release guard (cohérence release)
   release-guard:
     name: Release Guard
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
     needs: [code-quality, unit-tests, documentation-tests, markdownlint, security-audit, deployment-checks, bash-required]
     steps:
     - name: Checkout code
@@ -430,7 +430,7 @@ jobs:
   # Job de tests de performance
   performance-tests:
     name: Performance Tests
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
 
     steps:
     - name: Checkout code
@@ -455,7 +455,7 @@ jobs:
   # Job de notification
   notify:
     name: Notify
-    runs-on: ubuntu-latest
+    runs-on: [self-hosted, linux]
     needs: [code-quality, unit-tests, integration-tests, security-tests, docker-build, documentation-tests]
     if: always()
 
diff --git a/.gitea/workflows/template-sync.yml b/.gitea/workflows/template-sync.yml
index ceaae53..8bdfd05 100644
--- a/.gitea/workflows/template-sync.yml
+++ b/.gitea/workflows/template-sync.yml
@@ -7,7 +7,7 @@ on:
 
 jobs:
   check-and-sync:
-    runs-on: self-hosted
+    runs-on: [self-hosted, linux]
     steps:
       - name: Lire TEMPLATE_VERSION et .4nk-sync.yml
         # Doit charger ref courant, source_repo et périmètre paths
diff --git a/docs/project/GITEA_SETUP.md b/docs/project/GITEA_SETUP.md
index 347a7d6..282be70 100644
--- a/docs/project/GITEA_SETUP.md
+++ b/docs/project/GITEA_SETUP.md
@@ -22,6 +22,12 @@
 - Nom: `RELEASE_TOKEN` ; Valeur: un token personnel avec portée API sur le dépôt
 - Le job `release-create` utilisera ce secret lors d’un push de tag `v*`
 
+### Runner Gitea (labels)
+- Configurez votre runner avec labels: `self-hosted,linux`
+- Exemple (act_runner):
+  - Enregistrement: `./act_runner register --labels "self-hosted,linux"`
+  - Service: définissez `RUNNER_LABELS="self-hosted,linux"`
+
 ## 4. Workflows requis
 
 - `code-quality`, `unit-tests`, `documentation-tests`, `security-audit`