Update Gitea workflows to use custom action URLs and modify publish process for Gitea releases

.gitea/workflows/docker.yml

@@ -23,18 +23,18 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+        uses: https://git.quad4.io/actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
+        uses: https://git.quad4.io/actions/setup-qemu-action@3a1695b1353f9f8868722ffaafc1f164ef35fa5e # v3
         with:
           platforms: amd64,arm64
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
+        uses: https://git.quad4.io/actions/setup-buildx-action@7fbd262f0ca05b45700d8eaaf71f40837d036cc7 # v3
 
       - name: Log in to the Container registry
-        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3
+        uses: https://git.quad4.io/actions/login-action@bb91d7e20cfedb030a44164cb558bba899e1010a # v3
         with:
           registry: ${{ env.REGISTRY }}
           username: ${{ secrets.REGISTRY_USERNAME }}
@@ -42,7 +42,7 @@ jobs:
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
-        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
+        uses: https://git.quad4.io/actions/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |
@@ -55,7 +55,7 @@ jobs:
 
       - name: Build and push Docker image
         id: build
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
+        uses: https://git.quad4.io/actions/build-push-action@dc0c2d97df39a6939d9db7d572445529e2365ec6 # v6
         with:
           context: .
           file: ./docker/Dockerfile
@@ -70,7 +70,7 @@ jobs:
 
       - name: Extract metadata (tags, labels) for Docker (rootless)
         id: meta_rootless
-        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
+        uses: https://git.quad4.io/actions/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}-rootless
           tags: |
@@ -81,7 +81,7 @@ jobs:
             type=sha,format=short,suffix=-rootless
 
       - name: Build and push rootless Docker image
-        uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6
+        uses: https://git.quad4.io/actions/build-push-action@dc0c2d97df39a6939d9db7d572445529e2365ec6 # v6
         with:
           context: .
           file: ./docker/Dockerfile.rootless

.gitea/workflows/publish.yml

@@ -1,12 +1,8 @@
-name: Publish Python 🐍 distribution 📦 to PyPI
+name: Create Release
 
-# This workflow creates immutable releases:
+# This workflow creates releases:
 # 1. Build packages
-# 2. Publish to PyPI (only on tag push)
-# 3. After successful PyPI publish:
-#    - Sign artifacts
-#    - Check if GitHub release exists (idempotent)
-#    - Create release with all artifacts atomically
+# 2. Create Gitea release with all artifacts atomically
 # This ensures releases cannot be modified once published.
 
 on:
@@ -21,8 +17,7 @@ on:
         type: string
 
 permissions:
-  contents: read
-  id-token: write
+  contents: write
 
 jobs:
   build:
@@ -30,13 +25,13 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
-      id-token: write
     steps:
-    - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+    - name: Checkout
+      uses: https://git.quad4.io/actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       with:
         persist-credentials: false
     - name: Set up Python
-      uses: actions/setup-python@e797f83bcb11b83ae66e0230d6156d7c80228e7c  # v6.0.0
+      uses: https://git.quad4.io/actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v5
       with:
         python-version: "3.13"
     - name: Install pypa/build
@@ -44,75 +39,30 @@ jobs:
     - name: Build a binary wheel and a source tarball
       run: python3 -m build
     - name: Store the distribution packages
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02  # v4.6.2
+      uses: https://git.quad4.io/actions/upload-artifact@8689daa8608e46baf41e4786cb83fbc0dea972cd # v4
       with:
         name: python-package-distributions
         path: dist/
 
-  publish-to-pypi:
-    name: Publish Python 🐍 distribution 📦 to PyPI
-    if: startsWith(github.ref, 'refs/tags/')
+  gitea-release:
+    name: Create Gitea Release
     needs:
     - build
     runs-on: ubuntu-latest
-    environment:
-      name: pypi
-      url: https://pypi.org/p/rns-page-node
-    permissions:
-      id-token: write
-      contents: read
-
-    steps:
-    - name: Download all the dists
-      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0  # v5.0.0
-      with:
-        name: python-package-distributions
-        path: dist/
-    - name: Publish distribution 📦 to PyPI
-      uses: pypa/gh-action-pypi-publish@ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
-
-  github-release:
-    name: Sign the Python 🐍 distribution 📦 and create GitHub Release
-    needs:
-    - publish-to-pypi
-    runs-on: ubuntu-latest
     permissions:
       contents: write
-      id-token: write
 
     steps:
     - name: Download all the dists
-      uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0  # v5.0.0
+      uses: https://git.quad4.io/actions/download-artifact@10979da4ee3096dd7ca8d9a35c72871335fee704 # v5
       with:
         name: python-package-distributions
         path: dist/
-    - name: Sign the dists with Sigstore
-      uses: sigstore/gh-action-sigstore-python@f7ad0af51a5648d09a20d00370f0a91c3bdf8f84  # v3.0.1
+    - name: Create Gitea Release with artifacts
+      uses: https://git.quad4.io/actions/gitea-release-action@4875285c0950474efb7ca2df55233c51333eeb74
       with:
-        inputs: >-
-          ./dist/*.tar.gz
-          ./dist/*.whl
-    - name: Check if release exists
-      id: check_release
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
-      run: |
-        if gh release view "$GITHUB_REF_NAME" --repo "$GITHUB_REPOSITORY" >/dev/null 2>&1; then
-          echo "exists=true" >> $GITHUB_OUTPUT
-          echo "Release $GITHUB_REF_NAME already exists, skipping creation"
-        else
-          echo "exists=false" >> $GITHUB_OUTPUT
-          echo "Release $GITHUB_REF_NAME does not exist, will create"
-        fi
-      continue-on-error: true
-    - name: Create GitHub Release with artifacts
-      if: steps.check_release.outputs.exists != 'true'
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
-      run: >-
-        gh release create
-        "$GITHUB_REF_NAME"
-        --repo "$GITHUB_REPOSITORY"
-        --title "Release $GITHUB_REF_NAME"
-        --notes "PyPI: https://pypi.org/project/rns-page-node/$GITHUB_REF_NAME/"
-        dist/* 
+        tag_name: ${{ github.ref_name }}
+        name: Release ${{ github.ref_name }}
+        files: |
+          dist/*.tar.gz
+          dist/*.whl 

.gitea/workflows/safety.yml

@@ -8,9 +8,10 @@ jobs:
   security:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - name: Checkout
+        uses: https://git.quad4.io/actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
       - name: Set up Python
-        uses: actions/setup-python@v5
+        uses: https://git.quad4.io/actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v5
         with:
           python-version: '3.10'
       - name: Install dependencies
@@ -18,4 +19,4 @@ jobs:
           python -m pip install --upgrade pip
           pip install .
       - name: Run pip-audit
-        uses: pypa/gh-action-pip-audit@v1.1.0
+        uses: https://git.quad4.io/actions/gh-action-pip-audit@66a6ee35b1b25f89c6bdc9f7c11284f08061823a # v1.1.0