From 5e206edc50ee108ff0754d4a3d2e6b47fb084987 Mon Sep 17 00:00:00 2001
From: "Claude (bootstrap)" <claude@anhonesthost.net>
Date: Sun, 31 May 2026 08:44:55 -0700
Subject: [PATCH] ci: lint inside built image at /scripts/ instead of
 bind-mounting host $PWD
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two failed attempts before this:
- Run 3703 (orig): docker run -v "$PWD:/src" --entrypoint php ...
  Failed because Gitea's act-based runner is itself containerized;
  $PWD inside the runner is not a path the host docker daemon can
  bind mount. "Could not open input file: /src/scripts/scan-dbs.php".
- Run 3704 (first attempt): php -l "$f" directly on the runner.
  Failed because the runner image (catthehacker/ubuntu act) doesn't
  ship php-cli by default. "php: command not found" exit 127.

The right fix: the Dockerfile already does
  COPY --chown=whp-import:whp-import scripts/ /scripts/
so the scripts exist inside the just-built smoke image at /scripts/.
Linting via `docker run --entrypoint php cpanel-importer:smoke
-l /scripts/foo.php` reads from the image's own rootfs — no bind
mount, no runner-side php dependency.

The for-loop var $f is still scripts/foo.php (matches host glob),
and the path inside the container becomes /scripts/foo.php after
the `-l "/$f"` prefix.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .gitea/workflows/build-push.yaml | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/.gitea/workflows/build-push.yaml b/.gitea/workflows/build-push.yaml
index 9674d55..8d3a9d5 100644
--- a/.gitea/workflows/build-push.yaml
+++ b/.gitea/workflows/build-push.yaml
@@ -73,25 +73,26 @@ jobs:
           fi
           echo "smoke test passed"
 
-      # Lints run directly on the runner instead of via `docker run -v "$PWD:/src"`
-      # against the built image. Gitea runners are themselves containerized,
-      # so $PWD inside the runner is NOT a path the host docker daemon can bind
-      # mount; the previous approach surfaced as "Could not open input file"
-      # for every script. Running php/bash directly on the runner works because
-      # the runner image (ubuntu-latest) ships php-cli + bash, and the files
-      # exist in $PWD because the checkout step already populated them.
+      # Lints run inside the just-built image rather than on the runner side.
+      # The Dockerfile already COPYs scripts/ to /scripts/ inside the image,
+      # so we don't need a host bind mount (the original `docker run -v
+      # "$PWD:/src"` shape failed under Gitea's dockerized runner, where
+      # $PWD on the runner is not a path the host docker daemon can mount).
+      # Switching the path from /src/$f to /$f reads from the image's own
+      # /scripts/ rootfs entries directly. Runner-side `php -l` won't work
+      # because the act-based ubuntu-latest image doesn't ship php-cli.
       - name: PHP syntax check
         run: |
           set -euo pipefail
           for f in scripts/*.php scripts/lib/*.php; do
-            php -l "$f"
+            docker run --rm --entrypoint php cpanel-importer:smoke -l "/$f"
           done
 
       - name: Bash syntax check
         run: |
           set -euo pipefail
           for f in scripts/*.sh; do
-            bash -n "$f"
+            docker run --rm --entrypoint bash cpanel-importer:smoke -n "/$f"
           done
 
       - name: Build and Push Image