From 6aa78525c277e6ea83790a71a56994e5d4646591 Mon Sep 17 00:00:00 2001
From: beatz174-bit <beatz174@gmail.com>
Date: Wed, 13 May 2026 13:55:02 +1000
Subject: [PATCH] ci: split docs generation and publishing across gitea/github

---
 .gitea/workflows/generate-docs.yml  | 63 +++++++++++++++++++++++++++++
 .gitea/workflows/validate-docs.yml  | 22 ++++++++++
 .github/workflows/generate-docs.yml | 30 +++++---------
 .gitignore                          |  8 ++++
 4 files changed, 103 insertions(+), 20 deletions(-)
 create mode 100644 .gitea/workflows/generate-docs.yml
 create mode 100644 .gitea/workflows/validate-docs.yml

diff --git a/.gitea/workflows/generate-docs.yml b/.gitea/workflows/generate-docs.yml
new file mode 100644
index 0000000..a860446
--- /dev/null
+++ b/.gitea/workflows/generate-docs.yml
@@ -0,0 +1,63 @@
+name: Generate Docs
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 */6 * * *"
+
+jobs:
+  generate:
+    runs-on: docker-server
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Generate docs
+        run: |
+          scripts/docs/generate-all.sh
+
+      - name: Validate generated docs
+        run: |
+          set -e
+
+          test -s docs/generated/docker-compose.resolved.yml
+          test -s docs/generated/host-topology.md
+          test -s docs/public/physical-topology.svg
+          test -s docs/public/docker-traefik-dynu.svg
+
+          ! grep -R "Host inventory JSON not found" docs/public docs/diagrams
+          ! grep -R "Generate terraform inventory" docs/public docs/diagrams
+
+          # Ensure no obvious secrets leaked
+          ! grep -R -i "password\|token\|api[_-]?key\|secret" docs/public || (echo "Secret-like string detected"; exit 1)
+
+      - name: Commit changes
+        run: |
+          git config user.name "docs-bot"
+          git config user.email "docs-bot@local"
+
+          git add docs/generated docs/diagrams docs/public data/terraform/proxmox-inventory.json || true
+
+          if git diff --cached --quiet; then
+            echo "No changes to commit"
+            exit 0
+          fi
+
+          git commit -m "docs: regenerate documentation artifacts"
+
+      - name: Push to Gitea
+        run: |
+          git push origin HEAD:main
+
+      - name: Push to GitHub mirror
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_PUSH_TOKEN }}
+          GITHUB_MIRROR_REPO: ${{ vars.GITHUB_MIRROR_REPO }}
+        run: |
+          test -n "$GITHUB_TOKEN"
+          test -n "$GITHUB_MIRROR_REPO"
+          git remote add github "https://$GITHUB_TOKEN@github.com/$GITHUB_MIRROR_REPO.git" || true
+          git push github HEAD:main
diff --git a/.gitea/workflows/validate-docs.yml b/.gitea/workflows/validate-docs.yml
new file mode 100644
index 0000000..139e297
--- /dev/null
+++ b/.gitea/workflows/validate-docs.yml
@@ -0,0 +1,22 @@
+name: Validate Docs (Gitea)
+
+on:
+  push:
+    branches: [ main ]
+
+jobs:
+  validate:
+    runs-on: docker-server
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Validate docs
+        run: |
+          set -e
+
+          test -d docs/public
+          test -s docs/public/physical-topology.svg
+
+          ! grep -R "Host inventory JSON not found" docs/public
+          ! grep -R "Generate terraform inventory" docs/public
diff --git a/.github/workflows/generate-docs.yml b/.github/workflows/generate-docs.yml
index 4ed7be0..ddc7c91 100644
--- a/.github/workflows/generate-docs.yml
+++ b/.github/workflows/generate-docs.yml
@@ -3,18 +3,8 @@ name: Validate committed public docs
 on:
   push:
     branches: [main]
-    paths-ignore:
-      - "docs/generated/**"
-      - "docs/diagrams/**"
-      - "docs/public/**"
-      - "site/**"
   pull_request:
     branches: [main]
-    paths-ignore:
-      - "docs/generated/**"
-      - "docs/diagrams/**"
-      - "docs/public/**"
-      - "site/**"
   workflow_dispatch:
 
 permissions:
@@ -29,17 +19,17 @@ jobs:
         run: |
           test -d docs/public
           test -n "$(find docs/public -mindepth 1 -print -quit)"
-      - name: Install Graphviz and MkDocs
+      - name: Install MkDocs
         run: |
-          sudo apt-get update
-          sudo apt-get install -y graphviz
-          dot -V
           python3 -m pip install --user mkdocs
-      - name: Validate public docs and diagrams
+      - name: Validate docs content
+        run: |
+          set -e
+          test -s docs/public/physical-topology.svg
+          test -s docs/public/docker-traefik-dynu.svg
+          ! grep -R "Host inventory JSON not found" docs/public
+          ! grep -R "Generate terraform inventory" docs/public
+          ! rg -n -i "password|token|api[_-]?key|secret" docs/public
+      - name: Build MkDocs site
         run: |
-          test -f docs/public/physical-topology.svg
-          test -f docs/public/docker-traefik-dynu.svg
-          ! rg -n "Graphviz dot not found" docs/public/*.svg
-          ! rg -n "lan\.ddnsgeek\.com" docs/public/*.svg docs/public/*.md
-          ! rg -n -i "password|token|api_key|secret" docs/public/*.svg
           python3 -m mkdocs build -f mkdocs-public.yml --strict
diff --git a/.gitignore b/.gitignore
index 32dde1b..727cf49 100644
--- a/.gitignore
+++ b/.gitignore
@@ -43,3 +43,11 @@ site/
 !docs/public/
 !docs/public/*.md
 !docs/public/*.svg
+
+# Terraform local/state artifacts
+**/.terraform/
+**/.terraform.lock.hcl
+*.tfstate
+*.tfstate.*
+*.tfvars
+*.tfvars.json