timmy-config/.gitea/workflows/smoke.yml

name: Smoke Test
on:
  pull_request:
  push:
    branches: [main]
jobs:
  smoke:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-python@v5
        with:
          python-version: '3.11'
      - name: Parse check
        run: |
          find . -name '*.yml' -o -name '*.yaml' | grep -v .gitea | xargs -r python3 -c "import sys,yaml; [yaml.safe_load(open(f)) for f in sys.argv[1:]]"
          find . -name '*.json' | xargs -r python3 -m json.tool > /dev/null
          find . -name '*.py' | xargs -r python3 -m py_compile
          find . -name '*.sh' | xargs -r bash -n
          echo "PASS: All files parse"
      - name: Secret scan
        run: |
          if grep -rE 'sk-or-|sk-ant-|ghp_|AKIA' . --include='*.yml' --include='*.py' --include='*.sh' 2>/dev/null \
            | grep -v '.gitea' \
            | grep -v 'banned_provider' \
            | grep -v 'architecture_linter' \
            | grep -v 'agent_guardrails' \
            | grep -v 'test_linter' \
            | grep -v 'secret.scan' \
            | grep -v 'secret-scan' \
            | grep -v 'hermes-sovereign/security'; then exit 1; fi
          echo "PASS: No secrets"