helm chart build & push

helm chart check version
ai tiedostojen päivitys
2026-06-19 07:25:09 +03:00 · 2026-06-19 05:39:27 +03:00 · 2026-06-19 05:39:12 +03:00
29 changed files with 194 additions and 1205 deletions
@@ -1,20 +0,0 @@
 .git/
 .gitignore
 node_modules/
 reports/
 coverage/
 .ai/
 .cursor/
 .vscode/
 tmp/
 .DS_Store
 *.md
 docs/
 guides/
 .simplecov
 cucumber.js
 package-lock.json
 package.json
 CURRENT_PROVIDER_VERSION
 README.md
 AGENTS.md
@@ -27,17 +27,56 @@ jobs:
      version: ${{ steps.set-outputs.outputs.version }}
    steps:
      - uses: actions/checkout@v4
      - uses: actions/checkout@v4
        with:
          repository: niko/gitea-ci-library
          path: .ci
      - name: Check existing artifact and calculate version
-        env:
+        run: |
-          SERVER_URL: ${{ gitea.server_url }}
+          if [ -n "${VERSION_FILE}" ]; then
-          REPO: ${{ github.repository }}
+            if echo "${VERSION_FILE}" | grep -q '\.json$'; then
-          SHA: ${{ github.sha }}
+              RAW_VERSION=$(jq -r '.version' "${VERSION_FILE}")
-        run: bash .ci/scripts/check-version.sh
+            elif echo "${VERSION_FILE}" | grep -q -E '\.ya?ml$'; then
              RAW_VERSION=$(grep -oP '^version:\s*\K\S+' "${VERSION_FILE}")
            else
              RAW_VERSION=$(cat "${VERSION_FILE}" | tr -d '[:space:]')
            fi
          elif [ -f VERSION ]; then
            RAW_VERSION=$(cat VERSION | tr -d '[:space:]')
          elif [ -f package.json ]; then
            RAW_VERSION=$(jq -r '.version' package.json)
          elif [ -f pom.xml ]; then
            RAW_VERSION=$(grep -oP '<version>\K[^<]+' pom.xml | head -1)
          else
            echo "ERROR: No VERSION file, package.json, Chart.yaml or pom.xml found" >&2
            exit 1
          fi
          BASE_VERSION=$(echo "$RAW_VERSION" | cut -d'.' -f1-2)
          echo "gitea-ci-library - Tunnistettu Major.Minor versio: $BASE_VERSION"
          TAGS_JSON=$(curl -s -f -H "Authorization: token $GITEA_TOKEN" \
            "${{ gitea.server_url }}/api/v1/repos/${{ gitea.repository }}/tags")
          TAG=$(echo "$TAGS_JSON" | jq -r --arg prefix "${GIT_TAG_PREFIX}" '
            if type == "array" then
              .[] | select(.commit.sha == "${{ github.sha }}" and (.name | startswith($prefix))) | .name
            else empty end' | head -1)
          mkdir -p /tmp/build-ctx
          if [ -n "$TAG" ]; then
            echo "ARTIFACT_EXISTS=true" > /tmp/build-ctx/build.env
            echo "NEXT_VERSION=$TAG" >> /tmp/build-ctx/build.env
            echo "gitea-ci-library - Artefakti löytyi jo tagilla: $TAG."
          else
            echo "ARTIFACT_EXISTS=false" > /tmp/build-ctx/build.env
            HIGHEST_PATCH=$(echo "$TAGS_JSON" | jq -r --arg prefix "${GIT_TAG_PREFIX}" --arg bv "${GIT_TAG_PREFIX}${BASE_VERSION}." '
              if type == "array" then .[] | .name | select(startswith($bv)) | sub($bv; "") | tonumber else empty end' | sort -rn | head -1)
            if [ -z "$HIGHEST_PATCH" ]; then NEXT_PATCH=0; else NEXT_PATCH=$((HIGHEST_PATCH + 1)); fi
            FULL_VERSION="${BASE_VERSION}.${NEXT_PATCH}"
            echo "NEXT_VERSION=$FULL_VERSION" >> /tmp/build-ctx/build.env
            echo "gitea-ci-library - Uusi vapaa versio: $FULL_VERSION"
          fi
      - name: Set job outputs
        id: set-outputs
@@ -33,22 +33,20 @@ jobs:
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME || github.actor }}
          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
        run: |
-          if [ -z "${DOCKER_REGISTRY}" ]; then echo "ERROR: DOCKER_REGISTRY not set in conf"; exit 1; fi
+          REGISTRY="${DOCKER_REGISTRY:?DOCKER_REGISTRY not set in conf}"
          REGISTRY="${DOCKER_REGISTRY}"
          REGISTRY_HOST="${REGISTRY%%/*}"
          DOCKERFILE="${{ inputs.dockerfile_path }}"
          IMAGE_NAME="${{ inputs.image_name }}"
          TAG="${{ inputs.tag }}"
          NOW=$(date -u +%Y-%m-%dT%H:%M:%SZ)
          CONTEXT_DIR=$(dirname "${DOCKERFILE}")
          docker build \
            --label "git.commit=${{ github.sha }}" \
            --label "git.commitBy=${{ github.actor }}" \
            --label "build.date=${NOW}" \
            -f "${DOCKERFILE}" \
-            -t "${IMAGE_NAME}:${TAG}" \
+            -t "${IMAGE_NAME}:${TAG}" .
-            "${CONTEXT_DIR}"
+
          REGISTRY_HOST="${REGISTRY%%/*}"
          FULL_IMAGE="${REGISTRY}/${IMAGE_NAME}:${TAG}"
          echo "Pushing ${FULL_IMAGE} ..."
@@ -45,33 +45,29 @@ jobs:
          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME || github.actor }}
          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
        run: |
          if [ -z "${DOCKER_REGISTRY}" ]; then echo "ERROR: DOCKER_REGISTRY not set in env.conf"; exit 1; fi
          if [ -z "${DOCKER_IMAGE_NAME}" ]; then echo "ERROR: DOCKER_IMAGE_NAME not set in env.conf"; exit 1; fi
          REGISTRY="${DOCKER_REGISTRY}"
          IMAGE="${DOCKER_IMAGE_NAME}"
          REGISTRY_HOST="${REGISTRY%%/*}"
          NOW=$(date -u +%Y-%m-%dT%H:%M:%SZ)
          CONTEXT_DIR=$(dirname "${DOCKERFILE}")
          docker build \
            --label "git.commit=${{ github.sha }}" \
            --label "git.commitBy=${{ github.actor }}" \
            --label "build.date=${NOW}" \
            -f "${DOCKERFILE}" \
-            -t "${IMAGE}:${VERSION}" \
+            -t "${DOCKER_IMAGE_NAME}:${VERSION}" \
-            -t "${IMAGE}:latest" \
+            -t "${DOCKER_IMAGE_NAME}:latest" .
-            "${CONTEXT_DIR}"
+
          REGISTRY="${DOCKER_REGISTRY:?DOCKER_REGISTRY not set in env.conf}"
          IMAGE="${DOCKER_IMAGE_NAME:?DOCKER_IMAGE_NAME not set in env.conf}"
          REGISTRY_HOST="${REGISTRY%%/*}"
          FULL_IMAGE="${REGISTRY}/${IMAGE}:${VERSION}"
          echo "Pushing ${FULL_IMAGE} ..."
-          docker tag "${IMAGE}:${VERSION}" "$FULL_IMAGE"
+          docker tag "${DOCKER_IMAGE_NAME}:${VERSION}" "$FULL_IMAGE"
          echo "$DOCKER_PASSWORD" | docker login "$REGISTRY_HOST" -u "$DOCKER_USERNAME" --password-stdin
          docker push "$FULL_IMAGE"
          FULL_LATEST="${REGISTRY}/${IMAGE}:latest"
          echo "Pushing ${FULL_LATEST} ..."
-          docker tag "${IMAGE}:latest" "$FULL_LATEST"
+          docker tag "${DOCKER_IMAGE_NAME}:latest" "$FULL_LATEST"
          docker push "$FULL_LATEST"
          docker logout "$REGISTRY_HOST"
@@ -83,12 +79,11 @@ jobs:
          if [ -n "${DOCKER_UI_URL:-}" ] && [ -n "${VERSION:-}" ]; then
            CONTAINER_URL="${DOCKER_UI_URL}/${DOCKER_IMAGE_NAME}/${VERSION}"
          fi
-          DIR=$(dirname "${DOCKERFILE}")
+          bash .ci/scripts/report-status.sh success "Docker build & push ${VERSION} OK" ci-docker-build-push "" "$CONTAINER_URL"
-          if [ "$DIR" != "." ]; then
+
-            bash .ci/scripts/report-status.sh success "${DIR}: Docker push ${VERSION}" "${DIR}-ci-docker-build-push" "" "$CONTAINER_URL"
+      - name: Report status FAILURE
-          else
+        if: failure()
-            bash .ci/scripts/report-status.sh success "Docker push ${VERSION}" ci-docker-build-push "" "$CONTAINER_URL"
+        run: bash .ci/scripts/report-status.sh failure "Docker build & push ${VERSION} FAILED" ci-docker-build-push
          fi
  tag-commit:
    runs-on: ubuntu-latest
@@ -8,7 +8,7 @@ on:
      cucumber-node-image:
        required: false
        type: string
-        default: gitea.app.keskikuja.site/niko/ci-cucumber:with-python
+        default: gitea.app.keskikuja.site/niko/ci-cucumber:latest
    secrets:
      GITEA_TOKEN:
        required: true
@@ -3,6 +3,7 @@ on:
  push:
    branches:
      - main
      - feature/helm-chart
    paths:
      - git-pages/**
      - .gitea/workflows/helm-build-push.yml
@@ -8,6 +8,10 @@ on:
      version:
        required: true
        type: string
      chart_path:
        required: false
        type: string
        default: '.'
    secrets:
      GITEA_TOKEN:
        required: true
@@ -22,7 +26,7 @@ env:
  HELM_REGISTRY: ${{ fromJson(inputs.env_json).HELM_REGISTRY || '' }}
  HELM_UI_URL: ${{ fromJson(inputs.env_json).HELM_UI_URL || '' }}
  GIT_TAG_PREFIX: ${{ fromJson(inputs.env_json).GIT_TAG_PREFIX || '' }}
-  CHART_FILE: ${{ fromJson(inputs.env_json).VERSION_FILE || 'Chart.yaml' }}
+  CHART_PATH: ${{ inputs.chart_path }}
  VERSION: ${{ inputs.version }}
 concurrency:
@@ -35,12 +39,6 @@ jobs:
    container:
      image: alpine/helm:3.19.0
    steps:
      - name: Install Node.js for actions/checkout
        # COMPROMISE: Requires internet access.
        # Does NOT work in air-gapped environments.
        # Replace with a custom image (e.g., extending alpine/helm + nodejs) if needed.
        run: apk add --no-cache nodejs
      - uses: actions/checkout@v4
      - uses: actions/checkout@v4
        with:
@@ -49,9 +47,7 @@ jobs:
      - name: Package Helm chart
        run: |
-          CHART_DIR=$(dirname "${CHART_FILE}")
+          helm package "${CHART_PATH}" \
          helm dependency update "${CHART_DIR}"
          helm package "${CHART_DIR}" \
            --version "${VERSION}" \
            --app-version "${VERSION}" \
            --destination /tmp/helm-packages
@@ -71,13 +67,9 @@ jobs:
      - name: Report status with UI link
        if: success() && env.HELM_UI_URL != ''
        run: |
-          CHART_NAME=$(grep '^name:' "${CHART_FILE}" | awk '{print $2}')
+          CHART_NAME=$(grep '^name:' "${CHART_PATH}/Chart.yaml" | awk '{print $2}')
          UI_URL="${HELM_UI_URL}/${CHART_NAME}/${VERSION}"
-          if [ "${CHART_PATH}" != "." ] && [ -n "${CHART_PATH}" ]; then
+          bash .ci/scripts/report-status.sh success "Helm chart ${VERSION}" ci-helm-build-push "" "$UI_URL"
            bash .ci/scripts/report-status.sh success "${CHART_PATH}: Helm push ${VERSION}" "${CHART_PATH}-ci-helm-build-push" "" "$UI_URL"
          else
            bash .ci/scripts/report-status.sh success "Helm push ${VERSION}" ci-helm-build-push "" "$UI_URL"
          fi
  tag-commit:
    runs-on: ubuntu-latest
@@ -1,6 +1,6 @@
 FROM node:22
 RUN apt-get update -qq && \
-    apt-get install -y -qq --no-install-recommends lsof jq python3 && \
+    apt-get install -y -qq --no-install-recommends lsof jq && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* && \
    npm install -g @cucumber/cucumber
@@ -37,7 +37,7 @@ kuuluu `git-pages/docs/`-alle, ei juuren `docs/`-kansioon.
 | `git-pages/` | Raporttien hostaus (Helm-chartti) |
 | `tests/` | Bats-testit skripteille |
-### Provider workflowt (6 kpl)
+### Provider workflowt (5 kpl)
 | Workflow | Input | Output | Kuvaus |
 |---|---|---|---|
@@ -46,7 +46,6 @@ kuuluu `git-pages/docs/`-alle, ei juuren `docs/`-kansioon.
 | `docker-build-push.yml` | `env_json`, `version` | — | Buildaa Docker-imagen, puskea rekisteriin, tagittaa commitin. |
 | `ci-container-build-push.yml` | `env_json`, `dockerfile_path`, `image_name`, `tag` | — | Buildaa CI-työkalukontin, puskea rekisteriin. Ei versiointia eikä git-tägäystä. |
 | `report-summary.yml` | `env_json`, `suites` | — | Generoi `GITHUB_STEP_SUMMARY`-taulukon raporttilinkeillä (Gitea 1.27+) |
 | `helm-build-push.yml` | `env_json`, `version` | — | Pakkaa + puskea Helm chartin OCI-registryyn, tagittaa commitin. **Tekninen velka:** asentaa node.js:n runtime-vaiheessa (`apk add --no-cache nodejs` ennen checkouttia) koska `alpine/helm`-kontissa ei ole nodea. Rikkoo Offline Container -periaatetta. Ratkaistaan myöhemmin: proper multi-tool CI-kontti (helm + nodejs + git) docker hubiin. Ei consumerin ongelma. |
 ### Example-tiedostot (consumer-referenssi)
@@ -63,77 +63,15 @@ checkout → laske versio package.json + git-tageista → output
 **Trigger:** `workflow_call`
-**Inputs:**
+**Inputs:** `env_json`, `version`
 | Parametri | Pakollinen | Kuvaus |
 |-----------|------------|--------|
 | `env_json` | Kyllä | Konffi `gitea-env.conf`:stä |
 | `version` | Kyllä | Version string (check-version output) |
 **`env_json`-avaimet:**
 | Avain | Pakollinen | Kuvaus |
 |-------|------------|--------|
 | `DOCKER_REGISTRY` | Kyllä | Registry (esim. `gitea.app.keskikuja.site/niko`) |
 | `DOCKER_IMAGE_NAME` | Kyllä | Kuvan nimi ilman registry-polkua |
 | `DOCKER_UI_URL` | Ei | Registry UI -linkki raportointia varten |
 | `DOCKERFILE` | Ei | Dockerfile-polku, oletus `Dockerfile` |
 | `GITEA_API_URL` | Kyllä | Gitean API-URL |
 | `GIT_TAG_PREFIX` | Ei | Tag-prefix (esim. `docker/`) |
 **Secrets:** `GITEA_TOKEN`, `DOCKER_USERNAME`, `DOCKER_PASSWORD`
 **Steppi-kaavio:**
 ```
-build-push (build + push, labelit: commit+date) → tag-commit (git-tagin luonti)
+build-push (build + push samassa jobissa, ei levyn kautta) → tag-commit
 ```
 **Huomio:** Ei käytä `container:`-direktiiviä — ajaa suoraan runnerilla,
 joten `actions/checkout` toimii ilman node-asennuksia.
 ---
 ### `helm-build-push.yml` — Helm chart build & push
 **Trigger:** `workflow_call`
 **Inputs:**
 | Parametri | Pakollinen | Kuvaus |
 |-----------|------------|--------|
 | `env_json` | Kyllä | Konffi `gitea-env.conf`:stä |
 | `version` | Kyllä | Version string (check-version output) |
 | `chart_path` | Ei | Polku Chart.yaml-hakemistoon, oletus `.` |
 **`env_json`-avaimet:**
 | Avain | Pakollinen | Kuvaus |
 |-------|------------|--------|
 | `HELM_REGISTRY` | Kyllä | OCI-registry (esim. `gitea.app.keskikuja.site/niko`) |
 | `HELM_UI_URL` | Ei | Registry UI -linkki raportointia varten |
 | `GITEA_API_URL` | Kyllä | Gitean API-URL |
 | `GIT_TAG_PREFIX` | Ei | Tag-prefix (esim. `helm/`) |
 **Secrets:** `GITEA_TOKEN`, `HELM_USER`, `HELM_PASSWORD`
 **Steppi-kaavio:**
 ```
 build-push (helm package → helm push OCI) → tag-commit (git-tagin luonti)
 ```
 **Steppien kuvaus `build-push`-jobissa:**
 1. **Node.js-asennus** — `apk add --no-cache nodejs` (vaaditaan `actions/checkout`-actionia varten)
 2. **Checkout** — sovellusrepo ja gitea-ci-library `.ci/`-polkuun
 3. **Package** — `helm package` versiolla `$VERSION`
 4. **Push OCI** — `helm push` registryyn autentikoinnilla
 5. **Report status** — commit-status + UI-linkki
 **Kompromissi:** Kontti `alpine/helm` ei sisällä node.js:ää, mutta
 `actions/checkout@v4` on JavaScript-action ja vaatii sen. Siksi nodejs
 asennetaan lennossa ennen checkouttia. Tämä vaatii internet-yhteyden
 eikä toimi air gap -ympäristössä. Korvaa tarvittaessa custom-kontilla
 (jossa helm + nodejs, ks. `skills/ci-container-build/SKILL.md`).
 ---
 ## Consumer-esimerkki (`example-*`)
@@ -176,90 +176,46 @@ if [ "${#TO_DELETE[@]}" -eq 0 ]; then
 fi
 echo ""
-echo "=== Phase 4: full site rebuild ==="
+echo "=== Phase 4: whiteout deletion ==="
-echo "Rebuilding site (${#TO_DELETE[@]} report(s) to delete)..."
+echo "Creating whiteout tar for ${#TO_DELETE[@]} report(s)..."
-ARCHIVE_FILE=$(mktemp)
+WHITEOUT_TAR=$(mktemp)
-SITE_DIR=$(mktemp -d)
+trap 'rm -f "$WHITEOUT_TAR"' EXIT
 NEW_TAR=$(mktemp)
 cleanup_phase4() {
  rm -f "$ARCHIVE_FILE" "$NEW_TAR"
  rm -rf "$SITE_DIR"
 }
 trap cleanup_phase4 EXIT
-# Try archive.tar first
+python3 -c "
-echo "Downloading archive.tar..."
+import tarfile, sys
 HTTP_CODE=$(curl_with_host -o "$ARCHIVE_FILE" -w "%{http_code}" -sS "${PAGES_URL}/.git-pages/archive.tar")
-if [ "$HTTP_CODE" = "200" ] && tar -tf "$ARCHIVE_FILE" >/dev/null 2>&1; then
+tar = tarfile.open(name='${WHITEOUT_TAR}', mode='w')
  echo "Extracting archive..."
  tar -xf "$ARCHIVE_FILE" -C "$SITE_DIR"
-  for dir in "${TO_DELETE[@]}"; do
+dirs = set()
-    if [ -d "$SITE_DIR/$dir" ]; then
+for d in sys.argv[1:]:
-      echo "  Removing: $dir"
+    dirs.add(d.strip())
      rm -rf "$SITE_DIR/$dir"
    fi
  done
 else
  echo "archive.tar failed (HTTP ${HTTP_CODE}) - falling back to manifest-based rebuild"
-  ALL_PATHS=$(echo "$MANIFEST" | jq -r '.contents | keys[]' 2>/dev/null || true)
+tarinfo = tarfile.TarInfo()
 tarinfo.type = tarfile.CHRTYPE
 tarinfo.devmajor = 0
 tarinfo.devminor = 0
-  if [ -z "$ALL_PATHS" ]; then
+for d in sorted(dirs, key=len, reverse=True):
-    echo "ERROR: no files in manifest - cannot rebuild" >&2
+    info = tarinfo
-    exit 1
+    info.name = d
-  fi
+    tar.addfile(info)
-  EXCLUDE_GREP=""
+tar.close()
-  for dir in "${TO_DELETE[@]}"; do
+" "${TO_DELETE[@]}"
    EXCLUDE_GREP="${EXCLUDE_GREP}${EXCLUDE_GREP:+|}^${dir}/"
  done
-  if [ -n "$EXCLUDE_GREP" ]; then
+echo "Patching ${PAGES_URL}/ with whiteout tar..."
-    KEEP_PATHS=$(echo "$ALL_PATHS" | grep -v -E "$EXCLUDE_GREP" || true)
+HTTP_CODE=$(curl_with_host -X PATCH "${PAGES_URL}/" \
  else
    KEEP_PATHS="$ALL_PATHS"
  fi
  if [ -z "$KEEP_PATHS" ]; then
    echo "No files to keep - site will be empty"
    mkdir -p "$SITE_DIR/__placeholder__"
    echo "placeholder" > "$SITE_DIR/__placeholder__/index.html"
  else
    FILE_COUNT=$(echo "$KEEP_PATHS" | wc -l | tr -d ' ')
    echo "Downloading ${FILE_COUNT} file(s)..."
    while IFS= read -r path; do
      [ -z "$path" ] && continue
      dir=$(dirname "$SITE_DIR/$path")
      mkdir -p "$dir"
      curl_with_host -o "$SITE_DIR/$path" -sS "${PAGES_URL}/${path}" || {
        echo "  WARN: failed to download ${path}"
      }
    done <<< "$KEEP_PATHS"
  fi
 fi
 if [ -z "$(ls -A "$SITE_DIR" 2>/dev/null)" ]; then
  echo "Site is empty - creating placeholder"
  mkdir -p "$SITE_DIR/__placeholder__"
  echo "placeholder" > "$SITE_DIR/__placeholder__/index.html"
 fi
 tar -cf "$NEW_TAR" -C "$SITE_DIR" .
 echo "PUT: replacing site contents..."
 HTTP_CODE=$(curl_with_host -X PUT "${PAGES_URL}/" \
  -H "Content-Type: application/x-tar" \
-  --data-binary @"${NEW_TAR}" \
+  -H "Atomic: no" \
  --data-binary @"${WHITEOUT_TAR}" \
  -w "%{http_code}" \
  -o /dev/null)
-echo "HTTP ${HTTP_CODE}"
+echo "HTTP $HTTP_CODE"
-if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "201" ] || [ "$HTTP_CODE" = "204" ]; then
+if [ "$HTTP_CODE" = "200" ] || [ "$HTTP_CODE" = "204" ]; then
-  echo "Site rebuild completed."
+  echo "Retention cleanup finished."
 else
-  echo "ERROR: PUT HTTP ${HTTP_CODE}" >&2
+  echo "ERROR: retention HTTP ${HTTP_CODE}" >&2
  exit 1
 fi
@@ -6,7 +6,7 @@ metadata:
  labels:
    {{- include "git-pages.componentLabels" . | nindent 4 }}
  annotations:
-    "helm.sh/hook": post-install
+    "helm.sh/hook": post-install, post-upgrade
    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
 spec:
  backoffLimit: 5
@@ -32,16 +32,6 @@ spec:
                -H "Host: {{ .Values.ingress.host }}" \
                -o /dev/null "http://git-pages:3000/.git-pages/health"
              do sleep 2; done
              echo "Init: checking if site already exists..."
              MANIFEST=$(curl -sf \
                -H "Host: {{ .Values.ingress.host }}" \
                "http://git-pages:3000/.git-pages/manifest.json" 2>/dev/null || echo "")
              if echo "$MANIFEST" | grep -q '"contents"'; then
                echo "Init: site already initialized, skipping"
                exit 0
              fi
              echo "Init: creating placeholder site..."
              WORK=$(mktemp -d)
              mkdir -p "$WORK/__init__"
@@ -1,60 +0,0 @@
 #!/usr/bin/env bash
 set -e
 RAW_VERSION=""
 if [ -n "${VERSION_FILE-}" ] && [ -f "${VERSION_FILE-}" ]; then
  RAW_VERSION=$(tr -d "$(printf '\xef\xbb\xbf')" < "${VERSION_FILE}" | sed -n 's/^version:[[:space:]]*\([^[:space:]]*\).*/\1/p')
  if [ -z "${RAW_VERSION}" ]; then
    if echo "${VERSION_FILE}" | grep -q -E '\.json$'; then
      RAW_VERSION=$(jq -r '.version' "${VERSION_FILE}")
    else
      RAW_VERSION=$(cat "${VERSION_FILE}" | tr -d '[:space:]')
    fi
  fi
 fi
 if [ -z "${RAW_VERSION}" ]; then
  if [ -f VERSION ]; then
    RAW_VERSION=$(cat VERSION | tr -d '[:space:]')
  elif [ -f package.json ]; then
    RAW_VERSION=$(jq -r '.version' package.json)
  elif [ -f pom.xml ]; then
    RAW_VERSION=$(grep -oP '<version>\K[^<]+' pom.xml | head -1)
  elif [ -f Chart.yaml ]; then
    RAW_VERSION=$(tr -d "$(printf '\xef\xbb\xbf')" < Chart.yaml | sed -n 's/^version:[[:space:]]*\([^[:space:]]*\).*/\1/p')
  else
    echo "ERROR: No version source found (VERSION_FILE, VERSION, package.json, pom.xml, Chart.yaml)" >&2
    exit 1
  fi
 fi
 BASE_VERSION=$(echo "$RAW_VERSION" | cut -d'.' -f1-2)
 echo "gitea-ci-library - Tunnistettu Major.Minor versio: $BASE_VERSION"
 TAGS_JSON=$(curl -s -f -H "Authorization: token ${GITEA_TOKEN}" \
  "${SERVER_URL}/api/v1/repos/${REPO}/tags")
 TAG=$(echo "$TAGS_JSON" | jq -r --arg prefix "${GIT_TAG_PREFIX-}" --arg sha "${SHA}" '
  if type == "array" then
    .[] | select(.commit.sha == $sha and (.name | startswith($prefix))) | .name
  else empty end' | head -1)
 mkdir -p /tmp/build-ctx
 if [ -n "$TAG" ]; then
  echo "ARTIFACT_EXISTS=true" > /tmp/build-ctx/build.env
  echo "NEXT_VERSION=$TAG" >> /tmp/build-ctx/build.env
  echo "gitea-ci-library - Artefakti löytyi jo tagilla: $TAG."
 else
  echo "ARTIFACT_EXISTS=false" > /tmp/build-ctx/build.env
  HIGHEST_PATCH=$(echo "$TAGS_JSON" | jq -r --arg prefix "${GIT_TAG_PREFIX-}" --arg bv "${GIT_TAG_PREFIX-}${BASE_VERSION}." '
    if type == "array" then .[] | .name | select(startswith($bv)) | sub($bv; "") | tonumber else empty end' | sort -rn | head -1)
  if [ -z "$HIGHEST_PATCH" ]; then NEXT_PATCH=0; else NEXT_PATCH=$((HIGHEST_PATCH + 1)); fi
  FULL_VERSION="${BASE_VERSION}.${NEXT_PATCH}"
  echo "NEXT_VERSION=$FULL_VERSION" >> /tmp/build-ctx/build.env
  echo "gitea-ci-library - Uusi vapaa versio: $FULL_VERSION"
 fi
@@ -1,5 +1,5 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
-set -eu
+set -euo pipefail
 DESCRIPTION="${1:-}"
 CONTEXT="${2:-}"
@@ -14,71 +14,53 @@ REPORT_DIR="reports/${SUITE}"
 if [ ! -d "$REPORT_DIR" ]; then
  echo "ERROR: $REPORT_DIR not found" >&2
-  sh .ci/scripts/report-status.sh failure "$DESCRIPTION" "$CONTEXT"
+  bash .ci/scripts/report-status.sh failure "$DESCRIPTION" "$CONTEXT"
  exit 1
 fi
-FILE_COUNT=0
+FILES=()
-SUBDIR_COUNT=0
+while IFS= read -r -d '' f; do
-ENTRIES=""
+  FILES+=("$(basename "$f")")
 done < <(find "$REPORT_DIR" -maxdepth 1 -type f ! -name index.html -print0 2>/dev/null || true)
-for f in "$REPORT_DIR"/*; do
+SUBDIRS=()
-  [ -f "$f" ] || continue
+while IFS= read -r -d '' d; do
-  base=$(basename "$f")
+  name="${d#$REPORT_DIR/}"
-  [ "$base" = "index.html" ] && continue
+  [ -f "$d/index.html" ] && SUBDIRS+=("$name")
-  FILE_COUNT=$((FILE_COUNT + 1))
+done < <(find "$REPORT_DIR" -maxdepth 1 -type d ! -name . -print0 2>/dev/null || true)
  ENTRIES="${ENTRIES}file:${base}
 "
 done
-for d in "$REPORT_DIR"/*/; do
+TOTAL=$(( ${#FILES[@]} + ${#SUBDIRS[@]} ))
  [ -d "$d" ] || continue
  base=$(basename "$d")
  [ -f "$d/index.html" ] || continue
  SUBDIR_COUNT=$((SUBDIR_COUNT + 1))
  ENTRIES="${ENTRIES}dir:${base}
 "
 done
 TOTAL=$((FILE_COUNT + SUBDIR_COUNT))
 if [ "$TOTAL" -eq 0 ]; then
  echo "ERROR: no reportable items in $REPORT_DIR" >&2
-  sh .ci/scripts/report-status.sh failure "$DESCRIPTION" "$CONTEXT"
+  bash .ci/scripts/report-status.sh failure "$DESCRIPTION" "$CONTEXT"
  exit 1
 fi
-SHA8=$(echo "${GITHUB_SHA:-xxxxxxxx}" | cut -c1-8)
+SHA8="${GITHUB_SHA:0:8}"
 humanize() {
-  name="$1"
+  local name="$1"
-  name=$(echo "$name" | sed -e 's/\.[^.]*$//' -e 's/[-_]/ /g')
+  name="${name%.*}"
-  first=$(echo "$name" | cut -c1 | tr '[:lower:]' '[:upper:]')
+  name="${name//-/ }"
-  rest=$(echo "$name" | cut -c2-)
+  name="${name//_/ }"
-  echo "${first}${rest}"
+  echo "${name^}"
 }
 generate_index() {
-  {
+  local html
-    echo '<!DOCTYPE html><html lang="en"><head><meta charset="utf-8">'
+  html='<!DOCTYPE html><html lang="en"><head><meta charset="utf-8">'
-    echo "<title>$DESCRIPTION</title>"
+  html+="<title>$DESCRIPTION</title>"
-    echo '<style>body{font-family:sans-serif;margin:2em;max-width:960px}h1{color:#1e293b}ul{list-style:none;padding:0}li{margin:.5em 0;padding:.5em;background:#f8fafc;border-radius:6px}a{color:#2563eb;text-decoration:none}a:hover{text-decoration:underline}</style>'
+  html+='<style>body{font-family:sans-serif;margin:2em;max-width:960px}h1{color:#1e293b}ul{list-style:none;padding:0}li{margin:.5em 0;padding:.5em;background:#f8fafc;border-radius:6px}a{color:#2563eb;text-decoration:none}a:hover{text-decoration:underline}</style>'
-    echo "</head><body><h1>$DESCRIPTION</h1><ul>"
+  html+="</head><body><h1>$DESCRIPTION</h1><ul>"
-
+  for f in "${FILES[@]}"; do
-    echo "$ENTRIES" | while IFS= read -r entry; do
+    html+="<li><a href=\"$f\">$(humanize "$f")</a></li>"
      [ -z "$entry" ] && continue
      entry_type=$(echo "$entry" | cut -d: -f1)
      entry_name=$(echo "$entry" | cut -d: -f2-)
      if [ "$entry_type" = "file" ]; then
        echo "<li><a href=\"$entry_name\">$(humanize "$entry_name")</a></li>"
      else
        cap=$(echo "$entry_name" | sed 's/\(.\).*/\1/' | tr '[:lower:]' '[:upper:]')$(echo "$entry_name" | sed 's/.//')
        echo "<li><a href=\"$entry_name/index.html\">${cap}</a></li>"
      fi
  done
-
+  for d in "${SUBDIRS[@]}"; do
-    echo '</ul></body></html>'
+    html+="<li><a href=\"$d/index.html\">${d^}</a></li>"
-  } > "$REPORT_DIR/index.html"
+  done
  html+='</ul></body></html>'
  printf '%s' "$html" > "$REPORT_DIR/index.html"
 }
 STAGED="reports/${SHA8}/${SUITE}"
@@ -86,25 +68,20 @@ mkdir -p "$STAGED"
 if [ "$TOTAL" -eq 1 ]; then
  cp -a "$REPORT_DIR/." "$STAGED/"
-  sh .ci/scripts/publish-git-pages.sh "$SUITE"
+  bash .ci/scripts/publish-git-pages.sh "$SUITE"
-  first_entry=$(echo "$ENTRIES" | head -1)
+  if [ ${#FILES[@]} -eq 1 ]; then
-  first_type=$(echo "$first_entry" | cut -d: -f1)
+    ENTRY="${FILES[0]}"
  first_name=$(echo "$first_entry" | cut -d: -f2-)
  if [ "$first_type" = "file" ]; then
    SINGLE_ENTRY="$first_name"
  else
-    SINGLE_ENTRY="${first_name}/index.html"
+    ENTRY="${SUBDIRS[0]}/index.html"
  fi
-
+  URL="${GIT_PAGES_URL}/${GITHUB_REPOSITORY}/reports/${SHA8}/${SUITE}/${ENTRY}"
-  URL="${GIT_PAGES_URL}/${GITHUB_REPOSITORY}/reports/${SHA8}/${SUITE}/${SINGLE_ENTRY}"
+  bash .ci/scripts/report-status.sh "$STATUS" "$DESCRIPTION" "$CONTEXT" "" "$URL"
  sh .ci/scripts/report-status.sh "$STATUS" "$DESCRIPTION" "$CONTEXT" "" "$URL"
 else
  generate_index
  cp -a "$REPORT_DIR/." "$STAGED/"
-  sh .ci/scripts/publish-git-pages.sh "$SUITE"
+  bash .ci/scripts/publish-git-pages.sh "$SUITE"
-  sh .ci/scripts/report-status.sh "$STATUS" "$DESCRIPTION" "$CONTEXT" "$SUITE"
+  bash .ci/scripts/report-status.sh "$STATUS" "$DESCRIPTION" "$CONTEXT" "$SUITE"
 fi
 rm -rf "$STAGED"
@@ -1,5 +1,5 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
-set -eu
+set -euo pipefail
 SUITE_PATH="${1:-}"
@@ -12,7 +12,7 @@ SUITE_PATH="${1:-}"
 OWNER="${GITHUB_REPOSITORY%%/*}"
 REPO="${GITHUB_REPOSITORY##*/}"
-SHA8=$(echo "$GITHUB_SHA" | cut -c1-8)
+SHA8="${GITHUB_SHA:0:8}"
 PAGES_USER="${GIT_PAGES_PUBLISH_USER:-publish}"
 REPORT_DIR="reports/${SHA8}/${SUITE_PATH%/}"
 REPORT_BASE="${GIT_PAGES_URL}/${OWNER}/${REPO}/reports/${SHA8}"
@@ -33,30 +33,17 @@ else
 fi
 mkdir -p "$TARGET"
 cp -a "$REPORT_DIR/." "$TARGET/"
 if [ ! -f "$TARGET/index.html" ]; then
-  ITEM_LIST=""
+  items=()
-  ITEM_COUNT=0
+  while IFS= read -r -d '' f; do
    items+=("$(basename "$f")")
  done < <(find "$TARGET" -maxdepth 1 -type f ! -name index.html -print0 2>/dev/null || true)
  while IFS= read -r -d '' d; do
    name=$(basename "$d")
    [ -f "$d/index.html" ] && items+=("$name")
  done < <(find "$TARGET" -maxdepth 1 -type d ! -name . -print0 2>/dev/null || true)
-  for f in "$TARGET"/*; do
+  if [ ${#items[@]} -gt 1 ]; then
    [ -f "$f" ] || continue
    base=$(basename "$f")
    [ "$base" = "index.html" ] && continue
    ITEM_LIST="${ITEM_LIST}file:${base}
 "
    ITEM_COUNT=$((ITEM_COUNT + 1))
  done
  for d in "$TARGET"/*/; do
    [ -d "$d" ] || continue
    base=$(basename "$d")
    [ -f "$d/index.html" ] || continue
    ITEM_LIST="${ITEM_LIST}dir:${base}
 "
    ITEM_COUNT=$((ITEM_COUNT + 1))
  done
  if [ "$ITEM_COUNT" -gt 1 ]; then
    {
      echo '<!DOCTYPE html><html lang="en"><head><meta charset="utf-8">'
      echo "<title>Test report ${SHA8}</title>"
@@ -66,21 +53,16 @@ if [ ! -f "$TARGET/index.html" ]; then
      echo 'a{color:#2563eb;text-decoration:none}a:hover{text-decoration:underline}'
      echo '</style></head><body>'
      echo "<h1>Test report <code>${SHA8}</code></h1><ul>"
-
+      for item in "${items[@]}"; do
-      echo "$ITEM_LIST" | while IFS= read -r item; do
+        label="${item%.*}"
-        [ -z "$item" ] && continue
+        label="${label//-/ }"
-        item_type=$(echo "$item" | cut -d: -f1)
+        label="${label//_/ }"
-        item_name=$(echo "$item" | cut -d: -f2-)
+        if [ -f "$TARGET/$item" ]; then
-        label=$(echo "$item_name" | sed -e 's/\.[^.]*$//' -e 's/[-_]/ /g')
+          echo "<li><a href=\"$item\">${label^}</a></li>"
        first=$(echo "$label" | cut -c1 | tr '[:lower:]' '[:upper:]')
        rest=$(echo "$label" | cut -c2-)
        if [ "$item_type" = "file" ]; then
          echo "<li><a href=\"$item_name\">${first}${rest}</a></li>"
        else
-          echo "<li><a href=\"$item_name/index.html\">${first}${rest}</a></li>"
+          echo "<li><a href=\"$item/index.html\">${label^}</a></li>"
        fi
      done
      echo '</ul></body></html>'
    } > "$TARGET/index.html"
  fi
@@ -92,7 +74,7 @@ EOF
 find "$WORK/$OWNER" \( -type f -o -type l \) -print | sed "s|^${WORK}/||" | tar -cf "$TAR" -C "$WORK" -T -
 publish() {
-  method="$1"
+  local method="$1"
  curl -sS -X "$method" "$PUBLISH_SITE_URL" \
    -u "${PAGES_USER}:${GIT_PAGES_PUBLISH_TOKEN}" \
    -H "Content-Type: application/x-tar" \
@@ -1,10 +1,11 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
-set -eu
+set -euo pipefail
 # https://docs.gitea.com/api/next/#tag/repository/operation/repoCreateStatus
 STATE="${1:-}"
 DESCRIPTION="${2:-}"
-SHA8=$(echo "${GITHUB_SHA:-}" | cut -c1-8)
+KEY="${3:-commit-${GITHUB_SHA:0:8}}"
 KEY="${3:-commit-${SHA8}}"
 SUITE="${4:-}"
 CUSTOM_URL="${5:-}"
@@ -17,8 +18,7 @@ if [ -n "$CUSTOM_URL" ]; then
  URL="$CUSTOM_URL"
 elif [ -n "$SUITE" ]; then
  SUITE="${SUITE%/}/"
-  SHA8_CUT=$(echo "$GITHUB_SHA" | cut -c1-8)
+  URL="${GIT_PAGES_URL}/${GITHUB_REPOSITORY}/reports/${GITHUB_SHA:0:8}/${SUITE}"
  URL="${GIT_PAGES_URL}/${GITHUB_REPOSITORY}/reports/${SHA8_CUT}/${SUITE}"
 else
  URL="${GITEA_API_URL}/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
 fi
@@ -32,31 +32,6 @@ Kun kontti on pushattu registryyn, se on muiden pipeline-jobien käytettävissä
 `latest`-tägillä — rebuild = käyttöönotto. Mitään versioviittauksia ei tarvitse
 päivittää.
 ## Offline-periaate (DoD)
 CI-kontin **Definition of Done**:
 > Kontti ei lataa mitään pipeline-vaiheessa (`workflow run` -stepit) eikä kontin
 > runtime-prosessissa (`container:` / `docker run`). Kaikki riippuvuudet
 > (kielikohtaiset paketit, työkalut, binäärit) on joko:
 > - Pre-cachattu kontin **build-vaiheessa** Dockerfilessä, TAI
 > - Kopioitu multi-stage buildilla toisesta imagesta (`COPY --from`)
 >
 > Ainoa sallittu lataushetki on `docker build`. Sen jälkeen kontti toimii
 > ilman verkkoyhteyttä.
 **Miksi:** Toistettavuus, air gap -yhteensopivuus, nopeus. Pipeline ei saa
 epäonnistua sen takia että ulkoinen registry on alhaalla tai että `go mod download`
 joutuu latamaan 100 modulia jokaisella testiajolla.
 **Kielikohtaiset pre-cachet:** Jos kontissa ajetaan kielikohtaista testiä
 (Go, Java, Node, Python, ...), kaikki kielikohtaiset riippuvuudet on
 pre-cachattava Dockerfilessä build-vaiheessa:
 - Go: `COPY go.mod go.sum ./` → `RUN go mod download`
 - Java/Maven: `COPY pom.xml ./` → `RUN mvn dependency:go-offline`
 - Node: `COPY package.json package-lock.json ./` → `RUN npm ci --omit=dev`
 - Python: `COPY requirements.txt ./` → `RUN pip wheel --wheel-dir=/wheels -r requirements.txt` → `COPY --from` käyttöön
 ## Nimeäminen
 CI-kontin build-workflow noudattaa samaa nimeämiskonventiota kuin muutkin
@@ -148,80 +123,27 @@ tag:              latest
 ### Dockerfile
-Dockerfile yhdistää tarvitut työkalut yhteen konttiin.
+Dockerfile yhdistää tarvitut työkalut yhteen konttiin. Molemmat tavat kelpaavat:
 **Kaikki riippuvuudet ladataan build-vaiheessa — kontti on täysin itseriittoinen.**
 ```dockerfile
 # Tapa A: COPY --from toisesta imagesta
 FROM __BASE_IMAGE__:__VERSION__
 COPY --from=__SOURCE_IMAGE__:__VERSION__ /path/to/binary /usr/local/bin/
-RUN apk add --no-cache __PAKETIT__
+RUN apk add --no-cache __PAKETIT__    # Ei koskaan git:iä — kloonaus kuuluu pipelinelle
-# Tapa B: Build-vaiheen curl-lataus
+# Tapa B: curl-lataus (normaali Dockerfilessa)
 FROM __BASE_IMAGE__:__VERSION__
 RUN apk add --no-cache curl __PAKETIT__ && \
    curl -fsSL __URL__/__BINARY__.tar.gz | tar xz -C /usr/local/bin && \
    apk del curl
 # Tapa C: Multi-stage + kielikohtainen pre-cache
 FROM __BASE_IMAGE__:__VERSION__ AS deps
 COPY go.mod go.sum ./
 RUN go mod download
 FROM deps AS build
 COPY . .
 RUN go test -c -o /tmp/test.bin ./...
 FROM __BASE_IMAGE__:__VERSION__
 COPY --from=deps /go/pkg/mod /go/pkg/mod
 COPY --from=build /tmp/test.bin /usr/local/bin/test
 ```
-`COPY --from` on kevyempi (ei curl-asennusta). `curl` (Tapa B) on sallittu
+`COPY --from` on kevyempi (ei curl-asennusta). `curl` on selkeämpi kun binääri
-vain build-vaiheessa — `apk del curl` poistaa työkalun ennen runtimea.
+tulee suoraan GitHub Releasesista tai vastaavasta.
 Tapa C pre-cacheaa kielikohtaiset riippuvuudet ja tuottaa täysin
 offline-runtime-kontin.
 ## Testaus ennen julkaisua
 Konttia ei saa pushata registryyn ennen kuin se on validoitu.
 ### 1. Aja testit kontin sisällä
 Testit on ajettava **kontin sisällä**, ei suoraan lokaalilla koneella.
 ```bash
 # OIKEIN — kontin sisällä
 docker build -t ci-tyokalu:test .
 docker run --rm -v "$(pwd):/repo" -w /repo ci-tyokalu:test bash -c 'bats tests/'
 # VÄÄRIN — lokaalit binäärit vs kontti
 bats tests/                          # eri bash/työkalut kuin kontissa
 bashcov -- bats tests/               # eri ruby-versio kuin kontissa
 ```
 Lokaali ympäristö (macOS, eri kirjastoversiot) poikkeaa aina kontista.
 Testi voi mennä läpi lokaalissa mutta failata CI:ssä, tai päinvastoin.
 ### 2. Fragile-testien seulonta (10x ajo)
 Aja koko testipaketti **10 kertaa peräkkäin** kontin sisällä ennen pushausta:
 ```bash
 for i in $(seq 1 10); do
  echo "=== RUN $i ==="
  docker run --rm -v "$(pwd):/repo" -w /repo ci-tyokalu:test \
    bash -c 'bats tests/' || exit 1
 done
 ```
 Jos yksikin ajo failaa, kontissa on fragile testi — korjaa ennen pushausta.
 Fragile testit syövät devaukseen käytettyä aikaa turhilla uusinta-ajoilla.
 ## Mitä EI kannata tehdä
 - Älä lisää `workflow_call`-triggariä — CI-konttia ei koskaan buildata automaattisesti
 - Älä poista `<komponentti>.`-prefiksiä olemassaolevista tiedostoista — ne kuuluvat monorepo-nimeämiskonventioon
 - Älä sisällytä CI-konttiin mitään sovelluskoodia — vain työkalut
- Älä koskaan lataa mitään pipeline- tai runtime-vaiheessa — kaikki lataukset kuuluvat `docker build` -vaiheeseen (Offline-periaate)
+- Älä koskaan asenna `git`:iä CI-konttiin — repon kloonaus ja checkout ovat Gitea Actionsin natiiveja operaatioita, eivät kontin vastuulla. Git paisuttaa konttia turhaan ja luo harhan että kontti hallitsee repoa
 - Älä jätä kielikohtaisia riippuvuuksia pre-cachaamatta — `go mod download`, `npm install`, `mvn dependency:go-offline` jne. ajetaan Dockerfilessä, ei pipelinessä
@@ -2,93 +2,6 @@
 Mallipohjat, esimerkit ja konfiguraatiot. Katso säännöt `SKILL.md`:stä.
 ## Pre-cache-esimerkit (Offline Container)
 Alla Dockerfile-esimerkit kielikohtaisista pre-cacheista. Kaikki ajetaan
 build-vaiheessa — kontti on täysin itseriittoinen eikä lataa mitään
 pipeline- tai runtime-vaiheessa.
 ### Go
 ```dockerfile
 FROM golang:1.24-alpine AS deps
 WORKDIR /build
 COPY go.mod go.sum ./
 RUN go mod download
 FROM deps AS test-build
 COPY . .
 RUN go test -c -o /tmp/test.bin ./...
 FROM alpine:3.21
 RUN apk add --no-cache git nodejs
 COPY --from=deps /go/pkg/mod /go/pkg/mod
 COPY --from=test-build /tmp/test.bin /usr/local/bin/test
 ```
 ### Node.js
 ```dockerfile
 FROM node:22-alpine AS deps
 WORKDIR /build
 COPY package.json package-lock.json ./
 RUN npm ci --omit=dev
 FROM node:22-alpine
 RUN apk add --no-cache git
 COPY --from=deps /build/node_modules /app/node_modules
 COPY . /app
 WORKDIR /app
 ```
 ### Java / Maven
 ```dockerfile
 FROM maven:3.9-eclipse-temurin-21 AS deps
 WORKDIR /build
 COPY pom.xml ./
 RUN mvn dependency:go-offline -B
 FROM maven:3.9-eclipse-temurin-21 AS build
 COPY --from=deps /root/.m2 /root/.m2
 COPY . .
 RUN mvn package -B -DskipTests
 FROM eclipse-temurin:21-jre
 RUN apt-get update && apt-get install -y --no-install-recommends git && rm -rf /var/lib/apt/lists/*
 COPY --from=build /build/target/*.jar /app/app.jar
 WORKDIR /app
 ```
 ### Python
 ```dockerfile
 FROM python:3.12-alpine AS deps
 WORKDIR /build
 COPY requirements.txt ./
 RUN pip wheel --wheel-dir=/wheels -r requirements.txt
 FROM python:3.12-alpine
 RUN apk add --no-cache git
 COPY --from=deps /build/wheels /wheels
 COPY --from=deps /build/requirements.txt /
 RUN pip install --no-index --find-links=/wheels -r /requirements.txt && rm -rf /wheels
 COPY . /app
 WORKDIR /app
 ```
 ### Helm + Node.js (korvaa helm-build-push.yml:n runtime-apk)
 ```dockerfile
 FROM alpine/helm:3.16.0 AS helm-bin
 FROM node:22-alpine
 RUN apk add --no-cache git
 COPY --from=helm-bin /usr/bin/helm /usr/local/bin/helm
 ```
 Tämä kontti korvaa `helm-build-push.yml`:n `alpine/helm:3.19.0`-image-riippuvuuden
 ja poistaa tarpeen asentaa node.js runtime-vaiheessa.
 ## Reititin — täydellinen esimerkki
 ```yaml
@@ -202,16 +115,7 @@ jobs:
      - name: Report
        if: always()
-        run: |
+        run: bash .ci/scripts/ci-report.sh "<kuvaus>" <context> <suite> ${{ job.status }}
          bash .ci/scripts/ci-report.sh "<Test type> test report" <context> <suite> ${{ job.status }}
 ```
 Monorepossa context ja description sisältävät komponentin nimen:
 ```yaml
      - name: Report
        if: always()
        run: |
          bash .ci/scripts/ci-report.sh "<Komponentti>: <Test type> test report" <komponentti>.<context> <suite> ${{ job.status }}
 ```
 **Usean runnerin cache-ongelma:** Jos eri kerroilla käynnistyy eri runnereita,
@@ -227,7 +131,6 @@ niillä voi olla eri versio `latest`-imagen digesteistä. Ratkaisuja:
 ### Taso 1: Ei jälkikäsittelyä
 Single repo:
 ```yaml
 - name: Run tests
  shell: bash
@@ -237,27 +140,11 @@ Single repo:
 - name: Report
  if: always()
-  run: |
+  run: bash .ci/scripts/ci-report.sh "<kuvaus>" <context> <suite> ${{ job.status }}
    bash .ci/scripts/ci-report.sh "<Test type> test report" <context> <suite> ${{ job.status }}
 ```
 Monorepo:
 ```yaml
 - name: Run tests
  shell: bash
  run: |
    mkdir -p "reports/<suite>"
    <testikomento>
 - name: Report
  if: always()
  run: |
    bash .ci/scripts/ci-report.sh "<Komponentti>: <Test type> test report" <komponentti>.<context> <suite> ${{ job.status }}
 ```
 ### Taso 2: Jälkikäsittely tarvitaan
 Single repo:
 ```yaml
 - name: Run tests
  shell: bash
@@ -275,30 +162,7 @@ Single repo:
 - name: Report
  if: always()
-  run: |
+  run: bash .ci/scripts/ci-report.sh "<kuvaus>" <context> <suite> ${{ job.status }}
    bash .ci/scripts/ci-report.sh "<Test type> test report" <context> <suite> ${{ job.status }}
 ```
 Monorepo:
 ```yaml
 - name: Run tests
  shell: bash
  run: |
    mkdir -p "reports/<suite>"
    <testikomento> > "reports/<suite>/results.txt" 2>&1
 - name: Post-process coverage
  if: always()
  run: <siirrä coverage-data reports/<suite>/coverage/-hakemistoon>
 - name: Post-process test report
  if: always()
  run: <HTML-generointi raa'asta outputista>
 - name: Report
  if: always()
  run: |
    bash .ci/scripts/ci-report.sh "<Komponentti>: <Test type> test report" <komponentti>.<context> <suite> ${{ job.status }}
 ```
 ### Väärin vs oikein — yksi asia per step
@@ -322,16 +186,7 @@ Monorepo:
 - name: Report
  if: always()
-  run: |
+  run: bash .ci/scripts/ci-report.sh "Helm kubeconform" helm-test kubeconform ${{ job.status }}
    bash .ci/scripts/ci-report.sh "Helm kubeconform" helm-test kubeconform ${{ job.status }}
 ```
 Monorepossa:
 ```yaml
 - name: Report
  if: always()
  run: |
    bash .ci/scripts/ci-report.sh "<Komponentti>: Helm kubeconform" <komponentti>.helm-test kubeconform ${{ job.status }}
 ```
 ### Väärin vs oikein — post-process
@@ -494,7 +349,7 @@ pitää komponentit selkeästi erillään, ja tekee repossa navigoinnista suorav
 | Ongelma | Ratkaisu |
 |---|---|
-| Monta komponenttia, yksi repo — mikä triggeröi? | `paths:`-filtteri: komponentin hakemisto + sen CI-workflow't ja conf-tiedosto |
+| Monta komponenttia, yksi repo — mikä triggeröi? | `paths:`-filtteri: `push: { paths: ['<komponentti>/**'] }` |
 | Jokaisella komponentilla oma versio | `VERSION_FILE=<komponentti>/package.json` confissa |
 | Git-tägit sekaisin ellei nimiavaruutta | `GIT_TAG_PREFIX=<komponentti>/` confissa → tägi `<komponentti>/1.2.3` |
 | Eri julkaisutahdit | Riippumattomat CI-triggerit, omat versiopolut |
@@ -523,8 +378,7 @@ on:
    branches:
      - main
    paths:
-      - <komponentti>/**
+      - '<komponentti>/**'
      - .gitea/workflows/<komponentti>.*
 jobs:
  load-config:
@@ -567,15 +421,6 @@ jobs:
      suites: '<suite-1> <suite-2>'
 ```
 **Commit status -kontekstit monorepossa:** Testiraporttien `ci-report.sh`-kutsussa
 context ja description sisältävät komponentin nimen:
 ```yaml
      - name: Report
        if: always()
        run: |
          bash .ci/scripts/ci-report.sh "<Komponentti>: Unit test report" <komponentti>.unit-tests bats ${{ job.status }}
 ```
 ### Version elinkaari per komponentti
 `GIT_TAG_PREFIX` takaa että eri komponenttien versiohistoria pysyy erillään.
@@ -590,7 +435,6 @@ jos commitilla on jo tägi, pipeline skipataan `if: artifact_exists != 'true'`.
 - Älä aja kaikkia komponentteja samasta triggeristä — `paths:` pitää CI:t erillisinä
 - Älä käytä samaa versionhallintatiedostoa usealle komponentille
 - Älä anna monorepo-parametreja pipeline-overrideina — kaikki kuuluu conf-tiedostoon
 - Älä rajaa `paths:` pelkkään komponentin hakemistoon — CI ei triggeröidy workflow- tai conf-muutoksista
 ## Versionhallinta
@@ -82,36 +82,7 @@ koko stepin ensimmäisellä failaavalla komennolla, ja loput jäävät ajamatta.
 CI-kontin build-workflow'n template: `skills/ci-container-build/SKILL.md`.
-### 4.1 Offline Container -vaatimus (DoD)
+### 4.1 CI-kontin ajaminen jobissa
 CI-kontin (ja kaikkien pipeline-konttien) on oltava täysin itseriittoisia:
 > Kontti ei lataa mitään pipeline-vaiheessa (`workflow run` -stepit) eikä
 > kontin runtime-prosessissa (`container:` / `docker run`). Kaikki
 > riippuvuudet pre-cachataan `docker build` -vaiheessa.
 > Ainoa sallittu lataushetki on `docker build`.
 **Esimerkkejä rikkomuksista:**
 - `apk add`, `apt-get install`, `npm install`, `go mod download`, `pip install`
  pipeline-stepissä
 - `curl <url> | tar xz` runtime-vaiheessa
 - Node.js-konttikuva ilman nodea (joudutaan asentamaan lennossa)
 ### 4.2 Kielikohtainen pre-cache
 Kun kontissa testataan kielikohtaista koodia, kaikki riippuvuudet on
 pre-cachattava Dockerfilessä, ei pipeline-stepissä:
 | Kieli | Pre-cache Dockerfilessä |
 |---|---|
 | Go | `COPY go.mod go.sum ./` → `RUN go mod download` |
 | Java/Maven | `COPY pom.xml ./` → `RUN mvn dependency:go-offline` |
 | Node | `COPY package.json package-lock.json ./` → `RUN npm ci --omit=dev` |
 | Python | `COPY requirements.txt ./` → `RUN pip install -r requirements.txt` |
 Katso tarkat Dockerfile-esimerkit `REFERENCE.md`:stä.
 ### 4.3 CI-kontin ajaminen jobissa
 Ainoa sallittu tapa on `container:`-direktiivi. `docker run` komennolla kontin
 käynnistäminen stepin sisällä on anti-pattern.
@@ -120,90 +91,7 @@ Katso CI-kontin template `REFERENCE.md`:stä.
 **Huomio `actions/checkout@v4`:stä:** `container:`-direktiivillä kaikki stepit
 ajetaan kontin *sisällä* — myös `actions/checkout@v4`. Se on JavaScript-action
-joka vaatii sekä `nodejs` että `git`. Varmista että CI-kontin Dockerfilessä on
+joka vaatii sekä `nodejs` että `git`. Varmista että CI-kontin Dockerfilessä on molemmat.
 molemmat — muuten checkout ei toimi ja pipeline failaa.
 ### 4.4 Build-konteksti, `.dockerignore` ja `COPY`
 **Build-konteksti** on aina tiedoston (Dockerfile, Chart.yaml) oman hakemiston
 juuri (`dirname "${DOCKERFILE}"` / `dirname "${CHART_FILE}"`). Kaikki
 suhteelliset polut — ignore-tiedosto, `COPY`, `ADD` — ovat suhteessa tähän
 kontekstiin.
 | Tiedosto | Konteksti | Ignore-tiedosto | Käyttö |
 |---|---|---|---|
 | `Dockerfile` | `.` | `./.dockerignore` | `docker build` / `COPY src/ src/` |
 | `api/Dockerfile` | `api/` | `api/.dockerignore` | `docker build` / `COPY src/ src/` |
 | `Chart.yaml` (`VERSION_FILE`) | `.` | `./.helmignore` | `helm package` |
 | `api/Chart.yaml` (`VERSION_FILE`) | `api/` | `api/.helmignore` | `helm package` |
 Helm chartin polku luetaan confin `VERSION_FILE`-kentästä — sama rivi jota
 `check-version.yml` käyttää version lähteenä. Yksi conf-rivi ohjaa molempia:
 sekä versionlaskentaa että chartin sijaintia.
 **Mitä ignore-tiedosto sisältää:** Kaikki mikä EI ole konttiin tai chart-pakettiin
 tarkoitettua koodia tai resurssia, ON oltava ignore-tiedostossa:
 - Git- ja CI-historia (`.git/`, `.gitea/`, `.github/`)
 - Testikoodi, testidata, testiraportit (`tests/`, `reports/`, `coverage/`)
 - Dokumentaatio (`docs/`, `guides/`, `*.md`, `CHANGELOG`, `README`)
 - Editori- ja työkalukonfiguraatio (`.vscode/`, `.cursor/`, `.idea/`, `.DS_Store`)
 - Riippuvuudet jotka asennetaan Dockerfilessä (`node_modules/`)
 - Väliaikaistiedostot (`tmp/`, `*.log`)
 - Projektikohtaiset konfiguraatiot (`.env`, `*.conf`, `CURRENT_PROVIDER_VERSION`)
 **Miksi:** Build-kontekstin koko vaikuttaa suoraan `docker build` -nopeuteen.
 Raskas konteksti (etenkin `.git/` ja `node_modules/`) hidastaa buildia ja
 kuluttaa runnerin resursseja turhaan. Ylimääräiset tiedostot kontissa ovat
 **tietoturvariski** — tokenit, `.env` ja sensitiivinen data voivat päätyä
 kontin layeriin jos `.dockerignore` ei ole kattava.
 ### 4.5 `COPY`-kuri — kopioi vain tarvittava
 `COPY . .` on kielletty. Jokainen `COPY` kopioi vain tarvittavat tiedostot
 tai hakemistot:
 ```dockerfile
 # VÄÄRIN
 COPY . .
 # OIKEIN
 COPY package.json package-lock.json ./
 COPY src/ src/
 COPY public/ public/
 ```
 **Miksi:**
 - Layer-cache: `COPY . .` rikkoo välimuistin — mikä tahansa muutos
  tiedostossa tyhjentää koko layerin
 - Tietoturva: konttiin voi päätyä ylimääräisiä tiedostoja vaikka
  `.dockerignore` olisi kattava (unohtunut ignore-rivi, uusi työkalu
  joka luo tiedostoja build-kontekstiin)
 - Luettavuus: `COPY . .` ei kerro mitä kontti todella sisältää
 - Kontin koko: eksplisiittinen `COPY` pitää image-koon kurissa
 ### 4.6 `.helmignore` — pidä chart-paketti siistinä
 `helm package` käyttää `.helmignore`-tiedostoa samalla periaatteella kuin
 `docker build` käyttää `.dockerignore`a:
 - Chart-hakemisto luetaan confin `VERSION_FILE`-kentästä (`dirname "${VERSION_FILE}"`)
 - ignore-tiedosto luetaan chart-hakemiston juuresta (sama konteksti kuin
  `Chart.yaml`, ks. 4.4)
 - Kaikki turha (testit, docs, git, CI-konffit, kuvat) on poissuljettava
 - Jos `.helmignore` puuttuu, `helm package` paketoi mukaan kaikki
  chart-hakemiston tiedostot — turhaa bulkkia registryyn
 **`.helmignore` on pakollinen** jokaiselle chartille. Minimisisältö:
 ```
 .git/
 .gitignore
 tests/
 docs/
 *.md
 .DS_Store
 ```
 ## 5. Raporttitasot
@@ -240,35 +128,6 @@ Tiedostonimet `.gitea/workflows/`-kansiossa noudattavat yhtenäistä rakennetta:
 Single repossa `<komponentti>` jätetään pois.
 Monorepossa prefiksi pitää komponentin tiedostot yhdessä.
 ### 6.1 Commit status -nimeäminen
 `ci-report.sh`-kutsun `description` (2. argumentti) ja `context` (3. argumentti)
 noudattavat seuraavaa kaavaa:
 **Single repo:**
 ```
 context:     <testityyppi>            (esim. unit-tests, acc-tests)
 description: <Test type> test report  (esim. Unit test report)
 ```
 **Monorepo:**
 ```
 context:     <komponentti>.<testityyppi>            (esim. library.unit-tests)
 description: <Komponentti>: <Test type> test report (esim. Library: Unit test report)
 ```
 > Gitea YAML: `run:` laita lainausmerkeillä `run: |`-blockiin — Gitea ei tue lainausmerkkejä yhden rivin `run:`-komennoissa.
 >
 > ```yaml
 >       - name: Report
 >         if: always()
 >         run: |
 >           bash .ci/scripts/ci-report.sh "<Komponentti>: <Test type> test report" <komponentti>.<context> <suite> ${{ job.status }}
 > ```
 Build/push-status (Docker, Helm) on providerin hallussa — consumer ei vaikuta
 niiden nimeämiseen.
 ## 7. Artifact-kuri
 Gitea Actionsin `upload-artifact` jättää pysyvän tiedoston. Artifakteja ei käytetä
@@ -330,215 +189,3 @@ Ei pipeä (`|`) komennon perässä — se syö exit-koodin. Käytä redirectiä
 Providerin scriptit haetaan `actions/checkout`-stepillä `.ci/`-polkuun.
 Consumer ei kopioi eikä muokkaa providerin tiedostoja.
 ## 10. Build & Push -providerit
 ### `docker-build-push.yml` — Docker image build & push
 Buildaa ja pushee Docker-imagen OCI-registryyn. Ajaa suoraan runnerilla
 (ei `container:`-direktiiviä), joten `actions/checkout` toimii natiivisti.
 **`env_json`-avaimet (pakolliset):**
 ```yaml
 DOCKER_REGISTRY: gitea.app.keskikuja.site/niko
 DOCKER_IMAGE_NAME: my-app
 ```
 **Käyttö reitittimessä:**
 ```yaml
 docker-build-push:
  uses: OWNER/gitea-ci-library/.gitea/workflows/docker-build-push.yml@v1
  needs: [check-version]
  if: needs.check-version.outputs.artifact_exists == 'false'
  secrets: inherit
  with:
    env_json: ${{ needs.load-config.outputs.env_json }}
    version:  ${{ needs.check-version.outputs.version }}
 ```
 Tarkka input/secret-lista: `docs/workflows.md`.
 ### `helm-build-push.yml` — Helm chart build & push
 Pakkaa ja pushee Helm-chartin OCI-registryyn. Käyttää `alpine/helm`-konttia.
 **`env_json`-avaimet (pakolliset):**
 ```yaml
 HELM_REGISTRY: gitea.app.keskikuja.site/niko
 VERSION_FILE: platform-helm/Chart.yaml  # chart-hakemisto + versionlähde
 ```
 **Käyttö reitittimessä:**
 ```yaml
 helm-build-push:
  uses: OWNER/gitea-ci-library/.gitea/workflows/helm-build-push.yml@v1
  needs: [check-version]
  if: needs.check-version.outputs.artifact_exists == 'false'
  secrets: inherit
  with:
    env_json: ${{ needs.load-config.outputs.env_json }}
    version:  ${{ needs.check-version.outputs.version }}
 ```
 Chart-hakemisto johdetaan `VERSION_FILE`-polusta: `dirname "${VERSION_FILE}"`.
 Jos `VERSION_FILE` on `Chart.yaml`, konteksti on juuri. Jos `platform-helm/Chart.yaml`,
 konteksti on `platform-helm/`.
 **Yksittäisten Helm-UI-linkkien raportointi:** `HELM_UI_URL` on
 tarkoitettu yleiselle registry UI:lle — provider muodostaa linkin
 `${HELM_UI_URL}/${CHART_NAME}/${VERSION}` automaattisesti.
 Tarkka input/secret-lista: `docs/workflows.md`.
 ## 11. Multi-artifact monorepo -komponentti
 Yksi monorepo-komponentti voi tuottaa useita artefakteja (esim. Docker image
 + Helm chart). Kukin artefakti on **omassa reitittimessään** — ei yhtä
 monoliittista pipelinea. Tämä on tietoinen arkkitehtuurivalinta:
 - Reitittimet ovat itsenäisiä: eri `paths:`-triggerit, eri tagit, eri confit
 - Yksi commit voi triggeröidä molemmat rinnakkain
 - Yhden artefaktin build tai testi ei estä toista
 ### Esimerkki: `platform-helm` joka tuottaa Docker-imagen ja Helm chartin
 ```
 .gitea/workflows/
 ├── platform-helm.ci-main.yml              # Docker build & push
 ├── platform-helm.gitea-env.conf           # Docker-konffi
 ├── platform-helm.helm-ci-main.yml         # Helm build & push
 ├── platform-helm.helm-gitea-env.conf      # Helm-konffi
 ├── platform-helm.helm-chart-lint.yml      # Chart-testi
 └── platform-helm.ci-container-build-helm.yml  # CI-kontin build
 ```
 ### `platform-helm.gitea-env.conf` (Docker)
 ```ini
 DOCKER_REGISTRY=gitea.app.keskikuja.site/niko
 DOCKER_IMAGE_NAME=platform-helm
 GIT_TAG_PREFIX=platform-helm/
 ```
 ### `platform-helm.helm-gitea-env.conf` (Helm)
 ```ini
 HELM_REGISTRY=gitea.app.keskikuja.site/niko
 VERSION_FILE=platform-helm/Chart.yaml
 GIT_TAG_PREFIX=chart/
 ```
 ### Reitittimet
 **`platform-helm.ci-main.yml`** — Docker-buildi, testit, oma tagi:
 ```yaml
 name: platform-helm CI Main
 on:
  push:
    branches: [main]
    paths:
      - platform-helm/**
      - .gitea/workflows/platform-helm.*
 jobs:
  load-config:
    uses: OWNER/gitea-ci-library/.gitea/workflows/config-provider.yml@v1
    secrets: inherit
    with:
      config_path: .gitea/workflows/platform-helm.gitea-env.conf
  check-version:
    needs: [load-config]
    uses: OWNER/gitea-ci-library/.gitea/workflows/check-version.yml@v1
    secrets: inherit
    with:
      env_json: ${{ needs.load-config.outputs.env_json }}
  test:
    needs: [load-config, check-version]
    uses: ./.gitea/workflows/platform-helm.sbom-lint.yml
    secrets: inherit
    with:
      env_json: ${{ needs.load-config.outputs.env_json }}
  build-push:
    needs: [load-config, check-version, test]
    if: needs.check-version.outputs.artifact_exists == 'false'
    uses: OWNER/gitea-ci-library/.gitea/workflows/docker-build-push.yml@v1
    secrets: inherit
    with:
      env_json: ${{ needs.load-config.outputs.env_json }}
      version:  ${{ needs.check-version.outputs.version }}
  report-summary:
    needs: [load-config, test, build-push]
    if: always()
    uses: OWNER/gitea-ci-library/.gitea/workflows/report-summary.yml@v1
    with:
      env_json: ${{ needs.load-config.outputs.env_json }}
      suites: ''
 ```
 **`platform-helm.helm-ci-main.yml`** — Helm-buildi, chart-testi, oma tagi:
 ```yaml
 name: platform-helm Helm CI Main
 on:
  push:
    branches: [main]
    paths:
      - platform-helm/**
      - .gitea/workflows/platform-helm.helm*
 jobs:
  load-config:
    uses: OWNER/gitea-ci-library/.gitea/workflows/config-provider.yml@v1
    secrets: inherit
    with:
      config_path: .gitea/workflows/platform-helm.helm-gitea-env.conf
  check-version:
    needs: [load-config]
    uses: OWNER/gitea-ci-library/.gitea/workflows/check-version.yml@v1
    secrets: inherit
    with:
      env_json: ${{ needs.load-config.outputs.env_json }}
  chart-lint:
    needs: [load-config, check-version]
    uses: ./.gitea/workflows/platform-helm.helm-chart-lint.yml
    secrets: inherit
    with:
      env_json: ${{ needs.load-config.outputs.env_json }}
  helm-build-push:
    needs: [load-config, check-version, chart-lint]
    if: needs.check-version.outputs.artifact_exists == 'false'
    uses: OWNER/gitea-ci-library/.gitea/workflows/helm-build-push.yml@v1
    secrets: inherit
    with:
      env_json: ${{ needs.load-config.outputs.env_json }}
      version:  ${{ needs.check-version.outputs.version }}
  report-summary:
    needs: [load-config, chart-lint, helm-build-push]
    if: always()
    uses: OWNER/gitea-ci-library/.gitea/workflows/report-summary.yml@v1
    with:
      env_json: ${{ needs.load-config.outputs.env_json }}
      suites: ''
 ```
 ### Säännöt
 - Jokaisella artefaktilla on oma reititin, oma conf, omat testit
 - Conf-tiedoston nimi erottaa artefaktit: `<komponentti>.gitea-env.conf` vs
  `<komponentti>.helm-gitea-env.conf`
 - `<komponentti>.helm-`-prefiksi erottaa Helm-artefaktin tiedostot
 - `GIT_TAG_PREFIX` pitää tagit erillään: `platform-helm/1.2.3` vs `chart/1.2.3`
 - Molemmat reitittimet voivat triggeröityä samasta commitista
@@ -1,182 +0,0 @@
 #!/usr/bin/env bats
 source "$BATS_TEST_DIRNAME/helpers/mock-api.sh"
 setup() {
  export GITEA_TOKEN=test-token
  export GIT_TAG_PREFIX=""
  export SERVER_URL="http://localhost:18080"
  export REPO="niko/test"
  export SHA="abc123"
  rm -rf /tmp/build-ctx
 }
 teardown() {
  mock_stop 2>/dev/null || true
  rm -rf /tmp/build-ctx
 }
@test "VERSION_FILE=Chart.yaml extracts version from YAML" {
  mock_set_sequence '[{"code": 200, "body": []}]'
  mock_start
  export VERSION_FILE="$BATS_TEST_DIRNAME/fixtures/check-version/Chart.yaml"
  run bash scripts/check-version.sh
  [ "$status" -eq 0 ]
  source /tmp/build-ctx/build.env
  [ "$ARTIFACT_EXISTS" = "false" ]
  [ "$NEXT_VERSION" = "0.3.0" ]
 }
@test "VERSION_FILE=VERSION extracts version from plain text" {
  mock_set_sequence '[{"code": 200, "body": []}]'
  mock_start
  export VERSION_FILE="$BATS_TEST_DIRNAME/fixtures/check-version/VERSION"
  run bash scripts/check-version.sh
  [ "$status" -eq 0 ]
  source /tmp/build-ctx/build.env
  [ "$ARTIFACT_EXISTS" = "false" ]
  [ "$NEXT_VERSION" = "0.3.0" ]
 }
@test "VERSION_FILE=package.json extracts version from JSON" {
  mock_set_sequence '[{"code": 200, "body": []}]'
  mock_start
  export VERSION_FILE="$BATS_TEST_DIRNAME/fixtures/check-version/package.json"
  run bash scripts/check-version.sh
  [ "$status" -eq 0 ]
  source /tmp/build-ctx/build.env
  [ "$ARTIFACT_EXISTS" = "false" ]
  [ "$NEXT_VERSION" = "0.3.0" ]
 }
@test "VERSION_FILE=subdir/Chart.yaml extracts version from monorepo" {
  mock_set_sequence '[{"code": 200, "body": []}]'
  mock_start
  export VERSION_FILE="$BATS_TEST_DIRNAME/fixtures/check-version/subdir/Chart.yaml"
  run bash scripts/check-version.sh
  [ "$status" -eq 0 ]
  source /tmp/build-ctx/build.env
  [ "$ARTIFACT_EXISTS" = "false" ]
  [ "$NEXT_VERSION" = "0.4.0" ]
 }
@test "no VERSION_FILE, root VERSION found" {
  mock_set_sequence '[{"code": 200, "body": []}]'
  mock_start
  WORKDIR=$(mktemp -d)
  cp "$BATS_TEST_DIRNAME/fixtures/check-version/VERSION" "$WORKDIR/VERSION"
  SCRIPT="$PWD/scripts/check-version.sh"
  run bash -c "cd '$WORKDIR' && exec bash '$SCRIPT'"
  rm -rf "$WORKDIR"
  [ "$status" -eq 0 ]
  source /tmp/build-ctx/build.env
  [ "$NEXT_VERSION" = "0.3.0" ]
 }
@test "no VERSION_FILE, root Chart.yaml found" {
  mock_set_sequence '[{"code": 200, "body": []}]'
  mock_start
  WORKDIR=$(mktemp -d)
  cp "$BATS_TEST_DIRNAME/fixtures/check-version/Chart.yaml" "$WORKDIR/Chart.yaml"
  SCRIPT="$PWD/scripts/check-version.sh"
  run bash -c "cd '$WORKDIR' && exec bash '$SCRIPT'"
  rm -rf "$WORKDIR"
  [ "$status" -eq 0 ]
  source /tmp/build-ctx/build.env
  [ "$NEXT_VERSION" = "0.3.0" ]
 }
@test "tag exists for commit sets ARTIFACT_EXISTS=true" {
  mock_set_sequence '[{"code": 200, "body": [{"name": "0.3.0", "commit": {"sha": "abc123"}}]}]'
  mock_start
  export VERSION_FILE="$BATS_TEST_DIRNAME/fixtures/check-version/VERSION"
  run bash scripts/check-version.sh
  [ "$status" -eq 0 ]
  source /tmp/build-ctx/build.env
  [ "$ARTIFACT_EXISTS" = "true" ]
  [ "$NEXT_VERSION" = "0.3.0" ]
 }
@test "tag with prefix filters correctly" {
  mock_set_sequence '[{"code": 200, "body": [{"name": "git-pages/0.3.0", "commit": {"sha": "abc123"}}, {"name": "docker/0.3.0", "commit": {"sha": "abc123"}}]}]'
  mock_start
  export GIT_TAG_PREFIX="git-pages/"
  export VERSION_FILE="$BATS_TEST_DIRNAME/fixtures/check-version/VERSION"
  run bash scripts/check-version.sh
  [ "$status" -eq 0 ]
  source /tmp/build-ctx/build.env
  [ "$ARTIFACT_EXISTS" = "true" ]
  [ "$NEXT_VERSION" = "git-pages/0.3.0" ]
 }
@test "no tag, new version calculated" {
  mock_set_sequence '[{"code": 200, "body": []}]'
  mock_start
  export VERSION_FILE="$BATS_TEST_DIRNAME/fixtures/check-version/VERSION"
  run bash scripts/check-version.sh
  [ "$status" -eq 0 ]
  source /tmp/build-ctx/build.env
  [ "$ARTIFACT_EXISTS" = "false" ]
  [ "$NEXT_VERSION" = "0.3.0" ]
 }
@test "highest patch calculated correctly" {
  mock_set_sequence '[{"code": 200, "body": [{"name": "0.3.0", "commit": {"sha": "def456"}}, {"name": "0.3.1", "commit": {"sha": "def456"}}]}]'
  mock_start
  export VERSION_FILE="$BATS_TEST_DIRNAME/fixtures/check-version/VERSION"
  run bash scripts/check-version.sh
  [ "$status" -eq 0 ]
  source /tmp/build-ctx/build.env
  [ "$ARTIFACT_EXISTS" = "false" ]
  [ "$NEXT_VERSION" = "0.3.2" ]
 }
@test "VERSION_FILE=Chart-umbrella.yaml extracts only top-level version" {
  mock_set_sequence '[{"code": 200, "body": []}]'
  mock_start
  export VERSION_FILE="$BATS_TEST_DIRNAME/fixtures/check-version/Chart-umbrella.yaml"
  run bash scripts/check-version.sh
  echo "STATUS=$status"
  echo "OUTPUT=$output"
  [ "$status" -eq 0 ]
  source /tmp/build-ctx/build.env
  echo "NEXT_VERSION=$NEXT_VERSION"
  [ "$NEXT_VERSION" = "0.1.0" ]
 }
@test "no version source exits with error" {
  mock_set_sequence '[{"code": 200, "body": []}]'
  mock_start
  WORKDIR=$(mktemp -d)
  SCRIPT="$PWD/scripts/check-version.sh"
  run bash -c "cd '$WORKDIR' && exec bash '$SCRIPT'"
  rm -rf "$WORKDIR"
  [ "$status" -eq 1 ]
  [[ "$output" == *"ERROR"* ]]
 }
@@ -1,12 +0,0 @@
 apiVersion: v2
 name: agent-platform
 description: Agent Platform umbrella chart
 type: application
 version: 0.1.0
 dependencies:
  - name: vikunja
    version: "0.1.0"
    repository: oci://registry.example.com
  - name: langfuse
    version: "0.2.0"
    repository: oci://registry.example.com
@@ -1,6 +0,0 @@
 apiVersion: v2
 name: test-chart
 description: Test chart for version extraction
 type: application
 version: 0.3.0
 appVersion: "1.0.0"
@@ -1 +0,0 @@
 0.3.0
@@ -1 +0,0 @@
 {"version": "0.3.0"}
@@ -1 +0,0 @@
 <project><version>0.3.0</version></project>
@@ -1,6 +0,0 @@
 apiVersion: v2
 name: subdir-chart
 description: Chart in subdirectory for monorepo testing
 type: application
 version: 0.4.0
 appVersion: "1.0.0"
@@ -12,10 +12,8 @@ MOCK_CONFIG_FILE=""
 _kill_port() {
  local pids
  pids=$(lsof -ti ":$MOCK_PORT" 2>/dev/null) || true
-  if [ -n "$pids" ]; then
+  [ -n "$pids" ] && kill -9 $pids 2>/dev/null || true
    kill -9 $pids 2>/dev/null || true
  sleep 0.5
  fi
 }
 _wait_port_free() {
@@ -28,7 +26,7 @@ _wait_port_free() {
 _wait_port_ready() {
  local i=0
-  while ! lsof -ti ":$MOCK_PORT" >/dev/null 2>&1 && [ $i -lt 30 ]; do
+  while ! lsof -ti ":$MOCK_PORT" >/dev/null 2>&1 && [ $i -lt 5 ]; do
    sleep 0.2
    i=$((i + 1))
  done
Author	SHA1	Message	Date
moilanik	a731b62a52	helm chart build & push CI Git-Pages Main / Load git-pages.gitea-env.conf to pipeline env (push) Successful in 30s Details CI Git-Pages Main / Report Summary (push) Successful in 4s Details acc-tests Cucumber test report Details CI Feature / Load example-gitea-env.conf to pipeline env (push) Successful in 24s Details CI Git-Pages Main / Check existing artifact (push) Failing after 15s Details CI Git-Pages Main / Build & Push Helm chart (push) Has been skipped Details CI Feature / Cucumber tests (push) Successful in 1m1s Details unit-tests Bats test report Details CI Feature / Bats tests (push) Successful in 1m29s Details CI Feature / Report Summary (push) Successful in 4s Details	2026-06-19 07:25:09 +03:00
moilanik	15e8cdc562	helm chart check version	2026-06-19 05:39:27 +03:00
moilanik	6113f9744c	ai tiedostojen päivitys	2026-06-19 05:39:12 +03:00
		`@@ -1 +0,0 @@`
			`<project><version>0.3.0</version></project>`