From ec3da64594642dd573d9d3ab329c80b00326fcf4 Mon Sep 17 00:00:00 2001
From: Hermes <hermes@lazyworkhorse.net>
Date: Sat, 16 May 2026 12:04:25 -0400
Subject: [PATCH] feat: add CI workflow and integration test stub

---
 .gitea/workflows/build-nixos.yml | 41 ++++++++++++++++++++++++++++++++
 tests/run-integration.sh         | 28 ++++++++++++++++++++++
 2 files changed, 69 insertions(+)
 create mode 100644 .gitea/workflows/build-nixos.yml
 create mode 100755 tests/run-integration.sh

diff --git a/.gitea/workflows/build-nixos.yml b/.gitea/workflows/build-nixos.yml
new file mode 100644
index 0000000..75073ac
--- /dev/null
+++ b/.gitea/workflows/build-nixos.yml
@@ -0,0 +1,41 @@
+name: Build and test NixOS config
+on:
+  pull_request:
+    branches: [ master ]
+    paths:
+      - '**.nix'
+      - 'flake.lock'
+      - 'secrets/**'
+      - 'hosts/**'
+      - 'modules/**'
+  push:
+    branches: [ master ]
+    paths:
+      - '**.nix'
+      - 'flake.lock'
+      - 'secrets/**'
+      - 'hosts/**'
+      - 'modules/**'
+
+jobs:
+  build:
+    runs-on: nixos-builder
+    steps:
+      - name: Checkout
+        run: |
+          git clone -b "${{ github.head_ref || github.ref_name }}" \
+            https://gitea:${{ secrets.GITHUB_TOKEN }}@code.lazyworkhorse.net/gortium/infra.git .
+          git log --oneline -3
+
+      - name: Build NixOS config
+        run: |
+          nix --version
+          nh os build .#lazyworkhorse 2>&1
+
+      - name: Run integration tests (staging VM)
+        run: |
+          echo "==> Deploying PR config to staging VM..."
+          # TODO: pr-test-vm build && pr-test-vm start
+          # TODO: scp test suite to VM, docker compose up, run tests
+          # TODO: pr-test-vm destroy
+          echo "Staging VM integration tests not yet implemented."
diff --git a/tests/run-integration.sh b/tests/run-integration.sh
new file mode 100755
index 0000000..788308d
--- /dev/null
+++ b/tests/run-integration.sh
@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+# Integration test suite for PR validation on staging VM
+#
+# This script runs inside the staging VM after the PR's NixOS config
+# has been deployed. It tests that all services come up correctly.
+#
+# Usage: pr-test-vm ssh < tests/run-integration.sh
+
+set -euo pipefail
+
+echo "==> Integration tests starting..."
+
+# Test Docker is running
+echo "  [1/3] Docker daemon..."
+docker info > /dev/null 2>&1 || { echo "FAIL: Docker not running"; exit 1; }
+echo "       OK"
+
+# Test compose stack can start
+echo "  [2/3] Docker Compose stack..."
+docker compose -f /opt/data/compose.yml ps > /dev/null 2>&1 || { echo "FAIL: Compose stack not running"; exit 1; }
+echo "       OK"
+
+# Test services are healthy
+echo "  [3/3] Service health checks..."
+# TODO: add per-service health checks
+echo "       OK (placeholder)"
+
+echo "==> All integration tests passed."