6 files changed, 52 insertions, 109 deletions

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 005ad67..38424c7 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -7,10 +7,3 @@ updates:
       interval: "weekly"
     commit-message:
       prefix: "ci"
-
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "weekly"
-    commit-message:
-      prefix: "node_modules"
diff --git a/.github/workflows/autobot.yaml b/.github/workflows/autobot.yaml
deleted file mode 100644
index 4e74d0a..0000000
--- a/.github/workflows/autobot.yaml
+++ /dev/null
@@ -1,28 +0,0 @@
-name: Auto-merge Dependabot
-
-on: pull_request
-
-jobs:
-  automerge:
-    name: Check and merge PR
-    if: github.actor == 'dependabot[bot]'
-
-    runs-on: ubuntu-latest
-
-    permissions:
-      contents: write
-      pull-requests: write
-
-    steps:
-      - name: Fetch metadata
-        uses: dependabot/fetch-metadata@v2
-        id: metadata
-        with:
-          github-token: ${{ github.token }}
-
-      - name: Enable auto-merge
-        if: steps.metadata.outputs.update-type == 'version-update:semver-patch' || steps.metadata.outputs.update-type == 'version-update:semver-minor'
-        run: gh pr merge --auto --squash "$PR"
-        env:
-          GH_TOKEN: ${{ github.token }}
-          PR: ${{ github.event.pull_request.html_url }}
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index b77ed84..b1b0b78 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,12 +1,28 @@
 name: CI
 
 on:
+  push:
+    branches: [main]
+    paths:
+      - "**.ts"
+      - "**.lock"
+      - "**.nix"
+      - "deno.json"
+
+      - ".github/wokrflows/ci.yaml"
   pull_request:
+    paths:
+      - "**.ts"
+      - "**.lock"
+      - "**.nix"
+      - "deno.json"
+
+      - ".github/wokrflows/ci.yaml"
   workflow_dispatch:
 
 jobs:
-  build:
-    name: Build
+  lint-and-format:
+    name: Lint & Format
 
     runs-on: ubuntu-latest
 
@@ -15,39 +31,35 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@v13
+        uses: DeterminateSystems/nix-installer-action@v14
 
-      - name: Install Dependencies
-        run: nix develop .#ci --command pnpm install --frozen-lockfile
+      - name: Run deno lint
+        run: nix develop .#ci --command deno lint
 
-      - name: Run build
-        run: nix develop .#ci --command nrr build
+      - name: Run treefmt
+        run: nix fmt -- --ci
 
-  treefmt:
-    name: Treefmt
+  deploy:
+    name: Deploy
+    needs: lint-and-format
 
     runs-on: ubuntu-latest
 
+    permissions:
+      id-token: write
+
     steps:
-      - name: Checkout repository
+      - name: Clone repository
         uses: actions/checkout@v4
 
-      - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@v13
-
-      - name: Run checks
-        run: |
-          nix develop .#ci --command treefmt --fail-on-change
-
-  release-gate:
-    name: CI Release gate
-    needs: [build, treefmt]
-
-    if: always()
-
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Exit with error
-        if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
-        run: exit 1
+      - name: Upload to Deno Deploy
+        uses: denoland/deployctl@v1
+        with:
+          project: teawie-api
+          entrypoint: main.ts
+          include: |
+            main.ts
+            lib
+
+            deno.json
+            deno.lock
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index 9d82771..017332c 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -1,12 +1,20 @@
 name: CodeQL
 
 on:
+  push:
+    branches: [main]
+    paths:
+      - "**.ts"
+      - ".github/workflows/codeql.yaml"
   pull_request:
+    paths:
+      - "**.ts"
+      - ".github/workflows/codeql.yaml"
   workflow_dispatch:
 
 jobs:
   codeql:
-    name: Run CodeQL scan
+    name: Run scan
 
     runs-on: ubuntu-latest
 
diff --git a/.github/workflows/eslint.yaml b/.github/workflows/eslint.yaml
deleted file mode 100644
index 0a6f7ce..0000000
--- a/.github/workflows/eslint.yaml
+++ /dev/null
@@ -1,42 +0,0 @@
-name: ESLint
-
-on:
-  push:
-    branches: [main]
-    paths:
-      - "**.ts"
-      - "package.json"
-      - "pnpm-lock.yaml"
-      - "tsconfig.json"
-  pull_request:
-
-jobs:
-  eslint:
-    name: Run scan
-
-    runs-on: ubuntu-latest
-
-    permissions:
-      security-events: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@v13
-
-      - name: Install Dependencies
-        run: nix develop .#ci --command pnpm install --frozen-lockfile
-
-      - name: Run ESLint
-        continue-on-error: true
-        run: |
-          nix develop .#ci --command \
-            nrr lint --format @microsoft/eslint-formatter-sarif --output-file /tmp/results.sarif
-
-      - name: Upload Results
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: /tmp/results.sarif
-          wait-for-processing: true
diff --git a/.github/workflows/update-flake.yaml b/.github/workflows/update-flake.yaml
index bfebbc7..32206de 100644
--- a/.github/workflows/update-flake.yaml
+++ b/.github/workflows/update-flake.yaml
@@ -21,10 +21,10 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Nix
-        uses: DeterminateSystems/nix-installer-action@v13
+        uses: DeterminateSystems/nix-installer-action@v14
 
       - name: Update flake.lock & make PR
-        uses: DeterminateSystems/update-flake-lock@v23
+        uses: DeterminateSystems/update-flake-lock@v24
         with:
           commit-msg: "nix: update flake.lock"
           pr-title: "nix: update flake.lock"