tinqs/ci — composite actions + Lambda dispatcher for Spot CI runners

Actions: checkout, setup-go, setup-node, setup-aws
Dispatcher: Lambda → EC2 Spot (ephemeral, self-terminating)
Images: base, go, node, docker, deploy, godot

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

checkout/README.md

@@ -0,0 +1,33 @@
+# tinqs/ci/checkout
+
+Clones a repository from tinqs.com (self-hosted Gitea) using plain `git clone`.
+
+Works on any runner with git installed — Alpine, Debian, or pre-baked images. No Node.js runtime, no GitHub API dependency.
+
+## Usage
+
+```yaml
+- uses: tinqs/ci/checkout@v1
+```
+
+### With options
+
+```yaml
+- uses: tinqs/ci/checkout@v1
+  with:
+    repository: 'tinqs/engine'    # default: current repo
+    ref: 'tinqs/main'             # default: current branch
+    depth: '0'                    # default: 1 (shallow)
+    token: ${{ secrets.TOKEN }}   # default: none (public clone)
+    path: 'engine'                # default: . (current dir)
+```
+
+## Inputs
+
+| Input | Default | Description |
+|-------|---------|-------------|
+| `repository` | `${{ github.repository }}` | Repository in `owner/repo` format |
+| `ref` | `${{ github.ref_name }}` | Branch or tag |
+| `depth` | `1` | Clone depth (0 = full history) |
+| `path` | `.` | Directory to clone into |
+| `token` | `` | Gitea access token for private repos |

checkout/action.yml

@@ -0,0 +1,77 @@
+# tinqs/ci/checkout — Tinqs Studio CI
+# Clones a repo from tinqs.com (self-hosted Gitea) using plain git.
+# Supports depth control, branch/tag selection, token auth, and sparse checkout.
+# Composite action — runs directly on the host, no Node.js runtime needed.
+# Author: Ozan + Claude Code — 2026-05-22
+
+name: 'Tinqs Checkout'
+description: 'Clone a Gitea repository'
+
+inputs:
+  repository:
+    description: 'Repository (owner/repo)'
+    default: '${{ github.repository }}'
+  ref:
+    description: 'Branch or tag to checkout'
+    default: '${{ github.ref_name }}'
+  depth:
+    description: 'Clone depth (0 = full)'
+    default: '1'
+  path:
+    description: 'Directory to clone into'
+    default: '.'
+  token:
+    description: 'Gitea access token (for private repos)'
+    default: ''
+  sparse:
+    description: 'Space-separated paths for sparse checkout (empty = full clone)'
+    default: ''
+
+runs:
+  using: 'composite'
+  steps:
+    - run: |
+        REPO="${{ inputs.repository }}"
+        REF="${{ inputs.ref }}"
+        DEPTH="${{ inputs.depth }}"
+        TARGET="${{ inputs.path }}"
+        TOKEN="${{ inputs.token }}"
+        SPARSE="${{ inputs.sparse }}"
+
+        if [ "$DEPTH" = "0" ]; then
+          DEPTH_FLAG=""
+        else
+          DEPTH_FLAG="--depth $DEPTH"
+        fi
+
+        if [ -n "$TOKEN" ]; then
+          URL="https://token:${TOKEN}@tinqs.com/${REPO}.git"
+        else
+          URL="https://tinqs.com/${REPO}.git"
+        fi
+
+        if [ -n "$SPARSE" ]; then
+          # Sparse checkout — only fetch specified paths
+          mkdir -p "$TARGET" && cd "$TARGET"
+          git init
+          git remote add origin "$URL"
+          git config core.sparseCheckout true
+          for P in $SPARSE; do
+            echo "$P" >> .git/info/sparse-checkout
+          done
+          # Also always include go.mod/go.sum for Go builds
+          echo "go.mod" >> .git/info/sparse-checkout
+          echo "go.sum" >> .git/info/sparse-checkout
+          git fetch $DEPTH_FLAG origin "$REF"
+          git checkout FETCH_HEAD
+          echo "Sparse checkout ${REPO}@${REF} ($(echo $SPARSE | wc -w) paths)"
+        else
+          # Full clone
+          if [ "$TARGET" = "." ]; then
+            git clone $DEPTH_FLAG --branch "$REF" "$URL" .
+          else
+            git clone $DEPTH_FLAG --branch "$REF" "$URL" "$TARGET"
+          fi
+          echo "Checked out ${REPO}@${REF}"
+        fi
+      shell: bash