Two scope changes that together get the self-hosted wfe CI pipeline
passing against builds.sunbeam.pt.
1. Add `name:` display names to all 12 workflow definitions
(Continuous Integration, Unit Tests, Build Image, etc.) so the
new wfectl tables and UIs have human-friendly labels alongside
the slug ids.
2. Restructure step references from the old `<<: *ci_step` / `<<:
*ci_long` anchors to inner-config merges of the form:
- name: foo
type: kubernetes
config:
<<: *ci_config
run: |
...
YAML 1.1 merge keys are *shallow*. The old anchors put `config:`
on the top-level step, then the step's own `config:` block
replaced it wholesale — image, memory, cpu, env all vanished.
The new pattern merges at the `config:` level so step-specific
fields (`run:`, `outputs:`, etc.) sit alongside the inherited
`image:`, `memory:`, `cpu:`, `env:`.
3. Secret env vars (GITEA_TOKEN, TEA_TOKEN, CARGO_REGISTRIES_*,
BUILDKIT_*) moved into the shared `ci_env` anchor. Individual
steps used to declare their own `env:` blocks which — again due
to shallow merge — would replace the whole inherited env map.
Lima wfe-test VM: Alpine with system containerd + BuildKit from apk,
TCP socat proxy for reliable gRPC transport, probes with sudo for
socket permission fixes. 2 core / 4GB / 20GB.
CI pipeline: add wfe-rustlang to feature-tests, package, and publish
steps. Container tests use TCP proxy (http://127.0.0.1:2500) instead
of Unix socket forwarding. Containerd tests set WFE_IO_DIR for shared
filesystem support.
