diff --git a/.gitea/workflows/obfuscate-main.yml b/.gitea/workflows/obfuscate-main.yml index a0b081c..fe15351 100644 --- a/.gitea/workflows/obfuscate-main.yml +++ b/.gitea/workflows/obfuscate-main.yml @@ -1,34 +1,43 @@ -name: Obfuscate Main Build +name: Release Build (dev → main) on: push: branches: - - main + - dev workflow_dispatch: env: - # Gitea liefert intern oft eine IP; das SSL-Zertifikat gilt für den Hostnamen. GITEA_HOST: git.hexahost.dev REPO_PATH: smueller/HexaHost-Frontend jobs: - obfuscate: + release-build: + if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }} runs-on: ubuntu-latest steps: - - name: Checkout + - name: Checkout (volle History) uses: actions/checkout@v4 with: fetch-depth: 0 repository-url: https://git.hexahost.dev/smueller/HexaHost-Frontend + ref: dev - - name: Skip loop commits + - name: Merge dev in CI-Workspace (Basis main) + env: + GITEA_TOKEN: ${{ github.token }} run: | - msg="$(git log -1 --pretty=%B)" - echo "Last commit message: $msg" - if echo "$msg" | grep -q "\[skip ci\]"; then - echo "Skip CI commit detected." - exit 0 + git config user.name "gitea-actions" + git config user.email "actions@local" + git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git" + git fetch origin main dev + + if git show-ref --verify --quiet refs/remotes/origin/main; then + git checkout -B main origin/main + git merge origin/dev -X theirs --no-edit -m "ci: merge dev for release build" + else + echo "main branch missing, initializing from dev" + git checkout -B main origin/dev fi - name: Setup Python @@ -44,7 +53,7 @@ jobs: - name: Run release obfuscation run: python scripts/obfuscate_release.py --root . --hash-assets - - name: Commit obfuscated build + - name: Publish release to main env: GITEA_TOKEN: ${{ github.token }} run: | @@ -53,8 +62,8 @@ jobs: git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git" git add -A if git diff --cached --quiet; then - echo "No build changes to commit." + echo "No release changes to publish." exit 0 fi git commit -m "chore(release): obfuscate and hash production assets [skip ci]" - git push origin HEAD:main + git push origin main diff --git a/.github/workflows/obfuscate-main.yml b/.github/workflows/obfuscate-main.yml index 0c1b10e..1b87e0d 100644 --- a/.github/workflows/obfuscate-main.yml +++ b/.github/workflows/obfuscate-main.yml @@ -1,44 +1,70 @@ -name: Obfuscate Main Build +# Hinweis: Gitea nutzt .gitea/workflows/obfuscate-main.yml (identischer Ablauf). +name: Release Build (dev → main) on: push: branches: - - main + - dev workflow_dispatch: -permissions: - contents: write +env: + GITEA_HOST: git.hexahost.dev + REPO_PATH: smueller/HexaHost-Frontend jobs: - obfuscate: - if: github.actor != 'github-actions[bot]' + release-build: + if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }} runs-on: ubuntu-latest steps: - - name: Checkout + - name: Checkout (volle History) uses: actions/checkout@v4 with: fetch-depth: 0 + repository-url: https://git.hexahost.dev/smueller/HexaHost-Frontend + ref: dev + + - name: Merge dev in CI-Workspace (Basis main) + env: + GITEA_TOKEN: ${{ github.token }} + run: | + git config user.name "gitea-actions" + git config user.email "actions@local" + git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git" + git fetch origin main dev + + if git show-ref --verify --quiet refs/remotes/origin/main; then + git checkout -B main origin/main + git merge origin/dev -X theirs --no-edit -m "ci: merge dev for release build" + else + echo "main branch missing, initializing from dev" + git checkout -B main origin/dev + fi - name: Setup Python uses: actions/setup-python@v5 with: - python-version: '3.12' + python-version: "3.12" - name: Setup Node uses: actions/setup-node@v4 with: - node-version: '20' + node-version: "20" - name: Run release obfuscation run: python scripts/obfuscate_release.py --root . --hash-assets - - name: Commit obfuscated build + - name: Publish release to main + env: + GITEA_TOKEN: ${{ github.token }} run: | + git config user.name "gitea-actions" + git config user.email "actions@local" + git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git" git add -A if git diff --cached --quiet; then - echo "No build changes to commit." + echo "No release changes to publish." exit 0 fi git commit -m "chore(release): obfuscate and hash production assets [skip ci]" - git push + git push origin main diff --git a/README.md b/README.md index f9fbb03..0c497f1 100644 --- a/README.md +++ b/README.md @@ -166,9 +166,21 @@ Für den Produktivbetrieb `public/` als Webroot konfigurieren. ### Production-Build & Veröffentlichung -Der Quellcode bleibt auf `dev`, der veröffentlichte Stand liegt auf `main`. +| Branch | Zweck | +|--------|--------| +| **`dev`** | Entwicklung (lesbarer Code, Kommentare) | +| **`main`** | Release/Produktion (obfuskiert, gehashte Assets) | -Bei jedem Push/Merge auf `main` läuft die GitHub Action `.github/workflows/obfuscate-main.yml` automatisch und führt aus: +**Workflow:** Nur auf `dev` entwickeln und pushen — **nicht** `dev` manuell nach `main` mergen. + +Bei jedem Push auf `dev` startet `.gitea/workflows/obfuscate-main.yml`: + +1. Checkout in temporärem Runner-Workspace +2. `dev` in CI mit `main` mergen (`-X theirs`, dev-Inhalte bei Konflikten) +3. Obfuscation-Build (`scripts/obfuscate_release.py --hash-assets`) +4. Ergebnis nach `main` pushen (Bot-Commit mit `[skip ci]`) + +Der Build führt aus: - Entfernen von Kommentaren (inkl. Block-Kommentaren) in PHP/JS/CSS - Minify + Obfuscate für JavaScript @@ -176,7 +188,7 @@ Bei jedem Push/Merge auf `main` läuft die GitHub Action `.github/workflows/obfu - Kein Source-Map-Output - Hashing von JS/CSS-Dateinamen + automatische Referenz-Anpassung -Lokal ausführbar: +Lokal testen (nur in Kopie, nicht committen): ```bash python scripts/obfuscate_release.py --root . --hash-assets