smueller/HexaHost-Frontend
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: merge dev for release build

Browse Source
This commit is contained in:
gitea-actions
2026-05-28 15:42:22 +00:00
parent e91a9ed9c3 e9d5b55459
commit 99f0056106
3 changed files with 76 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
.gitea/workflows/obfuscate-main.yml
View File

@@ -1,34 +1,43 @@
name: Obfuscate Main Build name: Release Build (dev → main)
on: on:
push: push:
branches: branches:
- main - dev
workflow_dispatch: workflow_dispatch:
env: env:
# Gitea liefert intern oft eine IP; das SSL-Zertifikat gilt für den Hostnamen.
GITEA_HOST: git.hexahost.dev GITEA_HOST: git.hexahost.dev
REPO_PATH: smueller/HexaHost-Frontend REPO_PATH: smueller/HexaHost-Frontend
jobs: jobs:
obfuscate: release-build:
if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout (volle History)
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
repository-url: https://git.hexahost.dev/smueller/HexaHost-Frontend repository-url: https://git.hexahost.dev/smueller/HexaHost-Frontend
ref: dev
- name: Skip loop commits - name: Merge dev in CI-Workspace (Basis main)
env:
GITEA_TOKEN: ${{ github.token }}
run: | run: |
msg="$(git log -1 --pretty=%B)" git config user.name "gitea-actions"
echo "Last commit message: $msg" git config user.email "actions@local"
if echo "$msg" | grep -q "\[skip ci\]"; then git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git"
echo "Skip CI commit detected." git fetch origin main dev
exit 0
if git show-ref --verify --quiet refs/remotes/origin/main; then
git checkout -B main origin/main
git merge origin/dev -X theirs --no-edit -m "ci: merge dev for release build"
else
echo "main branch missing, initializing from dev"
git checkout -B main origin/dev
fi fi
- name: Setup Python - name: Setup Python
@@ -44,7 +53,7 @@ jobs:
- name: Run release obfuscation - name: Run release obfuscation
run: python scripts/obfuscate_release.py --root . --hash-assets run: python scripts/obfuscate_release.py --root . --hash-assets
- name: Commit obfuscated build - name: Publish release to main
env: env:
GITEA_TOKEN: ${{ github.token }} GITEA_TOKEN: ${{ github.token }}
run: | run: |
@@ -53,8 +62,8 @@ jobs:
git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git" git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git"
git add -A git add -A
if git diff --cached --quiet; then if git diff --cached --quiet; then
echo "No build changes to commit." echo "No release changes to publish."
exit 0 exit 0
fi fi
git commit -m "chore(release): obfuscate and hash production assets [skip ci]" git commit -m "chore(release): obfuscate and hash production assets [skip ci]"
git push origin HEAD:main git push origin main

50
.github/workflows/obfuscate-main.yml vendored
View File

@@ -1,44 +1,70 @@
name: Obfuscate Main Build # Hinweis: Gitea nutzt .gitea/workflows/obfuscate-main.yml (identischer Ablauf).
name: Release Build (dev → main)
on: on:
push: push:
branches: branches:
- main - dev
workflow_dispatch: workflow_dispatch:
permissions: env:
contents: write GITEA_HOST: git.hexahost.dev
REPO_PATH: smueller/HexaHost-Frontend
jobs: jobs:
obfuscate: release-build:
if: github.actor != 'github-actions[bot]' if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout - name: Checkout (volle History)
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
repository-url: https://git.hexahost.dev/smueller/HexaHost-Frontend
ref: dev
- name: Merge dev in CI-Workspace (Basis main)
env:
GITEA_TOKEN: ${{ github.token }}
run: |
git config user.name "gitea-actions"
git config user.email "actions@local"
git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git"
git fetch origin main dev
if git show-ref --verify --quiet refs/remotes/origin/main; then
git checkout -B main origin/main
git merge origin/dev -X theirs --no-edit -m "ci: merge dev for release build"
else
echo "main branch missing, initializing from dev"
git checkout -B main origin/dev
fi
- name: Setup Python - name: Setup Python
uses: actions/setup-python@v5 uses: actions/setup-python@v5
with: with:
python-version: '3.12' python-version: "3.12"
- name: Setup Node - name: Setup Node
uses: actions/setup-node@v4 uses: actions/setup-node@v4
with: with:
node-version: '20' node-version: "20"
- name: Run release obfuscation - name: Run release obfuscation
run: python scripts/obfuscate_release.py --root . --hash-assets run: python scripts/obfuscate_release.py --root . --hash-assets
- name: Commit obfuscated build - name: Publish release to main
env:
GITEA_TOKEN: ${{ github.token }}
run: | run: |
git config user.name "gitea-actions"
git config user.email "actions@local"
git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git"
git add -A git add -A
if git diff --cached --quiet; then if git diff --cached --quiet; then
echo "No build changes to commit." echo "No release changes to publish."
exit 0 exit 0
fi fi
git commit -m "chore(release): obfuscate and hash production assets [skip ci]" git commit -m "chore(release): obfuscate and hash production assets [skip ci]"
git push git push origin main

18
README.md
View File

@@ -166,9 +166,21 @@ Für den Produktivbetrieb `public/` als Webroot konfigurieren.
### Production-Build & Veröffentlichung ### Production-Build & Veröffentlichung
Der Quellcode bleibt auf `dev`, der veröffentlichte Stand liegt auf `main`. | Branch | Zweck |
|--------|--------|
| **`dev`** | Entwicklung (lesbarer Code, Kommentare) |
| **`main`** | Release/Produktion (obfuskiert, gehashte Assets) |
Bei jedem Push/Merge auf `main` läuft die GitHub Action `.github/workflows/obfuscate-main.yml` automatisch und führt aus: **Workflow:** Nur auf `dev` entwickeln und pushen — **nicht** `dev` manuell nach `main` mergen.
Bei jedem Push auf `dev` startet `.gitea/workflows/obfuscate-main.yml`:
1. Checkout in temporärem Runner-Workspace
2. `dev` in CI mit `main` mergen (`-X theirs`, dev-Inhalte bei Konflikten)
3. Obfuscation-Build (`scripts/obfuscate_release.py --hash-assets`)
4. Ergebnis nach `main` pushen (Bot-Commit mit `[skip ci]`)
Der Build führt aus:
- Entfernen von Kommentaren (inkl. Block-Kommentaren) in PHP/JS/CSS - Entfernen von Kommentaren (inkl. Block-Kommentaren) in PHP/JS/CSS
- Minify + Obfuscate für JavaScript - Minify + Obfuscate für JavaScript
@@ -176,7 +188,7 @@ Bei jedem Push/Merge auf `main` läuft die GitHub Action `.github/workflows/obfu
- Kein Source-Map-Output - Kein Source-Map-Output
- Hashing von JS/CSS-Dateinamen + automatische Referenz-Anpassung - Hashing von JS/CSS-Dateinamen + automatische Referenz-Anpassung
Lokal ausführbar: Lokal testen (nur in Kopie, nicht committen):
```bash ```bash
python scripts/obfuscate_release.py --root . --hash-assets python scripts/obfuscate_release.py --root . --hash-assets