smueller/HexaHost-Web-Prod
1
0
Fork 0
mirror of https://git.hexahost.dev/smueller/HexaHost-Frontend.git synced 2026-06-02 06:18:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore(release): obfuscate and hash production assets [skip ci]

Browse Source
This commit is contained in:
gitea-actions
2026-05-29 08:43:42 +00:00
parent f7ea36f4f2
commit 7a03f5aa1b
16 changed files with 112 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
.gitea/workflows/obfuscate-main.yml
View File

@@ -1,9 +1,9 @@
name: Release Build (dev → main) name: Release Build (ci → main)
on: on:
push: push:
branches: branches:
- dev - ci
workflow_dispatch: workflow_dispatch:
env: env:
@@ -16,29 +16,12 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout (volle History) - name: Checkout ci (Integration)
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
repository-url: https://git.hexahost.dev/smueller/HexaHost-Frontend repository-url: https://git.hexahost.dev/smueller/HexaHost-Frontend
ref: dev ref: ci
- name: Merge dev in CI-Workspace (Basis main)
env:
GITEA_TOKEN: ${{ github.token }}
run: |
git config user.name "gitea-actions"
git config user.email "actions@local"
git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git"
git fetch origin main dev
if git show-ref --verify --quiet refs/remotes/origin/main; then
git checkout -B main origin/main
git merge origin/dev -X theirs --no-edit -m "ci: merge dev for release build"
else
echo "main branch missing, initializing from dev"
git checkout -B main origin/dev
fi
- name: Setup Python - name: Setup Python
uses: actions/setup-python@v5 uses: actions/setup-python@v5
@@ -60,10 +43,20 @@ jobs:
git config user.name "gitea-actions" git config user.name "gitea-actions"
git config user.email "actions@local" git config user.email "actions@local"
git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git" git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git"
git fetch origin main ci
git add -A git add -A
if git diff --cached --quiet; then if git diff --cached --quiet; then
echo "No release changes to publish." echo "No release changes to publish."
exit 0 exit 0
fi fi
git commit -m "chore(release): obfuscate and hash production assets [skip ci]"
git push origin main TREE=$(git write-tree)
MSG="chore(release): obfuscate and hash production assets [skip ci]"
if git show-ref --verify --quiet refs/remotes/origin/main; then
PARENT=$(git rev-parse origin/main)
COMMIT=$(git commit-tree "$TREE" -p "$PARENT" -m "$MSG")
else
COMMIT=$(git commit-tree "$TREE" -m "$MSG")
fi
git push origin "${COMMIT}:refs/heads/main"

39
.github/workflows/obfuscate-main.yml vendored
View File

@@ -1,10 +1,10 @@
# Hinweis: Gitea nutzt .gitea/workflows/obfuscate-main.yml (identischer Ablauf). # Hinweis: Gitea nutzt .gitea/workflows/obfuscate-main.yml (identischer Ablauf).
name: Release Build (dev → main) name: Release Build (ci → main)
on: on:
push: push:
branches: branches:
- dev - ci
workflow_dispatch: workflow_dispatch:
env: env:
@@ -17,29 +17,12 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout (volle History) - name: Checkout ci (Integration)
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
repository-url: https://git.hexahost.dev/smueller/HexaHost-Frontend repository-url: https://git.hexahost.dev/smueller/HexaHost-Frontend
ref: dev ref: ci
- name: Merge dev in CI-Workspace (Basis main)
env:
GITEA_TOKEN: ${{ github.token }}
run: |
git config user.name "gitea-actions"
git config user.email "actions@local"
git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git"
git fetch origin main dev
if git show-ref --verify --quiet refs/remotes/origin/main; then
git checkout -B main origin/main
git merge origin/dev -X theirs --no-edit -m "ci: merge dev for release build"
else
echo "main branch missing, initializing from dev"
git checkout -B main origin/dev
fi
- name: Setup Python - name: Setup Python
uses: actions/setup-python@v5 uses: actions/setup-python@v5
@@ -61,10 +44,20 @@ jobs:
git config user.name "gitea-actions" git config user.name "gitea-actions"
git config user.email "actions@local" git config user.email "actions@local"
git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git" git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git"
git fetch origin main ci
git add -A git add -A
if git diff --cached --quiet; then if git diff --cached --quiet; then
echo "No release changes to publish." echo "No release changes to publish."
exit 0 exit 0
fi fi
git commit -m "chore(release): obfuscate and hash production assets [skip ci]"
git push origin main TREE=$(git write-tree)
MSG="chore(release): obfuscate and hash production assets [skip ci]"
if git show-ref --verify --quiet refs/remotes/origin/main; then
PARENT=$(git rev-parse origin/main)
COMMIT=$(git commit-tree "$TREE" -p "$PARENT" -m "$MSG")
else
COMMIT=$(git commit-tree "$TREE" -m "$MSG")
fi
git push origin "${COMMIT}:refs/heads/main"

31
README.md
View File

@@ -169,16 +169,33 @@ Für den Produktivbetrieb `public/` als Webroot konfigurieren.
| Branch | Zweck | | Branch | Zweck |
|--------|--------| |--------|--------|
| **`dev`** | Entwicklung (lesbarer Code, Kommentare) | | **`dev`** | Entwicklung (lesbarer Code, Kommentare) |
| **`main`** | Release/Produktion (obfuskiert, gehashte Assets) | | **`ci`** | Integration (du mergst `dev` hierher) |
| **`main`** | Release/Produktion (obfuskiert, gehashte Assets — nur per Pipeline) |
**Workflow:** Nur auf `dev` entwickeln und pushen — **nicht** `dev` manuell nach `main` mergen. **Ablauf: `dev` → `ci` → `main`**
Bei jedem Push auf `dev` startet `.gitea/workflows/obfuscate-main.yml`: 1. Auf **`dev`** entwickeln und pushen
2. **`dev` nach `ci` mergen** (manuell, z. B. in Gitea oder lokal)
3. **`ci` pushen** → startet `.gitea/workflows/obfuscate-main.yml`
4. Pipeline obfuskiert im Runner-Workspace und publiziert nach **`main`**
1. Checkout in temporärem Runner-Workspace ```powershell
2. `dev` in CI mit `main` mergen (`-X theirs`, dev-Inhalte bei Konflikten) # Nach fertigen Änderungen auf dev:
3. Obfuscation-Build (`scripts/obfuscate_release.py --hash-assets`) git checkout ci
4. Ergebnis nach `main` pushen (Bot-Commit mit `[skip ci]`) git pull origin ci
git merge dev
git push origin ci
```
Bei jedem Push auf **`ci`**:
1. Checkout von `ci` im temporären Runner-Workspace
2. Obfuscation-Build (`scripts/obfuscate_release.py --hash-assets`)
3. Ergebnis nach `main` pushen (Bot-Commit mit `[skip ci]`)
**Nicht** `dev` oder `ci` direkt nach `main` mergen. Der Branch **`ci` bleibt lesbar** — Obfuscation wird nur nach `main` publiziert.
`ci`-Branch einmalig anlegen (falls noch nicht vorhanden): `git checkout -b ci dev && git push -u origin ci`
Der Build führt aus: Der Build führt aus:

4
backend/includes/footer.php
View File

@@ -156,8 +156,8 @@
</script> </script>
<script async src="https://www.googletagmanager.com/gtag/js?id=G-EF0E9VPMTD"></script> <script async src="https://www.googletagmanager.com/gtag/js?id=G-EF0E9VPMTD"></script>
<script src="/assets/js/main.b83bb213abc1.js" defer></script> <script src="/assets/js/main.1342420b5948.js" defer></script>
<script src="/assets/js/cookie-consent.6f0657b52e18.js" defer></script> <script src="/assets/js/cookie-consent.da9d2eb69283.js" defer></script>
<?php if (isset($additional_scripts)): ?> <?php if (isset($additional_scripts)): ?>
<?php foreach ($additional_scripts as $script): ?> <?php foreach ($additional_scripts as $script): ?>
<script src="<?php echo htmlspecialchars($script, ENT_QUOTES, 'UTF-8'); ?>" defer></script> <script src="<?php echo htmlspecialchars($script, ENT_QUOTES, 'UTF-8'); ?>" defer></script>

1
public/assets/js/contact.2511c5f0041c.js Normal file
View File

File diff suppressed because one or more lines are too long

1
public/assets/js/contact.ee450029d017.js
View File

File diff suppressed because one or more lines are too long

1
public/assets/js/cookie-consent.6f0657b52e18.js
View File

File diff suppressed because one or more lines are too long

1
public/assets/js/cookie-consent.da9d2eb69283.js Normal file
View File

File diff suppressed because one or more lines are too long

1
public/assets/js/main.1342420b5948.js Normal file
View File

File diff suppressed because one or more lines are too long

1
public/assets/js/main.b83bb213abc1.js
View File

File diff suppressed because one or more lines are too long

2
public/contact.php
View File

@@ -8,7 +8,7 @@ $preselected_subject = getPreselectedContactSubject();
$page_title = 'Kontakt - HexaHost.de | Hosting aus Niederbayern'; $page_title = 'Kontakt - HexaHost.de | Hosting aus Niederbayern';
$page_description = 'Kontaktieren Sie HexaHost.de - Ihr Hosting-Partner aus Niederbayern. Persönlicher Support und kompetente Beratung.'; $page_description = 'Kontaktieren Sie HexaHost.de - Ihr Hosting-Partner aus Niederbayern. Persönlicher Support und kompetente Beratung.';
$current_page = 'contact'; $current_page = 'contact';
$additional_scripts = ['assets/js/contact.ee450029d017.js']; $additional_scripts = ['assets/js/contact.2511c5f0041c.js'];
includeHeader($page_title, $page_description, $current_page, $additional_scripts); includeHeader($page_title, $page_description, $current_page, $additional_scripts);

4
public/robots.txt
View File

@@ -7,8 +7,8 @@ Disallow: /assets/css/
# Allow CSS and JS files for better SEO # Allow CSS and JS files for better SEO
Allow: /assets/css/style.d01979e8c871.css Allow: /assets/css/style.d01979e8c871.css
Allow: /assets/js/main.b83bb213abc1.js Allow: /assets/js/main.1342420b5948.js
Allow: /assets/js/contact.ee450029d017.js Allow: /assets/js/contact.2511c5f0041c.js
# Sitemap location # Sitemap location
Sitemap: https://hexahost.de/sitemap.xml Sitemap: https://hexahost.de/sitemap.xml

48
scripts/test-email.php Normal file
View File

@@ -0,0 +1,48 @@
<?php
/**
* HexaHost.de E-Mail Test (nur CLI oder lokale Entwicklung)
*/
if (PHP_SAPI !== 'cli') {
$remoteAddr = $_SERVER['REMOTE_ADDR'] ?? '';
$isLocal = in_array($remoteAddr, ['127.0.0.1', '::1'], true)
|| filter_var($remoteAddr, FILTER_VALIDATE_IP, FILTER_FLAG_NO_PRIV_RANGE | FILTER_FLAG_NO_RES_RANGE) === false;
if (!$isLocal) {
http_response_code(403);
exit('Forbidden');
}
}
require_once __DIR__ . '/../backend/config/mail-config.php';
function testEmail() {
$config = getHexaHostConfig();
$subject = '[HexaHost.de] Test-E-Mail';
$message = "Test-E-Mail von HexaHost.de\n\n";
$message .= "Zeitstempel: " . date('d.m.Y H:i:s') . "\n";
$headers = [
'From: ' . $config['from_name'] . ' <' . $config['from_email'] . '>',
'MIME-Version: 1.0',
'Content-Type: text/plain; charset=UTF-8',
'X-Mailer: HexaHost Test Email',
];
return mail($config['to_email'], $subject, $message, implode("\r\n", $headers));
}
if (PHP_SAPI === 'cli') {
echo testEmail() ? "Test-E-Mail gesendet.\n" : "Fehler beim Senden.\n";
exit;
}
if (isset($_GET['test'])) {
echo testEmail()
? 'Test-E-Mail wurde gesendet.'
: 'Fehler beim Senden der Test-E-Mail.';
} else {
echo '<h1>HexaHost.de E-Mail Test</h1>';
echo '<p><a href="?test=1">Test-E-Mail senden</a></p>';
}

1
stdout/public/assets/js/contact.js
View File

File diff suppressed because one or more lines are too long

1
stdout/public/assets/js/cookie-consent.js
View File

File diff suppressed because one or more lines are too long

1
stdout/public/assets/js/main.js
View File

File diff suppressed because one or more lines are too long