Refactor release build process: Updated README.md to clarify branch usage and workflow for development and production. Enhanced Gitea and GitHub workflows to automate merging from dev to main, ensuring consistent obfuscation and asset management during releases. Improved commit messages and streamlined the build process for better clarity and efficiency.

.gitea/workflows/obfuscate-main.yml

@@ -1,34 +1,43 @@
-name: Obfuscate Main Build
+name: Release Build (dev → main)
 
 on:
   push:
     branches:
-      - main
+      - dev
   workflow_dispatch:
 
 env:
-  # Gitea liefert intern oft eine IP; das SSL-Zertifikat gilt für den Hostnamen.
   GITEA_HOST: git.hexahost.dev
   REPO_PATH: smueller/HexaHost-Frontend
 
 jobs:
-  obfuscate:
+  release-build:
+    if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }}
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout
+      - name: Checkout (volle History)
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
           repository-url: https://git.hexahost.dev/smueller/HexaHost-Frontend
+          ref: dev
 
-      - name: Skip loop commits
+      - name: Merge dev in CI-Workspace (Basis main)
+        env:
+          GITEA_TOKEN: ${{ github.token }}
         run: |
-          msg="$(git log -1 --pretty=%B)"
-          echo "Last commit message: $msg"
-          if echo "$msg" | grep -q "\[skip ci\]"; then
-            echo "Skip CI commit detected."
-            exit 0
+          git config user.name "gitea-actions"
+          git config user.email "actions@local"
+          git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git"
+          git fetch origin main dev
+
+          if git show-ref --verify --quiet refs/remotes/origin/main; then
+            git checkout -B main origin/main
+            git merge origin/dev -X theirs --no-edit -m "ci: merge dev for release build"
+          else
+            echo "main branch missing, initializing from dev"
+            git checkout -B main origin/dev
           fi
 
       - name: Setup Python
@@ -44,7 +53,7 @@ jobs:
       - name: Run release obfuscation
         run: python scripts/obfuscate_release.py --root . --hash-assets
 
-      - name: Commit obfuscated build
+      - name: Publish release to main
         env:
           GITEA_TOKEN: ${{ github.token }}
         run: |
@@ -53,8 +62,8 @@ jobs:
           git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git"
           git add -A
           if git diff --cached --quiet; then
-            echo "No build changes to commit."
+            echo "No release changes to publish."
             exit 0
           fi
           git commit -m "chore(release): obfuscate and hash production assets [skip ci]"
-          git push origin HEAD:main
+          git push origin main

.github/workflows/obfuscate-main.yml

@@ -1,44 +1,70 @@
-name: Obfuscate Main Build
+# Hinweis: Gitea nutzt .gitea/workflows/obfuscate-main.yml (identischer Ablauf).
+name: Release Build (dev → main)
 
 on:
   push:
     branches:
-      - main
+      - dev
   workflow_dispatch:
 
-permissions:
-  contents: write
+env:
+  GITEA_HOST: git.hexahost.dev
+  REPO_PATH: smueller/HexaHost-Frontend
 
 jobs:
-  obfuscate:
-    if: github.actor != 'github-actions[bot]'
+  release-build:
+    if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }}
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout
+      - name: Checkout (volle History)
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          repository-url: https://git.hexahost.dev/smueller/HexaHost-Frontend
+          ref: dev
+
+      - name: Merge dev in CI-Workspace (Basis main)
+        env:
+          GITEA_TOKEN: ${{ github.token }}
+        run: |
+          git config user.name "gitea-actions"
+          git config user.email "actions@local"
+          git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git"
+          git fetch origin main dev
+
+          if git show-ref --verify --quiet refs/remotes/origin/main; then
+            git checkout -B main origin/main
+            git merge origin/dev -X theirs --no-edit -m "ci: merge dev for release build"
+          else
+            echo "main branch missing, initializing from dev"
+            git checkout -B main origin/dev
+          fi
 
       - name: Setup Python
         uses: actions/setup-python@v5
         with:
-          python-version: '3.12'
+          python-version: "3.12"
 
       - name: Setup Node
         uses: actions/setup-node@v4
         with:
-          node-version: '20'
+          node-version: "20"
 
       - name: Run release obfuscation
         run: python scripts/obfuscate_release.py --root . --hash-assets
 
-      - name: Commit obfuscated build
+      - name: Publish release to main
+        env:
+          GITEA_TOKEN: ${{ github.token }}
         run: |
+          git config user.name "gitea-actions"
+          git config user.email "actions@local"
+          git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git"
           git add -A
           if git diff --cached --quiet; then
-            echo "No build changes to commit."
+            echo "No release changes to publish."
             exit 0
           fi
           git commit -m "chore(release): obfuscate and hash production assets [skip ci]"
-          git push
+          git push origin main

README.md

@@ -166,9 +166,21 @@ Für den Produktivbetrieb `public/` als Webroot konfigurieren.
 
 ### Production-Build & Veröffentlichung
 
-Der Quellcode bleibt auf `dev`, der veröffentlichte Stand liegt auf `main`.
+| Branch | Zweck |
+|--------|--------|
+| **`dev`** | Entwicklung (lesbarer Code, Kommentare) |
+| **`main`** | Release/Produktion (obfuskiert, gehashte Assets) |
 
-Bei jedem Push/Merge auf `main` läuft die GitHub Action `.github/workflows/obfuscate-main.yml` automatisch und führt aus:
+**Workflow:** Nur auf `dev` entwickeln und pushen — **nicht** `dev` manuell nach `main` mergen.
+
+Bei jedem Push auf `dev` startet `.gitea/workflows/obfuscate-main.yml`:
+
+1. Checkout in temporärem Runner-Workspace
+2. `dev` in CI mit `main` mergen (`-X theirs`, dev-Inhalte bei Konflikten)
+3. Obfuscation-Build (`scripts/obfuscate_release.py --hash-assets`)
+4. Ergebnis nach `main` pushen (Bot-Commit mit `[skip ci]`)
+
+Der Build führt aus:
 
 - Entfernen von Kommentaren (inkl. Block-Kommentaren) in PHP/JS/CSS
 - Minify + Obfuscate für JavaScript
@@ -176,7 +188,7 @@ Bei jedem Push/Merge auf `main` läuft die GitHub Action `.github/workflows/obfu
 - Kein Source-Map-Output
 - Hashing von JS/CSS-Dateinamen + automatische Referenz-Anpassung
 
-Lokal ausführbar:
+Lokal testen (nur in Kopie, nicht committen):
 
 ```bash
 python scripts/obfuscate_release.py --root . --hash-assets