Update README and workflows for release process: Clarified branch usage and workflow steps in README.md, emphasizing the new ci branch for integration. Adjusted Gitea and GitHub workflows to reflect the change from dev to ci for triggering release builds, ensuring a streamlined and consistent obfuscation process for production assets.

2026-06-02 08:08:43 +00:00 · 2026-05-29 10:42:08 +02:00
3 changed files with 56 additions and 53 deletions
--- a/.gitea/workflows/obfuscate-main.yml
+++ b/.gitea/workflows/obfuscate-main.yml
@@ -1,9 +1,9 @@
-name: Release Build (dev → main)
+name: Release Build (ci → main)

 on:
  push:
    branches:
-      - dev
+      - ci
  workflow_dispatch:

 env:
@@ -16,29 +16,12 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - name: Checkout (volle History)
+      - name: Checkout ci (Integration)
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          repository-url: https://git.hexahost.dev/smueller/HexaHost-Frontend
-          ref: dev
-
-      - name: Merge dev in CI-Workspace (Basis main)
-        env:
-          GITEA_TOKEN: ${{ github.token }}
-        run: |
-          git config user.name "gitea-actions"
-          git config user.email "actions@local"
-          git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git"
-          git fetch origin main dev
-
-          if git show-ref --verify --quiet refs/remotes/origin/main; then
-            git checkout -B main origin/main
-            git merge origin/dev -X theirs --no-edit -m "ci: merge dev for release build"
-          else
-            echo "main branch missing, initializing from dev"
-            git checkout -B main origin/dev
-          fi
+          ref: ci

      - name: Setup Python
        uses: actions/setup-python@v5
@@ -60,10 +43,20 @@ jobs:
          git config user.name "gitea-actions"
          git config user.email "actions@local"
          git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git"
+          git fetch origin main ci
+
          git add -A
          if git diff --cached --quiet; then
            echo "No release changes to publish."
            exit 0
          fi
-          git commit -m "chore(release): obfuscate and hash production assets [skip ci]"
-          git push origin main
+
+          TREE=$(git write-tree)
+          MSG="chore(release): obfuscate and hash production assets [skip ci]"
+          if git show-ref --verify --quiet refs/remotes/origin/main; then
+            PARENT=$(git rev-parse origin/main)
+            COMMIT=$(git commit-tree "$TREE" -p "$PARENT" -m "$MSG")
+          else
+            COMMIT=$(git commit-tree "$TREE" -m "$MSG")
+          fi
+          git push origin "${COMMIT}:refs/heads/main"
--- a/.github/workflows/obfuscate-main.yml
+++ b/.github/workflows/obfuscate-main.yml
@@ -1,10 +1,10 @@
 # Hinweis: Gitea nutzt .gitea/workflows/obfuscate-main.yml (identischer Ablauf).
-name: Release Build (dev → main)
+name: Release Build (ci → main)

 on:
  push:
    branches:
-      - dev
+      - ci
  workflow_dispatch:

 env:
@@ -17,29 +17,12 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - name: Checkout (volle History)
+      - name: Checkout ci (Integration)
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
          repository-url: https://git.hexahost.dev/smueller/HexaHost-Frontend
-          ref: dev
-
-      - name: Merge dev in CI-Workspace (Basis main)
-        env:
-          GITEA_TOKEN: ${{ github.token }}
-        run: |
-          git config user.name "gitea-actions"
-          git config user.email "actions@local"
-          git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git"
-          git fetch origin main dev
-
-          if git show-ref --verify --quiet refs/remotes/origin/main; then
-            git checkout -B main origin/main
-            git merge origin/dev -X theirs --no-edit -m "ci: merge dev for release build"
-          else
-            echo "main branch missing, initializing from dev"
-            git checkout -B main origin/dev
-          fi
+          ref: ci

      - name: Setup Python
        uses: actions/setup-python@v5
@@ -61,10 +44,20 @@ jobs:
          git config user.name "gitea-actions"
          git config user.email "actions@local"
          git remote set-url origin "https://oauth2:${GITEA_TOKEN}@${GITEA_HOST}/${REPO_PATH}.git"
+          git fetch origin main ci
+
          git add -A
          if git diff --cached --quiet; then
            echo "No release changes to publish."
            exit 0
          fi
-          git commit -m "chore(release): obfuscate and hash production assets [skip ci]"
-          git push origin main
+
+          TREE=$(git write-tree)
+          MSG="chore(release): obfuscate and hash production assets [skip ci]"
+          if git show-ref --verify --quiet refs/remotes/origin/main; then
+            PARENT=$(git rev-parse origin/main)
+            COMMIT=$(git commit-tree "$TREE" -p "$PARENT" -m "$MSG")
+          else
+            COMMIT=$(git commit-tree "$TREE" -m "$MSG")
+          fi
+          git push origin "${COMMIT}:refs/heads/main"
--- a/README.md
+++ b/README.md
@@ -169,16 +169,33 @@ Für den Produktivbetrieb `public/` als Webroot konfigurieren.
 | Branch | Zweck |
 |--------|--------|
 | **`dev`** | Entwicklung (lesbarer Code, Kommentare) |
-| **`main`** | Release/Produktion (obfuskiert, gehashte Assets) |
+| **`ci`** | Integration (du mergst `dev` hierher) |
+| **`main`** | Release/Produktion (obfuskiert, gehashte Assets — nur per Pipeline) |

-**Workflow:** Nur auf `dev` entwickeln und pushen — **nicht** `dev` manuell nach `main` mergen.
+**Ablauf: `dev` → `ci` → `main`**

-Bei jedem Push auf `dev` startet `.gitea/workflows/obfuscate-main.yml`:
+1. Auf **`dev`** entwickeln und pushen
+2. **`dev` nach `ci` mergen** (manuell, z. B. in Gitea oder lokal)
+3. **`ci` pushen** → startet `.gitea/workflows/obfuscate-main.yml`
+4. Pipeline obfuskiert im Runner-Workspace und publiziert nach **`main`**

-1. Checkout in temporärem Runner-Workspace
-2. `dev` in CI mit `main` mergen (`-X theirs`, dev-Inhalte bei Konflikten)
-3. Obfuscation-Build (`scripts/obfuscate_release.py --hash-assets`)
-4. Ergebnis nach `main` pushen (Bot-Commit mit `[skip ci]`)
+```powershell
+# Nach fertigen Änderungen auf dev:
+git checkout ci
+git pull origin ci
+git merge dev
+git push origin ci
+```
+
+Bei jedem Push auf **`ci`**:
+
+1. Checkout von `ci` im temporären Runner-Workspace
+2. Obfuscation-Build (`scripts/obfuscate_release.py --hash-assets`)
+3. Ergebnis nach `main` pushen (Bot-Commit mit `[skip ci]`)
+
+**Nicht** `dev` oder `ci` direkt nach `main` mergen. Der Branch **`ci` bleibt lesbar** — Obfuscation wird nur nach `main` publiziert.
+
+`ci`-Branch einmalig anlegen (falls noch nicht vorhanden): `git checkout -b ci dev && git push -u origin ci`

 Der Build führt aus: