ci(gitea): Release- und Quality-Workflow nach .gitea/ portieren, tote .github/-Workflows entfernen
This commit is contained in:
@@ -1,111 +0,0 @@
|
||||
# Code-Qualität — Validierung bei Push und PR
|
||||
name: Code Quality
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main, master]
|
||||
pull_request:
|
||||
branches: [main, master]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
validate:
|
||||
name: Validate Extension
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
- name: Projektstruktur prüfen
|
||||
run: |
|
||||
echo "Prüfe Projektstruktur..."
|
||||
test -f manifest.json || (echo "FEHLER: manifest.json fehlt!" && exit 1)
|
||||
test -f manifest.firefox.json || (echo "FEHLER: manifest.firefox.json fehlt!" && exit 1)
|
||||
test -f manifest.opera.json || (echo "FEHLER: manifest.opera.json fehlt!" && exit 1)
|
||||
test -f newtab.html || (echo "FEHLER: newtab.html fehlt!" && exit 1)
|
||||
test -d src/js || (echo "FEHLER: src/js/ fehlt!" && exit 1)
|
||||
test -d src/js/opera || (echo "FEHLER: src/js/opera/ fehlt!" && exit 1)
|
||||
test -d src/css || (echo "FEHLER: src/css/ fehlt!" && exit 1)
|
||||
test -d assets/icons || (echo "FEHLER: assets/icons/ fehlt!" && exit 1)
|
||||
test -d assets/themes || (echo "FEHLER: assets/themes/ fehlt!" && exit 1)
|
||||
test -d assets/fonts || (echo "FEHLER: assets/fonts/ fehlt!" && exit 1)
|
||||
echo "Projektstruktur OK"
|
||||
|
||||
- name: Manifest-Validierung (alle 3)
|
||||
run: |
|
||||
echo "Prüfe Manifests..."
|
||||
python3 -c "
|
||||
import json, sys
|
||||
|
||||
with open('manifest.json') as f:
|
||||
m = json.load(f)
|
||||
assert m.get('manifest_version') == 3, 'Chrome: Manifest V3 erwartet'
|
||||
assert m.get('name'), 'Chrome: Name fehlt'
|
||||
assert m.get('version'), 'Chrome: Version fehlt'
|
||||
assert 'storage' in m.get('permissions', []), 'Chrome: Storage Permission fehlt'
|
||||
print('manifest.json (V3) OK — Version:', m['version'])
|
||||
|
||||
with open('manifest.firefox.json') as f:
|
||||
mf = json.load(f)
|
||||
assert mf.get('manifest_version') == 3, 'Firefox: Manifest V3 erwartet'
|
||||
assert mf['version'] == m['version'], 'Firefox: Version stimmt nicht mit Chrome überein!'
|
||||
assert 'browser_specific_settings' in mf, 'Firefox: browser_specific_settings fehlt'
|
||||
print('manifest.firefox.json (V3) OK — Version:', mf['version'])
|
||||
|
||||
with open('manifest.opera.json') as f:
|
||||
mo = json.load(f)
|
||||
assert mo.get('manifest_version') == 3, 'Opera: Manifest V3 erwartet'
|
||||
assert mo['version'] == m['version'], 'Opera: Version stimmt nicht mit Chrome überein!'
|
||||
assert 'tabs' in mo.get('permissions', []), 'Opera: Tabs Permission fehlt'
|
||||
assert 'background' in mo, 'Opera: Background Service Worker fehlt'
|
||||
print('manifest.opera.json (V3) OK — Version:', mo['version'])
|
||||
"
|
||||
|
||||
- name: JavaScript Syntax-Check
|
||||
run: |
|
||||
echo "Prüfe JavaScript-Syntax..."
|
||||
ERRORS=0
|
||||
for f in src/js/*.js src/js/opera/*.js; do
|
||||
if ! node --check "$f" 2>&1; then
|
||||
echo "SYNTAX-FEHLER in $f"
|
||||
ERRORS=$((ERRORS + 1))
|
||||
fi
|
||||
done
|
||||
if [ "$ERRORS" -gt 0 ]; then
|
||||
echo "$ERRORS Datei(en) mit Syntax-Fehlern!"
|
||||
exit 1
|
||||
fi
|
||||
echo "Alle JS-Dateien syntaktisch korrekt"
|
||||
|
||||
- name: Icon-Dateien prüfen
|
||||
run: |
|
||||
for icon in assets/icons/icon16.png assets/icons/icon48.png assets/icons/icon128.png; do
|
||||
test -f "$icon" || (echo "FEHLER: $icon fehlt!" && exit 1)
|
||||
done
|
||||
echo "Alle Icons vorhanden"
|
||||
|
||||
- name: Versions-Konsistenz prüfen
|
||||
run: |
|
||||
MANIFEST_VER=$(python3 -c "import json; print(json.load(open('manifest.json'))['version'])")
|
||||
FIREFOX_VER=$(python3 -c "import json; print(json.load(open('manifest.firefox.json'))['version'])")
|
||||
OPERA_VER=$(python3 -c "import json; print(json.load(open('manifest.opera.json'))['version'])")
|
||||
HTML_VER=$(grep -oP 'Version \K[0-9]+\.[0-9]+\.[0-9]+' newtab.html || echo 'NICHT GEFUNDEN')
|
||||
echo "manifest.json: $MANIFEST_VER"
|
||||
echo "manifest.firefox.json: $FIREFOX_VER"
|
||||
echo "manifest.opera.json: $OPERA_VER"
|
||||
echo "newtab.html: $HTML_VER"
|
||||
if [ "$MANIFEST_VER" != "$FIREFOX_VER" ]; then
|
||||
echo "FEHLER: Chrome/Firefox Versionen stimmen nicht überein!"
|
||||
exit 1
|
||||
fi
|
||||
if [ "$MANIFEST_VER" != "$OPERA_VER" ]; then
|
||||
echo "FEHLER: Chrome/Opera Versionen stimmen nicht überein!"
|
||||
exit 1
|
||||
fi
|
||||
if [ "$MANIFEST_VER" != "$HTML_VER" ]; then
|
||||
echo "WARNUNG: Version in newtab.html ($HTML_VER) weicht ab von Manifest ($MANIFEST_VER)"
|
||||
exit 1
|
||||
fi
|
||||
echo "Alle Versionen konsistent: $MANIFEST_VER"
|
||||
@@ -1,76 +0,0 @@
|
||||
# Release — creates ZIP packages for Chrome, Firefox and Opera on new tag
|
||||
name: Release
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- 'v*'
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
jobs:
|
||||
build-release:
|
||||
name: Build & Release
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
- name: Extract version from tag
|
||||
id: version
|
||||
run: echo "tag=${GITHUB_REF#refs/tags/}" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Create Chrome/Edge ZIP (Manifest V3)
|
||||
run: |
|
||||
mkdir -p dist
|
||||
zip -r "dist/hellion-newtab-${{ steps.version.outputs.tag }}-chrome.zip" \
|
||||
manifest.json newtab.html src/js/*.js src/css/ assets/ _locales/ \
|
||||
-x "*.git*" "dist/*" ".github/*" "src/js/opera/*"
|
||||
|
||||
- name: Create Firefox ZIP (Manifest V3)
|
||||
run: |
|
||||
cp manifest.json manifest.chrome-backup.json
|
||||
cp manifest.firefox.json manifest.json
|
||||
zip -r "dist/hellion-newtab-${{ steps.version.outputs.tag }}-firefox.zip" \
|
||||
manifest.json newtab.html src/js/*.js src/css/ assets/ _locales/ \
|
||||
-x "*.git*" "dist/*" ".github/*" "manifest.chrome-backup.json" "manifest.firefox.json" "src/js/opera/*"
|
||||
mv manifest.chrome-backup.json manifest.json
|
||||
|
||||
- name: Create Opera/Opera GX ZIP (Manifest V3 + workaround)
|
||||
run: |
|
||||
cp manifest.json manifest.chrome-backup.json
|
||||
cp manifest.opera.json manifest.json
|
||||
zip -r "dist/hellion-newtab-${{ steps.version.outputs.tag }}-opera.zip" \
|
||||
manifest.json newtab.html src/js/*.js src/js/opera/ src/css/ assets/ _locales/ \
|
||||
-x "*.git*" "dist/*" ".github/*" "manifest.chrome-backup.json" "manifest.opera.json"
|
||||
mv manifest.chrome-backup.json manifest.json
|
||||
|
||||
- name: Generate SHA256 checksums
|
||||
run: |
|
||||
cd dist
|
||||
sha256sum *.zip > checksums-sha256.txt
|
||||
cat checksums-sha256.txt
|
||||
|
||||
- name: Create GitHub Release
|
||||
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3
|
||||
with:
|
||||
name: "Hellion NewTab ${{ steps.version.outputs.tag }}"
|
||||
body: |
|
||||
## Hellion NewTab ${{ steps.version.outputs.tag }}
|
||||
|
||||
### Installation
|
||||
- **Chrome / Edge / Brave / Vivaldi:** `hellion-newtab-${{ steps.version.outputs.tag }}-chrome.zip`
|
||||
- **Firefox:** `hellion-newtab-${{ steps.version.outputs.tag }}-firefox.zip`
|
||||
- **Opera / Opera GX:** `hellion-newtab-${{ steps.version.outputs.tag }}-opera.zip`
|
||||
|
||||
See [README](README.md) for the full installation instructions.
|
||||
|
||||
### Checksums
|
||||
See `checksums-sha256.txt` to verify file integrity.
|
||||
files: |
|
||||
dist/hellion-newtab-${{ steps.version.outputs.tag }}-chrome.zip
|
||||
dist/hellion-newtab-${{ steps.version.outputs.tag }}-firefox.zip
|
||||
dist/hellion-newtab-${{ steps.version.outputs.tag }}-opera.zip
|
||||
dist/checksums-sha256.txt
|
||||
generate_release_notes: true
|
||||
@@ -1,42 +0,0 @@
|
||||
# Sicherheitsprüfung — läuft bei Push und PR auf main/master
|
||||
name: Security Scan
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main, master]
|
||||
pull_request:
|
||||
branches: [main, master]
|
||||
schedule:
|
||||
# Wöchentlich Montag 06:00 UTC
|
||||
- cron: '0 6 * * 1'
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
security-events: write
|
||||
|
||||
jobs:
|
||||
codeql:
|
||||
name: CodeQL Analysis
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4
|
||||
with:
|
||||
languages: javascript
|
||||
|
||||
- name: Run CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4
|
||||
|
||||
dependency-review:
|
||||
name: Dependency Review
|
||||
runs-on: ubuntu-latest
|
||||
if: github.event_name == 'pull_request'
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
||||
|
||||
- name: Dependency Review
|
||||
uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0
|
||||
Reference in New Issue
Block a user