JonKazama-Hellion/Hellion-NewTab
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases 11 Wiki Activity

ci(gitea): Release- und Quality-Workflow nach .gitea/ portieren, tote .github/-Workflows entfernen
Code Quality / Validate Extension (push) Successful in 5s
Details
Security / scan (push) Successful in 18s
Details
Release / Build & Release (push) Successful in 14s
Details

Browse Source
This commit is contained in:
Jon Kazama
2026-06-13 23:51:23 +02:00
parent 601350c5c6
commit a946e66c6c
3 changed files with 43 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/quality.yml → .gitea/workflows/quality.yml
View File
.github/workflows/release.yml → .gitea/workflows/release.yml
+43 -15
View File
@@ -1,10 +1,22 @@
# Release — creates ZIP packages for Chrome, Firefox and Opera on new tag
name: Release name: Release
# Wird bei einem vX.Y.Z-Tag-Push ausgeloest. Baut die drei Web-Extension-ZIPs
# (Chrome/Firefox/Opera) und haengt sie ans passende Gitea-Release.
#
# Portiert von GitHub Actions auf Gitea Actions (2026-06): der fruehere
# softprops/action-gh-release-Step ist GitHub-spezifisch und laeuft auf Gitea
# nicht. Ersetzt durch die Gitea-native release-action (volle gitea.com-URL,
# da DEFAULT_ACTIONS_URL=github nackte Namen sonst von github.com zieht).
# Muster uebernommen aus HellionChat/.gitea/workflows/release.yml.
on: on:
push: push:
tags: tags:
- 'v*' - 'v*'
# Manueller Recovery-Trigger: in Gitea "Run workflow" und den Tag (z.B. v2.2.0)
# im Ref-Dropdown waehlen, NICHT master. Der Validate-Step unten failt hart
# bei einem Nicht-Tag-Ref, weil die release-action GITHUB_REF direkt liest.
workflow_dispatch:
permissions: permissions:
contents: write contents: write
@@ -13,7 +25,20 @@ jobs:
build-release: build-release:
name: Build & Release name: Build & Release
runs-on: ubuntu-latest runs-on: ubuntu-latest
timeout-minutes: 20
steps: steps:
# release-action liest GITHUB_REF direkt (kein tag_name-Input). Vorab
# validieren, damit manuelle Dispatches von einem Branch-Ref hier laut
# scheitern statt nach einem vollen Build.
- name: Validate tag ref
run: |
if [[ "${GITHUB_REF}" != refs/tags/v* ]]; then
echo "::error::Release-Workflow muss auf einem v*-Tag laufen, got ${GITHUB_REF}"
echo "::error::Tag pushen, oder im workflow_dispatch-Ref-Dropdown den Tag (nicht master) waehlen."
exit 1
fi
- name: Checkout - name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
@@ -26,7 +51,7 @@ jobs:
mkdir -p dist mkdir -p dist
zip -r "dist/hellion-newtab-${{ steps.version.outputs.tag }}-chrome.zip" \ zip -r "dist/hellion-newtab-${{ steps.version.outputs.tag }}-chrome.zip" \
manifest.json newtab.html src/js/*.js src/css/ assets/ _locales/ \ manifest.json newtab.html src/js/*.js src/css/ assets/ _locales/ \
-x "*.git*" "dist/*" ".github/*" "src/js/opera/*" -x "*.git*" "dist/*" ".github/*" ".gitea/*" "src/js/opera/*"
- name: Create Firefox ZIP (Manifest V3) - name: Create Firefox ZIP (Manifest V3)
run: | run: |
@@ -34,7 +59,7 @@ jobs:
cp manifest.firefox.json manifest.json cp manifest.firefox.json manifest.json
zip -r "dist/hellion-newtab-${{ steps.version.outputs.tag }}-firefox.zip" \ zip -r "dist/hellion-newtab-${{ steps.version.outputs.tag }}-firefox.zip" \
manifest.json newtab.html src/js/*.js src/css/ assets/ _locales/ \ manifest.json newtab.html src/js/*.js src/css/ assets/ _locales/ \
-x "*.git*" "dist/*" ".github/*" "manifest.chrome-backup.json" "manifest.firefox.json" "src/js/opera/*" -x "*.git*" "dist/*" ".github/*" ".gitea/*" "manifest.chrome-backup.json" "manifest.firefox.json" "src/js/opera/*"
mv manifest.chrome-backup.json manifest.json mv manifest.chrome-backup.json manifest.json
- name: Create Opera/Opera GX ZIP (Manifest V3 + workaround) - name: Create Opera/Opera GX ZIP (Manifest V3 + workaround)
@@ -43,7 +68,7 @@ jobs:
cp manifest.opera.json manifest.json cp manifest.opera.json manifest.json
zip -r "dist/hellion-newtab-${{ steps.version.outputs.tag }}-opera.zip" \ zip -r "dist/hellion-newtab-${{ steps.version.outputs.tag }}-opera.zip" \
manifest.json newtab.html src/js/*.js src/js/opera/ src/css/ assets/ _locales/ \ manifest.json newtab.html src/js/*.js src/js/opera/ src/css/ assets/ _locales/ \
-x "*.git*" "dist/*" ".github/*" "manifest.chrome-backup.json" "manifest.opera.json" -x "*.git*" "dist/*" ".github/*" ".gitea/*" "manifest.chrome-backup.json" "manifest.opera.json"
mv manifest.chrome-backup.json manifest.json mv manifest.chrome-backup.json manifest.json
- name: Generate SHA256 checksums - name: Generate SHA256 checksums
@@ -52,10 +77,19 @@ jobs:
sha256sum *.zip > checksums-sha256.txt sha256sum *.zip > checksums-sha256.txt
cat checksums-sha256.txt cat checksums-sha256.txt
- name: Create GitHub Release # Gitea-native Release-Action. Legt das Release an, falls der Tag noch
uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3 # keins hat, oder aktualisiert das bestehende und haengt die Assets an.
# Der auto-injizierte GITHUB_TOKEN auf Gitea Actions hat Gitea-API-Scope
# und reicht fuer Release-Write.
- name: Attach to Gitea release
uses: https://gitea.com/actions/release-action@main
with: with:
name: "Hellion NewTab ${{ steps.version.outputs.tag }}" files: |-
dist/hellion-newtab-${{ steps.version.outputs.tag }}-chrome.zip
dist/hellion-newtab-${{ steps.version.outputs.tag }}-firefox.zip
dist/hellion-newtab-${{ steps.version.outputs.tag }}-opera.zip
dist/checksums-sha256.txt
api_key: ${{ secrets.GITHUB_TOKEN }}
body: | body: |
## Hellion NewTab ${{ steps.version.outputs.tag }} ## Hellion NewTab ${{ steps.version.outputs.tag }}
@@ -64,13 +98,7 @@ jobs:
- **Firefox:** `hellion-newtab-${{ steps.version.outputs.tag }}-firefox.zip` - **Firefox:** `hellion-newtab-${{ steps.version.outputs.tag }}-firefox.zip`
- **Opera / Opera GX:** `hellion-newtab-${{ steps.version.outputs.tag }}-opera.zip` - **Opera / Opera GX:** `hellion-newtab-${{ steps.version.outputs.tag }}-opera.zip`
See [README](README.md) for the full installation instructions. Vollstaendige Installationsanleitung siehe README.
### Checksums ### Checksums
See `checksums-sha256.txt` to verify file integrity. `checksums-sha256.txt` zum Verifizieren der Dateiintegritaet.
files: |
dist/hellion-newtab-${{ steps.version.outputs.tag }}-chrome.zip
dist/hellion-newtab-${{ steps.version.outputs.tag }}-firefox.zip
dist/hellion-newtab-${{ steps.version.outputs.tag }}-opera.zip
dist/checksums-sha256.txt
generate_release_notes: true
.github/workflows/security.yml
-42
View File
@@ -1,42 +0,0 @@
# Sicherheitsprüfung — läuft bei Push und PR auf main/master
name: Security Scan
on:
push:
branches: [main, master]
pull_request:
branches: [main, master]
schedule:
# Wöchentlich Montag 06:00 UTC
- cron: '0 6 * * 1'
permissions:
contents: read
security-events: write
jobs:
codeql:
name: CodeQL Analysis
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Initialize CodeQL
uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4
with:
languages: javascript
- name: Run CodeQL Analysis
uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4
dependency-review:
name: Dependency Review
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- name: Dependency Review
uses: actions/dependency-review-action@a1d282b36b6f3519aa1f3fc636f609c47dddb294 # v5.0.0