JonKazama-Hellion/HellionChat
1
0
Fork 0
Code Issues Pull Requests Actions Releases 28 Activity

chore(repo): fix license detection and add github workflows

Browse Source 
LICENSE now starts with the EUPL-1.2 standard header so github-linguist
detects the licence correctly in the repo header. The dual-copyright
block (upstream ChatTwo authors plus Hellion Online Media) moves into a
new COPYRIGHT file referenced from the README. NOTICE.md and
UPSTREAM_SYNC.md stay as-is.

New files under .github:

- workflows/build.yml: validates every push to main and every PR
  against the current Dalamud staging branch on a Windows runner
- workflows/release.yml: builds Release on every v* tag, locates the
  DalamudPackager latest.zip and attaches it to the matching GitHub
  Release via softprops/action-gh-release
- dependabot.yml: weekly NuGet sweeps and monthly GitHub Actions
  sweeps with conventional-commit prefixes, grouped patch and minor
  PRs to cut review noise
- ISSUE_TEMPLATE/bug_report.yml + feature_request.yml + config.yml:
  structured intake that pushes security reports through the private
  advisory flow and routes upstream-only issues to ChatTwo
- SECURITY.md: documents the vulnerability reporting channels, scope,
  and target disclosure window

The release workflow replaces the previous manual upload step. Tag a
release and the ZIP shows up on the release page automatically.
This commit is contained in:
Jon Kazama
2026-05-02 22:50:06 +02:00
parent 2f3b01732c
commit 22dbfc2e24
10 changed files with 374 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/ISSUE_TEMPLATE/bug_report.yml
+73
View File
@@ -0,0 +1,73 @@
name: Bug report
description: Something in HellionChat is broken or behaves wrong
labels:
- bug
body:
- type: markdown
attributes:
value: |
Thanks for reporting. Please fill in the fields below so I can
reproduce the issue. If this is a security issue, stop here and
use the [private vulnerability advisory](https://github.com/JonKazama-Hellion/HellionChat/security/advisories/new)
instead.
- type: input
id: version
attributes:
label: HellionChat version
description: From Settings → Information → Version
placeholder: "0.5.1"
validations:
required: true
- type: dropdown
id: platform
attributes:
label: Platform
options:
- Windows (XIVLauncher)
- Linux (XIVLauncher Core)
- macOS (XIVLauncher Core / wine)
- Other
validations:
required: true
- type: textarea
id: what-happened
attributes:
label: What happened
description: Plain description, no log dumps yet
validations:
required: true
- type: textarea
id: expected
attributes:
label: What you expected
validations:
required: true
- type: textarea
id: steps
attributes:
label: How to reproduce
description: Step-by-step from "open settings" or "log in" through to the broken behaviour
validations:
required: true
- type: textarea
id: log
attributes:
label: Relevant /xllog excerpt
description: Filter for "HellionChat" or "ChatTwo" if the log is huge
render: text
- type: checkboxes
id: confirm
attributes:
label: Pre-flight
options:
- label: I am running the latest version of HellionChat
required: true
- label: I have searched existing issues for duplicates
required: true
.github/ISSUE_TEMPLATE/config.yml
+14
View File
@@ -0,0 +1,14 @@
blank_issues_enabled: false
contact_links:
- name: Security vulnerability
url: https://github.com/JonKazama-Hellion/HellionChat/security/advisories/new
about: Do not open a public issue for security problems. Use the private advisory instead.
- name: Upstream Chat 2 issue
url: https://github.com/Infiziert90/ChatTwo/issues
about: If the issue exists in upstream Chat 2 too, please report it there so the original maintainers see it as well.
- name: Discord
url: https://discord.com/users/j.j_kazama
about: Quick questions, casual feedback. Bug reports still go through the issue tracker for tracking.
.github/ISSUE_TEMPLATE/feature_request.yml
+55
View File
@@ -0,0 +1,55 @@
name: Feature request
description: Suggest a feature or enhancement for HellionChat
labels:
- enhancement
body:
- type: markdown
attributes:
value: |
Thanks for the suggestion. HellionChat focuses on privacy by
default and a small, well-scoped feature set. Suggestions that
align with that scope are easier to accept than ones that pull
the plugin toward "do everything".
- type: textarea
id: problem
attributes:
label: What problem are you trying to solve
description: The user-side problem, not the proposed solution yet
validations:
required: true
- type: textarea
id: solution
attributes:
label: What you would like HellionChat to do
validations:
required: true
- type: textarea
id: alternatives
attributes:
label: Alternatives you have considered
description: Other plugins, manual workarounds, settings combinations
- type: dropdown
id: scope
attributes:
label: Scope estimate from your side
options:
- "Small (one tab, one toggle, one filter)"
- "Medium (a settings section, persistent state, one new file)"
- "Large (architectural, touches the message pipeline or the database)"
- "I don't know"
validations:
required: true
- type: checkboxes
id: confirm
attributes:
label: Pre-flight
options:
- label: I have searched existing issues for similar requests
required: true
- label: I understand HellionChat is a privacy-focused fork and not a feature parity tool with upstream Chat 2
required: true
.github/dependabot.yml
+42
View File
@@ -0,0 +1,42 @@
version: 2
updates:
# NuGet package updates for the plugin project. Weekly cadence keeps the
# noise down while still catching transitive security advisories within
# a few days of disclosure.
- package-ecosystem: nuget
directory: /ChatTwo
schedule:
interval: weekly
day: monday
time: "07:00"
timezone: Europe/Berlin
open-pull-requests-limit: 5
labels:
- dependencies
- nuget
commit-message:
prefix: "chore(deps)"
groups:
patches:
update-types:
- patch
minor:
update-types:
- minor
# GitHub Actions versions in .github/workflows. Lower cadence because
# Action releases ship less frequently and are usually safe to defer
# for a month.
- package-ecosystem: github-actions
directory: /
schedule:
interval: monthly
time: "07:00"
timezone: Europe/Berlin
open-pull-requests-limit: 3
labels:
- dependencies
- github-actions
commit-message:
prefix: "chore(actions)"
.github/workflows/build.yml
+49
View File
@@ -0,0 +1,49 @@
name: Build
# Verifies that every push to main and every PR still builds against the
# current Dalamud staging branch. Does not produce release artefacts; the
# release workflow handles that on tag.
on:
push:
branches: [main]
pull_request:
branches: [main]
workflow_dispatch:
jobs:
build:
name: Build (Release)
runs-on: windows-latest
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup .NET 10
uses: actions/setup-dotnet@v4
with:
dotnet-version: 10.0.x
- name: Download Dalamud staging
shell: pwsh
run: |
$hooks = Join-Path $env:APPDATA "XIVLauncher\addon\Hooks\dev"
New-Item -ItemType Directory -Force -Path $hooks | Out-Null
Invoke-WebRequest -Uri https://goatcorp.github.io/dalamud-distrib/stg/latest.zip -OutFile dalamud.zip
Expand-Archive -Force -Path dalamud.zip -DestinationPath $hooks
- name: Restore
run: dotnet restore ChatTwo/ChatTwo.csproj
- name: Build (Release)
run: dotnet build ChatTwo/ChatTwo.csproj --configuration Release --no-restore
- name: Upload build output
uses: actions/upload-artifact@v4
with:
name: HellionChat-build-${{ github.run_number }}
path: ChatTwo/bin/Release/**/HellionChat/**
if-no-files-found: warn
retention-days: 14
.github/workflows/release.yml
+61
View File
@@ -0,0 +1,61 @@
name: Release
# Triggered when a vX.Y.Z tag is pushed. Builds the plugin against the
# current Dalamud staging branch, locates the latest.zip produced by
# DalamudPackager and attaches it to the matching GitHub Release.
# Does not consume any user-controlled event payload, only the tag name
# (validated by the on.tags filter) and the steps output of the locate
# step (path string from Get-ChildItem on a controlled directory).
on:
push:
tags:
- 'v*'
permissions:
contents: write
jobs:
release:
name: Build and attach release ZIP
runs-on: windows-latest
timeout-minutes: 20
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup .NET 10
uses: actions/setup-dotnet@v4
with:
dotnet-version: 10.0.x
- name: Download Dalamud staging
shell: pwsh
run: |
$hooks = Join-Path $env:APPDATA "XIVLauncher\addon\Hooks\dev"
New-Item -ItemType Directory -Force -Path $hooks | Out-Null
Invoke-WebRequest -Uri https://goatcorp.github.io/dalamud-distrib/stg/latest.zip -OutFile dalamud.zip
Expand-Archive -Force -Path dalamud.zip -DestinationPath $hooks
- name: Build (Release)
run: dotnet build ChatTwo/ChatTwo.csproj --configuration Release
- name: Locate latest.zip
id: locate
shell: pwsh
run: |
$zip = Get-ChildItem -Path ChatTwo\bin\Release -Recurse -Filter latest.zip | Select-Object -First 1
if (-not $zip)
{
throw "latest.zip not found under ChatTwo\bin\Release"
}
Write-Host "Found: $($zip.FullName)"
"path=$($zip.FullName)" | Out-File -FilePath $env:GITHUB_OUTPUT -Append
- name: Attach to GitHub release
uses: softprops/action-gh-release@v2
with:
files: ${{ steps.locate.outputs.path }}
fail_on_unmatched_files: true
generate_release_notes: false
COPYRIGHT
+27
View File
@@ -0,0 +1,27 @@
HellionChat — a privacy-focused fork of ChatTwo for FINAL FANTASY XIV
Copyright (c) 2024-2025 Infiziert90 (Infi) and Anna Clemens (ascclemens)
Original ChatTwo authors and copyright holders of the upstream
plugin this fork is built on. Their work covers the message store,
the channel filtering, the sidebar tab system, the FFXIV chat
hooks, the localisation infrastructure and most of the
architecture HellionChat still relies on.
Copyright (c) 2025-2026 Florian Wathling / Hellion Online Media
HellionChat-specific modifications, including the privacy filter,
per-channel retention sweep, export pipeline, Auto-Tell-Tabs,
Hellion theme and font integration, German localisation and the
EUPL-1.2 fork maintenance.
Licensed under the European Union Public Licence (EUPL), Version 1.2
only. The full Licence text lives in the LICENSE file at the root of
this repository. The official Licence website is at:
https://eupl.eu/1.2/en/
This Work is provided "AS IS" without warranties of any kind. See
Article 7 (Disclaimer of Warranty) and Article 8 (Disclaimer of
Liability) of the Licence for the legally binding wording.
Acknowledgements directed at the upstream ChatTwo authors live in
NOTICE.md. The manual upstream-sync workflow lives in UPSTREAM_SYNC.md.
LICENSE
-26
View File
@@ -1,30 +1,4 @@
HellionChat — a privacy-focused fork of ChatTwo
Copyright (c) 2024-2025 Infiziert90 (Infi) and Anna Clemens
(original ChatTwo authors and copyright holders of the upstream work
this fork is built on)
Copyright (c) 2025-2026 Florian Wathling / Hellion Online Media
(HellionChat-specific modifications, Privacy/Export/Auto-Tell-Tabs
features, Hellion theme, German localisation, EUPL-1.2 fork
maintenance)
Licensed under the European Union Public Licence (EUPL), Version 1.2 only.
You may obtain a copy of the Licence at:
https://eupl.eu/1.2/en/
Unless required by applicable law or agreed to in writing, software
distributed under the Licence is distributed on an "AS IS" basis, WITHOUT
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
Licence for the specific language governing permissions and limitations
under the Licence.
The full Licence text follows below.
================================================================================
EUROPEAN UNION PUBLIC LICENCE v. 1.2
EUPL (c) the European Union 2007, 2016
This European Union Public Licence (the 'EUPL') applies to the Work (as
README.md
+1 -1
View File
@@ -269,7 +269,7 @@ Phase 3 (offen, kein festes Datum):
## Lizenz
EUPL-1.2 (gleiche Lizenz wie Upstream Chat 2). Volltext liegt in [LICENSE](LICENSE), persönliche Danksagung an die Upstream-Autoren in [NOTICE.md](NOTICE.md).
EUPL-1.2 (gleiche Lizenz wie Upstream Chat 2). Volltext in [LICENSE](LICENSE), Copyright-Notes mit Dual-Holder-Block in [COPYRIGHT](COPYRIGHT), persönliche Danksagung an die Upstream-Autoren in [NOTICE.md](NOTICE.md).
© 20232026 die Chat-2-Autoren (Infi, Anna und die Upstream-Contributors) für die Engine, IPC und Storage-Schicht.
© 2026 Hellion Online Media für die Hellion-Chat-Erweiterungen.
SECURITY.md
+49
View File
@@ -0,0 +1,49 @@
# Security policy
## Reporting a vulnerability
If you find a security issue in HellionChat, please do not open a public
GitHub issue. Use one of the private channels below instead so we can
investigate and ship a fix before the details go out.
**Preferred:**
[Privately report a vulnerability](https://github.com/JonKazama-Hellion/HellionChat/security/advisories/new)
through GitHub's Security Advisories. This routes the report directly to
me and keeps the conversation off the public timeline.
**Alternative:**
- Email: `maintainer@hellion-media.de`
- Discord: `@j.j_kazama`
I respond on weekdays during European business hours. For urgent
disclosures (active exploitation, user-data exposure) email is the
fastest path.
## What I treat as in scope
- Code paths in HellionChat that touch user-controlled input (chat
messages, plugin config, file paths the user can influence)
- The privacy filter in MessageStore.cs and the export pipeline
- The Configuration migration logic
- The EmoteCache HTTP client and path handling
- The Auto-Tell-Tabs spawn logic and history preload
## What is not in scope
- Issues in upstream Chat 2 that we have not modified — please report
those at <https://github.com/Infiziert90/ChatTwo/issues>
- Issues in Dalamud itself — those go to <https://github.com/goatcorp/Dalamud>
- Issues in the FFXIV game client
- Anything that needs the user to install a malicious plugin first
## Acknowledgement
I list everyone who reports a real issue in the changelog of the release
that fixes it, unless they prefer to stay anonymous. No bug bounty,
nothing financial; this is a hobby plugin.
## Disclosure window
I aim to ship a fix within 14 days for high-severity issues and within
30 days for everything else. If a fix needs more time I will say so in
the private thread.