HellionChat

JonKazama-Hellion/HellionChat

Fork 0

Commit Graph

Author	SHA1	Message	Date
JonKazama-Hellion	1b63765caa	docs: community standards, privacy notice and release-body automation Closes the remaining gaps in GitHub's community-standards check, adds explicit privacy and dependency documentation matching the plugin's "DSGVO-by-design" claim, and removes the stale upstream Crowdin artefact so the repo no longer suggests it ships its own translation pipeline. New community-health files: - CODE_OF_CONDUCT.md: project-specific, short and direct, single reporting path to kontakt@hellion-media.de - CONTRIBUTING.md: scope, accepted vs declined contributions, build and test instructions, EUPL-1.2 contribution terms, translation policy split between Hellion-specific (here) and upstream strings (Chat 2 repo) - SUPPORT.md: routing for bugs, security, privacy and casual feedback - .github/PULL_REQUEST_TEMPLATE.md: summary, change-type checklist, testing notes, compatibility notes for migrations and manifest fields, contribution checklist - .github/FUNDING.yml: comments-only file, no platforms enabled, points donors at the upstream Chat 2 maintainers' Ko-fi pages New privacy and compliance documentation: - PRIVACY.md: what the plugin stores locally (config, SQLite, EmoteCacheV1), retention defaults, the two outbound network calls (BetterTTV API+CDN with ShowEmotes opt-out, Square Enix Lodestone font once-off), explicit no-telemetry statement, GDPR Art. 15/17/18/20/21 rights mapped to plugin features, third-party privacy-policy links - THIRD_PARTY_NOTICES.md: direct NuGet dependencies with versions pinned to v0.5.4 (MessagePack, Microsoft.Data.Sqlite, morelinq, Pidgin, SixLabors.ImageSharp under Six Labors Split License 1.0), Dalamud SDK and .NET tooling, bundled Exo 2 font (OFL-1.1) and plugin icon, network-touch status per component, re-audit commands Crowdin cleanup: - crowdin.yml deleted (was upstream Chat 2's project_id 663694, pointed at /ChatTwo/Resources/Language.resx, never wired to HellionChat strings) - README, CONTRIBUTING and CODE_OF_CONDUCT no longer suggest HellionChat operates a Crowdin project; remaining mentions are explicitly framed as upstream Chat 2's workflow Contact and version consistency: - Maintainer email switched from maintainer@hellion-media.de to kontakt@hellion-media.de in SECURITY.md and NOTICE.md - README version references updated to 0.5.4 (header, project status block) and the update-tag pattern generalised from v0.1.x to v0.X.Y - bug_report.yml version placeholder bumped to 0.5.4 - Project-documents table added to README footer linking all health and reference files in one place Release-body automation: - .github/workflows/release.yml now extracts the matching version block from ChatTwo/HellionChat.yaml's changelog and combines it with a static install / docs footer (custom-repo URL, project document links, licence) before passing the result to softprops/action-gh-release@v3 via body_path - Workflow fails fast if no changelog block exists for the tagged version, automating the existing "yaml + repo.json + release body kept in sync" rule - Tag value passed via env: TAG_NAME with strict ^v\d+\.\d+\.\d+$ validation before any string concatenation, so the tag input cannot break out into shell evaluation	2026-05-03 10:42:07 +02:00
JonKazama-Hellion	22dbfc2e24	chore(repo): fix license detection and add github workflows LICENSE now starts with the EUPL-1.2 standard header so github-linguist detects the licence correctly in the repo header. The dual-copyright block (upstream ChatTwo authors plus Hellion Online Media) moves into a new COPYRIGHT file referenced from the README. NOTICE.md and UPSTREAM_SYNC.md stay as-is. New files under .github: - workflows/build.yml: validates every push to main and every PR against the current Dalamud staging branch on a Windows runner - workflows/release.yml: builds Release on every v* tag, locates the DalamudPackager latest.zip and attaches it to the matching GitHub Release via softprops/action-gh-release - dependabot.yml: weekly NuGet sweeps and monthly GitHub Actions sweeps with conventional-commit prefixes, grouped patch and minor PRs to cut review noise - ISSUE_TEMPLATE/bug_report.yml + feature_request.yml + config.yml: structured intake that pushes security reports through the private advisory flow and routes upstream-only issues to ChatTwo - SECURITY.md: documents the vulnerability reporting channels, scope, and target disclosure window The release workflow replaces the previous manual upload step. Tag a release and the ZIP shows up on the release page automatically.	2026-05-02 22:50:06 +02:00

Author

SHA1

Message

Date

JonKazama-Hellion

1b63765caa

docs: community standards, privacy notice and release-body automation

Closes the remaining gaps in GitHub's community-standards check, adds
explicit privacy and dependency documentation matching the plugin's
"DSGVO-by-design" claim, and removes the stale upstream Crowdin
artefact so the repo no longer suggests it ships its own translation
pipeline.

New community-health files:

- CODE_OF_CONDUCT.md: project-specific, short and direct, single
  reporting path to kontakt@hellion-media.de
- CONTRIBUTING.md: scope, accepted vs declined contributions, build
  and test instructions, EUPL-1.2 contribution terms, translation
  policy split between Hellion-specific (here) and upstream strings
  (Chat 2 repo)
- SUPPORT.md: routing for bugs, security, privacy and casual feedback
- .github/PULL_REQUEST_TEMPLATE.md: summary, change-type checklist,
  testing notes, compatibility notes for migrations and manifest
  fields, contribution checklist
- .github/FUNDING.yml: comments-only file, no platforms enabled,
  points donors at the upstream Chat 2 maintainers' Ko-fi pages

New privacy and compliance documentation:

- PRIVACY.md: what the plugin stores locally (config, SQLite,
  EmoteCacheV1), retention defaults, the two outbound network calls
  (BetterTTV API+CDN with ShowEmotes opt-out, Square Enix Lodestone
  font once-off), explicit no-telemetry statement, GDPR
  Art. 15/17/18/20/21 rights mapped to plugin features, third-party
  privacy-policy links
- THIRD_PARTY_NOTICES.md: direct NuGet dependencies with versions
  pinned to v0.5.4 (MessagePack, Microsoft.Data.Sqlite, morelinq,
  Pidgin, SixLabors.ImageSharp under Six Labors Split License 1.0),
  Dalamud SDK and .NET tooling, bundled Exo 2 font (OFL-1.1) and
  plugin icon, network-touch status per component, re-audit commands

Crowdin cleanup:

- crowdin.yml deleted (was upstream Chat 2's project_id 663694,
  pointed at /ChatTwo/Resources/Language.resx, never wired to
  HellionChat strings)
- README, CONTRIBUTING and CODE_OF_CONDUCT no longer suggest
  HellionChat operates a Crowdin project; remaining mentions are
  explicitly framed as upstream Chat 2's workflow

Contact and version consistency:

- Maintainer email switched from maintainer@hellion-media.de to
  kontakt@hellion-media.de in SECURITY.md and NOTICE.md
- README version references updated to 0.5.4 (header, project status
  block) and the update-tag pattern generalised from v0.1.x to v0.X.Y
- bug_report.yml version placeholder bumped to 0.5.4
- Project-documents table added to README footer linking all health
  and reference files in one place

Release-body automation:

- .github/workflows/release.yml now extracts the matching version
  block from ChatTwo/HellionChat.yaml's changelog and combines it
  with a static install / docs footer (custom-repo URL, project
  document links, licence) before passing the result to
  softprops/action-gh-release@v3 via body_path
- Workflow fails fast if no changelog block exists for the tagged
  version, automating the existing "yaml + repo.json + release body
  kept in sync" rule
- Tag value passed via env: TAG_NAME with strict ^v\d+\.\d+\.\d+$
  validation before any string concatenation, so the tag input cannot
  break out into shell evaluation

2026-05-03 10:42:07 +02:00

JonKazama-Hellion

22dbfc2e24

chore(repo): fix license detection and add github workflows

LICENSE now starts with the EUPL-1.2 standard header so github-linguist
detects the licence correctly in the repo header. The dual-copyright
block (upstream ChatTwo authors plus Hellion Online Media) moves into a
new COPYRIGHT file referenced from the README. NOTICE.md and
UPSTREAM_SYNC.md stay as-is.

New files under .github:

- workflows/build.yml: validates every push to main and every PR
  against the current Dalamud staging branch on a Windows runner
- workflows/release.yml: builds Release on every v* tag, locates the
  DalamudPackager latest.zip and attaches it to the matching GitHub
  Release via softprops/action-gh-release
- dependabot.yml: weekly NuGet sweeps and monthly GitHub Actions
  sweeps with conventional-commit prefixes, grouped patch and minor
  PRs to cut review noise
- ISSUE_TEMPLATE/bug_report.yml + feature_request.yml + config.yml:
  structured intake that pushes security reports through the private
  advisory flow and routes upstream-only issues to ChatTwo
- SECURITY.md: documents the vulnerability reporting channels, scope,
  and target disclosure window

The release workflow replaces the previous manual upload step. Tag a
release and the ZIP shows up on the release page automatically.

2026-05-02 22:50:06 +02:00

2 Commits