Vendoo 1.41.2 – Git Ignore Boundary & Module Tracking Hotfix (#18)
* docs: prepare Vendoo 1.41.2 git-ignore boundary hotfix * fix: track native source modules with root-anchored runtime ignores
This commit was merged in pull request #18.
This commit is contained in:
@@ -0,0 +1,116 @@
|
||||
name: Vendoo CI
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main, develop, 'feature/**', 'release/**', 'hotfix/**']
|
||||
pull_request:
|
||||
branches: [main, develop]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
concurrency:
|
||||
group: vendoo-ci-${{ github.ref }}
|
||||
cancel-in-progress: true
|
||||
|
||||
jobs:
|
||||
quality:
|
||||
name: Syntax, Sicherheit und Release-Gates
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 25
|
||||
steps:
|
||||
- name: Repository auschecken
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Node.js 22 aktivieren
|
||||
uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: '22.x'
|
||||
cache: npm
|
||||
|
||||
- name: Abhängigkeiten reproduzierbar installieren
|
||||
run: npm ci
|
||||
|
||||
- name: Git-Sicherheitsgate
|
||||
run: npm run verify:git
|
||||
|
||||
- name: Git-Sicherheitsgate Regressionstest
|
||||
run: npm run verify:git-regression
|
||||
|
||||
- name: Git-Staging-Filter Regressionstest
|
||||
run: npm run verify:git-staging
|
||||
|
||||
- name: Git-Ignore-Grenzen für Quell- und Runtimeordner prüfen
|
||||
run: npm run verify:ignore-boundaries
|
||||
|
||||
- name: Syntaxprüfung
|
||||
run: npm run check
|
||||
|
||||
- name: Produktiven Source-Root und Archivgrenzen prüfen
|
||||
run: npm run verify:source-boundaries
|
||||
|
||||
- name: ESM-Exportverträge prüfen
|
||||
run: npm run verify:esm-exports
|
||||
|
||||
- name: FLUX-Loop-Hotfix prüfen
|
||||
run: npm run verify:flux-loop
|
||||
|
||||
- name: Vollständigen Modul-Capability-Graph prüfen
|
||||
run: npm run verify:capabilities
|
||||
|
||||
- name: Coolify-Deployment und Web-Updates prüfen
|
||||
run: npm run verify:coolify
|
||||
|
||||
- name: Initial deaktivierte Module prüfen
|
||||
run: npm run verify:initial-modules
|
||||
|
||||
- name: Plattformarchitektur und Design Tokens prüfen
|
||||
run: npm run verify:architecture
|
||||
|
||||
- name: Theme Manager, Accessibility und Komponenten-Tokens prüfen
|
||||
run: npm run verify:themes
|
||||
|
||||
- name: Security, Secrets und Observability prüfen
|
||||
run: npm run verify:security
|
||||
|
||||
- name: Auth, Benutzer, Sitzungen und Einstellungen prüfen
|
||||
run: npm run verify:identity
|
||||
|
||||
- name: Artikel, Lager und Medien prüfen
|
||||
run: npm run verify:catalog
|
||||
|
||||
- name: Modulmanager, Pakete und Aktivierungsgrenzen prüfen
|
||||
run: npm run verify:modules
|
||||
|
||||
- name: Deployment-Gate
|
||||
run: npm run verify:deployment
|
||||
|
||||
- name: Persistenten Konfigurationsspeicher prüfen
|
||||
run: npm run verify:config
|
||||
|
||||
- name: Geführte Shell-Installer simulieren
|
||||
run: npm run verify:installer-shell
|
||||
|
||||
- name: Datenbankmigrationen prüfen
|
||||
run: npm run verify:db
|
||||
|
||||
- name: Docker-Compose-Dateien validieren
|
||||
run: |
|
||||
cp .env.example .env
|
||||
python - <<'PY'
|
||||
from pathlib import Path
|
||||
p=Path('.env')
|
||||
s=p.read_text()
|
||||
s=s.replace('VENDOO_SETUP_TOKEN=', 'VENDOO_SETUP_TOKEN=ci-only-not-a-production-secret-1234567890')
|
||||
s=s.replace('VENDOO_DOMAIN=', 'VENDOO_DOMAIN=vendoo.example.invalid')
|
||||
p.write_text(s)
|
||||
PY
|
||||
docker compose -f compose.yaml config -q
|
||||
docker compose -f compose.yaml -f compose.bind-mounts.example.yaml config -q
|
||||
docker compose -f compose.vps.yaml config -q
|
||||
rm -f .env
|
||||
|
||||
- name: Docker-Image testweise bauen
|
||||
run: docker build --pull --tag vendoo:ci .
|
||||
@@ -0,0 +1,155 @@
|
||||
name: Vendoo Release
|
||||
|
||||
on:
|
||||
release:
|
||||
types: [published]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
concurrency:
|
||||
group: vendoo-release-${{ github.event.release.tag_name }}
|
||||
cancel-in-progress: false
|
||||
|
||||
env:
|
||||
REGISTRY: ghcr.io
|
||||
IMAGE_NAME: masterluke77/vendoo
|
||||
|
||||
jobs:
|
||||
release-assets:
|
||||
name: Release-Paket und Prüfsummen
|
||||
permissions:
|
||||
contents: write
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 30
|
||||
steps:
|
||||
- name: Repository auschecken
|
||||
uses: actions/checkout@v6
|
||||
|
||||
- name: Node.js 22 aktivieren
|
||||
uses: actions/setup-node@v4
|
||||
with:
|
||||
node-version: '22.x'
|
||||
cache: npm
|
||||
|
||||
- name: Abhängigkeiten installieren
|
||||
run: npm ci
|
||||
|
||||
- name: Release-Tag gegen Paketversion prüfen
|
||||
env:
|
||||
RELEASE_TAG: ${{ github.event.release.tag_name }}
|
||||
run: |
|
||||
EXPECTED="v$(node -p "require('./package.json').version")"
|
||||
test "$RELEASE_TAG" = "$EXPECTED" || { echo "Release-Tag $RELEASE_TAG passt nicht zu $EXPECTED." >&2; exit 1; }
|
||||
|
||||
- name: Vollständige Prüfung
|
||||
run: |
|
||||
npm run verify:git
|
||||
npm run verify:git-regression
|
||||
npm run verify:git-staging
|
||||
npm run verify:ignore-boundaries
|
||||
npm run check
|
||||
npm run verify:source-boundaries
|
||||
npm run verify:esm-exports
|
||||
npm run verify:flux-loop
|
||||
npm run verify:capabilities
|
||||
npm run verify:coolify
|
||||
npm run verify:initial-modules
|
||||
npm run verify:architecture
|
||||
npm run verify:themes
|
||||
npm run verify:security
|
||||
npm run verify:identity
|
||||
npm run verify:catalog
|
||||
npm run verify:modules
|
||||
npm run verify:deployment
|
||||
npm run verify:config
|
||||
npm run verify:installer-shell
|
||||
npm run verify:db
|
||||
|
||||
- name: Release-Staging erzeugen
|
||||
run: node tools/build-release.mjs
|
||||
|
||||
- name: ZIP und SHA-256 erzeugen
|
||||
id: package
|
||||
shell: bash
|
||||
run: |
|
||||
PACKAGE_NAME="$(cat release-output/RELEASE_NAME.txt)"
|
||||
cd release-output
|
||||
zip -r -9 "${PACKAGE_NAME}.zip" "${PACKAGE_NAME}"
|
||||
sha256sum "${PACKAGE_NAME}.zip" > "${PACKAGE_NAME}.zip.sha256.txt"
|
||||
echo "package_name=${PACKAGE_NAME}" >> "$GITHUB_OUTPUT"
|
||||
|
||||
- name: Assets an GitHub Release anhängen
|
||||
env:
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
TAG: ${{ github.event.release.tag_name }}
|
||||
PACKAGE_NAME: ${{ steps.package.outputs.package_name }}
|
||||
run: |
|
||||
gh release upload "$TAG" \
|
||||
"release-output/${PACKAGE_NAME}.zip" \
|
||||
"release-output/${PACKAGE_NAME}.zip.sha256.txt" \
|
||||
--clobber
|
||||
|
||||
- name: Build-Artefakte sichern
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: ${{ steps.package.outputs.package_name }}
|
||||
path: |
|
||||
release-output/${{ steps.package.outputs.package_name }}.zip
|
||||
release-output/${{ steps.package.outputs.package_name }}.zip.sha256.txt
|
||||
if-no-files-found: error
|
||||
retention-days: 30
|
||||
|
||||
container:
|
||||
name: GHCR-Container veröffentlichen
|
||||
permissions:
|
||||
contents: read
|
||||
packages: write
|
||||
attestations: write
|
||||
id-token: write
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 35
|
||||
steps:
|
||||
- name: Repository auschecken
|
||||
uses: actions/checkout@v6
|
||||
|
||||
- name: Docker Buildx aktivieren
|
||||
uses: docker/setup-buildx-action@v3
|
||||
|
||||
- name: Bei GHCR anmelden
|
||||
uses: docker/login-action@v3
|
||||
with:
|
||||
registry: ${{ env.REGISTRY }}
|
||||
username: ${{ github.actor }}
|
||||
password: ${{ secrets.GITHUB_TOKEN }}
|
||||
|
||||
- name: Container-Metadaten erzeugen
|
||||
id: meta
|
||||
uses: docker/metadata-action@v5
|
||||
with:
|
||||
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
||||
tags: |
|
||||
type=semver,pattern={{version}},value=${{ github.event.release.tag_name }}
|
||||
type=semver,pattern={{major}}.{{minor}},value=${{ github.event.release.tag_name }}
|
||||
type=raw,value=stable,enable=${{ !github.event.release.prerelease }}
|
||||
type=raw,value=latest,enable=${{ !github.event.release.prerelease }}
|
||||
|
||||
- name: Container bauen und veröffentlichen
|
||||
id: push
|
||||
uses: docker/build-push-action@v6
|
||||
with:
|
||||
context: .
|
||||
push: true
|
||||
tags: ${{ steps.meta.outputs.tags }}
|
||||
labels: ${{ steps.meta.outputs.labels }}
|
||||
platforms: linux/amd64,linux/arm64
|
||||
provenance: true
|
||||
sbom: true
|
||||
|
||||
- name: Container-Provenienz attestieren
|
||||
uses: actions/attest@v4
|
||||
with:
|
||||
subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
|
||||
subject-digest: ${{ steps.push.outputs.digest }}
|
||||
push-to-registry: true
|
||||
|
||||
Reference in New Issue
Block a user