fix: make updater acceptance repair line-safe

This commit is contained in:
Masterluke77
2026-07-10 15:13:54 +02:00
parent d1f16a4c5c
commit 737d792860
+67 -103
View File
@@ -10,7 +10,7 @@ permissions:
concurrency:
group: repair-updater-34-acceptance
cancel-in-progress: false
cancel-in-progress: true
jobs:
repair:
@@ -27,115 +27,79 @@ jobs:
with:
node-version: '22.x'
- name: Parserdiagnose und reproduzierbaren Paketvertrag einbauen
- name: CI-Vertrag robust aktualisieren
shell: python
run: |
from pathlib import Path
parser = Path('tools/verify-powershell-parser.ps1')
parser.write_text("""[CmdletBinding()]
param(
[string]$ReportPath = ''
)
Set-StrictMode -Version 2.0
$ErrorActionPreference = 'Stop'
$root = Split-Path -Parent $PSScriptRoot
$excludedParts = @('\\node_modules\\','\\.git\\','\\runtime\\','\\logs\\','\\data\\','\\backups\\')
$files = Get-ChildItem -LiteralPath $root -Recurse -File | Where-Object {
$_.Extension -in @('.ps1','.psm1','.psd1')
} | Where-Object {
$full = $_.FullName
-not (@($excludedParts | Where-Object { $full.IndexOf($_,[StringComparison]::OrdinalIgnoreCase) -ge 0 }).Count)
} | Sort-Object FullName
$failures = New-Object System.Collections.Generic.List[string]
foreach ($file in $files) {
$tokens = $null
$errors = $null
[void][System.Management.Automation.Language.Parser]::ParseFile($file.FullName,[ref]$tokens,[ref]$errors)
foreach ($parseError in @($errors)) {
$relative = $file.FullName.Substring($root.Length).TrimStart('\\')
$failures.Add(("{0}:{1}:{2} {3}" -f $relative,$parseError.Extent.StartLineNumber,$parseError.Extent.StartColumnNumber,$parseError.Message))
}
}
if ($failures.Count -gt 0) {
$report = "Windows-PowerShell-Parser-Gate fehlgeschlagen ($($failures.Count) Fehler):$([Environment]::NewLine)$(@($failures) -join [Environment]::NewLine)"
} else {
$report = "OK: Windows PowerShell $($PSVersionTable.PSVersion) hat $($files.Count) PowerShell-Dateien ohne Parserfehler akzeptiert."
}
if (-not [string]::IsNullOrWhiteSpace($ReportPath)) {
$parent = Split-Path -Parent $ReportPath
if ($parent) { New-Item -ItemType Directory -Path $parent -Force | Out-Null }
[IO.File]::WriteAllText($ReportPath,$report,(New-Object Text.UTF8Encoding($false)))
}
if ($failures.Count -gt 0) {
[Console]::Error.WriteLine($report)
exit 1
}
Write-Host $report
exit 0
""".lstrip(), encoding='utf-8', newline='\n')
ci = Path('.github/workflows/ci.yml')
text = ci.read_text(encoding='utf-8')
old_parser = """ - name: Alle PowerShell-Dateien mit Windows PowerShell 5.1 parsen
shell: powershell
run: .\\tools\\verify-powershell-parser.ps1
lines = ci.read_text(encoding='utf-8').splitlines()
output = []
i = 0
parser_done = False
zip_done = False
- name: Vollständigen Vendoo-Releasevertrag unter Windows ausführen
shell: pwsh
run: npm run verify:all""".replace(' ', ' ')
new_parser = """ - name: Alle PowerShell-Dateien mit Windows PowerShell 5.1 parsen
shell: powershell
run: .\\tools\\verify-powershell-parser.ps1 -ReportPath \"$env:RUNNER_TEMP\\powershell-parser-diagnostics.txt\"
while i < len(lines):
line = lines[i]
if line == ' - name: Alle PowerShell-Dateien mit Windows PowerShell 5.1 parsen':
if i + 2 >= len(lines) or lines[i + 1].strip() != 'shell: powershell':
raise SystemExit('Windows-Parserblock besitzt nicht den erwarteten Vertrag.')
output.extend([
' - name: Alle PowerShell-Dateien mit Windows PowerShell 5.1 parsen',
' shell: powershell',
' run: .\\tools\\verify-powershell-parser.ps1 -ReportPath "$env:RUNNER_TEMP\\powershell-parser-diagnostics.txt"',
'',
' - name: Parserdiagnose bei Fehler sichern',
' if: failure()',
' uses: actions/upload-artifact@v4',
' with:',
' name: powershell-parser-diagnostics-${{ github.event.pull_request.head.sha || github.sha }}',
' path: ${{ runner.temp }}/powershell-parser-diagnostics.txt',
' if-no-files-found: error',
' retention-days: 14',
])
i += 3
parser_done = True
continue
- name: Parserdiagnose bei Fehler sichern
if: failure()
uses: actions/upload-artifact@v4
with:
name: powershell-parser-diagnostics-${{ github.event.pull_request.head.sha || github.sha }}
path: ${{ runner.temp }}/powershell-parser-diagnostics.txt
if-no-files-found: error
retention-days: 14
if (
line == ' ('
and i + 5 < len(lines)
and 'zip -qr "${release_name}.zip"' in lines[i + 2]
and lines[i + 5] == ' )'
):
output.extend([
' archive="release-output/${release_name}.zip"',
' python tools/build-deterministic-zip.py "$package_dir" "$archive"',
' first_hash="$(sha256sum "$archive" | awk \'{print $1}\')"',
' python tools/build-deterministic-zip.py "$package_dir" "$archive"',
' second_hash="$(sha256sum "$archive" | awk \'{print $1}\')"',
' if [[ "$first_hash" != "$second_hash" ]]; then',
' echo "Der ZIP-Build ist nicht byte-reproduzierbar." >&2',
' exit 1',
' fi',
' python -m zipfile -t "$archive"',
' (',
' cd release-output',
' sha256sum "${release_name}.zip" > "${release_name}.zip.sha256"',
' sha256sum --check "${release_name}.zip.sha256"',
' )',
])
i += 6
zip_done = True
continue
- name: Vollständigen Vendoo-Releasevertrag unter Windows ausführen
shell: pwsh
run: npm run verify:all""".replace(' ', ' ')
if text.count(old_parser) != 1:
raise SystemExit(f'Windows-Parserblock nicht eindeutig gefunden: {text.count(old_parser)}')
text = text.replace(old_parser, new_parser)
output.append(line)
i += 1
old_zip = """ (
cd release-output
zip -qr \"${release_name}.zip\" \"${release_name}\"
sha256sum \"${release_name}.zip\" > \"${release_name}.zip.sha256\"
sha256sum --check \"${release_name}.zip.sha256\"
)"""
new_zip = """ archive=\"release-output/${release_name}.zip\"
python tools/build-deterministic-zip.py \"$package_dir\" \"$archive\"
first_hash=\"$(sha256sum \"$archive\" | awk '{print $1}')\"
python tools/build-deterministic-zip.py \"$package_dir\" \"$archive\"
second_hash=\"$(sha256sum \"$archive\" | awk '{print $1}')\"
if [[ \"$first_hash\" != \"$second_hash\" ]]; then
echo \"Der ZIP-Build ist nicht byte-reproduzierbar.\" >&2
exit 1
fi
python -m zipfile -t \"$archive\"
(
cd release-output
sha256sum \"${release_name}.zip\" > \"${release_name}.zip.sha256\"
sha256sum --check \"${release_name}.zip.sha256\"
)"""
if text.count(old_zip) != 1:
raise SystemExit(f'ZIP-Block nicht eindeutig gefunden: {text.count(old_zip)}')
ci.write_text(text.replace(old_zip, new_zip), encoding='utf-8', newline='\n')
if not parser_done:
raise SystemExit('Windows-Parserblock wurde nicht ersetzt.')
if not zip_done:
raise SystemExit('Standard-ZIP-Block wurde nicht ersetzt.')
ci.write_text('\n'.join(output) + '\n', encoding='utf-8', newline='\n')
verifier = Path('tools/verify-updater-ci-lifecycle-3.4.mjs')
verify_text = verifier.read_text(encoding='utf-8')
text = verifier.read_text(encoding='utf-8')
anchor = "assert(ci.includes('actions/upload-artifact@v4'), 'Das geprüfte Paket wird nicht als CI-Artefakt bereitgestellt.');"
additions = """
assert(ci.includes('powershell-parser-diagnostics'), 'Windows-Parserfehler werden nicht als Diagnoseartefakt gesichert.');
@@ -145,10 +109,10 @@ jobs:
const deterministicZip = read('tools/build-deterministic-zip.py');
assert(deterministicZip.includes('FIXED_TIMESTAMP = (1980, 1, 1, 0, 0, 0)'), 'Deterministischer ZIP-Build besitzt keinen fixierten Zeitstempel.');
assert(deterministicZip.includes('sorted(source.rglob'), 'Deterministischer ZIP-Build sortiert die Payload nicht.');"""
if 'powershell-parser-diagnostics' not in verify_text:
if verify_text.count(anchor) != 1:
raise SystemExit(f'CI-Gate-Anker nicht eindeutig gefunden: {verify_text.count(anchor)}')
verifier.write_text(verify_text.replace(anchor, anchor + additions), encoding='utf-8', newline='\n')
if 'powershell-parser-diagnostics' not in text:
if text.count(anchor) != 1:
raise SystemExit(f'CI-Gate-Anker nicht eindeutig gefunden: {text.count(anchor)}')
verifier.write_text(text.replace(anchor, anchor + additions), encoding='utf-8', newline='\n')
- name: Temporäre Dateien entfernen und Manifest erzeugen
shell: bash