fix: make updater acceptance repair line-safe
This commit is contained in:
@@ -10,7 +10,7 @@ permissions:
|
||||
|
||||
concurrency:
|
||||
group: repair-updater-34-acceptance
|
||||
cancel-in-progress: false
|
||||
cancel-in-progress: true
|
||||
|
||||
jobs:
|
||||
repair:
|
||||
@@ -27,115 +27,79 @@ jobs:
|
||||
with:
|
||||
node-version: '22.x'
|
||||
|
||||
- name: Parserdiagnose und reproduzierbaren Paketvertrag einbauen
|
||||
- name: CI-Vertrag robust aktualisieren
|
||||
shell: python
|
||||
run: |
|
||||
from pathlib import Path
|
||||
|
||||
parser = Path('tools/verify-powershell-parser.ps1')
|
||||
parser.write_text("""[CmdletBinding()]
|
||||
param(
|
||||
[string]$ReportPath = ''
|
||||
)
|
||||
|
||||
Set-StrictMode -Version 2.0
|
||||
$ErrorActionPreference = 'Stop'
|
||||
$root = Split-Path -Parent $PSScriptRoot
|
||||
$excludedParts = @('\\node_modules\\','\\.git\\','\\runtime\\','\\logs\\','\\data\\','\\backups\\')
|
||||
$files = Get-ChildItem -LiteralPath $root -Recurse -File | Where-Object {
|
||||
$_.Extension -in @('.ps1','.psm1','.psd1')
|
||||
} | Where-Object {
|
||||
$full = $_.FullName
|
||||
-not (@($excludedParts | Where-Object { $full.IndexOf($_,[StringComparison]::OrdinalIgnoreCase) -ge 0 }).Count)
|
||||
} | Sort-Object FullName
|
||||
|
||||
$failures = New-Object System.Collections.Generic.List[string]
|
||||
foreach ($file in $files) {
|
||||
$tokens = $null
|
||||
$errors = $null
|
||||
[void][System.Management.Automation.Language.Parser]::ParseFile($file.FullName,[ref]$tokens,[ref]$errors)
|
||||
foreach ($parseError in @($errors)) {
|
||||
$relative = $file.FullName.Substring($root.Length).TrimStart('\\')
|
||||
$failures.Add(("{0}:{1}:{2} {3}" -f $relative,$parseError.Extent.StartLineNumber,$parseError.Extent.StartColumnNumber,$parseError.Message))
|
||||
}
|
||||
}
|
||||
|
||||
if ($failures.Count -gt 0) {
|
||||
$report = "Windows-PowerShell-Parser-Gate fehlgeschlagen ($($failures.Count) Fehler):$([Environment]::NewLine)$(@($failures) -join [Environment]::NewLine)"
|
||||
} else {
|
||||
$report = "OK: Windows PowerShell $($PSVersionTable.PSVersion) hat $($files.Count) PowerShell-Dateien ohne Parserfehler akzeptiert."
|
||||
}
|
||||
|
||||
if (-not [string]::IsNullOrWhiteSpace($ReportPath)) {
|
||||
$parent = Split-Path -Parent $ReportPath
|
||||
if ($parent) { New-Item -ItemType Directory -Path $parent -Force | Out-Null }
|
||||
[IO.File]::WriteAllText($ReportPath,$report,(New-Object Text.UTF8Encoding($false)))
|
||||
}
|
||||
|
||||
if ($failures.Count -gt 0) {
|
||||
[Console]::Error.WriteLine($report)
|
||||
exit 1
|
||||
}
|
||||
Write-Host $report
|
||||
exit 0
|
||||
""".lstrip(), encoding='utf-8', newline='\n')
|
||||
|
||||
ci = Path('.github/workflows/ci.yml')
|
||||
text = ci.read_text(encoding='utf-8')
|
||||
old_parser = """ - name: Alle PowerShell-Dateien mit Windows PowerShell 5.1 parsen
|
||||
shell: powershell
|
||||
run: .\\tools\\verify-powershell-parser.ps1
|
||||
lines = ci.read_text(encoding='utf-8').splitlines()
|
||||
output = []
|
||||
i = 0
|
||||
parser_done = False
|
||||
zip_done = False
|
||||
|
||||
- name: Vollständigen Vendoo-Releasevertrag unter Windows ausführen
|
||||
shell: pwsh
|
||||
run: npm run verify:all""".replace(' ', ' ')
|
||||
new_parser = """ - name: Alle PowerShell-Dateien mit Windows PowerShell 5.1 parsen
|
||||
shell: powershell
|
||||
run: .\\tools\\verify-powershell-parser.ps1 -ReportPath \"$env:RUNNER_TEMP\\powershell-parser-diagnostics.txt\"
|
||||
while i < len(lines):
|
||||
line = lines[i]
|
||||
if line == ' - name: Alle PowerShell-Dateien mit Windows PowerShell 5.1 parsen':
|
||||
if i + 2 >= len(lines) or lines[i + 1].strip() != 'shell: powershell':
|
||||
raise SystemExit('Windows-Parserblock besitzt nicht den erwarteten Vertrag.')
|
||||
output.extend([
|
||||
' - name: Alle PowerShell-Dateien mit Windows PowerShell 5.1 parsen',
|
||||
' shell: powershell',
|
||||
' run: .\\tools\\verify-powershell-parser.ps1 -ReportPath "$env:RUNNER_TEMP\\powershell-parser-diagnostics.txt"',
|
||||
'',
|
||||
' - name: Parserdiagnose bei Fehler sichern',
|
||||
' if: failure()',
|
||||
' uses: actions/upload-artifact@v4',
|
||||
' with:',
|
||||
' name: powershell-parser-diagnostics-${{ github.event.pull_request.head.sha || github.sha }}',
|
||||
' path: ${{ runner.temp }}/powershell-parser-diagnostics.txt',
|
||||
' if-no-files-found: error',
|
||||
' retention-days: 14',
|
||||
])
|
||||
i += 3
|
||||
parser_done = True
|
||||
continue
|
||||
|
||||
- name: Parserdiagnose bei Fehler sichern
|
||||
if: failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: powershell-parser-diagnostics-${{ github.event.pull_request.head.sha || github.sha }}
|
||||
path: ${{ runner.temp }}/powershell-parser-diagnostics.txt
|
||||
if-no-files-found: error
|
||||
retention-days: 14
|
||||
if (
|
||||
line == ' ('
|
||||
and i + 5 < len(lines)
|
||||
and 'zip -qr "${release_name}.zip"' in lines[i + 2]
|
||||
and lines[i + 5] == ' )'
|
||||
):
|
||||
output.extend([
|
||||
' archive="release-output/${release_name}.zip"',
|
||||
' python tools/build-deterministic-zip.py "$package_dir" "$archive"',
|
||||
' first_hash="$(sha256sum "$archive" | awk \'{print $1}\')"',
|
||||
' python tools/build-deterministic-zip.py "$package_dir" "$archive"',
|
||||
' second_hash="$(sha256sum "$archive" | awk \'{print $1}\')"',
|
||||
' if [[ "$first_hash" != "$second_hash" ]]; then',
|
||||
' echo "Der ZIP-Build ist nicht byte-reproduzierbar." >&2',
|
||||
' exit 1',
|
||||
' fi',
|
||||
' python -m zipfile -t "$archive"',
|
||||
' (',
|
||||
' cd release-output',
|
||||
' sha256sum "${release_name}.zip" > "${release_name}.zip.sha256"',
|
||||
' sha256sum --check "${release_name}.zip.sha256"',
|
||||
' )',
|
||||
])
|
||||
i += 6
|
||||
zip_done = True
|
||||
continue
|
||||
|
||||
- name: Vollständigen Vendoo-Releasevertrag unter Windows ausführen
|
||||
shell: pwsh
|
||||
run: npm run verify:all""".replace(' ', ' ')
|
||||
if text.count(old_parser) != 1:
|
||||
raise SystemExit(f'Windows-Parserblock nicht eindeutig gefunden: {text.count(old_parser)}')
|
||||
text = text.replace(old_parser, new_parser)
|
||||
output.append(line)
|
||||
i += 1
|
||||
|
||||
old_zip = """ (
|
||||
cd release-output
|
||||
zip -qr \"${release_name}.zip\" \"${release_name}\"
|
||||
sha256sum \"${release_name}.zip\" > \"${release_name}.zip.sha256\"
|
||||
sha256sum --check \"${release_name}.zip.sha256\"
|
||||
)"""
|
||||
new_zip = """ archive=\"release-output/${release_name}.zip\"
|
||||
python tools/build-deterministic-zip.py \"$package_dir\" \"$archive\"
|
||||
first_hash=\"$(sha256sum \"$archive\" | awk '{print $1}')\"
|
||||
python tools/build-deterministic-zip.py \"$package_dir\" \"$archive\"
|
||||
second_hash=\"$(sha256sum \"$archive\" | awk '{print $1}')\"
|
||||
if [[ \"$first_hash\" != \"$second_hash\" ]]; then
|
||||
echo \"Der ZIP-Build ist nicht byte-reproduzierbar.\" >&2
|
||||
exit 1
|
||||
fi
|
||||
python -m zipfile -t \"$archive\"
|
||||
(
|
||||
cd release-output
|
||||
sha256sum \"${release_name}.zip\" > \"${release_name}.zip.sha256\"
|
||||
sha256sum --check \"${release_name}.zip.sha256\"
|
||||
)"""
|
||||
if text.count(old_zip) != 1:
|
||||
raise SystemExit(f'ZIP-Block nicht eindeutig gefunden: {text.count(old_zip)}')
|
||||
ci.write_text(text.replace(old_zip, new_zip), encoding='utf-8', newline='\n')
|
||||
if not parser_done:
|
||||
raise SystemExit('Windows-Parserblock wurde nicht ersetzt.')
|
||||
if not zip_done:
|
||||
raise SystemExit('Standard-ZIP-Block wurde nicht ersetzt.')
|
||||
ci.write_text('\n'.join(output) + '\n', encoding='utf-8', newline='\n')
|
||||
|
||||
verifier = Path('tools/verify-updater-ci-lifecycle-3.4.mjs')
|
||||
verify_text = verifier.read_text(encoding='utf-8')
|
||||
text = verifier.read_text(encoding='utf-8')
|
||||
anchor = "assert(ci.includes('actions/upload-artifact@v4'), 'Das geprüfte Paket wird nicht als CI-Artefakt bereitgestellt.');"
|
||||
additions = """
|
||||
assert(ci.includes('powershell-parser-diagnostics'), 'Windows-Parserfehler werden nicht als Diagnoseartefakt gesichert.');
|
||||
@@ -145,10 +109,10 @@ jobs:
|
||||
const deterministicZip = read('tools/build-deterministic-zip.py');
|
||||
assert(deterministicZip.includes('FIXED_TIMESTAMP = (1980, 1, 1, 0, 0, 0)'), 'Deterministischer ZIP-Build besitzt keinen fixierten Zeitstempel.');
|
||||
assert(deterministicZip.includes('sorted(source.rglob'), 'Deterministischer ZIP-Build sortiert die Payload nicht.');"""
|
||||
if 'powershell-parser-diagnostics' not in verify_text:
|
||||
if verify_text.count(anchor) != 1:
|
||||
raise SystemExit(f'CI-Gate-Anker nicht eindeutig gefunden: {verify_text.count(anchor)}')
|
||||
verifier.write_text(verify_text.replace(anchor, anchor + additions), encoding='utf-8', newline='\n')
|
||||
if 'powershell-parser-diagnostics' not in text:
|
||||
if text.count(anchor) != 1:
|
||||
raise SystemExit(f'CI-Gate-Anker nicht eindeutig gefunden: {text.count(anchor)}')
|
||||
verifier.write_text(text.replace(anchor, anchor + additions), encoding='utf-8', newline='\n')
|
||||
|
||||
- name: Temporäre Dateien entfernen und Manifest erzeugen
|
||||
shell: bash
|
||||
|
||||
Reference in New Issue
Block a user