msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.03.133.2025.06.02

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-06-02 09:22:24 +02:00
parent 93e672b8e9
commit 19c62fc004
2 changed files with 178 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.gitea/workflows/generate-iso.yaml
View File

@@ -276,6 +276,8 @@ jobs:
export GNUPGHOME="$(pwd)/.gnupg"
git fetch origin master
git rebase origin/master
git status
git log --oneline -n 5
- name: Stage generated files.
shell: bash

176
.gitea/workflows/render-md-to-html.yaml Normal file
View File

@@ -0,0 +1,176 @@
# SPDX-Version: 3.0
# SPDX-CreationInfo: 2025-05-05; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/CISS.debian.live.builder.git
# SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency
# SPDX-FileCopyrightText: 20242025; WEIDNER, Marc S.; <msw@coresecret.dev>
# SPDX-FileType: SOURCE
# SPDX-License-Identifier: EUPL-1.2 OR LicenseRef-CCLA-1.0
# SPDX-LicenseComment: This file is part of the CISS.hardened.installer framework.
# SPDX-PackageName: CISS.debian.live.builder
# SPDX-Security-Contact: security@coresecret.eu
### Version Master V8.03.127.2025.06.02
name: Render README.md to README.html
permissions:
contents: write
on:
push:
branches:
- master
paths:
- "**/*.md"
- '.gitea/linkfix.lua'
jobs:
render-md-to-html:
name: Render README.md to README.html
runs-on: ubuntu-latest
steps:
- name: Preparing SSH Setup, SSH Deploy Key, Known Hosts, .config.
shell: bash
run: |
rm -rf ~/.ssh && mkdir -m700 ~/.ssh
### Private Key
echo "${{ secrets.SSH_MSW_DEPLOY_CORESECRET_DEV }}" >| ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
### Scan git.coresecret.dev to fill ~/.ssh/known_hosts
ssh-keyscan -p 42842 git.coresecret.dev >| ~/.ssh/known_hosts
chmod 600 ~/.ssh/known_hosts
### Generate SSH Config for git.coresecret.dev Custom-Port
cat <<EOF >| ~/.ssh/config
Host git.coresecret.dev
HostName git.coresecret.dev
Port 42842
IdentityFile ~/.ssh/id_ed25519
StrictHostKeyChecking yes
UserKnownHostsFile ~/.ssh/known_hosts
EOF
chmod 600 ~/.ssh/config
### https://github.com/actions/checkout/issues/1843
- name: Using manual clone via SSH to circumvent Gitea SHA-256 object issues.
shell: bash
env:
### GITHUB_REF_NAME contains the branch name from the push event.
GITHUB_REF_NAME: ${{ github.ref_name }}
run: |
git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/CISS.debian.live.builder.git .
git fetch --unshallow || echo "Nothing to fetch - already full clone."
- name: Cleaning the workspace.
shell: bash
run: |
git reset --hard
git clean -fd
- name: Importing the 'CI PGP DEPLOY ONLY' key.
shell: bash
run: |
### GPG-Home relative to the Runner Workspace to avoid changing global files.
export GNUPGHOME="$(pwd)/.gnupg"
mkdir -m 700 "${GNUPGHOME}"
echo "${{ secrets.PGP_MSW_DEPLOY_CORESECRET_DEV }}" >| ci-bot.sec.asc
gpg --batch --import ci-bot.sec.asc
### Trust the key automatically
KEY_ID=$(gpg --list-keys --with-colons | awk -F: '/^pub:/ {print $5}')
echo "trust-model always" >| "${GNUPGHOME}/gpg.conf"
- name: Configuring Git for signed CI/DEPLOY commits.
shell: bash
run: |
export GNUPGHOME="$(pwd)/.gnupg"
git config user.name "Marc S. Weidner BOT"
git config user.email "msw+bot@coresecret.dev"
git config commit.gpgsign true
git config gpg.program gpg
git config gpg.format openpgp
- name: Convert APT sources to HTTPS.
shell: bash
run: |
sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list
sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list.d/*.list || true
- name: Install Pandoc & dependencies.
shell: bash
run: |
sudo apt-get update
sudo apt-get install -y pandoc
- name: Ensure .html/ directory exists.
shell: bash
run:
mkdir -p .html
- name: Render *.md to full standalone HTML.
shell: bash
run: |
find . \( -path "*/.*" -prune \) -o -type f -name "*.md" -print | while read file; do
out=$(basename "${file%.md}.html")
pandoc -s "${file}" \
--metadata title="${file}" \
--metadata lang=en \
-f gfm+footnotes \
-t html5 \
--no-highlight \
--strip-comments \
--wrap=none \
--lua-filter=.gitea/linkfix.lua \
-o .html/"${out}"
done
- name: Extract HTML fragment for Gitea for *.md.
shell: bash
run: |
find . \( -path "*/.*" -prune \) -o -type f -name "*.md" -print | while read file; do
out="${file%.md}.html"
pandoc "${file}" \
-f gfm+footnotes \
-t html5 \
--no-highlight \
--strip-comments \
--wrap=none \
--lua-filter=.gitea/linkfix.lua \
-o "${out}"
done
- name: Sync with remote before commit to avoid Job Race Conditions.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
export GNUPGHOME="$(pwd)/.gnupg"
git fetch origin master
git rebase origin/master
git status
git log --oneline -n 5
- name: Stage generated files.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
git add '*.html'
- name: Commit and Sign changes.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
export GNUPGHOME="$(pwd)/.gnupg"
git commit -S -m "DEPLOY BOT: Auto-Generate *.html from *.md [skip ci]" || echo "No Changes, nothing to Sign or to Commit."
- name: Push back to Repository.
shell: bash
env:
GIT_SSH_COMMAND: "ssh -p 42842"
run: |
git push origin HEAD:${GITHUB_REF_NAME}
# vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml