diff --git a/.archive/icon.lib b/.archive/icon.lib index fd686bb..77a875c 100644 --- a/.archive/icon.lib +++ b/.archive/icon.lib @@ -24,7 +24,6 @@ 🌌 πŸŽ‰ πŸ–₯️ -πŸ”‘ πŸ“‚ πŸ“© πŸ”΅ @@ -39,4 +38,9 @@ πŸ“… πŸ’™ 🚫 +πŸ”„ +πŸ” +πŸ“‹ +🎯 +ℹ️ # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh \ No newline at end of file diff --git a/.gitea/workflows/render-md-to-html.yaml b/.gitea/workflows/render-md-to-html.yaml index 7bc174a..097149d 100644 --- a/.gitea/workflows/render-md-to-html.yaml +++ b/.gitea/workflows/render-md-to-html.yaml @@ -55,7 +55,7 @@ jobs: chmod 600 ~/.ssh/config ### https://github.com/actions/checkout/issues/1843 - - name: Using manual clone via SSH to circumvent Gitea SHA-256 object issues. + - name: πŸ› οΈ Using manual clone via SSH to circumvent Gitea SHA-256 object issues. shell: bash env: ### GITHUB_REF_NAME contains the branch name from the push event. @@ -64,13 +64,13 @@ jobs: git clone --branch "${GITHUB_REF_NAME}" ssh://git@git.coresecret.dev:42842/msw/CISS.debian.live.builder.git . git fetch --unshallow || echo "Nothing to fetch - already full clone." - - name: Cleaning the workspace. + - name: πŸ› οΈ Cleaning the workspace. shell: bash run: | git reset --hard git clean -fd - - name: Importing the 'CI PGP DEPLOY ONLY' key. + - name: βš™οΈ Importing the 'CI PGP DEPLOY ONLY' key. shell: bash run: | ### GPG-Home relative to the Runner Workspace to avoid changing global files. @@ -82,7 +82,7 @@ jobs: KEY_ID=$(gpg --list-keys --with-colons | awk -F: '/^pub:/ {print $5}') echo "trust-model always" >| "${GNUPGHOME}/gpg.conf" - - name: Configuring Git for signed CI/DEPLOY commits. + - name: βš™οΈ Configuring Git for signed CI/DEPLOY commits. shell: bash run: | export GNUPGHOME="$(pwd)/.gnupg" @@ -92,13 +92,13 @@ jobs: git config gpg.program gpg git config gpg.format openpgp - - name: Convert APT sources to HTTPS. + - name: βš™οΈ Convert APT sources to HTTPS. shell: bash run: | sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list sed -i 's|http://\(archive\.ubuntu\.com\|security\.ubuntu\.com\)|https://\1|g' /etc/apt/sources.list.d/*.list || true - - name: Install Pandoc & dependencies. + - name: πŸ› οΈInstall Pandoc & Dependencies. shell: bash run: | sudo apt-get update @@ -126,7 +126,7 @@ jobs: # -o .html/"${out}" # done - - name: Extract HTML fragment for Gitea for *.md. + - name: πŸ“₯ Extract HTML fragment for Gitea for *.md. shell: bash run: | find . \( -path "*/.*" -prune \) -o -type f -name "README.md" -print | while read file; do @@ -141,7 +141,7 @@ jobs: -o "${out}" done - - name: Sync with remote before commit to avoid Job Race Conditions. + - name: πŸ”„ Sync with remote before commit using merge strategy. shell: bash env: GIT_SSH_COMMAND: "ssh -p 42842" @@ -149,39 +149,66 @@ jobs: set -euo pipefail export GNUPGHOME="$(pwd)/.gnupg" - echo "πŸ”’ Stashing local changes (if any) ..." - git stash push --include-untracked --message "pre-rebase stash" || true - - echo "πŸ”„ Fetching and rebasing from origin/master ..." + echo "πŸ”„ Fetching origin/master ..." git fetch origin master - git rebase origin/master - echo "🎯 Restoring local changes from stash (if any) ..." - git stash pop || echo "ℹ️ Nothing to pop or merge conflict during stash pop." + echo "πŸ” Merging origin/master into current branch ..." + git merge --no-edit origin/master || echo "βœ”οΈ Already up to date or fast-forward." - echo "πŸ“‹ Current status after rebase : " + echo "πŸ“‹ Post-merge status :" git status git log --oneline -n 5 - - name: Stage generated files. + - name: πŸ“¦ Stage generated files. shell: bash env: GIT_SSH_COMMAND: "ssh -p 42842" run: | - git add '*.html' + set -euo pipefail + git add *.html || echo "ℹ️ Nothing to add." - - name: Commit and Sign changes. + - name: πŸ”‘ Commit and sign changes with CI metadata. shell: bash env: GIT_SSH_COMMAND: "ssh -p 42842" run: | + set -euo pipefail export GNUPGHOME="$(pwd)/.gnupg" - git commit -S -m "DEPLOY BOT: Auto-Generate *.html from *.md [skip ci]" || echo "No Changes, nothing to Sign or to Commit." - - name: Push back to Repository. + if git diff --cached --quiet; then + echo "ℹ️ No staged changes to commit." + else + echo "πŸ“ Committing changes with GPG signature ..." + + ### CI Metadata + TIMESTAMP_UTC="$(date -u +'%Y-%m-%dT%H:%M:%SZ')" + HOSTNAME="$(hostname -f || hostname)" + GIT_SHA="$(git rev-parse --short HEAD)" + GIT_REF="$(git symbolic-ref --short HEAD || echo detached)" + WORKFLOW_ID="${GITHUB_WORKFLOW:-render-md-to-html.yaml}" + CI_HEADER="X-CI-Metadata: ${GIT_REF}@${GIT_SHA} at ${TIMESTAMP_UTC} on ${HOSTNAME}" + + COMMIT_MSG="DEPLOY BOT: Auto-Generate *.html from *.md [skip ci] + + ${CI_HEADER} + + Generated at: ${TIMESTAMP_UTC} + Runner Host : ${HOSTNAME} + Workflow ID : ${WORKFLOW_ID} + Git Commit : ${GIT_SHA} HEAD β†’ ${GIT_REF} + " + + echo "πŸ” Commit message :" + echo "${COMMIT_MSG}" + git commit -S -m "${COMMIT_MSG}" + fi + + - name: πŸ” Push back to repository. shell: bash env: GIT_SSH_COMMAND: "ssh -p 42842" run: | + set -euo pipefail + echo "πŸ“€ Pushing changes to ${GITHUB_REF_NAME} ..." git push origin HEAD:${GITHUB_REF_NAME} # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=yaml