diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml index f3d462e..d42d730 100644 --- a/.github/codeql/codeql-config.yml +++ b/.github/codeql/codeql-config.yml @@ -1,15 +1,12 @@ --- name: "FileRise CodeQL config" - -# Scan only FileRise code, not vendored/minified/generated assets paths: - - public/js # frontend JS/ES modules - - src + - "public/js" + - "api" paths-ignore: - - public/vendor/** - - public/css/vendor/** - - public/fonts/** - - public/**/*.min.js - - public/**/*.min.css - - public/**/*.map - - **/node_modules/** + - "public/vendor/**" + - "public/css/vendor/**" + - "public/fonts/**" + - "public/**/*.min.js" + - "public/**/*.min.css" + - "public/**/*.map" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index d4559c3..298af68 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -3,9 +3,9 @@ name: "CodeQL" on: push: - branches: [ "master", "main" ] + branches: ["master", "main"] pull_request: - branches: [ "master", "main" ] + branches: ["master", "main"] schedule: - cron: "0 6 * * 1" # Mondays 06:00 UTC @@ -21,7 +21,7 @@ jobs: strategy: fail-fast: false matrix: - language: [ "javascript" ] # add more if needed: "python", "go", etc. + language: ["javascript"] # add more if needed: "python", "go", etc. steps: - name: Checkout @@ -34,7 +34,5 @@ jobs: config-file: .github/codeql/codeql-config.yml queries: +security-extended - # - uses: github/codeql-action/autobuild@v3 - - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/release-on-version.yml b/.github/workflows/release-on-version.yml index a8c66b8..5450ccd 100644 --- a/.github/workflows/release-on-version.yml +++ b/.github/workflows/release-on-version.yml @@ -7,6 +7,9 @@ on: - master paths: - public/js/version.js + workflow_run: + workflows: "Bump version and sync Changelog to Docker Repo" + types: completed permissions: contents: write diff --git a/.github/workflows/sync-changelog.yml b/.github/workflows/sync-changelog.yml index 1866037..ece7a26 100644 --- a/.github/workflows/sync-changelog.yml +++ b/.github/workflows/sync-changelog.yml @@ -1,118 +1,115 @@ --- - name: Bump version and sync Changelog to Docker Repo - - on: - push: - paths: - - 'CHANGELOG.md' - - permissions: - contents: write - - jobs: - bump_and_sync: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Extract version from commit message - id: ver - shell: bash - run: | - set -euo pipefail - MSG="${{ github.event.head_commit.message }}" - if [[ "$MSG" =~ release\((v[0-9]+\.[0-9]+\.[0-9]+)\) ]]; then - echo "version=${BASH_REMATCH[1]}" >> "$GITHUB_OUTPUT" - echo "Found version: ${BASH_REMATCH[1]}" - else - echo "version=" >> "$GITHUB_OUTPUT" - echo "No release(vX.Y.Z) tag in commit message; skipping bump." - fi - - - name: Update public/js/version.js - if: steps.ver.outputs.version != '' - shell: bash - run: | - set -euo pipefail - cat > public/js/version.js <<'EOF' - // generated by CI - window.APP_VERSION = '${{ steps.ver.outputs.version }}'; - EOF - - - name: Stamp asset cache-busters (?v=...) and {{APP_VER}} - if: steps.ver.outputs.version != '' - shell: bash - run: | - set -euo pipefail - VER="${{ steps.ver.outputs.version }}" # e.g. v1.6.9 - QVER="${VER#v}" # e.g. 1.6.9 - - echo "Stamping ?v= to ${QVER} and {{APP_VER}} to ${VER}" - - # List candidate files under public/ - mapfile -t files < <(git ls-files -- \ - 'public/**/*.html' \ - 'public/**/*.css' \ - 'public/**/*.js' \ - ) - - if [ "${#files[@]}" -gt 0 ]; then - for f in "${files[@]}"; do - # Replace any existing ?v=VALUE (dev, v1.2.3, 1.2.3, timestamp, etc.) with new numeric version - sed -E -i "s/(\?v=)[^\"'&<>\s]*/\1${QVER}/g" "$f" - # Replace {{APP_VER}} placeholders (leave the leading v for display) - sed -E -i "s/\{\{APP_VER\}\}/${VER}/g" "$f" - done - else - echo "No HTML/CSS/JS files found under public/ to stamp." - fi - - - name: Commit version bump + stamped assets - if: steps.ver.outputs.version != '' - shell: bash - run: | - set -euo pipefail - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - git add public/js/version.js public - if git diff --cached --quiet; then - echo "No changes to commit" - else - git commit -m "chore(release): set APP_VERSION and stamp assets to ${{ steps.ver.outputs.version }} [skip ci]" - git push - fi - - - name: Checkout filerise-docker - if: steps.ver.outputs.version != '' - uses: actions/checkout@v4 - with: - repository: error311/filerise-docker - token: ${{ secrets.PAT_TOKEN }} - path: docker-repo - - - name: Copy CHANGELOG.md and write VERSION - if: steps.ver.outputs.version != '' - shell: bash - run: | - set -euo pipefail - cp CHANGELOG.md docker-repo/CHANGELOG.md - echo "${{ steps.ver.outputs.version }}" > docker-repo/VERSION - - - name: Commit & push to docker repo - if: steps.ver.outputs.version != '' - working-directory: docker-repo - shell: bash - run: | - set -euo pipefail - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - git add CHANGELOG.md VERSION - if git diff --cached --quiet; then - echo "No changes to commit" - else - git commit -m "chore: sync CHANGELOG.md and VERSION (${{ steps.ver.outputs.version }}) from FileRise" - git push origin main - fi +name: Bump version and sync Changelog to Docker Repo + +on: + push: + paths: + - "CHANGELOG.md" + +permissions: + contents: write + +jobs: + bump_and_sync: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Extract version from commit message + id: ver + shell: bash + run: | + set -euo pipefail + MSG="${{ github.event.head_commit.message }}" + if [[ "$MSG" =~ release\((v[0-9]+\.[0-9]+\.[0-9]+)\) ]]; then + echo "version=${BASH_REMATCH[1]}" >> "$GITHUB_OUTPUT" + echo "Found version: ${BASH_REMATCH[1]}" + else + echo "version=" >> "$GITHUB_OUTPUT" + echo "No release(vX.Y.Z) tag in commit message; skipping bump." + fi + + - name: Update public/js/version.js + if: steps.ver.outputs.version != '' + shell: bash + run: | + set -euo pipefail + cat > public/js/version.js <<'EOF' + // generated by CI + window.APP_VERSION = '${{ steps.ver.outputs.version }}'; + EOF + + - name: Stamp asset cache-busters (?v=...) in HTML/CSS and {{APP_VER}} everywhere + if: steps.ver.outputs.version != '' + shell: bash + run: | + set -euo pipefail + VER="${{ steps.ver.outputs.version }}" # e.g. v1.6.9 + QVER="${VER#v}" # e.g. 1.6.9 + echo "Stamping ?v=${QVER} and {{APP_VER}}=${VER}" + + # 1) Only stamp ?v= in HTML/CSS (avoid JS concatenation issues) + mapfile -t html_css < <(git ls-files -- 'public/*.html' 'public/**/*.html' 'public/*.css' 'public/**/*.css') + for f in "${html_css[@]}"; do + sed -E -i "s/(\?v=)[^\"'&<>\s]*/\1${QVER}/g" "$f" + sed -E -i "s/\{\{APP_VER\}\}/${VER}/g" "$f" + done + + # 2) For JS, only replace the {{APP_VER}} placeholder (do NOT touch ?v=) + mapfile -t jsfiles < <(git ls-files -- 'public/*.js' 'public/**/*.js') + for f in "${jsfiles[@]}"; do + sed -E -i "s/\{\{APP_VER\}\}/${VER}/g" "$f" + done + + echo "Changed files:" + git status --porcelain | awk '{print $2}' | sed 's/^/ - /' + + - name: Commit version bump + stamped assets + if: steps.ver.outputs.version != '' + shell: bash + run: | + set -euo pipefail + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add public/js/version.js public + if git diff --cached --quiet; then + echo "No changes to commit" + else + git commit -m "chore(release): set APP_VERSION and stamp assets to ${{ steps.ver.outputs.version }} [skip ci]" + git push + fi + + - name: Checkout filerise-docker + if: steps.ver.outputs.version != '' + uses: actions/checkout@v4 + with: + repository: error311/filerise-docker + token: ${{ secrets.PAT_TOKEN }} + path: docker-repo + + - name: Copy CHANGELOG.md and write VERSION + if: steps.ver.outputs.version != '' + shell: bash + run: | + set -euo pipefail + cp CHANGELOG.md docker-repo/CHANGELOG.md + echo "${{ steps.ver.outputs.version }}" > docker-repo/VERSION + + - name: Commit & push to docker repo + if: steps.ver.outputs.version != '' + working-directory: docker-repo + shell: bash + run: | + set -euo pipefail + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add CHANGELOG.md VERSION + if git diff --cached --quiet; then + echo "No changes to commit" + else + git commit -m "chore: sync CHANGELOG.md and VERSION (${{ steps.ver.outputs.version }}) from FileRise" + git push origin main + fi diff --git a/public/js/fileEditor.js b/public/js/fileEditor.js index beb6c7b..b3025c7 100644 --- a/public/js/fileEditor.js +++ b/public/js/fileEditor.js @@ -54,7 +54,7 @@ const MODE_LOAD_TIMEOUT_MS = 2500; // allow closing immediately; don't wait fore function loadScriptOnce(url) { return new Promise((resolve, reject) => { const ver = (window.APP_VERSION ?? 'dev').replace(/^v/, ''); // "v1.6.9" -> "1.6.9" - const withQS = url + '?v=1.6.9' + ver; + const withQS = url + '?v=' + ver; const key = `cm:${withQS}`; let s = document.querySelector(`script[data-key="${key}"]`);