joachim/FileRise
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(ci,codeql): lint fixes, release trigger; stamp ?v in HTML/CSS; fix editor cache-busting

Browse Source
This commit is contained in:
Ryan
2025-10-27 05:31:01 -04:00
committed by GitHub
parent 7fe8e858ae
commit 35966964e7
5 changed files with 129 additions and 134 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
.github/codeql/codeql-config.yml vendored
View File

@@ -1,15 +1,12 @@
--- ---
name: "FileRise CodeQL config" name: "FileRise CodeQL config"
# Scan only FileRise code, not vendored/minified/generated assets
paths: paths:
- public/js # frontend JS/ES modules - "public/js"
- src - "api"
paths-ignore: paths-ignore:
- public/vendor/** - "public/vendor/**"
- public/css/vendor/** - "public/css/vendor/**"
- public/fonts/** - "public/fonts/**"
- public/**/*.min.js - "public/**/*.min.js"
- public/**/*.min.css - "public/**/*.min.css"
- public/**/*.map - "public/**/*.map"
- **/node_modules/**

8
.github/workflows/codeql.yml vendored
View File

@@ -3,9 +3,9 @@ name: "CodeQL"
on: on:
push: push:
branches: [ "master", "main" ] branches: ["master", "main"]
pull_request: pull_request:
branches: [ "master", "main" ] branches: ["master", "main"]
schedule: schedule:
- cron: "0 6 * * 1" # Mondays 06:00 UTC - cron: "0 6 * * 1" # Mondays 06:00 UTC
@@ -21,7 +21,7 @@ jobs:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:
language: [ "javascript" ] # add more if needed: "python", "go", etc. language: ["javascript"] # add more if needed: "python", "go", etc.
steps: steps:
- name: Checkout - name: Checkout
@@ -34,7 +34,5 @@ jobs:
config-file: .github/codeql/codeql-config.yml config-file: .github/codeql/codeql-config.yml
queries: +security-extended queries: +security-extended
# - uses: github/codeql-action/autobuild@v3
- name: Perform CodeQL Analysis - name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3 uses: github/codeql-action/analyze@v3

3
.github/workflows/release-on-version.yml vendored
View File

@@ -7,6 +7,9 @@ on:
- master - master
paths: paths:
- public/js/version.js - public/js/version.js
workflow_run:
workflows: "Bump version and sync Changelog to Docker Repo"
types: completed
permissions: permissions:
contents: write contents: write

231
.github/workflows/sync-changelog.yml vendored
View File

@@ -1,118 +1,115 @@
--- ---
name: Bump version and sync Changelog to Docker Repo name: Bump version and sync Changelog to Docker Repo
on: on:
push: push:
paths: paths:
- 'CHANGELOG.md' - "CHANGELOG.md"
permissions: permissions:
contents: write contents: write
jobs: jobs:
bump_and_sync: bump_and_sync:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
- name: Extract version from commit message - name: Extract version from commit message
id: ver id: ver
shell: bash shell: bash
run: | run: |
set -euo pipefail set -euo pipefail
MSG="${{ github.event.head_commit.message }}" MSG="${{ github.event.head_commit.message }}"
if [[ "$MSG" =~ release\((v[0-9]+\.[0-9]+\.[0-9]+)\) ]]; then if [[ "$MSG" =~ release\((v[0-9]+\.[0-9]+\.[0-9]+)\) ]]; then
echo "version=${BASH_REMATCH[1]}" >> "$GITHUB_OUTPUT" echo "version=${BASH_REMATCH[1]}" >> "$GITHUB_OUTPUT"
echo "Found version: ${BASH_REMATCH[1]}" echo "Found version: ${BASH_REMATCH[1]}"
else else
echo "version=" >> "$GITHUB_OUTPUT" echo "version=" >> "$GITHUB_OUTPUT"
echo "No release(vX.Y.Z) tag in commit message; skipping bump." echo "No release(vX.Y.Z) tag in commit message; skipping bump."
fi fi
- name: Update public/js/version.js - name: Update public/js/version.js
if: steps.ver.outputs.version != '' if: steps.ver.outputs.version != ''
shell: bash shell: bash
run: | run: |
set -euo pipefail set -euo pipefail
cat > public/js/version.js <<'EOF' cat > public/js/version.js <<'EOF'
// generated by CI // generated by CI
window.APP_VERSION = '${{ steps.ver.outputs.version }}'; window.APP_VERSION = '${{ steps.ver.outputs.version }}';
EOF EOF
- name: Stamp asset cache-busters (?v=...) and {{APP_VER}} - name: Stamp asset cache-busters (?v=...) in HTML/CSS and {{APP_VER}} everywhere
if: steps.ver.outputs.version != '' if: steps.ver.outputs.version != ''
shell: bash shell: bash
run: | run: |
set -euo pipefail set -euo pipefail
VER="${{ steps.ver.outputs.version }}" # e.g. v1.6.9 VER="${{ steps.ver.outputs.version }}" # e.g. v1.6.9
QVER="${VER#v}" # e.g. 1.6.9 QVER="${VER#v}" # e.g. 1.6.9
echo "Stamping ?v=${QVER} and {{APP_VER}}=${VER}"
echo "Stamping ?v= to ${QVER} and {{APP_VER}} to ${VER}"
# 1) Only stamp ?v= in HTML/CSS (avoid JS concatenation issues)
# List candidate files under public/ mapfile -t html_css < <(git ls-files -- 'public/*.html' 'public/**/*.html' 'public/*.css' 'public/**/*.css')
mapfile -t files < <(git ls-files -- \ for f in "${html_css[@]}"; do
'public/**/*.html' \ sed -E -i "s/(\?v=)[^\"'&<>\s]*/\1${QVER}/g" "$f"
'public/**/*.css' \ sed -E -i "s/\{\{APP_VER\}\}/${VER}/g" "$f"
'public/**/*.js' \ done
)
# 2) For JS, only replace the {{APP_VER}} placeholder (do NOT touch ?v=)
if [ "${#files[@]}" -gt 0 ]; then mapfile -t jsfiles < <(git ls-files -- 'public/*.js' 'public/**/*.js')
for f in "${files[@]}"; do for f in "${jsfiles[@]}"; do
# Replace any existing ?v=VALUE (dev, v1.2.3, 1.2.3, timestamp, etc.) with new numeric version sed -E -i "s/\{\{APP_VER\}\}/${VER}/g" "$f"
sed -E -i "s/(\?v=)[^\"'&<>\s]*/\1${QVER}/g" "$f" done
# Replace {{APP_VER}} placeholders (leave the leading v for display)
sed -E -i "s/\{\{APP_VER\}\}/${VER}/g" "$f" echo "Changed files:"
done git status --porcelain | awk '{print $2}' | sed 's/^/ - /'
else
echo "No HTML/CSS/JS files found under public/ to stamp." - name: Commit version bump + stamped assets
fi if: steps.ver.outputs.version != ''
shell: bash
- name: Commit version bump + stamped assets run: |
if: steps.ver.outputs.version != '' set -euo pipefail
shell: bash git config user.name "github-actions[bot]"
run: | git config user.email "github-actions[bot]@users.noreply.github.com"
set -euo pipefail git add public/js/version.js public
git config user.name "github-actions[bot]" if git diff --cached --quiet; then
git config user.email "github-actions[bot]@users.noreply.github.com" echo "No changes to commit"
git add public/js/version.js public else
if git diff --cached --quiet; then git commit -m "chore(release): set APP_VERSION and stamp assets to ${{ steps.ver.outputs.version }} [skip ci]"
echo "No changes to commit" git push
else fi
git commit -m "chore(release): set APP_VERSION and stamp assets to ${{ steps.ver.outputs.version }} [skip ci]"
git push - name: Checkout filerise-docker
fi if: steps.ver.outputs.version != ''
uses: actions/checkout@v4
- name: Checkout filerise-docker with:
if: steps.ver.outputs.version != '' repository: error311/filerise-docker
uses: actions/checkout@v4 token: ${{ secrets.PAT_TOKEN }}
with: path: docker-repo
repository: error311/filerise-docker
token: ${{ secrets.PAT_TOKEN }} - name: Copy CHANGELOG.md and write VERSION
path: docker-repo if: steps.ver.outputs.version != ''
shell: bash
- name: Copy CHANGELOG.md and write VERSION run: |
if: steps.ver.outputs.version != '' set -euo pipefail
shell: bash cp CHANGELOG.md docker-repo/CHANGELOG.md
run: | echo "${{ steps.ver.outputs.version }}" > docker-repo/VERSION
set -euo pipefail
cp CHANGELOG.md docker-repo/CHANGELOG.md - name: Commit & push to docker repo
echo "${{ steps.ver.outputs.version }}" > docker-repo/VERSION if: steps.ver.outputs.version != ''
working-directory: docker-repo
- name: Commit & push to docker repo shell: bash
if: steps.ver.outputs.version != '' run: |
working-directory: docker-repo set -euo pipefail
shell: bash git config user.name "github-actions[bot]"
run: | git config user.email "github-actions[bot]@users.noreply.github.com"
set -euo pipefail git add CHANGELOG.md VERSION
git config user.name "github-actions[bot]" if git diff --cached --quiet; then
git config user.email "github-actions[bot]@users.noreply.github.com" echo "No changes to commit"
git add CHANGELOG.md VERSION else
if git diff --cached --quiet; then git commit -m "chore: sync CHANGELOG.md and VERSION (${{ steps.ver.outputs.version }}) from FileRise"
echo "No changes to commit" git push origin main
else fi
git commit -m "chore: sync CHANGELOG.md and VERSION (${{ steps.ver.outputs.version }}) from FileRise"
git push origin main
fi

2
public/js/fileEditor.js
View File

@@ -54,7 +54,7 @@ const MODE_LOAD_TIMEOUT_MS = 2500; // allow closing immediately; don't wait fore
function loadScriptOnce(url) { function loadScriptOnce(url) {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
const ver = (window.APP_VERSION ?? 'dev').replace(/^v/, ''); // "v1.6.9" -> "1.6.9" const ver = (window.APP_VERSION ?? 'dev').replace(/^v/, ''); // "v1.6.9" -> "1.6.9"
const withQS = url + '?v=1.6.9' + ver; const withQS = url + '?v=' + ver;
const key = `cm:${withQS}`; const key = `cm:${withQS}`;
let s = document.querySelector(`script[data-key="${key}"]`); let s = document.querySelector(`script[data-key="${key}"]`);