diff --git a/.codex/project.md b/.codex/project.md index cb334a541..649719bfc 100644 --- a/.codex/project.md +++ b/.codex/project.md @@ -33,9 +33,20 @@ cargo clippy --package theseus Full app packaging may require platform-specific Tauri dependencies. +## Build Artifacts + +Windows installer packages are built by the Gitea runner and published to the generic package registry: + +```text +https://git.wilkensxl.de/api/packages/MrSphay/generic/modrinth-plus/latest/Modrinth-Plus-Windows-Setup.exe +``` + +The workflow also uploads a run artifact for debugging, but workflow-run artifacts are not Package Registry packages. + ## Kit Application Notes - `AGENTS.md` intentionally preserves the upstream `CLAUDE.md` handoff while adding Modrinth Plus and Gitea workflow-loop rules. - README blueprint generation is not enabled because the upstream Modrinth README should remain authoritative. - Release dry-run automation is deferred until desktop packaging commands and artifact names are finalized. - Template compliance is enabled on push to keep Codex context files present and placeholder-free. +- Codex kit metadata should stay in source control for agent work but should not be shipped inside user-facing installers or downloadable package artifacts. diff --git a/.gitea/workflows/build.yml b/.gitea/workflows/build.yml index b4ae1fdb2..9385572c7 100644 --- a/.gitea/workflows/build.yml +++ b/.gitea/workflows/build.yml @@ -79,27 +79,34 @@ jobs: app_version="$(node -p "require('./apps/app-frontend/package.json').version")" package_version="${app_version}-${GITHUB_SHA::7}" package_name="modrinth-plus" - latest_url="https://git.wilkensxl.de/api/packages/MrSphay/generic/${package_name}/latest" + repository_owner="${GITHUB_REPOSITORY%%/*}" + if [ -z "${repository_owner}" ] || [ "${repository_owner}" = "${GITHUB_REPOSITORY}" ]; then + repository_owner="MrSphay" + fi + gitea_server="${GITHUB_SERVER_URL:-https://git.wilkensxl.de}" + gitea_server="${gitea_server%/}" + package_dir="package-registry" + latest_url="${gitea_server}/api/packages/${repository_owner}/generic/${package_name}/latest" - shopt -s nullglob - artifacts=(target/x86_64-pc-windows-msvc/release/bundle/nsis/*.exe) + mapfile -d '' artifacts < <(find target/x86_64-pc-windows-msvc/release/bundle/nsis -maxdepth 1 -type f -name '*.exe' -print0) if [ "${#artifacts[@]}" -eq 0 ]; then echo "No Windows installer found to publish" exit 1 fi - mkdir -p package-latest - cp "${artifacts[0]}" "package-latest/Modrinth-Plus-Windows-Setup-${package_version}.exe" + rm -rf "${package_dir}" + mkdir -p "${package_dir}/versioned" "${package_dir}/latest" + cp "${artifacts[0]}" "${package_dir}/versioned/Modrinth-Plus-Windows-Setup-${package_version}.exe" curl --fail-with-body \ - --user "MrSphay:${REGISTRY_TOKEN}" \ - --upload-file "package-latest/Modrinth-Plus-Windows-Setup-${package_version}.exe" \ - "https://git.wilkensxl.de/api/packages/MrSphay/generic/${package_name}/${package_version}/Modrinth-Plus-Windows-Setup-${package_version}.exe" + --user "${repository_owner}:${REGISTRY_TOKEN}" \ + --upload-file "${package_dir}/versioned/Modrinth-Plus-Windows-Setup-${package_version}.exe" \ + "${gitea_server}/api/packages/${repository_owner}/generic/${package_name}/${package_version}/Modrinth-Plus-Windows-Setup-${package_version}.exe" - curl --silent --show-error --user "MrSphay:${REGISTRY_TOKEN}" --request DELETE "${latest_url}" || true - cp "${artifacts[0]}" "package-latest/Modrinth-Plus-Windows-Setup.exe" + curl --silent --show-error --user "${repository_owner}:${REGISTRY_TOKEN}" --request DELETE "${latest_url}" || true + cp "${artifacts[0]}" "${package_dir}/latest/Modrinth-Plus-Windows-Setup.exe" curl --fail-with-body \ - --user "MrSphay:${REGISTRY_TOKEN}" \ - --upload-file "package-latest/Modrinth-Plus-Windows-Setup.exe" \ + --user "${repository_owner}:${REGISTRY_TOKEN}" \ + --upload-file "${package_dir}/latest/Modrinth-Plus-Windows-Setup.exe" \ "${latest_url}/Modrinth-Plus-Windows-Setup.exe" diff --git a/.gitea/workflows/template-compliance.yml b/.gitea/workflows/template-compliance.yml index 931137f8c..157a6d668 100644 --- a/.gitea/workflows/template-compliance.yml +++ b/.gitea/workflows/template-compliance.yml @@ -21,6 +21,7 @@ jobs: missing=0 required_files=( + "AGENTS.md" ".codex/project.md" "README.md" ) @@ -31,11 +32,6 @@ jobs: "docs/agent-handoff.md" ) - if [ ! -f "AGENTS.md" ] && [ ! -f "CLAUDE.md" ]; then - echo "Missing required Codex agent file: AGENTS.md or CLAUDE.md" - missing=1 - fi - for file in "${required_files[@]}"; do if [ ! -f "$file" ]; then echo "Missing required Codex file: $file" @@ -57,12 +53,12 @@ jobs: shell: bash run: | found=0 - paths=(AGENTS.md README.md SECURITY.md CHANGELOG.md .codex docs blueprint.md blueprint.json) - pattern='PROJECT_NAME|PROJECT_DESCRIPTION|REPOSITORY_OWNER|REPOSITORY_NAME|PACKAGE_NAME|ARTIFACT_NAME|ARTIFACT_OUTPUT_DIRECTORY|AUTHOR_NAME|PROJECT_STACK|DOWNLOAD_URL|BUILD_COMMAND|TEST_COMMAND|LINT_COMMAND|AUDIT_COMMAND|README_COMMAND|INSTALL_COMMAND|DEV_COMMAND|PACKAGE_MANAGER|PROJECT_VERSION' + paths=(AGENTS.md README.md SECURITY.md CHANGELOG.md .codex docs .gitea blueprint.md blueprint.json) + pattern='PROJECT_NAME|PROJECT_DESCRIPTION|REPOSITORY_OWNER|REPOSITORY_NAME|PACKAGE_NAME|ARTIFACT_NAME|ARTIFACT_OUTPUT_DIRECTORY|AUTHOR_NAME|PROJECT_STACK|DOWNLOAD_URL|CI_URL|RELEASES_URL|BUILD_COMMAND|TEST_COMMAND|LINT_COMMAND|AUDIT_COMMAND|README_COMMAND|INSTALL_COMMAND|DEV_COMMAND|PACKAGE_MANAGER|PROJECT_VERSION|COMMIT_OR_VERSION' for path in "${paths[@]}"; do [ -e "$path" ] || continue - if grep -RInE --exclude-dir=.git "$pattern" "$path"; then + if grep -RInE --exclude-dir=.git --exclude=template-compliance.yml "$pattern" "$path"; then found=1 fi done @@ -72,12 +68,30 @@ jobs: exit 1 fi + - name: Check README divider convention + shell: bash + run: | + if [ -f blueprint.md ] || [ -f blueprint.json ]; then + if ! grep -q 'template:section-line' blueprint.md 2>/dev/null; then + echo "README blueprint exists but does not use {{ template:section-line }}." + exit 1 + fi + fi + - name: Check workflow baseline shell: bash run: | echo "Detected Gitea workflows:" find .gitea/workflows -maxdepth 1 -type f -name '*.yml' -print 2>/dev/null || true + if [ ! -f ".gitea/workflows/security-scan.yml" ]; then + echo "Recommended workflow missing: .gitea/workflows/security-scan.yml" + fi + + if [ ! -f ".gitea/workflows/repo-cleanup.yml" ]; then + echo "Recommended workflow missing: .gitea/workflows/repo-cleanup.yml" + fi + - name: Compliance guidance shell: bash run: | @@ -86,4 +100,10 @@ jobs: This workflow verifies agent context and template hygiene. It does not change files automatically. + + Recommended manual follow-up: + - add missing required Codex context files, + - replace unresolved placeholders, + - keep README blueprint and README output aligned, + - document intentional exceptions in .codex/project.md. EOF diff --git a/AGENTS.md b/AGENTS.md index b658f9394..2edd7c7a1 120000 --- a/AGENTS.md +++ b/AGENTS.md @@ -7,9 +7,13 @@ This fork adds Modrinth Plus work on top of those rules. - Preserve upstream Modrinth structure and style unless a Modrinth Plus feature requires a focused change. - Keep desktop app work in the existing app boundaries: `apps/app-frontend`, `apps/app`, and `packages/app-lib`. +- Conserve context tokens: search with `rg` or targeted file lists first, read only files needed for the task, summarize large outputs, and avoid generated folders, dependency folders, build outputs, or full logs unless directly relevant. - Do not commit secrets, `.env` files with private values, private keys, certificates, or tokens. -- If `GITEA_TOKEN` is available locally, use it only for read-only Gitea API checks such as private repository metadata and Actions run status. Never print, commit, or store the token. +- At the start of every user-requested task, briefly check for upstream repository updates and apply a safe fast-forward pull when the working tree is clean. If local changes exist, do not overwrite them. +- If `GITEA_TOKEN` is available locally, use it only for read-only Gitea API checks such as private repository metadata, package-read visibility, and Actions run status. Never print, commit, or store the token. - After pushing commits that trigger a Gitea workflow, poll the workflow run until it succeeds. If it fails or is cancelled, inspect the failing job/logs, fix the issue when in scope, push again, and repeat the workflow check loop. Fixing and pushing a workflow failure is not a stopping point. +- Gitea Actions artifacts are not Gitea Package Registry packages. If the user expects a package/download entry, add or verify an explicit registry publish step and verify the package URL after the workflow succeeds. +- Keep Codex kit files in source control for agents, but exclude them from user-facing installer/package/release artifacts unless the user explicitly asks to ship repository-maintenance files. ## Commands @@ -29,3 +33,5 @@ If local Node/Rust toolchains are unavailable, use the Gitea runner as the autho - Connected Library supports public HTTPS raw manifest URLs only in v1. - Keep private Git repository authentication out of Connected Library until token storage is designed. - Document new external network calls in `docs/security-review.md`. +- Keep CI publishing secrets in repository or organization secrets. `REGISTRY_TOKEN` is the Gitea package publishing secret. +- Use URL-safe package filenames when publishing to a registry. Do not put raw artifact names with spaces or punctuation directly into upload URLs. diff --git a/CHANGELOG.md b/CHANGELOG.md index c44e8746f..2c994e8c8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,4 +6,5 @@ All notable Modrinth Plus changes are documented here. - Added Connected Library for public Git-hosted `modrinth-plus.json` modpack manifests. - Added Gitea Actions verification for the Modrinth Plus fork. +- Added Windows installer publishing to the Gitea generic package registry. - Added Codex repository context and release/security documentation.