+22 -27

.forgejo/workflows/ci.yaml

··· 7 8 jobs: 9 check: 10 - runs-on: codeberg-small-lazy 11 container: 12 - image: docker.io/library/node:24-trixie-slim@sha256:ef4ca6d078dd18322059a1f051225f7bbfc2bb60c16cbb5d8a1ba2cc8964fe8a 13 steps: 14 - name: Check out source code 15 - uses: https://code.forgejo.org/actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 16 - name: Set up toolchain 17 - uses: https://code.forgejo.org/actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6 18 with: 19 go-version: '>=1.25.0' 20 - name: Install dependencies ··· 34 # IMPORTANT: This workflow step will not work without the Releases unit enabled! 35 if: ${{ forge.ref == 'refs/heads/main' || startsWith(forge.event.ref, 'refs/tags/v') }} 36 needs: [check] 37 - runs-on: codeberg-small-lazy 38 container: 39 - image: docker.io/library/node:24-trixie-slim@sha256:ef4ca6d078dd18322059a1f051225f7bbfc2bb60c16cbb5d8a1ba2cc8964fe8a 40 steps: 41 - name: Check out source code 42 - uses: https://code.forgejo.org/actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 43 - name: Set up toolchain 44 - uses: https://code.forgejo.org/actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6 45 with: 46 go-version: '>=1.25.0' 47 - name: Install dependencies ··· 59 build linux arm64 60 build darwin arm64 61 - name: Create release 62 - uses: https://code.forgejo.org/actions/forgejo-release@v2.7.3 63 with: 64 tag: ${{ startsWith(forge.event.ref, 'refs/tags/v') && forge.ref_name || 'latest' }} 65 release-dir: assets ··· 70 package: 71 if: ${{ forge.ref == 'refs/heads/main' || startsWith(forge.event.ref, 'refs/tags/v') }} 72 needs: [check] 73 - runs-on: codeberg-small-lazy 74 container: 75 - image: docker.io/library/node:24-trixie-slim@sha256:ef4ca6d078dd18322059a1f051225f7bbfc2bb60c16cbb5d8a1ba2cc8964fe8a 76 steps: 77 - name: Install dependencies 78 run: | 79 apt-get -y update 80 - apt-get -y install buildah ca-certificates 81 - name: Check out source code 82 - uses: https://code.forgejo.org/actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5 83 - name: Build container 84 run: | 85 printf '[storage]\ndriver="vfs"\nrunroot="/run/containers/storage"\ngraphroot="/var/lib/containers/storage"\n' | tee /etc/containers/storage.conf 86 - buildah build --arch=amd64 --tag=container:${VER}-amd64 . 87 - buildah build --arch=arm64 --tag=container:${VER}-arm64 . 88 - buildah manifest create container:${VER} \ 89 - container:${VER}-amd64 \ 90 - container:${VER}-arm64 91 env: 92 BUILDAH_ISOLATION: chroot 93 - VER: ${{ startsWith(forge.event.ref, 'refs/tags/v') && forge.ref_name || 'latest' }} 94 - if: ${{ forge.repository == 'git-pages/git-pages-cli' }} 95 name: Push container to Codeberg 96 run: | 97 - buildah login --authfile=/tmp/authfile-${FORGE}.json \ 98 -u ${{ vars.PACKAGES_USER }} -p ${{ secrets.PACKAGES_TOKEN }} ${FORGE} 99 - buildah manifest push --authfile=/tmp/authfile-${FORGE}.json \ 100 - --all container:${VER} "docker://${FORGE}/${{ forge.repository }}:${VER/v/}" 101 env: 102 - BUILDAH_ISOLATION: chroot 103 FORGE: codeberg.org 104 VER: ${{ startsWith(forge.event.ref, 'refs/tags/v') && forge.ref_name || 'latest' }} 105 - if: ${{ forge.repository == 'git-pages/git-pages-cli' }} 106 name: Push container to code.forgejo.org 107 run: | 108 - buildah login --authfile=/tmp/authfile-${FORGE}.json \ 109 -u ${{ vars.PACKAGES_USER }} -p ${{ secrets.CFO_PACKAGES_TOKEN }} ${FORGE} 110 - buildah manifest push --authfile=/tmp/authfile-${FORGE}.json \ 111 - --all container:${VER} "docker://${FORGE}/${{ forge.repository }}:${VER/v/}" 112 env: 113 - BUILDAH_ISOLATION: chroot 114 FORGE: code.forgejo.org 115 VER: ${{ startsWith(forge.event.ref, 'refs/tags/v') && forge.ref_name || 'latest' }}

··· 7 8 jobs: 9 check: 10 + runs-on: debian-trixie 11 container: 12 + image: docker.io/library/node:24-trixie-slim@sha256:b05474903f463ce4064c09986525e6588c3e66c51b69be9c93a39fb359f883ce 13 steps: 14 - name: Check out source code 15 + uses: https://code.forgejo.org/actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 16 - name: Set up toolchain 17 + uses: https://code.forgejo.org/actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 18 with: 19 go-version: '>=1.25.0' 20 - name: Install dependencies ··· 34 # IMPORTANT: This workflow step will not work without the Releases unit enabled! 35 if: ${{ forge.ref == 'refs/heads/main' || startsWith(forge.event.ref, 'refs/tags/v') }} 36 needs: [check] 37 + runs-on: debian-trixie 38 container: 39 + image: docker.io/library/node:24-trixie-slim@sha256:b05474903f463ce4064c09986525e6588c3e66c51b69be9c93a39fb359f883ce 40 steps: 41 - name: Check out source code 42 + uses: https://code.forgejo.org/actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 43 - name: Set up toolchain 44 + uses: https://code.forgejo.org/actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6.1.0 45 with: 46 go-version: '>=1.25.0' 47 - name: Install dependencies ··· 59 build linux arm64 60 build darwin arm64 61 - name: Create release 62 + uses: https://code.forgejo.org/actions/forgejo-release@fc0488c944626f9265d87fbc4dd6c08f78014c63 # v2.7.3 63 with: 64 tag: ${{ startsWith(forge.event.ref, 'refs/tags/v') && forge.ref_name || 'latest' }} 65 release-dir: assets ··· 70 package: 71 if: ${{ forge.ref == 'refs/heads/main' || startsWith(forge.event.ref, 'refs/tags/v') }} 72 needs: [check] 73 + runs-on: debian-trixie 74 container: 75 + image: docker.io/library/node:24-trixie-slim@sha256:b05474903f463ce4064c09986525e6588c3e66c51b69be9c93a39fb359f883ce 76 steps: 77 - name: Install dependencies 78 run: | 79 apt-get -y update 80 + apt-get -y install ca-certificates buildah qemu-user-binfmt 81 - name: Check out source code 82 + uses: https://code.forgejo.org/actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 83 - name: Build container 84 run: | 85 printf '[storage]\ndriver="vfs"\nrunroot="/run/containers/storage"\ngraphroot="/var/lib/containers/storage"\n' | tee /etc/containers/storage.conf 86 + buildah build --arch=amd64 --tag=container:amd64 87 + buildah build --arch=arm64 --tag=container:arm64 88 + buildah manifest create container container:amd64 container:arm64 0 0 89 env: 90 BUILDAH_ISOLATION: chroot 0 91 - if: ${{ forge.repository == 'git-pages/git-pages-cli' }} 92 name: Push container to Codeberg 93 run: | 94 + buildah login --authfile=/tmp/authfile.json \ 95 -u ${{ vars.PACKAGES_USER }} -p ${{ secrets.PACKAGES_TOKEN }} ${FORGE} 96 + buildah manifest push --authfile=/tmp/authfile.json \ 97 + --all container "docker://${FORGE}/${{ forge.repository }}:${VER/v/}" 98 env: 0 99 FORGE: codeberg.org 100 VER: ${{ startsWith(forge.event.ref, 'refs/tags/v') && forge.ref_name || 'latest' }} 101 - if: ${{ forge.repository == 'git-pages/git-pages-cli' }} 102 name: Push container to code.forgejo.org 103 run: | 104 + buildah login --authfile=/tmp/authfile.json \ 105 -u ${{ vars.PACKAGES_USER }} -p ${{ secrets.CFO_PACKAGES_TOKEN }} ${FORGE} 106 + buildah manifest push --authfile=/tmp/authfile.json \ 107 + --all container "docker://${FORGE}/${{ forge.repository }}:${VER/v/}" 108 env: 0 109 FORGE: code.forgejo.org 110 VER: ${{ startsWith(forge.event.ref, 'refs/tags/v') && forge.ref_name || 'latest' }}

+1 -1

Dockerfile

··· 1 - FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.25-alpine@sha256:d3f0cf7723f3429e3f9ed846243970b20a2de7bae6a5b66fc5914e228d831bbb AS builder 2 ARG TARGETOS TARGETARCH 3 RUN apk --no-cache add ca-certificates git 4 WORKDIR /build

··· 1 + FROM --platform=$BUILDPLATFORM docker.io/library/golang:1.25-alpine@sha256:ac09a5f469f307e5da71e766b0bd59c9c49ea460a528cc3e6686513d64a6f1fb AS builder 2 ARG TARGETOS TARGETARCH 3 RUN apk --no-cache add ca-certificates git 4 WORKDIR /build

-14

LICENSE-0BSD.txt

··· 1 - Copyright (C) git-pages contributors 2 - Copyright (C) Catherine 'whitequark' 3 - 4 - Permission to use, copy, modify, and/or distribute this software for 5 - any purpose with or without fee is hereby granted. 6 - 7 - THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 - WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 - MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 - ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 - WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 12 - AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT 13 - OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 -

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0

+14

LICENSE.txt

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0

··· 1 + Copyright (C) git-pages contributors 2 + Copyright (C) Catherine 'whitequark' 3 + 4 + Permission to use, copy, modify, and/or distribute this software for 5 + any purpose with or without fee is hereby granted. 6 + 7 + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8 + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9 + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 10 + ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11 + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 12 + AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT 13 + OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 +

+28 -5

README.md

··· 3 4 _git-pages-cli_ is a command-line application for publishing sites to [git-pages]. 5 6 - If you want to publish a site from a Forgejo Actions workflow, use [git-pages/action] instead. 0 7 8 [git-pages]: https://codeberg.org/git-pages/git-pages 9 - [git-pages/action]: https://codeberg.org/git-pages/action 10 11 12 Installation ··· 39 To prepare a DNS challenge for a given site and password: 40 41 ```console 0 0 0 42 $ git-pages-cli https://example.org --password xyz --challenge 43 - _git-pages-challenge.example.org. 3600 IN TXT "317716dee4379c167e8b5ce9df38eb880e043e5a842d160fe8d5bb408ee0c191" 44 $ git-pages-cli https://example.org --password xyz --challenge-bare 45 - 317716dee4379c167e8b5ce9df38eb880e043e5a842d160fe8d5bb408ee0c191 46 ``` 47 48 To publish a site from a git repository available on the internet (`--password` may be omitted if the repository is allowlisted via DNS): ··· 70 $ git-pages-cli https://example.org --server grebedoc.dev --password xyz --upload-dir ... 71 ``` 72 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 73 74 Advanced usage 75 -------------- ··· 103 License 104 ------- 105 106 - [0-clause BSD](LICENSE-0BSD.txt)

··· 3 4 _git-pages-cli_ is a command-line application for publishing sites to [git-pages]. 5 6 + > [!TIP] 7 + > If you want to publish a site from a CI workflow, use the [Forgejo Action][git-pages-action] instead. 8 9 [git-pages]: https://codeberg.org/git-pages/git-pages 10 + [git-pages-action]: https://codeberg.org/git-pages/action 11 12 13 Installation ··· 40 To prepare a DNS challenge for a given site and password: 41 42 ```console 43 + $ git-pages-cli https://example.org --challenge # generate a random password 44 + password: 28a616f4-2fbe-456b-8456-056d1f38e815 45 + _git-pages-challenge.example.org. 3600 IN TXT "a59ecb58f7256fc5afb6b96892501007b0b65d64f251b1aca749b0fca61d582c" 46 $ git-pages-cli https://example.org --password xyz --challenge 47 + _git-pages-challenge.example.org. 3600 IN TXT "6c47172c027b3c79358f9f8c110886baf4826d9bc2a1c7d0f439cc770ed42dc8" 48 $ git-pages-cli https://example.org --password xyz --challenge-bare 49 + 6c47172c027b3c79358f9f8c110886baf4826d9bc2a1c7d0f439cc770ed42dc8 50 ``` 51 52 To publish a site from a git repository available on the internet (`--password` may be omitted if the repository is allowlisted via DNS): ··· 74 $ git-pages-cli https://example.org --server grebedoc.dev --password xyz --upload-dir ... 75 ``` 76 77 + ### Forge authorization 78 + 79 + Uploading a directory to a site on a wildcard domain (e.g. `https://<owner>.grebedoc.dev/<repo>`) requires the use of an access token with push permissions for the corresponding repository (`https://codeberg.org/<owner>/<repo>.git` in this case). 80 + 81 + To create such an access token on Forgejo: 82 + 1. Open _Settings_ > _Applications_ > _Access tokens_. 83 + 1. Expand _Select permissions_, pick _Read and write_ under _repository_. 84 + 1. Set _Token name_ to something informative (e.g. "git-pages publishing"). 85 + 1. Click _Generate token_. 86 + 1. The token will appear in a notification (a long string of hexadecimal numbers all on its own). 87 + 88 + To deploy using an access token: 89 + 90 + ```console 91 + $ git-pages-cli https://username.grebedoc.dev --token <token> --upload-dir ... 92 + ``` 93 + 94 + **Keep the access token safe and secure!** Anyone who has it will be able to change the data in any of your repositories. 95 + 96 97 Advanced usage 98 -------------- ··· 126 License 127 ------- 128 129 + [0-clause BSD](LICENSE.txt)

+24

flake.lock

··· 18 "type": "github" 19 } 20 }, 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 21 "nix-filter": { 22 "locked": { 23 "lastModified": 1757882181, ··· 52 "root": { 53 "inputs": { 54 "flake-utils": "flake-utils", 0 55 "nix-filter": "nix-filter", 56 "nixpkgs": "nixpkgs" 57 }

··· 18 "type": "github" 19 } 20 }, 21 + "gomod2nix": { 22 + "inputs": { 23 + "flake-utils": [ 24 + "flake-utils" 25 + ], 26 + "nixpkgs": [ 27 + "nixpkgs" 28 + ] 29 + }, 30 + "locked": { 31 + "lastModified": 1763982521, 32 + "narHash": "sha256-ur4QIAHwgFc0vXiaxn5No/FuZicxBr2p0gmT54xZkUQ=", 33 + "owner": "nix-community", 34 + "repo": "gomod2nix", 35 + "rev": "02e63a239d6eabd595db56852535992c898eba72", 36 + "type": "github" 37 + }, 38 + "original": { 39 + "owner": "nix-community", 40 + "repo": "gomod2nix", 41 + "type": "github" 42 + } 43 + }, 44 "nix-filter": { 45 "locked": { 46 "lastModified": 1757882181, ··· 75 "root": { 76 "inputs": { 77 "flake-utils": "flake-utils", 78 + "gomod2nix": "gomod2nix", 79 "nix-filter": "nix-filter", 80 "nixpkgs": "nixpkgs" 81 }

+22 -4

flake.nix

··· 3 nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; 4 flake-utils.url = "github:numtide/flake-utils"; 5 nix-filter.url = "github:numtide/nix-filter"; 0 0 0 0 0 0 6 }; 7 8 outputs = ··· 11 nixpkgs, 12 flake-utils, 13 nix-filter, 14 - }: 0 15 flake-utils.lib.eachDefaultSystem ( 16 system: 17 let 18 - pkgs = nixpkgs.legacyPackages.${system}; 0 19 20 - git-pages-cli = pkgs.buildGo125Module { 0 0 0 0 0 21 pname = "git-pages-cli"; 22 version = "0"; 23 ··· 41 "-s -w" 42 ]; 43 44 - vendorHash = "sha256-5vjUhN3lCr41q91lOD7v0F9c6a8GJj7wBGnnzgFBhJU="; 0 45 }; 46 in 47 { ··· 50 devShells.default = pkgs.mkShell { 51 inputsFrom = [ 52 git-pages-cli 0 0 0 0 53 ]; 54 }; 55

··· 3 nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; 4 flake-utils.url = "github:numtide/flake-utils"; 5 nix-filter.url = "github:numtide/nix-filter"; 6 + 7 + gomod2nix = { 8 + url = "github:nix-community/gomod2nix"; 9 + inputs.nixpkgs.follows = "nixpkgs"; 10 + inputs.flake-utils.follows = "flake-utils"; 11 + }; 12 }; 13 14 outputs = ··· 17 nixpkgs, 18 flake-utils, 19 nix-filter, 20 + ... 21 + }@inputs: 22 flake-utils.lib.eachDefaultSystem ( 23 system: 24 let 25 + pkgs = import nixpkgs { 26 + inherit system; 27 28 + overlays = [ 29 + inputs.gomod2nix.overlays.default 30 + ]; 31 + }; 32 + 33 + git-pages-cli = pkgs.buildGoApplication { 34 pname = "git-pages-cli"; 35 version = "0"; 36 ··· 54 "-s -w" 55 ]; 56 57 + go = pkgs.go_1_25; 58 + modules = ./gomod2nix.toml; 59 }; 60 in 61 { ··· 64 devShells.default = pkgs.mkShell { 65 inputsFrom = [ 66 git-pages-cli 67 + ]; 68 + 69 + packages = with pkgs; [ 70 + gomod2nix 71 ]; 72 }; 73

+2 -2

go.mod

··· 3 go 1.25.0 4 5 require ( 6 - github.com/klauspost/compress v1.18.1 7 - github.com/spf13/pflag v1.0.10 8 github.com/google/uuid v1.6.0 0 0 9 )

··· 3 go 1.25.0 4 5 require ( 0 0 6 github.com/google/uuid v1.6.0 7 + github.com/klauspost/compress v1.18.2 8 + github.com/spf13/pflag v1.0.10 9 )

+2 -2

go.sum

··· 1 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= 2 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 3 - github.com/klauspost/compress v1.18.1 h1:bcSGx7UbpBqMChDtsF28Lw6v/G94LPrrbMbdC3JH2co= 4 - github.com/klauspost/compress v1.18.1/go.mod h1:ZQFFVG+MdnR0P+l6wpXgIL4NTtwiKIdBnrBd8Nrxr+0= 5 github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= 6 github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=

··· 1 github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= 2 github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 3 + github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk= 4 + github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= 5 github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk= 6 github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=

+12

gomod2nix.toml

··· 0 0 0 0 0 0 0 0 0 0 0 0

··· 1 + schema = 3 2 + 3 + [mod] 4 + [mod."github.com/google/uuid"] 5 + version = "v1.6.0" 6 + hash = "sha256-VWl9sqUzdOuhW0KzQlv0gwwUQClYkmZwSydHG2sALYw=" 7 + [mod."github.com/klauspost/compress"] 8 + version = "v1.18.2" 9 + hash = "sha256-mRa+6qEi5joqQao13ZFogmq67rOQzHCVbCCjKA+HKEc=" 10 + [mod."github.com/spf13/pflag"] 11 + version = "v1.0.10" 12 + hash = "sha256-uDPnWjHpSrzXr17KEYEA1yAbizfcsfo5AyztY2tS6ZU="

+242 -70

main.go

··· 2 3 import ( 4 "archive/tar" 0 5 "bytes" 0 6 "crypto/sha256" 0 0 7 "fmt" 8 "io" 9 "io/fs" ··· 11 "net/url" 12 "os" 13 "runtime/debug" 0 0 14 15 "github.com/google/uuid" 16 "github.com/klauspost/compress/zstd" 17 "github.com/spf13/pflag" 18 ) 19 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 20 var passwordFlag = pflag.String("password", "", "password for DNS challenge authorization") 0 21 var challengeFlag = pflag.Bool("challenge", false, "compute DNS challenge entry from password (output zone file record)") 22 var challengeBareFlag = pflag.Bool("challenge-bare", false, "compute DNS challenge entry from password (output bare TXT value)") 23 var uploadGitFlag = pflag.String("upload-git", "", "replace site with contents of specified git repository") 24 - var uploadDirFlag = pflag.String("upload-dir", "", "replace site with contents of specified directory") 25 - var deleteFlag = pflag.Bool("delete", false, "delete site") 26 var debugManifestFlag = pflag.Bool("debug-manifest", false, "retrieve site manifest as ProtoJSON, for debugging") 27 var serverFlag = pflag.String("server", "", "hostname of server to connect to") 28 - var verboseFlag = pflag.Bool("verbose", false, "display more information for debugging") 29 - var versionFlag = pflag.Bool("version", false, "display version information") 0 0 0 0 30 31 func singleOperation() bool { 32 operations := 0 ··· 54 return operations == 1 55 } 56 57 - func versionInfo() string { 58 - version := "(unknown)" 59 - if versionOverride != "" { 60 - version = versionOverride 61 - } else if buildInfo, ok := debug.ReadBuildInfo(); ok { 62 - version = buildInfo.Main.Version 63 - } 64 - return fmt.Sprintf("git-pages-cli %s", version) 65 } 66 67 - func displayFS(root fs.FS) error { 68 return fs.WalkDir(root, ".", func(name string, entry fs.DirEntry, err error) error { 69 if err != nil { 70 return err 71 } 72 switch { 73 - case entry.Type() == 0: 74 - fmt.Fprintln(os.Stderr, "file", name) 75 - case entry.Type() == fs.ModeDir: 76 - fmt.Fprintln(os.Stderr, "dir", name) 77 case entry.Type() == fs.ModeSymlink: 78 - fmt.Fprintln(os.Stderr, "symlink", name) 79 default: 80 - fmt.Fprintln(os.Stderr, "other", name) 81 } 82 return nil 83 }) 84 } 85 86 - func archiveFS(root fs.FS) (result []byte, err error) { 87 - buffer := bytes.Buffer{} 88 - zstdWriter, _ := zstd.NewWriter(&buffer) 0 0 0 0 0 0 0 89 tarWriter := tar.NewWriter(zstdWriter) 90 - err = tarWriter.AddFS(root) 91 - if err != nil { 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 92 return 93 } 94 - err = tarWriter.Close() 95 - if err != nil { 96 return 97 } 98 - err = zstdWriter.Close() 99 - if err != nil { 100 return 101 } 102 - result = buffer.Bytes() 103 return 104 } 105 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 106 func main() { 0 107 pflag.Parse() 108 if !singleOperation() || (!*versionFlag && len(pflag.Args()) != 1) { 109 - fmt.Fprintf(os.Stderr, 110 - "Usage: %s <site-url> [--challenge|--upload-git url|--upload-dir path|--delete]\n", 111 - os.Args[0], 112 - ) 113 - os.Exit(125) 114 } 115 116 if *versionFlag { ··· 118 os.Exit(0) 119 } 120 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 121 var err error 122 siteURL, err := url.Parse(pflag.Args()[0]) 123 if err != nil { ··· 126 } 127 128 var request *http.Request 0 129 switch { 130 case *challengeFlag || *challengeBareFlag: 131 if *passwordFlag == "" { ··· 157 request.Header.Add("Content-Type", "application/x-www-form-urlencoded") 158 159 case *uploadDirFlag != "": 160 - uploadDirFS, err := os.OpenRoot(*uploadDirFlag) 161 if err != nil { 162 fmt.Fprintf(os.Stderr, "error: invalid directory: %s\n", err) 163 os.Exit(1) 164 } 165 166 if *verboseFlag { 167 - err := displayFS(uploadDirFS.FS()) 168 if err != nil { 169 fmt.Fprintf(os.Stderr, "error: %s\n", err) 170 os.Exit(1) 171 } 172 } 173 174 - requestBody, err := archiveFS(uploadDirFS.FS()) 175 - if err != nil { 176 - fmt.Fprintf(os.Stderr, "error: %s\n", err) 177 - os.Exit(1) 178 } 179 - 180 - request, err = http.NewRequest("PUT", siteURL.String(), bytes.NewReader(requestBody)) 181 if err != nil { 182 fmt.Fprintf(os.Stderr, "error: %s\n", err) 183 os.Exit(1) 184 } 0 0 185 request.Header.Add("Content-Type", "application/x-tar+zstd") 0 0 0 0 0 0 186 187 case *deleteFlag: 188 - request, err = http.NewRequest("DELETE", siteURL.String(), bytes.NewReader([]byte{})) 189 - if err != nil { 190 - fmt.Fprintf(os.Stderr, "error: %s\n", err) 191 - os.Exit(1) 0 0 0 0 0 0 0 0 0 192 } 193 194 case *debugManifestFlag: 195 manifestURL := siteURL.ResolveReference(&url.URL{Path: ".git-pages/manifest.json"}) 196 - request, err = http.NewRequest("GET", manifestURL.String(), bytes.NewReader([]byte{})) 197 if err != nil { 198 fmt.Fprintf(os.Stderr, "error: %s\n", err) 199 os.Exit(1) ··· 203 panic("no operation chosen") 204 } 205 request.Header.Add("User-Agent", versionInfo()) 206 - if *passwordFlag != "" { 0 0 0 0 0 0 0 0 0 0 207 request.Header.Add("Authorization", fmt.Sprintf("Pages %s", *passwordFlag)) 0 0 208 } 209 if *serverFlag != "" { 210 // Send the request to `--server` host, but set the `Host:` header to the site host. ··· 217 request.Header.Set("Host", siteURL.Host) 218 } 219 220 - response, err := http.DefaultClient.Do(request) 221 - if err != nil { 222 - fmt.Fprintf(os.Stderr, "error: %s\n", err) 223 - os.Exit(1) 224 - } 225 - if *verboseFlag { 226 - fmt.Fprintf(os.Stderr, "server: %s\n", response.Header.Get("Server")) 227 - } 228 - if *debugManifestFlag { 229 - if response.StatusCode == 200 { 230 - io.Copy(os.Stdout, response.Body) 231 - fmt.Fprintf(os.Stdout, "\n") 232 - } else { 233 - io.Copy(os.Stderr, response.Body) 234 os.Exit(1) 235 } 236 - } else { // an update operation 237 - if response.StatusCode == 200 { 238 - fmt.Fprintf(os.Stdout, "result: %s\n", response.Header.Get("Update-Result")) 239 - io.Copy(os.Stdout, response.Body) 240 - } else { 241 - fmt.Fprintf(os.Stderr, "result: error\n") 242 - io.Copy(os.Stderr, response.Body) 243 - os.Exit(1) 244 } 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 245 } 246 }

··· 2 3 import ( 4 "archive/tar" 5 + "bufio" 6 "bytes" 7 + "crypto" 8 "crypto/sha256" 9 + "encoding/hex" 10 + "errors" 11 "fmt" 12 "io" 13 "io/fs" ··· 15 "net/url" 16 "os" 17 "runtime/debug" 18 + "strconv" 19 + "strings" 20 21 "github.com/google/uuid" 22 "github.com/klauspost/compress/zstd" 23 "github.com/spf13/pflag" 24 ) 25 26 + // By default the version information is retrieved from VCS. If not available during build, 27 + // override this variable using linker flags to change the displayed version. 28 + // Example: `-ldflags "-X main.versionOverride=v1.2.3"` 29 + var versionOverride = "" 30 + 31 + func versionInfo() string { 32 + version := "(unknown)" 33 + if versionOverride != "" { 34 + version = versionOverride 35 + } else if buildInfo, ok := debug.ReadBuildInfo(); ok { 36 + version = buildInfo.Main.Version 37 + } 38 + return fmt.Sprintf("git-pages-cli %s", version) 39 + } 40 + 41 var passwordFlag = pflag.String("password", "", "password for DNS challenge authorization") 42 + var tokenFlag = pflag.String("token", "", "token for forge authorization") 43 var challengeFlag = pflag.Bool("challenge", false, "compute DNS challenge entry from password (output zone file record)") 44 var challengeBareFlag = pflag.Bool("challenge-bare", false, "compute DNS challenge entry from password (output bare TXT value)") 45 var uploadGitFlag = pflag.String("upload-git", "", "replace site with contents of specified git repository") 46 + var uploadDirFlag = pflag.String("upload-dir", "", "replace whole site or a path with contents of specified directory") 47 + var deleteFlag = pflag.Bool("delete", false, "delete whole site or a path") 48 var debugManifestFlag = pflag.Bool("debug-manifest", false, "retrieve site manifest as ProtoJSON, for debugging") 49 var serverFlag = pflag.String("server", "", "hostname of server to connect to") 50 + var pathFlag = pflag.String("path", "", "partially update site at specified path") 51 + var parentsFlag = pflag.Bool("parents", false, "create parent directories of --path") 52 + var atomicFlag = pflag.Bool("atomic", false, "require partial updates to be atomic") 53 + var incrementalFlag = pflag.Bool("incremental", false, "make --upload-dir only upload changed files") 54 + var verboseFlag = pflag.BoolP("verbose", "v", false, "display more information for debugging") 55 + var versionFlag = pflag.BoolP("version", "V", false, "display version information") 56 57 func singleOperation() bool { 58 operations := 0 ··· 80 return operations == 1 81 } 82 83 + func gitBlobSHA256(data []byte) string { 84 + h := crypto.SHA256.New() 85 + h.Write([]byte("blob ")) 86 + h.Write([]byte(strconv.FormatInt(int64(len(data)), 10))) 87 + h.Write([]byte{0}) 88 + h.Write(data) 89 + return hex.EncodeToString(h.Sum(nil)) 0 90 } 91 92 + func displayFS(root fs.FS, prefix string) error { 93 return fs.WalkDir(root, ".", func(name string, entry fs.DirEntry, err error) error { 94 if err != nil { 95 return err 96 } 97 switch { 98 + case entry.Type().IsDir(): 99 + fmt.Fprintf(os.Stderr, "dir %s%s\n", prefix, name) 100 + case entry.Type().IsRegular(): 101 + fmt.Fprintf(os.Stderr, "file %s%s\n", prefix, name) 102 case entry.Type() == fs.ModeSymlink: 103 + fmt.Fprintf(os.Stderr, "symlink %s%s\n", prefix, name) 104 default: 105 + fmt.Fprintf(os.Stderr, "other %s%s\n", prefix, name) 106 } 107 return nil 108 }) 109 } 110 111 + // It doesn't make sense to use incremental updates for very small files since the cost of 112 + // repeating a request to fill in a missing blob is likely to be higher than any savings gained. 113 + const incrementalSizeThreshold = 256 114 + 115 + func archiveFS(writer io.Writer, root fs.FS, prefix string, needBlobs []string) (err error) { 116 + requestedSet := make(map[string]struct{}) 117 + for _, hash := range needBlobs { 118 + requestedSet[hash] = struct{}{} 119 + } 120 + zstdWriter, _ := zstd.NewWriter(writer) 121 tarWriter := tar.NewWriter(zstdWriter) 122 + if err = fs.WalkDir(root, ".", func(name string, entry fs.DirEntry, err error) error { 123 + if err != nil { 124 + return err 125 + } 126 + header := &tar.Header{} 127 + data := []byte{} 128 + if prefix == "" && name == "." { 129 + return nil 130 + } else if name == "." { 131 + header.Name = prefix 132 + } else { 133 + header.Name = prefix + name 134 + } 135 + switch { 136 + case entry.Type().IsDir(): 137 + header.Typeflag = tar.TypeDir 138 + header.Name += "/" 139 + case entry.Type().IsRegular(): 140 + header.Typeflag = tar.TypeReg 141 + if data, err = fs.ReadFile(root, name); err != nil { 142 + return err 143 + } 144 + if *incrementalFlag && len(data) > incrementalSizeThreshold { 145 + hash := gitBlobSHA256(data) 146 + if _, requested := requestedSet[hash]; !requested { 147 + header.Typeflag = tar.TypeSymlink 148 + header.Linkname = "/git/blobs/" + hash 149 + data = nil 150 + } 151 + } 152 + case entry.Type() == fs.ModeSymlink: 153 + header.Typeflag = tar.TypeSymlink 154 + if header.Linkname, err = fs.ReadLink(root, name); err != nil { 155 + return err 156 + } 157 + default: 158 + return errors.New("tar: cannot add non-regular file") 159 + } 160 + header.Size = int64(len(data)) 161 + if err = tarWriter.WriteHeader(header); err != nil { 162 + return err 163 + } 164 + if _, err = tarWriter.Write(data); err != nil { 165 + return err 166 + } 167 + return err 168 + }); err != nil { 169 return 170 } 171 + if err = tarWriter.Close(); err != nil { 0 172 return 173 } 174 + if err = zstdWriter.Close(); err != nil { 0 175 return 176 } 0 177 return 178 } 179 180 + // Stream archive data without ever loading the entire working set into RAM. 181 + func streamArchiveFS(root fs.FS, prefix string, needBlobs []string) io.ReadCloser { 182 + reader, writer := io.Pipe() 183 + go func() { 184 + err := archiveFS(writer, root, prefix, needBlobs) 185 + if err != nil { 186 + writer.CloseWithError(err) 187 + } else { 188 + writer.Close() 189 + } 190 + }() 191 + return reader 192 + } 193 + 194 + func makeWhiteout(path string) (reader io.Reader) { 195 + buffer := &bytes.Buffer{} 196 + tarWriter := tar.NewWriter(buffer) 197 + tarWriter.WriteHeader(&tar.Header{ 198 + Typeflag: tar.TypeChar, 199 + Name: path, 200 + }) 201 + tarWriter.Flush() 202 + return buffer 203 + } 204 + 205 + const usageExitCode = 125 206 + 207 + func usage() { 208 + fmt.Fprintf(os.Stderr, 209 + "Usage: %s <site-url> {--challenge|--upload-git url|--upload-dir path|--delete} [options...]\n", 210 + os.Args[0], 211 + ) 212 + pflag.PrintDefaults() 213 + } 214 + 215 func main() { 216 + pflag.Usage = usage 217 pflag.Parse() 218 if !singleOperation() || (!*versionFlag && len(pflag.Args()) != 1) { 219 + pflag.Usage() 220 + os.Exit(usageExitCode) 0 0 0 221 } 222 223 if *versionFlag { ··· 225 os.Exit(0) 226 } 227 228 + if *passwordFlag != "" && *tokenFlag != "" { 229 + fmt.Fprintf(os.Stderr, "--password and --token are mutually exclusive") 230 + os.Exit(usageExitCode) 231 + } 232 + 233 + var pathPrefix string 234 + if *pathFlag != "" { 235 + if *uploadDirFlag == "" && !*deleteFlag { 236 + fmt.Fprintf(os.Stderr, "--path requires --upload-dir or --delete") 237 + os.Exit(usageExitCode) 238 + } else { 239 + pathPrefix = strings.Trim(*pathFlag, "/") + "/" 240 + } 241 + } 242 + 243 var err error 244 siteURL, err := url.Parse(pflag.Args()[0]) 245 if err != nil { ··· 248 } 249 250 var request *http.Request 251 + var uploadDir *os.Root 252 switch { 253 case *challengeFlag || *challengeBareFlag: 254 if *passwordFlag == "" { ··· 280 request.Header.Add("Content-Type", "application/x-www-form-urlencoded") 281 282 case *uploadDirFlag != "": 283 + uploadDir, err = os.OpenRoot(*uploadDirFlag) 284 if err != nil { 285 fmt.Fprintf(os.Stderr, "error: invalid directory: %s\n", err) 286 os.Exit(1) 287 } 288 289 if *verboseFlag { 290 + err := displayFS(uploadDir.FS(), pathPrefix) 291 if err != nil { 292 fmt.Fprintf(os.Stderr, "error: %s\n", err) 293 os.Exit(1) 294 } 295 } 296 297 + if *pathFlag == "" { 298 + request, err = http.NewRequest("PUT", siteURL.String(), nil) 299 + } else { 300 + request, err = http.NewRequest("PATCH", siteURL.String(), nil) 301 } 0 0 302 if err != nil { 303 fmt.Fprintf(os.Stderr, "error: %s\n", err) 304 os.Exit(1) 305 } 306 + request.Body = streamArchiveFS(uploadDir.FS(), pathPrefix, []string{}) 307 + request.ContentLength = -1 308 request.Header.Add("Content-Type", "application/x-tar+zstd") 309 + request.Header.Add("Accept", "application/vnd.git-pages.unresolved;q=1.0, text/plain;q=0.9") 310 + if *parentsFlag { 311 + request.Header.Add("Create-Parents", "yes") 312 + } else { 313 + request.Header.Add("Create-Parents", "no") 314 + } 315 316 case *deleteFlag: 317 + if *pathFlag == "" { 318 + request, err = http.NewRequest("DELETE", siteURL.String(), nil) 319 + if err != nil { 320 + fmt.Fprintf(os.Stderr, "error: %s\n", err) 321 + os.Exit(1) 322 + } 323 + } else { 324 + request, err = http.NewRequest("PATCH", siteURL.String(), makeWhiteout(pathPrefix)) 325 + if err != nil { 326 + fmt.Fprintf(os.Stderr, "error: %s\n", err) 327 + os.Exit(1) 328 + } 329 + request.Header.Add("Content-Type", "application/x-tar") 330 } 331 332 case *debugManifestFlag: 333 manifestURL := siteURL.ResolveReference(&url.URL{Path: ".git-pages/manifest.json"}) 334 + request, err = http.NewRequest("GET", manifestURL.String(), nil) 335 if err != nil { 336 fmt.Fprintf(os.Stderr, "error: %s\n", err) 337 os.Exit(1) ··· 341 panic("no operation chosen") 342 } 343 request.Header.Add("User-Agent", versionInfo()) 344 + if request.Method == "PATCH" { 345 + if *atomicFlag { 346 + request.Header.Add("Atomic", "yes") 347 + request.Header.Add("Race-Free", "yes") // deprecated name, to be removed soon 348 + } else { 349 + request.Header.Add("Atomic", "no") 350 + request.Header.Add("Race-Free", "no") // deprecated name, to be removed soon 351 + } 352 + } 353 + switch { 354 + case *passwordFlag != "": 355 request.Header.Add("Authorization", fmt.Sprintf("Pages %s", *passwordFlag)) 356 + case *tokenFlag != "": 357 + request.Header.Add("Forge-Authorization", fmt.Sprintf("token %s", *tokenFlag)) 358 } 359 if *serverFlag != "" { 360 // Send the request to `--server` host, but set the `Host:` header to the site host. ··· 367 request.Header.Set("Host", siteURL.Host) 368 } 369 370 + displayServer := *verboseFlag 371 + for { 372 + response, err := http.DefaultClient.Do(request) 373 + if err != nil { 374 + fmt.Fprintf(os.Stderr, "error: %s\n", err) 0 0 0 0 0 0 0 0 0 375 os.Exit(1) 376 } 377 + if displayServer { 378 + fmt.Fprintf(os.Stderr, "server: %s\n", response.Header.Get("Server")) 379 + displayServer = false 0 0 0 0 0 380 } 381 + if *debugManifestFlag { 382 + if response.StatusCode == http.StatusOK { 383 + io.Copy(os.Stdout, response.Body) 384 + fmt.Fprintf(os.Stdout, "\n") 385 + } else { 386 + io.Copy(os.Stderr, response.Body) 387 + os.Exit(1) 388 + } 389 + } else { // an update operation 390 + if *verboseFlag { 391 + fmt.Fprintf(os.Stderr, "response: %d %s\n", 392 + response.StatusCode, response.Header.Get("Content-Type")) 393 + } 394 + if response.StatusCode == http.StatusUnprocessableEntity && 395 + response.Header.Get("Content-Type") == "application/vnd.git-pages.unresolved" { 396 + needBlobs := []string{} 397 + scanner := bufio.NewScanner(response.Body) 398 + for scanner.Scan() { 399 + needBlobs = append(needBlobs, scanner.Text()) 400 + } 401 + response.Body.Close() 402 + if *verboseFlag { 403 + fmt.Fprintf(os.Stderr, "incremental: need %d blobs\n", len(needBlobs)) 404 + } 405 + request.Body = streamArchiveFS(uploadDir.FS(), pathPrefix, needBlobs) 406 + continue // resubmit 407 + } else if response.StatusCode == http.StatusOK { 408 + fmt.Fprintf(os.Stdout, "result: %s\n", response.Header.Get("Update-Result")) 409 + io.Copy(os.Stdout, response.Body) 410 + } else { 411 + fmt.Fprintf(os.Stderr, "result: error\n") 412 + io.Copy(os.Stderr, response.Body) 413 + os.Exit(1) 414 + } 415 + } 416 + break 417 } 418 }

+3 -1

renovate.json

··· 9 "lockFileMaintenance": { 10 "enabled": true, 11 "automerge": false 12 - } 0 0 13 }

··· 9 "lockFileMaintenance": { 10 "enabled": true, 11 "automerge": false 12 + }, 13 + "semanticCommits": "disabled", 14 + "commitMessagePrefix": "[Renovate]" 15 }

-6

version.go

··· 1 - // By default the version information is retrieved from VCS. 2 - // If not available during build, override it here: 3 - 4 - package main 5 - 6 - const versionOverride = "" // set to e.g. "v1.2.3" as appropriate

··· 0 0 0 0 0 0