Archicratia/archicratie-edition
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs: CI baseline + handoff + workflow snapshot
All checks were successful
CI / build-and-anchors (push) Successful in 52s
Details

Browse Source
This commit is contained in:
Archicratia
2026-01-23 13:17:22 +01:00
parent 587af3e997
commit 12d73fc26e
3 changed files with 181 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
docs/CI-BASELINE.md
View File

@@ -1 +1,33 @@
CI OK: runner=host network + node 22 container + checkout event.json # CI-BASELINE — Gitea Actions + runner Synology (DS220+)
Baseline VALIDÉE :
- runner : container.network = host
- job CI : container Node 22 (conforme engines)
- checkout : sans GitHub, basé sur workflow/event.json
- zéro apt-get dans le workflow
- durcissement DNS Node : NODE_OPTIONS=--dns-result-order=ipv4first
## Runner (DS220+) — configuration de référence
Fichier : /data/config.yaml dans le conteneur runner (ex: gitea-act-runner)
Section container attendue :
container:
network: host
options: >-
--add-host=gitea.archicratie.trans-hands.synology.me:192.168.1.20
-e NODE_OPTIONS=--dns-result-order=ipv4first
Pourquoi : sur cette infra, le DNS du bridge Docker (127.0.0.11) a généré ESERVFAIL / EAI_AGAIN / apt qui ne résout pas.
Le host network stabilise les résolutions (npm registry, deb.debian.org, etc.).
## Smoke test NAS (doit passer)
docker run --rm --network host mcr.microsoft.com/devcontainers/javascript-node:22-bookworm bash -lc "npm ping --registry=https://registry.npmjs.org"
## Symptômes -> cause -> action
- EAI_AGAIN / ESERVFAIL : runner pas en host network -> remettre container.network: host + restart runner
- EBADENGINE : mauvais Node -> container Node 22
- MODULE_NOT_FOUND scripts/check-anchor-aliases.mjs : fichier non commité -> git add/commit/push

123
docs/CI-WORKFLOW.md Normal file
View File

@@ -0,0 +1,123 @@
# CI-WORKFLOW — snapshot de .gitea/workflows/ci.yml
name: CI
on:
push:
pull_request:
branches: ["master"]
env:
NODE_OPTIONS: --dns-result-order=ipv4first
defaults:
run:
shell: bash
jobs:
build-and-anchors:
runs-on: ubuntu-latest
container:
image: mcr.microsoft.com/devcontainers/javascript-node:22-bookworm
steps:
- name: Tools sanity
run: |
set -euo pipefail
git --version
node --version
npm --version
npm ping --registry=https://registry.npmjs.org
# Checkout SANS action externe (pas de github.com)
- name: Checkout (from event.json, no external actions)
run: |
set -euo pipefail
EVENT_JSON="/var/run/act/workflow/event.json"
if [ ! -f "$EVENT_JSON" ]; then
echo "ERROR: missing $EVENT_JSON"
ls -la /var/run/act/workflow || true
exit 1
fi
# 1) Récupère l'URL du repo depuis event.json
REPO_URL="$(node -e '
const fs=require("fs");
const ev=JSON.parse(fs.readFileSync(process.argv[1],"utf8"));
let url = ev.repository?.clone_url || ev.repository?.html_url || "";
if (!url) process.exit(2);
if (!url.endsWith(".git")) url += ".git";
process.stdout.write(url);
' "$EVENT_JSON")"
# 2) Récupère le SHA (push -> after, PR -> pull_request.head.sha)
SHA="$(node -e '
const fs=require("fs");
const ev=JSON.parse(fs.readFileSync(process.argv[1],"utf8"));
const sha =
ev.after ||
ev.pull_request?.head?.sha ||
ev.head_commit?.id ||
"";
process.stdout.write(sha);
' "$EVENT_JSON")"
if [ -z "$SHA" ]; then
echo "ERROR: cannot find SHA in event.json"
node -e 'const ev=require(process.argv[1]); console.log(Object.keys(ev));' "$EVENT_JSON" || true
exit 1
fi
echo "Repo URL: $REPO_URL"
echo "SHA: $SHA"
# 3) Ajoute token si disponible (NE PAS afficher le token)
AUTH_URL="$REPO_URL"
if [ -n "${GITHUB_TOKEN:-}" ] && [[ "$REPO_URL" == https://* ]]; then
AUTH_URL="${REPO_URL/https:\/\//https:\/\/oauth2:${GITHUB_TOKEN}@}"
elif [ -n "${GITEA_TOKEN:-}" ] && [[ "$REPO_URL" == https://* ]]; then
AUTH_URL="${REPO_URL/https:\/\//https:\/\/oauth2:${GITEA_TOKEN}@}"
fi
# 4) Clone minimal + checkout exact du SHA
rm -rf .git || true
git init .
# Optionnel si ton Gitea a un TLS “non standard” (certificat) :
# git config --global http.sslVerify false
git remote add origin "$AUTH_URL"
git fetch --depth=1 origin "$SHA"
git checkout -q FETCH_HEAD
git log -1 --oneline
- name: Anchor aliases schema
run: node scripts/check-anchor-aliases.mjs
- name: NPM harden
run: |
set -euo pipefail
npm config set fetch-retries 5
npm config set fetch-retry-mintimeout 20000
npm config set fetch-retry-maxtimeout 120000
npm config set registry https://registry.npmjs.org
npm config get registry
- name: Install deps
run: npm ci
- name: Inline scripts syntax check
run: node scripts/check-inline-js.mjs
- name: Build
run: npm run build
- name: Verify anchor aliases injected
run: node scripts/verify-anchor-aliases-in-dist.mjs
- name: Anchors contract
run: npm run test:anchors

25
docs/HANDOFF-SESSION.md Normal file
View File

@@ -0,0 +1,25 @@
# HANDOFF — Bilan synthèse (passation)
## Mission
Rendre la CI Gitea Actions fiable (Synology) et sécuriser les ancrages de paragraphes :
- mapping oldId -> newId versionné
- injection build-time dans dist pour préserver les liens profonds
## Causes racines identifiées
1) DNS instable dans les conteneurs de job via bridge Docker (127.0.0.11) sur cette infra
2) Checkout GitHub externe impossible/indésirable + variables GITEA_* parfois absentes
3) engines Node imposent >=22 <23 => EBADENGINE si Node 20
## Résolution validée (baseline)
- Runner : container.network = host
- Job : image Node 22
- Checkout : via workflow/event.json (pas actions/checkout)
- Workflow : pas de apt-get
- Anchors :
- src/anchors/anchor-aliases.json (par route)
- scripts/inject-anchor-aliases.mjs injecte <span id="oldId"> avant lélément id="newId"
- scripts/check-anchor-aliases.mjs valide le schéma en CI
## État actuel
- CI passe (host net + Node 22 + checkout event.json + no apt)
- Injection daliases vérifiée localement dans dist/…/index.html