From 6d723e122ed389fc3779f730f46a06728e2a4611 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 21 Apr 2026 14:48:00 +0000 Subject: [PATCH 1/2] Initial plan From 62c0a4fa1a243f815819bc3d0d70a9cc93c32028 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 21 Apr 2026 14:59:39 +0000 Subject: [PATCH 2/2] fix: consolidated workflows + deps + security + SHA pins Agent-Logs-Url: https://github.com/DavidKRK/DavidKRK.github.io/sessions/7ce31d8d-af7f-4fdd-b453-4a6a08f90e49 Co-authored-by: DavidKRK <136035295+DavidKRK@users.noreply.github.com> --- .github/workflows/codeql.yml | 2 +- .github/workflows/gemini-cli.yml | 2 +- .../gemini-issue-automated-triage.yml | 10 ++--- .../gemini-issue-scheduled-triage.yml | 8 ++-- .github/workflows/gemini-pr-review.yml | 6 +-- .github/workflows/images.yml | 2 +- .github/workflows/jekyll.yml | 2 +- .github/workflows/lighthouse.yml | 4 +- .github/workflows/maintenance.yml | 10 ++--- .github/workflows/music-social.yml | 4 +- .github/workflows/security.yml | 11 +++-- .github/workflows/social-media-post.yml | 2 +- .github/workflows/uptime.yml | 6 +-- .github/workflows/youtube-section-update.yml | 2 +- .gitignore | 43 +++++++++++++++++-- LICENSE | 21 +++++++++ 16 files changed, 95 insertions(+), 40 deletions(-) create mode 100644 LICENSE diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ece16243..a85bff6d 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -59,7 +59,7 @@ jobs: # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # Add any setup steps before running the `github/codeql-action/init` action. # This includes steps like installing compilers or runtimes (`actions/setup-node` diff --git a/.github/workflows/gemini-cli.yml b/.github/workflows/gemini-cli.yml index b8811592..196aa206 100644 --- a/.github/workflows/gemini-cli.yml +++ b/.github/workflows/gemini-cli.yml @@ -73,7 +73,7 @@ jobs: id: 'generate_token' if: |- ${{ vars.APP_ID }} - uses: 'actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e' # ratchet:actions/create-github-app-token@v2 + uses: 'actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3' # ratchet:actions/create-github-app-token@v3 with: app-id: '${{ vars.APP_ID }}' private-key: '${{ secrets.APP_PRIVATE_KEY }}' diff --git a/.github/workflows/gemini-issue-automated-triage.yml b/.github/workflows/gemini-issue-automated-triage.yml index ab0333c4..7561415c 100644 --- a/.github/workflows/gemini-issue-automated-triage.yml +++ b/.github/workflows/gemini-issue-automated-triage.yml @@ -49,14 +49,14 @@ jobs: id: 'generate_token' if: |- ${{ vars.APP_ID }} - uses: 'actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e' # ratchet:actions/create-github-app-token@v2 + uses: 'actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3' # ratchet:actions/create-github-app-token@v3 with: app-id: '${{ vars.APP_ID }}' private-key: '${{ secrets.APP_PRIVATE_KEY }}' - name: 'Get Repository Labels' id: 'get_labels' - uses: 'actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea' + uses: 'actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3' # v9 with: github-token: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}' script: |- @@ -70,7 +70,7 @@ jobs: return labelNames; - name: 'Run Gemini Issue Analysis' - uses: 'google-github-actions/run-gemini-cli@v0.1.10' + uses: 'google-github-actions/run-gemini-cli@06123c6a203eb7a964ce3be7c48479cc66059f23' # v0.1.10 id: 'gemini_issue_analysis' env: GITHUB_TOKEN: '' # Do not pass any auth token here since this runs on untrusted inputs @@ -138,7 +138,7 @@ jobs: REPOSITORY: '${{ github.repository }}' ISSUE_NUMBER: '${{ github.event.issue.number }}' LABELS_OUTPUT: '${{ steps.gemini_issue_analysis.outputs.summary }}' - uses: 'actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea' + uses: 'actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3' # v9 with: github-token: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}' script: |- @@ -179,7 +179,7 @@ jobs: env: ISSUE_NUMBER: '${{ github.event.issue.number }}' RUN_URL: '${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}' - uses: 'actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea' + uses: 'actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3' # v9 with: github-token: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}' script: |- diff --git a/.github/workflows/gemini-issue-scheduled-triage.yml b/.github/workflows/gemini-issue-scheduled-triage.yml index 8fba316e..f6a9774d 100644 --- a/.github/workflows/gemini-issue-scheduled-triage.yml +++ b/.github/workflows/gemini-issue-scheduled-triage.yml @@ -31,7 +31,7 @@ jobs: id: 'generate_token' if: |- ${{ vars.APP_ID }} - uses: 'actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e' # ratchet:actions/create-github-app-token@v2 + uses: 'actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3' # ratchet:actions/create-github-app-token@v3 with: app-id: '${{ vars.APP_ID }}' private-key: '${{ secrets.APP_PRIVATE_KEY }}' @@ -64,7 +64,7 @@ jobs: - name: 'Get Repository Labels' id: 'get_labels' - uses: 'actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea' + uses: 'actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3' # v9 with: github-token: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}' script: |- @@ -80,7 +80,7 @@ jobs: - name: 'Run Gemini Issue Analysis' if: |- ${{ steps.find_issues.outputs.issues_to_triage != '[]' }} - uses: 'google-github-actions/run-gemini-cli@v0.1.10' + uses: 'google-github-actions/run-gemini-cli@06123c6a203eb7a964ce3be7c48479cc66059f23' # v0.1.10 id: 'gemini_issue_analysis' env: GITHUB_TOKEN: '' # Do not pass any auth token here since this runs on untrusted inputs @@ -152,7 +152,7 @@ jobs: env: REPOSITORY: '${{ github.repository }}' LABELS_OUTPUT: '${{ steps.gemini_issue_analysis.outputs.summary }}' - uses: 'actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea' + uses: 'actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3' # v9 with: github-token: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}' script: |- diff --git a/.github/workflows/gemini-pr-review.yml b/.github/workflows/gemini-pr-review.yml index d79b8d74..5dfab361 100644 --- a/.github/workflows/gemini-pr-review.yml +++ b/.github/workflows/gemini-pr-review.yml @@ -82,7 +82,7 @@ jobs: id: 'generate_token' if: |- ${{ vars.APP_ID }} - uses: 'actions/create-github-app-token@df432ceedc7162793a195dd1713ff69aefc7379e' # ratchet:actions/create-github-app-token@v2 + uses: 'actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3' # ratchet:actions/create-github-app-token@v3 with: app-id: '${{ vars.APP_ID }}' private-key: '${{ secrets.APP_PRIVATE_KEY }}' @@ -152,7 +152,7 @@ jobs: } >> "${GITHUB_OUTPUT}" - name: 'Run Gemini PR Review' - uses: 'google-github-actions/run-gemini-cli@v0.1.10' + uses: 'google-github-actions/run-gemini-cli@06123c6a203eb7a964ce3be7c48479cc66059f23' # v0.1.10 id: 'gemini_pr_review' env: GITHUB_TOKEN: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}' @@ -456,7 +456,7 @@ jobs: - name: 'Post PR review failure comment' if: |- ${{ failure() && steps.gemini_pr_review.outcome == 'failure' }} - uses: 'actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea' + uses: 'actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3' # v9 with: github-token: '${{ steps.generate_token.outputs.token || secrets.GITHUB_TOKEN }}' script: |- diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index 0a896f9c..af44f840 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -28,7 +28,7 @@ jobs: steps: # Récupérer le code source avec les nouvelles images - name: Checkout du dépôt - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # Optimiser automatiquement les images JPEG, PNG et WebP # Qualité 85% : bon compromis entre poids et fidélité visuelle diff --git a/.github/workflows/jekyll.yml b/.github/workflows/jekyll.yml index a375584c..86550058 100644 --- a/.github/workflows/jekyll.yml +++ b/.github/workflows/jekyll.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: gh-pages diff --git a/.github/workflows/lighthouse.yml b/.github/workflows/lighthouse.yml index 384468ff..d6e5b9c5 100644 --- a/.github/workflows/lighthouse.yml +++ b/.github/workflows/lighthouse.yml @@ -24,7 +24,7 @@ jobs: steps: # Récupérer le code source (nécessaire pour lire la config .lighthouserc.json) - name: Checkout du dépôt - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 # Lancer l'audit Lighthouse sur les pages principales du site # Les seuils sont définis dans .lighthouserc.json : @@ -58,7 +58,7 @@ jobs: # Créer une issue GitHub si les scores sont inférieurs aux seuils - name: Créer une issue si les scores sont insuffisants if: failure() && (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') - uses: actions/github-script@v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: script: | const requiredLabels = [ diff --git a/.github/workflows/maintenance.yml b/.github/workflows/maintenance.yml index a894c1ea..dc6146bb 100644 --- a/.github/workflows/maintenance.yml +++ b/.github/workflows/maintenance.yml @@ -28,7 +28,7 @@ jobs: steps: # Récupérer le contenu du site publié (branche gh-pages) pour scanner ses liens - name: Checkout du dépôt - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: gh-pages @@ -52,7 +52,7 @@ jobs: # S'assurer que les labels requis existent avant de créer l'issue - name: Créer les labels si absents if: steps.lychee.outputs.exit_code != 0 - uses: actions/github-script@v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: script: | const requiredLabels = [ @@ -114,7 +114,7 @@ jobs: steps: # Récupérer le contenu du site publié (branche gh-pages) pour l'archiver - name: Checkout complet du dépôt - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: gh-pages fetch-depth: 0 @@ -142,7 +142,7 @@ jobs: # Publier l'archive dans une GitHub Release taguée - name: Publier le backup dans GitHub Releases - uses: softprops/action-gh-release@3bb12739c298aeb8a4eeaf626c5b8d85266b0e65 # v2 + uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3.0.0 with: tag_name: backup-${{ steps.archive.outputs.date }} name: "💾 Backup hebdomadaire — ${{ steps.archive.outputs.date }}" @@ -179,7 +179,7 @@ jobs: # Marquer les issues sans activité depuis 60 jours comme "stale" # et les fermer automatiquement après 7 jours supplémentaires - name: Gérer les issues et PR inactives - uses: actions/stale@v9 + uses: actions/stale@v10 with: # ── Issues ────────────────────────────────────────── days-before-issue-stale: 60 diff --git a/.github/workflows/music-social.yml b/.github/workflows/music-social.yml index 37a3574b..fa48f1a7 100644 --- a/.github/workflows/music-social.yml +++ b/.github/workflows/music-social.yml @@ -22,7 +22,7 @@ jobs: steps: # Récupérer le code source avec l'historique complet pour comparer tout le push - name: Checkout du dépôt - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: fetch-depth: 0 @@ -66,7 +66,7 @@ jobs: # Créer une issue GitHub récapitulative de la mise à jour musicale - name: Créer une issue "New Music Update" - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 env: LINES_ADDED: ${{ steps.diff.outputs.lines_added }} LINES_REMOVED: ${{ steps.diff.outputs.lines_removed }} diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml index 8d0c998b..722bf87f 100644 --- a/.github/workflows/security.yml +++ b/.github/workflows/security.yml @@ -2,7 +2,7 @@ name: 🔒 Sécurité - CodeQL & Gitleaks on: push: - branches: [main] + branches: [main, gh-pages] pull_request: branches: [main, gh-pages] schedule: @@ -30,14 +30,13 @@ jobs: # Analyse JavaScript / TypeScript (code front-end) - language: javascript-typescript build-mode: none - # Analyse des workflows GitHub Actions - - language: actions - build-mode: none steps: # Récupérer le code source du dépôt - name: Checkout du dépôt - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + fetch-depth: 0 # Initialiser les outils CodeQL avec les requêtes de sécurité étendues - name: Initialisation de CodeQL @@ -68,7 +67,7 @@ jobs: steps: # Récupérer l'historique GIT complet pour analyser tous les commits - name: Checkout complet du dépôt - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: 0 diff --git a/.github/workflows/social-media-post.yml b/.github/workflows/social-media-post.yml index 9a3baf93..36516129 100644 --- a/.github/workflows/social-media-post.yml +++ b/.github/workflows/social-media-post.yml @@ -10,7 +10,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Placeholder social post run: | diff --git a/.github/workflows/uptime.yml b/.github/workflows/uptime.yml index b7d556f1..169ae263 100644 --- a/.github/workflows/uptime.yml +++ b/.github/workflows/uptime.yml @@ -20,7 +20,7 @@ jobs: steps: # Récupérer explicitement la branche qui héberge les badges/statuts - name: Checkout du dépôt - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: gh-pages @@ -92,7 +92,7 @@ jobs: # Si le site est de nouveau en ligne, fermer les issues d'alerte ouvertes - name: Fermer l'alerte uptime si le site est revenu en ligne if: steps.check.outputs.is_up == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 with: script: | // Rechercher les issues d'alerte uptime ouvertes @@ -122,7 +122,7 @@ jobs: # Si le site est hors ligne, créer une issue d'alerte (une seule à la fois) - name: Créer une alerte si le site est hors ligne if: steps.check.outputs.is_up == 'false' - uses: actions/github-script@v7 + uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9 env: STATUS_CODE: ${{ steps.check.outputs.status_code }} with: diff --git a/.github/workflows/youtube-section-update.yml b/.github/workflows/youtube-section-update.yml index 59b91f4a..5ee9ef2b 100644 --- a/.github/workflows/youtube-section-update.yml +++ b/.github/workflows/youtube-section-update.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@v4 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: gh-pages diff --git a/.gitignore b/.gitignore index 04757f36..f8d3ad10 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,39 @@ -node_modules -# Local Netlify folder -.netlify -E +# Dependencies +node_modules/ + +# Netlify +.netlify/ + +# macOS +.DS_Store +.AppleDouble +.LSOverride + +# Logs +*.log +npm-debug.log* +yarn-debug.log* +yarn-error.log* + +# Build outputs +_site/ +dist/ +.jekyll-cache/ +.jekyll-metadata + +# Environment files +.env +.env.local +.env.*.local + +# Editor directories +.idea/ +.vscode/ +*.swp +*.swo +*~ + +# OS generated +Thumbs.db +ehthumbs.db +Desktop.ini diff --git a/LICENSE b/LICENSE new file mode 100644 index 00000000..2d62748c --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2024 DavidKRK + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE.