Skip to content

Commit 9ed55e7

Browse files
dansysanalystdansysanalyst
committed
wip
0 parents  commit 9ed55e7

52 files changed

Lines changed: 9732 additions & 0 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/check_media_types.yml

Lines changed: 165 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,165 @@
1+
name: Secure Media + Docs Validation
2+
3+
on:
4+
push:
5+
pull_request:
6+
7+
permissions:
8+
contents: read
9+
10+
concurrency:
11+
group: validation-${{ github.ref }}
12+
cancel-in-progress: true
13+
14+
jobs:
15+
validate:
16+
runs-on: ubuntu-latest
17+
18+
steps:
19+
- name: Checkout repository
20+
uses: actions/checkout@v5
21+
22+
- name: Install dependencies
23+
run: |
24+
set -euo pipefail
25+
26+
sudo apt-get update
27+
28+
sudo apt-get install -y \
29+
file \
30+
ffmpeg \
31+
imagemagick \
32+
jq \
33+
clamav \
34+
clamav-freshclam
35+
36+
- name: Update ClamAV signatures
37+
run: |
38+
set -euo pipefail
39+
40+
sudo systemctl stop clamav-freshclam || true
41+
42+
# Allow fallback if signature update fails (common on CI)
43+
sudo freshclam || true
44+
45+
echo "ClamAV databases:"
46+
ls -lah /var/lib/clamav || true
47+
48+
- name: Scan for malware
49+
run: |
50+
set -euo pipefail
51+
52+
SCAN_TARGETS=()
53+
[ -d media ] && SCAN_TARGETS+=(media)
54+
[ -d docs ] && SCAN_TARGETS+=(docs)
55+
56+
if [ ${#SCAN_TARGETS[@]} -eq 0 ]; then
57+
echo "Neither media/ nor docs/ exists"
58+
exit 1
59+
fi
60+
61+
if ls /var/lib/clamav/*.cvd >/dev/null 2>&1 || \
62+
ls /var/lib/clamav/*.cld >/dev/null 2>&1; then
63+
64+
clamscan -r "${SCAN_TARGETS[@]}" \
65+
--infected \
66+
--no-summary \
67+
--max-filesize=50M \
68+
--max-scansize=100M
69+
else
70+
echo "WARNING: No ClamAV signatures found. Skipping scan."
71+
fi
72+
73+
- name: Validate media files
74+
run: |
75+
set -euo pipefail
76+
77+
if [ ! -d media ]; then
78+
echo "media/ directory not found"
79+
exit 1
80+
fi
81+
82+
find media -type f -print0 | while IFS= read -r -d '' file; do
83+
echo "Checking media: $file"
84+
85+
mime=$(file --mime-type -b "$file")
86+
87+
case "$mime" in
88+
image/jpeg|image/png|image/gif|image/webp)
89+
identify "$file" >/dev/null
90+
;;
91+
92+
video/mp4|video/webm|video/quicktime)
93+
ffprobe -v error "$file" >/dev/null
94+
;;
95+
96+
audio/mpeg|audio/wav|audio/ogg)
97+
ffprobe -v error "$file" >/dev/null
98+
;;
99+
100+
*)
101+
echo "ERROR: Unsupported media type"
102+
echo "File: $file"
103+
echo "MIME: $mime"
104+
exit 1
105+
;;
106+
esac
107+
done
108+
109+
- name: Validate docs files
110+
run: |
111+
set -euo pipefail
112+
113+
if [ ! -d docs ]; then
114+
echo "docs/ directory not found"
115+
exit 1
116+
fi
117+
118+
find docs -type f -print0 | while IFS= read -r -d '' file; do
119+
echo "Checking docs: $file"
120+
121+
case "$file" in
122+
*.md)
123+
# 1. Must be valid text file (reject binaries properly)
124+
if ! grep -Iq . "$file"; then
125+
echo "ERROR: Non-text or binary markdown detected"
126+
echo "File: $file"
127+
exit 1
128+
fi
129+
130+
# 2. Enforce UTF-8 encoding (prevents UTF-16 issues)
131+
encoding=$(file --mime-encoding -b "$file" || true)
132+
133+
case "$encoding" in
134+
utf-8|us-ascii) ;;
135+
*)
136+
echo "ERROR: Invalid encoding in markdown: $encoding"
137+
echo "File: $file"
138+
exit 1
139+
;;
140+
esac
141+
;;
142+
143+
*.json)
144+
jq -e . "$file" >/dev/null
145+
;;
146+
147+
*)
148+
echo "ERROR: Unsupported file in docs/"
149+
echo "File: $file"
150+
exit 1
151+
;;
152+
esac
153+
done
154+
155+
- name: Reject executable files
156+
run: |
157+
set -euo pipefail
158+
159+
mapfile -d '' exec_files < <(find media docs -type f -executable -print0 2>/dev/null || true)
160+
161+
if [ ${#exec_files[@]} -gt 0 ]; then
162+
echo "ERROR: Executable files found"
163+
printf '%s\n' "${exec_files[@]}"
164+
exit 1
165+
fi

.github/workflows/json_check.yml

Lines changed: 43 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,43 @@
1+
name: JSON Validation
2+
3+
on:
4+
push:
5+
pull_request:
6+
7+
permissions:
8+
contents: read
9+
10+
concurrency:
11+
group: json-validation-${{ github.ref }}
12+
cancel-in-progress: true
13+
14+
jobs:
15+
validate-json:
16+
runs-on: ubuntu-latest
17+
18+
steps:
19+
- name: Checkout repository
20+
uses: actions/checkout@v4
21+
with:
22+
persist-credentials: false
23+
24+
- name: Setup Node.js
25+
uses: actions/setup-node@v4
26+
with:
27+
node-version: 20
28+
29+
- name: 🧐 Validate JSON files in docs/
30+
shell: bash
31+
run: |
32+
set -euo pipefail
33+
34+
echo "🔎 Checking docs/*.json files..."
35+
36+
shopt -s nullglob
37+
38+
for file in docs/*.json; do
39+
echo "Validating $file"
40+
node -e "JSON.parse(require('fs').readFileSync('$file','utf8'))"
41+
done
42+
43+
echo "✅ All JSON files are valid."

.github/workflows/lint_markdown.yml

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
name: Lint Markdown
2+
3+
on:
4+
push:
5+
paths:
6+
- "docs/**/*.md"
7+
pull_request:
8+
paths:
9+
- "docs/**/*.md"
10+
11+
permissions:
12+
contents: read
13+
14+
concurrency:
15+
group: markdown-lint-${{ github.ref }}
16+
cancel-in-progress: true
17+
18+
jobs:
19+
markdown-linter:
20+
name: Run Markdown Linter
21+
runs-on: ubuntu-latest
22+
23+
steps:
24+
- name: Checkout repository
25+
uses: actions/checkout@v4
26+
with:
27+
persist-credentials: false
28+
29+
- name: Setup Node.js
30+
uses: actions/setup-node@v4
31+
with:
32+
node-version: 20
33+
cache: npm
34+
35+
- name: Install dependencies
36+
run: npm ci
37+
38+
- name: 🏗️ Markdown Lint Check
39+
run: npm run markdown:lint-check
40+
41+
- name: 💅 Markdown Format Check
42+
run: npm run markdown:format-check

.github/workflows/lychee.yml

Lines changed: 99 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,99 @@
1+
name: Link Check
2+
3+
on:
4+
push:
5+
pull_request:
6+
7+
permissions:
8+
contents: read
9+
10+
jobs:
11+
links:
12+
runs-on: ubuntu-latest
13+
14+
steps:
15+
- name: Checkout
16+
uses: actions/checkout@v6
17+
18+
- name: Normalize docs
19+
run: |
20+
set -euo pipefail
21+
22+
INPUT_DIR="docs"
23+
OUTPUT_DIR=".docs-clean"
24+
MEDIA_DIR="media"
25+
MEDIA_OUT="${OUTPUT_DIR}/media"
26+
27+
# --- reset output dir -------------------------------------------
28+
rm -rf "${OUTPUT_DIR}"
29+
mkdir -p "${OUTPUT_DIR}"
30+
31+
# --- walk docs/, transform .md files into .docs-clean -----------
32+
if [ -d "${INPUT_DIR}" ]; then
33+
find "${INPUT_DIR}" -type f -name "*.md" -print0 | while IFS= read -r -d '' file; do
34+
rel="${file#${INPUT_DIR}/}"
35+
out="${OUTPUT_DIR}/${rel}"
36+
mkdir -p "$(dirname "${out}")"
37+
38+
perl -CSD -pe '
39+
BEGIN {
40+
sub rewrite_link {
41+
my ($link) = @_;
42+
return $link unless defined $link && length $link;
43+
44+
# leave external / mailto links untouched
45+
return $link if $link =~ m{^https?://} || $link =~ m{^mailto:};
46+
47+
# sponsor links -> harmless placeholder
48+
#return "#" if $link =~ m{^/sponsors/};
49+
50+
my $out = $link;
51+
52+
# 1. root-relative path -> relative path
53+
$out =~ s{^/+(.*)$}{../$1};
54+
55+
# 2. strip anchors
56+
$out =~ s{^(?!https?://)([^#]*)#.*$}{$1};
57+
58+
# 3. .html -> no extension
59+
$out =~ s{^(?!https?://)(.+)\.html$}{$1};
60+
61+
# 4. default to .md if no known extension
62+
$out =~ s{^(?!https?://)(.+)(?<!\.(?:md|png|jpg|jpeg|gif|svg|webp|pdf|mp4))$}{$1.md};
63+
64+
# 5. collapse stray leading double slashes
65+
$out =~ s{^//+}{/};
66+
67+
# 6. legacy media dir -> media/
68+
$out =~ s{_media/}{media/}g;
69+
70+
return $out;
71+
}
72+
}
73+
74+
s{\]\(([^)]+)\)}{"](" . rewrite_link($1) . ")"}ge;
75+
s{src=(["\x27])([^"\x27]+)\1}{"src=" . $1 . rewrite_link($2) . $1}ge;
76+
s{href=(["\x27])([^"\x27]+)\1}{"href=" . $1 . rewrite_link($2) . $1}ge;
77+
' "${file}" > "${out}"
78+
done
79+
fi
80+
81+
# --- copy root media/ -> .docs-clean/media -----------------------
82+
if [ -d "${MEDIA_DIR}" ]; then
83+
mkdir -p "${MEDIA_OUT}"
84+
cp -a "${MEDIA_DIR}/." "${MEDIA_OUT}/"
85+
fi
86+
87+
echo "OK: docs + root media -> .docs-clean"
88+
89+
- name: Run lychee
90+
id: lychee
91+
uses: lycheeverse/lychee-action@v2
92+
with:
93+
args: >
94+
.docs-clean
95+
--exclude '^https?://(www\.)?(twitter\.com|x\.com|instagram\.com|linkedin\.com)'
96+
--exclude '/sponsors/'
97+
format: markdown
98+
output: lychee-report.md
99+
fail: true

.gitignore

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
node_modules
2+
.temp
3+
.cache
4+
node_modules
5+
.temp
6+
.cache
7+
.env
8+
docs/.vitepress/dist
9+
docs/.vitepress/cache
10+
.idea
11+
.DS_Store

.markdownlint-cli2.jsonc

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
{
2+
"config": {
3+
// Disable ordered list enforcement because docs use intentional numbering
4+
// and markdownlint-cli2 may renumber steps incorrectly (e.g., 4 → 1)
5+
"MD029": false,
6+
// Disable line length rule
7+
"MD013": false,
8+
// Allow inline HTML
9+
"MD033": false,
10+
// Disable emphasis-as-heading
11+
"MD036": false,
12+
// No multiple H1 enforcement
13+
"MD025": false
14+
},
15+
"globs": [
16+
"docs/**/*.md"
17+
],
18+
"ignores": [],
19+
"customRules": [
20+
// Ensures there is only one H1 (# heading)
21+
// in the markdown BODY (ignores YAML front matter).
22+
".markdownlint/rules/no-multiple-h1.js"
23+
]
24+
}

0 commit comments

Comments
 (0)