Merge branch 'main' into linux_neptune

.github/SECURITY.md

@@ -2,13 +2,20 @@
 
 ## Supported Versions
 
-It is recommended that you run the stable version as this is more tested and used by most. The dev branch is bleed-edge commits that are not well tested and aren't meant to be used in production environments
+It is recommended that you use the stable branch as it's tested and used by most. The dev branch may contain bleeding-edge commits that are not well tested and are not meant to be used in production environments.<br>
+Version tags lower than the [latest stable release](https://github.com/ChrisTitusTech/linutil/releases/latest) are **not** supported.
 
-| Version | Supported          |
-| ------- | ------------------ |
-| latest  | :white_check_mark: |
-| dev     | :x:                |
+| Branch  | Supported              |
+| ------- | ---------------------- |
+| Stable  | :white_check_mark: YES |
+| Dev     | :x:                 NO |
+
+| Version                                            | Supported              |
+| -------------------------------------------------- | ---------------------- |
+| [![LATEST](https://img.shields.io/github/v/release/ChrisTitusTech/linutil?color=%230567ff&label=Latest&style=for-the-badge)](https://github.com/ChrisTitusTech/linutil/releases/latest) | :white_check_mark: YES |
+| Below LATEST                                       | :x:                 NO |
+| Above LATEST                                       | :x:                 NO |
 
 ## Reporting a Vulnerability
 
-I'd recommend making an Issue for reporting a bug. If you would like privately submit the bug you can email me at [email protected]
+If you have any reason to believe there are security vulnerabilities in Linutil, fill out the [report form](https://github.com/christitustech/linutil/security/advisories/new) or e-mail [[email protected]](mailto:[email protected]).

.github/release.yml

@@ -2,19 +2,34 @@ changelog:
   categories:
     - title: '🚀 Features'
       labels:
-        - 'feature'
         - 'enhancement'
     - title: '🐛 Bug Fixes'
       labels:
-        - 'fix'
-        - 'bugfix'
         - 'bug'
+    - title: '⚙️ Refactoring'
+      labels:
+        - 'refactor'
+    - title: '🧩 UI/UX'
+      labels:
+        - 'UI/UX'
     - title: '📚 Documentation'
-      label: 'documentation'
+      labels:
+        - 'documentation'
     - title: '🔒 Security'
-      label: 'security'
+      labels:
+        - 'security'
     - title: '🧰 GitHub Actions'
-      label: 'github actions'
+      labels:
+        - 'github_actions'
+    - title: '🦀 Rust'
+      labels:
+        - 'rust'
+    - title: '📃 Scripting'
+      labels:
+        - 'script'
+    - title: 'Other Changes'
+      labels:
+        - "*"
   exclude:
     labels:
-      - 'skip-changelog'
+      - 'skip-changelog'

.github/workflows/bashisms.yml

@@ -3,7 +3,7 @@ name: Check for bashisms
 on:
   pull_request:
     paths:
-      - core/tabs/**
+      - 'core/tabs/**/*.sh'
   merge_group:
   workflow_dispatch:
 
@@ -15,31 +15,33 @@ jobs:
       - uses: actions/checkout@v4
       - run: git fetch origin ${{ github.base_ref }}
 
-      - name: Get a list of changed script files
-        id: get_sh_files
+      - name: Install devscripts
+        run: sudo apt-get update && sudo apt-get install -y devscripts
+
+      - name: Get changed .sh files (PR only)
+        id: changed-sh-files
+        if: github.event_name == 'pull_request'
+        uses: tj-actions/changed-files@v45
+        with:
+          files: '**/*.sh'
+
+      - name: Get all .sh files (if workflow dispatched)
+        id: sh-files
+        if: github.event_name != 'pull_request'
         run: |
-          sh_files=$(git diff --name-only origin/${{ github.base_ref }} HEAD core/tabs | grep '\.sh$' || true)
-          if [ -n "$sh_files" ]; then
-            echo "$sh_files" > changed_files
-            echo "changed=1" >> $GITHUB_OUTPUT
+          files=$(find . -type f -name "*.sh" | tr '\n' ' ')
+          echo "files=${files:-none}" >> $GITHUB_ENV
+
+      - name: Set FILES for bashism check
+        id: set-files
+        run: |
+          if [[ "${{ steps.changed-sh-files.outputs.any_changed }}" == 'true' ]]; then
+            echo "FILES=${{ steps.changed-sh-files.outputs.all_changed_files }}" >> $GITHUB_ENV
           else
-            echo "changed=0" >> $GITHUB_OUTPUT
+            echo "FILES=${{ env.files }}" >> $GITHUB_ENV
           fi
-      
-      - name: Install devscripts
-        if: steps.get_sh_files.outputs.changed == 1
-        run: sudo apt-get update && sudo apt-get install devscripts
 
       - name: Check for bashisms
-        if: steps.get_sh_files.outputs.changed == 1
         run: |
-          echo "Running for:\n$(cat changed_files)\n"
-          for file in $(cat changed_files); do
-            if [[ -f "$file" ]]; then
-              checkbashisms "$file"
-            fi
-          done
-
-      - name: Remove the created file
-        if: steps.get_sh_files.outputs.changed == 1
-        run: rm changed_files
+          IFS=' ' read -r -a file_array <<< "$FILES"
+          checkbashisms "${file_array[@]}"

.github/workflows/github-pages.yml

@@ -13,6 +13,10 @@ on:
 jobs:
   build-and-deploy:
     runs-on: ubuntu-latest
+    environment: linutil_env
+    permissions:
+      contents: write
+      pull-requests: write
 
     steps:
       - name: Checkout Repository
@@ -24,11 +28,17 @@ jobs:
         run: |
           echo -e "<!-- THIS FILE IS GENERATED AUTOMATICALLY. EDIT .github/CONTRIBUTING.md -->\n\n$(cat .github/CONTRIBUTING.md)" > 'docs/contributing.md'
 
-      - uses: stefanzweifel/git-auto-commit-action@v5
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v6
         with:
-          commit_message: Commit Contributing Guidelines
-          file_pattern: "docs/contributing.md"
-          add_options: '--force'
+          commit-message: Update Contributing Guidelines
+          title: 'docs: Update Contributing Guidelines'
+          body: 'Automated update of Contributing Guidelines from .github/CONTRIBUTING.md'
+          branch: update-contributing-guidelines
+          delete-branch: true
+          base: main
+          labels: documentation
+          token: ${{ secrets.PAT_TOKEN }}
         if: success()
 
       - name: Setup Python

.github/workflows/linutil.yml

@@ -46,19 +46,9 @@ jobs:
         run: cargo build --target-dir=build --release --verbose --target=x86_64-unknown-linux-musl --all-features
 
       - name: Build aarch64 binary
-        run: cross build --target-dir=build --release --verbose --target=aarch64-unknown-linux-musl --all-features
-
-      - name: Move binaries to build directory
         run: |
-          mv build/x86_64-unknown-linux-musl/release/linutil build/linutil
-          mv build/aarch64-unknown-linux-musl/release/linutil build/linutil-aarch64
-
-      - uses: stefanzweifel/git-auto-commit-action@v5
-        with:
-          commit_message: Commit Linutil
-          file_pattern: "build/linutil build/linutil-aarch64"
-          add_options: '--force'
-        if: success()
+          cross build --target-dir=build --release --verbose --target=aarch64-unknown-linux-musl --all-features
+          mv ./build/aarch64-unknown-linux-musl/release/linutil ./build/aarch64-unknown-linux-musl/release/linutil-aarch64
 
       - name: Extract Version
         id: extract_version
@@ -80,32 +70,11 @@ jobs:
           append_body: true
           generate_release_notes: true
           files: |
-            ./build/linutil
-            ./build/linutil-aarch64
+            ./build/x86_64-unknown-linux-musl/release/linutil
+            ./build/aarch64-unknown-linux-musl/release/linutil-aarch64
             ./start.sh
             ./startdev.sh
           prerelease: true
         env:
           version: ${{ env.version }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Setup Preview
-        run: |
-          echo "$(pwd)/build" >> $GITHUB_PATH
-      
-      - name: Generate preview 
-        uses: charmbracelet/[email protected]
-        with:
-          path: "docs/assets/preview.tape"
-
-      - name: Move preview
-        run: |
-          mv preview.gif docs/assets/preview.gif
-
-      - name: Upload preview
-        uses: stefanzweifel/git-auto-commit-action@v5
-        with:
-          commit_message: Preview for ${{ env.version }}
-          file_pattern: "docs/assets/preview.gif"
-          add_options: "--force"
-        if: success()

.github/workflows/preview.yml

@@ -0,0 +1,78 @@
+name: LinUtil Preview
+
+on:
+  workflow_dispatch:
+    inputs:
+        tag_name:
+          description: 'Tag name'
+          required: true
+  workflow_run:
+    workflows: ["LinUtil Release"]
+    types:
+      - completed
+
+jobs:
+  generate_preview:
+    runs-on: ubuntu-latest
+    environment: linutil_env
+    permissions:
+      contents: write
+      pull-requests: write
+
+    steps:
+      - name: Checkout source
+        uses: actions/checkout@v4
+
+      - name: Get tag name ( Workflow Run )
+        id: latest_tag
+        uses: actions/github-script@v7
+        if: github.event_name == 'workflow_run'
+        with:
+          script: |
+            const releases = await github.rest.repos.listReleases({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              per_page: 1
+            });
+            core.setOutput('result', releases.data[0].tag_name);
+          result-encoding: string
+
+      - name: Set tag name ( Workflow Run )
+        if: github.event_name == 'workflow_run'
+        run: echo "tag_name=${{ steps.latest_tag.outputs.result }}" >> $GITHUB_ENV
+
+      - name: Set tag name ( Workflow Dispatch )
+        if: ${{ github.event_name }} == 'workflow_dispatch'
+        run: echo "tag_name=${{ github.event.inputs.tag_name }}" >> $GITHUB_ENV
+
+      - name: Download binary
+        run: |
+          curl -LO "https://github.com/${{ github.repository }}/releases/download/${{ env.tag_name }}/linutil"
+
+      - name: Set env
+        run: |
+          chmod +x linutil
+          mkdir -p build
+          mv linutil build/linutil
+          echo "${{ github.workspace }}/build" >> $GITHUB_PATH
+
+      - name: Generate preview
+        uses: charmbracelet/[email protected]
+        with:
+          path: "docs/assets/preview.tape"
+
+      - name: Move preview
+        run: mv preview.gif docs/assets/preview.gif
+
+      - name: Create PR
+        uses: peter-evans/[email protected]
+        with:
+          commit-message: Preview for ${{ env.tag_name }}
+          file-pattern: "docs/assets/preview.gif"
+          add-options: "--force"
+          token: ${{ secrets.PAT_TOKEN }}
+          branch: feature/preview-${{ env.tag_name }}
+          title: "Update preview for ${{ env.tag_name }}"
+          body: |
+            Automated PR to update preview gif for version ${{ env.tag_name }}
+        if: success()

.github/workflows/rust.yml

@@ -5,7 +5,7 @@ on:
     branches: ["main"]
     paths:
       - '**/*.rs'
-      - 'Cargo.toml'
+      - '**/Cargo.toml'
       - 'Cargo.lock'
 
 env:

.github/workflows/shellcheck.yml

@@ -1,55 +1,35 @@
-name: ShellCheck
+name: Script Checks
 
 on:
   pull_request:
     paths:
-      - 'core/tabs/**/*.sh'
+      - '**/*.sh'
   workflow_dispatch:
 
 jobs:
   shellcheck:
     name: Shellcheck
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - run: git fetch origin ${{ github.base_ref }}
+      - name: Checkout sources
+        uses: actions/checkout@v4
 
-      - name: Download, setup, and run ShellCheck
-        shell: bash {0}
-        run : |
-          SC_URL="https://github.com/koalaman/shellcheck/releases/download/v0.10.0/shellcheck-v0.10.0.linux.x86_64.tar.xz"
-          curl -fsSL "$SC_URL" | tar -Jx
-          chmod +x "./shellcheck-v0.10.0/shellcheck"
+      - name: Run ShellCheck
+        uses: reviewdog/action-shellcheck@v1
+        with:
+          shellcheck_flags: '--source-path=${{ github.workspace }}/.shellcheckrc'
+          reviewdog_flags: '-fail-level=any'
 
-          error=0
-          files_to_check=$(git diff --name-only origin/${{ github.base_ref }} HEAD core/tabs)
-
-          for file in $files_to_check; do
-              if [[ "$file" == *.sh ]] && [[ -f "$file" ]]; then
-                  sc_output=$(./shellcheck-v0.10.0/shellcheck -fgcc -Serror "$file")
-                  iter_safe_parsed_errors=$(echo -e "$sc_output" | sed -n 's/\(.\+\)\:\([0-9]\+\)\:\([0-9]\+\)\: \(.*\)/::error file=\1,line=\2,col=\3::\4/p' | sed 's/ /:space:/g')
-
-                  for error in $iter_safe_parsed_errors; do
-                      echo "$error" | sed 's/:space:/ /g'
-                      error=1
-                  done
-
-                  tabs_detected=$(grep -nP '^\t+\S+' "$file")
-
-                  # fast fail on the action runner would fail immediately if there weren't any tabs found
-                  # this check makes sure that we don't continue if there's something really weird going on
-                  if [ "$?" = "2" ]; then
-                      echo "::error file=$file::There was a critical error while grepping $file, aborting"
-                      exit 1
-                  fi
-
-                  iter_safe_parsed_tabs_detected=$(echo "$tabs_detected" | sed -n 's,\([0-9]\+\).*,::error file='"$file"'\,line=\1::Found tab indentations,p' | sed 's/ /:space:/g')
-
-                  for error in $iter_safe_parsed_tabs_detected; do
-                      echo "$error" | sed 's/:space:/ /g'
-                      error=1
-                  done
-              fi
-          done
-
-          exit $error
+  shfmt:
+    name: Shell Fomatting
+    runs-on: ubuntu-latest
+    needs: shellcheck
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+
+      - name: Run shfmt
+        uses: reviewdog/action-shfmt@v1
+        with:
+          shfmt_flags: '-i 4 -ci'
+          reviewdog_flags: '-fail-level=any'

.github/workflows/typos.yml

@@ -12,4 +12,4 @@ jobs:
       - run: git fetch origin ${{ github.base_ref }}
 
       - name: Run spellcheck
-        uses: crate-ci/typos@v1.25.0
+        uses: crate-ci/typos@v1.26.0