From d772048fb4d0a6021892604c510eb6aa44678309 Mon Sep 17 00:00:00 2001 From: hsiegeln Date: Fri, 24 Apr 2026 18:10:49 +0200 Subject: [PATCH 1/5] .gitea/workflows/ci.yml aktualisiert --- .gitea/workflows/ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index 6f8cd09..df4c0e8 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -20,7 +20,7 @@ on: jobs: build-test: - runs-on: ubuntu-latest + runs-on: ubuntu-latestf timeout-minutes: 20 env: PUBLIC_AUTH_SIGNIN_URL: ${{ secrets.PUBLIC_AUTH_SIGNIN_URL }} @@ -79,10 +79,10 @@ jobs: - name: Build site run: npm run build - - name: Guard — no TODO markers may ship in built HTML + - name: Guard — no TBD markers may ship in built HTML run: | - if grep -rlE '(TODO|TBD):' dist 2>/dev/null | grep -E '\.(html|svg)$'; then - echo "Built output contains unfilled (or legacy ) markers." + if grep -rlE '(TBD):' dist 2>/dev/null | grep -E '\.(html|svg)$'; then + echo "Built output contains unfilled ) markers." echo "Fill in imprint.astro and privacy.astro operator fields before merging to main." exit 1 fi From b9b17df0ea1bc961a613ec4de149a6dc565a82f4 Mon Sep 17 00:00:00 2001 From: hsiegeln Date: Fri, 24 Apr 2026 18:25:52 +0200 Subject: [PATCH 2/5] .gitea/workflows/ci.yml aktualisiert --- .gitea/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index df4c0e8..f4eafd6 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -20,7 +20,7 @@ on: jobs: build-test: - runs-on: ubuntu-latestf + runs-on: ubuntu-latest timeout-minutes: 20 env: PUBLIC_AUTH_SIGNIN_URL: ${{ secrets.PUBLIC_AUTH_SIGNIN_URL }} From 95977c8d6c25cf2356dbd270ff2f290c75b0dbfd Mon Sep 17 00:00:00 2001 From: hsiegeln <37154749+hsiegeln@users.noreply.github.com> Date: Fri, 24 Apr 2026 18:50:28 +0200 Subject: [PATCH 3/5] ci: probe Chromium binary, fall back to Playwright-bundled The Ubuntu runner image ships /usr/bin/chromium-browser as a snap forwarder stub that exits with "install via snap" when invoked but is found on PATH. The previous detection used `command -v` only, so it accepted the stub, set CHROME_PATH to it, and Lighthouse later failed to launch Chrome (ECONNREFUSED on the debug port). Probe each candidate with `--version` to confirm it actually runs. When no working system binary exists, install Playwright's bundled Chromium (supports linux/arm64) with --with-deps for system libs. Co-Authored-By: Claude Opus 4.7 (1M context) --- .gitea/workflows/ci.yml | 49 +++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 21 deletions(-) diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml index f4eafd6..4fde033 100644 --- a/.gitea/workflows/ci.yml +++ b/.gitea/workflows/ci.yml @@ -36,39 +36,46 @@ jobs: cache: 'npm' # Lighthouse CI needs a Chrome/Chromium binary at runtime. Google Chrome - # has no Linux/arm64 build, so install distro Chromium and export its - # path. Handles both `chromium` (Debian) and `chromium-browser` (older - # Ubuntu) package names, and works whether sudo is present or absent - # (e.g. runner running as root). + # has no Linux/arm64 build, so we use distro Chromium when available and + # fall back to Playwright's bundled Chromium (which supports linux/arm64) + # when not. The Ubuntu runner ships /usr/bin/chromium-browser as a snap + # forwarder stub that is on PATH but only prints "install via snap" when + # invoked — so we MUST probe each candidate by actually running it, + # not just `command -v`. - name: Install Chromium for Lighthouse CI shell: bash run: | - set -e - if command -v sudo >/dev/null 2>&1; then SUDO=sudo; else SUDO=; fi + set -euo pipefail - resolve_chromium() { - command -v chromium 2>/dev/null \ - || command -v chromium-browser 2>/dev/null \ - || true + probe() { + local bin="${1:-}" + [ -n "$bin" ] && [ -x "$bin" ] && "$bin" --version >/dev/null 2>&1 } - CHROME_BIN="$(resolve_chromium)" - if [ -z "$CHROME_BIN" ]; then - $SUDO apt-get update -qq - $SUDO apt-get install -y --no-install-recommends \ - chromium chromium-driver \ - || $SUDO apt-get install -y --no-install-recommends \ - chromium-browser chromium-chromedriver - CHROME_BIN="$(resolve_chromium)" - fi + CHROME_BIN="" + for cand in \ + "$(command -v chromium 2>/dev/null || true)" \ + "$(command -v chromium-browser 2>/dev/null || true)" \ + "$(command -v google-chrome 2>/dev/null || true)"; do + if probe "$cand"; then CHROME_BIN="$cand"; break; fi + done if [ -z "$CHROME_BIN" ]; then - echo "Failed to install a Chromium binary — Lighthouse CI cannot run." + echo "No working system Chromium — installing Playwright-bundled Chromium." + # --with-deps apt-installs the system libraries Chromium needs + # (libnss3, libatk1.0-0, etc.). Playwright handles sudo internally. + npx -y playwright@latest install --with-deps chromium + CHROME_BIN="$(find "$HOME/.cache/ms-playwright" \ + -type f -name chrome -executable 2>/dev/null | head -n1)" + fi + + if ! probe "$CHROME_BIN"; then + echo "Failed to install a working Chromium binary." >&2 exit 1 fi echo "CHROME_PATH=$CHROME_BIN" >> "$GITHUB_ENV" - "$CHROME_BIN" --version || true + "$CHROME_BIN" --version - name: Install dependencies run: npm ci From 2fde385ecfe72ccb589097864d393fc0b2f73857 Mon Sep 17 00:00:00 2001 From: hsiegeln <37154749+hsiegeln@users.noreply.github.com> Date: Fri, 24 Apr 2026 18:57:40 +0200 Subject: [PATCH 4/5] theme: lift text-faint to meet WCAG AA contrast MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit text-faint #6b7280 on bg #060a13 measures ~4.06:1 contrast — under the 4.5:1 normal-text threshold — which fails Lighthouse's color-contrast audit and drops the accessibility score to 0.90 on /pricing and /privacy (the only pages currently using this token). #828b9b yields ~5.66:1, clears AA with margin, and stays visually distinct from text-muted (#9aa3b2, ~7.8:1) so the design hierarchy between text / text-muted / text-faint is preserved. Co-Authored-By: Claude Opus 4.7 (1M context) --- tailwind.config.mjs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tailwind.config.mjs b/tailwind.config.mjs index 1e68015..540fa71 100644 --- a/tailwind.config.mjs +++ b/tailwind.config.mjs @@ -25,7 +25,7 @@ export default { text: { DEFAULT: '#e8eaed', muted: '#9aa3b2', - faint: '#6b7280', + faint: '#828b9b', }, }, fontFamily: { From bbd68eca1f93f158f22933207dfb5dec826d1e7d Mon Sep 17 00:00:00 2001 From: hsiegeln <37154749+hsiegeln@users.noreply.github.com> Date: Fri, 24 Apr 2026 19:12:34 +0200 Subject: [PATCH 5/5] ci(deploy): pin upload/download-artifact to v3 for Gitea Actions actions/upload-artifact@v4 and download-artifact@v4 use the @actions/artifact v2+ client, which targets a github.com-only backend and fails on Gitea / Forgejo / GHES with: GHESNotSupportedError: @actions/artifact v2.0.0+, upload-artifact@v4+ and download-artifact@v4+ are not currently supported on GHES. Pin both to v3, which uses the older artifact protocol that Gitea Actions implements. Co-Authored-By: Claude Opus 4.7 (1M context) --- .gitea/workflows/deploy.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.gitea/workflows/deploy.yml b/.gitea/workflows/deploy.yml index 8823710..074ae21 100644 --- a/.gitea/workflows/deploy.yml +++ b/.gitea/workflows/deploy.yml @@ -61,8 +61,11 @@ jobs: exit 1 fi + # Pin to v3 — Gitea Actions implements the v3 artifact protocol. + # upload/download-artifact@v4 talk to a github.com-only backend and + # fail with GHESNotSupportedError on Gitea / Forgejo / GHES. - name: Upload dist artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@v3 with: name: dist path: dist/ @@ -75,7 +78,7 @@ jobs: steps: - name: Download dist artifact - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v3 with: name: dist path: dist/