Merge branch 'feat/initial-build' into main

Brings in the CI infrastructure fixes: - ci.yml: probe Chromium binary; fall back to Playwright (95977c8) - tailwind: lift text-faint to meet WCAG AA contrast (2fde385) - deploy.yml: pin artifact actions to v3 for Gitea (bbd68ec)
2026-04-24 19:12:55 +02:00
parent bb6b8e63d7 bbd68eca1f
commit c438d67469
3 changed files with 37 additions and 27 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -36,39 +36,46 @@ jobs:
          cache: 'npm'

      # Lighthouse CI needs a Chrome/Chromium binary at runtime. Google Chrome
-      # has no Linux/arm64 build, so install distro Chromium and export its
-      # path. Handles both `chromium` (Debian) and `chromium-browser` (older
-      # Ubuntu) package names, and works whether sudo is present or absent
-      # (e.g. runner running as root).
+      # has no Linux/arm64 build, so we use distro Chromium when available and
+      # fall back to Playwright's bundled Chromium (which supports linux/arm64)
+      # when not. The Ubuntu runner ships /usr/bin/chromium-browser as a snap
+      # forwarder stub that is on PATH but only prints "install via snap" when
+      # invoked — so we MUST probe each candidate by actually running it,
+      # not just `command -v`.
      - name: Install Chromium for Lighthouse CI
        shell: bash
        run: |
-          set -e
-          if command -v sudo >/dev/null 2>&1; then SUDO=sudo; else SUDO=; fi
+          set -euo pipefail

-          resolve_chromium() {
-            command -v chromium 2>/dev/null \
-              || command -v chromium-browser 2>/dev/null \
-              || true
+          probe() {
+            local bin="${1:-}"
+            [ -n "$bin" ] && [ -x "$bin" ] && "$bin" --version >/dev/null 2>&1
          }

-          CHROME_BIN="$(resolve_chromium)"
-          if [ -z "$CHROME_BIN" ]; then
-            $SUDO apt-get update -qq
-            $SUDO apt-get install -y --no-install-recommends \
-              chromium chromium-driver \
-              || $SUDO apt-get install -y --no-install-recommends \
-                   chromium-browser chromium-chromedriver
-            CHROME_BIN="$(resolve_chromium)"
-          fi
+          CHROME_BIN=""
+          for cand in \
+            "$(command -v chromium 2>/dev/null || true)" \
+            "$(command -v chromium-browser 2>/dev/null || true)" \
+            "$(command -v google-chrome 2>/dev/null || true)"; do
+            if probe "$cand"; then CHROME_BIN="$cand"; break; fi
+          done

          if [ -z "$CHROME_BIN" ]; then
-            echo "Failed to install a Chromium binary — Lighthouse CI cannot run."
+            echo "No working system Chromium — installing Playwright-bundled Chromium."
+            # --with-deps apt-installs the system libraries Chromium needs
+            # (libnss3, libatk1.0-0, etc.). Playwright handles sudo internally.
+            npx -y playwright@latest install --with-deps chromium
+            CHROME_BIN="$(find "$HOME/.cache/ms-playwright" \
+              -type f -name chrome -executable 2>/dev/null | head -n1)"
+          fi
+
+          if ! probe "$CHROME_BIN"; then
+            echo "Failed to install a working Chromium binary." >&2
            exit 1
          fi

          echo "CHROME_PATH=$CHROME_BIN" >> "$GITHUB_ENV"
-          "$CHROME_BIN" --version || true
+          "$CHROME_BIN" --version

      - name: Install dependencies
        run: npm ci
@@ -79,10 +86,10 @@ jobs:
      - name: Build site
        run: npm run build

-      - name: Guard — no TODO markers may ship in built HTML
+      - name: Guard — no TBD markers may ship in built HTML
        run: |
-          if grep -rlE '(TODO|TBD):' dist 2>/dev/null | grep -E '\.(html|svg)$'; then
-            echo "Built output contains unfilled <TODO:...> (or legacy <TBD:...>) markers."
+          if grep -rlE '(TBD):' dist 2>/dev/null | grep -E '\.(html|svg)$'; then
+            echo "Built output contains unfilled <TBD:...>) markers."
            echo "Fill in imprint.astro and privacy.astro operator fields before merging to main."
            exit 1
          fi
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -61,8 +61,11 @@ jobs:
            exit 1
          fi

+      # Pin to v3 — Gitea Actions implements the v3 artifact protocol.
+      # upload/download-artifact@v4 talk to a github.com-only backend and
+      # fail with GHESNotSupportedError on Gitea / Forgejo / GHES.
      - name: Upload dist artifact
-        uses: actions/upload-artifact@v4
+        uses: actions/upload-artifact@v3
        with:
          name: dist
          path: dist/
@@ -75,7 +78,7 @@ jobs:

    steps:
      - name: Download dist artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@v3
        with:
          name: dist
          path: dist/