Merge pull request 'feat/initial-build' (#3 ) from feat/initial-build into main

Reviewed-on: #3
replaced TBD with TODO
2026-04-24 18:09:37 +02:00 · 2026-04-24 18:06:32 +02:00 · 2026-04-24 18:04:16 +02:00
4 changed files with 21 additions and 17 deletions
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -23,9 +23,9 @@ jobs:
    runs-on: ubuntu-latest
    timeout-minutes: 20
    env:
-      PUBLIC_AUTH_SIGNIN_URL: ${{ vars.PUBLIC_AUTH_SIGNIN_URL }}
+      PUBLIC_AUTH_SIGNIN_URL: ${{ secrets.PUBLIC_AUTH_SIGNIN_URL }}
-      PUBLIC_AUTH_SIGNUP_URL: ${{ vars.PUBLIC_AUTH_SIGNUP_URL }}
+      PUBLIC_AUTH_SIGNUP_URL: ${{ secrets.PUBLIC_AUTH_SIGNUP_URL }}
-      PUBLIC_SALES_EMAIL: ${{ vars.PUBLIC_SALES_EMAIL }}
+      PUBLIC_SALES_EMAIL: ${{ secrets.PUBLIC_SALES_EMAIL }}
    steps:
      - uses: actions/checkout@v4
@@ -79,10 +79,10 @@ jobs:
      - name: Build site
        run: npm run build
-      - name: Guard — no TBD markers may ship in built HTML
+      - name: Guard — no TODO markers may ship in built HTML
        run: |
-          if grep -rl 'TBD:' dist 2>/dev/null | grep -E '\.(html|svg)$'; then
+          if grep -rlE '(TODO|TBD):' dist 2>/dev/null | grep -E '\.(html|svg)$'; then
-            echo "Built output contains unfilled <TBD:...> markers."
+            echo "Built output contains unfilled <TODO:...> (or legacy <TBD:...>) markers."
            echo "Fill in imprint.astro and privacy.astro operator fields before merging to main."
            exit 1
          fi
--- a/.gitea/workflows/deploy.yml
+++ b/.gitea/workflows/deploy.yml
@@ -32,9 +32,9 @@ jobs:
    runs-on: ubuntu-latest
    timeout-minutes: 15
    env:
-      PUBLIC_AUTH_SIGNIN_URL: ${{ vars.PUBLIC_AUTH_SIGNIN_URL }}
+      PUBLIC_AUTH_SIGNIN_URL: ${{ secrets.PUBLIC_AUTH_SIGNIN_URL }}
-      PUBLIC_AUTH_SIGNUP_URL: ${{ vars.PUBLIC_AUTH_SIGNUP_URL }}
+      PUBLIC_AUTH_SIGNUP_URL: ${{ secrets.PUBLIC_AUTH_SIGNUP_URL }}
-      PUBLIC_SALES_EMAIL: ${{ vars.PUBLIC_SALES_EMAIL }}
+      PUBLIC_SALES_EMAIL: ${{ secrets.PUBLIC_SALES_EMAIL }}
    steps:
      - uses: actions/checkout@v4
@@ -53,10 +53,10 @@ jobs:
      - name: Build site
        run: npm run build
-      - name: Guard — no TBD markers may ship in built HTML
+      - name: Guard — no TODO markers may ship in built HTML
        run: |
-          if grep -rl 'TBD:' dist 2>/dev/null | grep -E '\.(html|svg)$'; then
+          if grep -rlE '(TODO|TBD):' dist 2>/dev/null | grep -E '\.(html|svg)$'; then
-            echo "Built output contains unfilled <TBD:...> markers."
+            echo "Built output contains unfilled <TODO:...> (or legacy <TBD:...>) markers."
            echo "Fill in imprint.astro and privacy.astro operator fields before merging to main."
            exit 1
          fi
--- a/OPERATOR-CHECKLIST.md
+++ b/OPERATOR-CHECKLIST.md
@@ -70,11 +70,15 @@ Add these under Repository settings → Actions → Secrets (or variables):
 | `SFTP_PATH` | secret | Absolute path to document root (e.g., `/usr/home/cameleer/public_html/www.cameleer.io`) |
 | `SFTP_KEY` | secret | Contents of `~/.ssh/cameleer-website-deploy` (private key, PEM) |
 | `SFTP_KNOWN_HOSTS` | secret | Contents of `hetzner-known-hosts.txt` (captured via `ssh-keyscan`) |
-| `PUBLIC_AUTH_SIGNIN_URL` | variable | `https://auth.cameleer.io/sign-in` |
+| `PUBLIC_AUTH_SIGNIN_URL` | secret | `https://auth.cameleer.io/sign-in` |
-| `PUBLIC_AUTH_SIGNUP_URL` | variable | `https://auth.cameleer.io/sign-in?first_screen=register` |
+| `PUBLIC_AUTH_SIGNUP_URL` | secret | `https://auth.cameleer.io/sign-in?first_screen=register` |
-| `PUBLIC_SALES_EMAIL` | variable | `sales@cameleer.io` (or whatever sales alias you set up) |
+| `PUBLIC_SALES_EMAIL` | secret | `sales@cameleer.io` (or whatever sales alias you set up) |
-## 4. Content TBD — before go-live
+These three are not actually secret (they end up in the built HTML), but Gitea's
 Actions UI puts them in the **Secrets** tab alongside the SFTP credentials. The
 workflows read them via the `${{ secrets.* }}` context.
 ## 4. Content TODO — before go-live
 - [ ] Fill in `src/pages/imprint.astro` `operator` object with real legal details.
 - [ ] Fill in `operatorContact` in `src/pages/privacy.astro`.
--- a/src/pages/imprint.astro
+++ b/src/pages/imprint.astro
@@ -4,7 +4,7 @@ import SiteHeader from '../components/SiteHeader.astro';
 import SiteFooter from '../components/SiteFooter.astro';
 // Imprint (Impressum) per TMG §5 / DDG §5.
-// Values prefixed "<TBD:" MUST be replaced with real operator data before go-live.
+// Values prefixed "<TODO:" MUST be replaced with real operator data before go-live.
 // See docs/superpowers/specs/2026-04-24-cameleer-website-design.md §6.4.
 const operator = {
  legalName: '<TODO:legal name of operating entity>',
Author	SHA1	Message	Date
hsiegeln	259871d34a	Merge pull request 'feat/initial-build' (#3 ) from feat/initial-build into main Some checks failed ci / build-test (push) Failing after 1m3s Details deploy / build (push) Failing after 51s Details deploy / deploy (push) Has been skipped Details Reviewed-on: #3	2026-04-24 18:09:37 +02:00
hsiegeln	295e2bcfff	replaced TBD with TODO Some checks failed ci / build-test (push) Failing after 49s Details ci / build-test (pull_request) Failing after 1m6s Details	2026-04-24 18:06:32 +02:00
hsiegeln	93131461b8	Fix CI build: read PUBLIC_* values from secrets context, broaden TODO guard Some checks failed ci / build-test (push) Failing after 46s Details - Switch ci.yml + deploy.yml env bindings from ${{ vars.* }} to ${{ secrets.* }}. Gitea lets you put non-sensitive Actions values in either tab, and the secrets tab was used in practice — workflow was reading the wrong context and getting empty strings. - Broaden the "no TODO markers ship" guard to accept both TODO: and legacy TBD: prefixes, matching the imprint/privacy page markers that were recently renamed. - Document the secret-vs-variable choice in OPERATOR-CHECKLIST so the next operator doesn't get tripped up by the same thing. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>	2026-04-24 18:04:16 +02:00