Sync changes from Frontend

.dockerignore

@@ -1,7 +1,11 @@
 *
-!src/
-!bun.lockb
-!bunfig.toml
-!LICENSE
-!package.json
-!tsconfig.json
+
+# Project files
+!/bun.lock
+!/bunfig.toml
+!/LICENSE
+!/package.json
+!/tsconfig.json
+
+# SRC
+!/src/**

.env.example

@@ -1,18 +1,40 @@
+#? Rename or copy this file to ".env" and set the variables there.
+#?
+#?####################
+#? VARIABLE STRUCTURE:
+#?####################
+#? [ default ] : type < min - max >
+#?      ^         ^         ^
+#?      |         |         |
+#?      |         |         +---- RANGE between two values (these included)
+#?      |         +-------------- TYPE of the variable
+#?      +------------------------ DEFAULT value applied if not set
+#?
+#?###################
+#? COMMENT STRUCTURE:
+#?###################
+#? "#?#..." or "###..." are used to comment a section line.
+#? "#?" is used to comment a help line.
+#? "##" is used to comment a description line.
+#? "#" is used to comment a variable line.
+#?
+#? You should remove the comment on variable lines only if you want to set the variable.
+
+##########
 ## SERVER:
-# Set log verbosity [3]:integer
-# (0=none <- 1=error <- 2=warn <- 3=info <- 4=debug)
+##########
+## Set log verbosity [3]:integer
+#? (0=none <- 1=error <- 2=warn <- 3=info <- 4=debug)
 #LOGLEVEL=3
 
-# Port for the server [4000]:integer
+## Port for the server [4000]:integer
 #PORT=4000
 
-# Root path for the server (NOT IMPLEMENTED) [/api]:string
-# (Everything will be served under this path)
-#PATH=/api
-
-# Is website served over HTTPS? [true]:boolean
+## Is website served over HTTPS? [true]:boolean
 #TLS=true
 
+############
 ## DOCUMENT:
-# Maximum document size in kilobytes [1024]:integer
+############
+## Maximum document size in kilobytes [1024]:integer
 #DOCUMENT_MAXSIZE=1024

.gitattributes

@@ -7,6 +7,7 @@
 *.cmd             text eol=crlf
 *.coffee          text
 *.css             text diff=css
+*.go              text diff=golang
 *.htm             text diff=html
 *.html            text diff=html
 *.inc             text
@@ -66,6 +67,7 @@ LICENSE           text
 NEWS              text
 readme            text
 *README*          text
+TODO              text
 
 # Templates
 *.dot             text
@@ -95,8 +97,7 @@ readme            text
 .gitattributes    text
 .gitconfig        text
 .htaccess         text
-*.lock            text -diff
-*.lockb           binary diff=lockb
+*.lock            text eol=lf -diff
 package.json      text eol=lf
 package-lock.json text eol=lf -diff
 pnpm-lock.yaml    text eol=lf -diff
@@ -184,8 +185,6 @@ Procfile          text
 # Executables
 *.exe             binary
 *.pyc             binary
-**/.yarn/releases/**   binary
-**/.yarn/plugins/**    binary
 
 # RC files (like .babelrc or .eslintrc)
 *.*rc             text

.github/renovate.json

@@ -0,0 +1,14 @@
+{
+	"$schema": "https://docs.renovatebot.com/renovate-schema.json",
+	"extends": ["config:recommended"],
+	"lockFileMaintenance": {
+		"enabled": true,
+		"automerge": true
+	},
+	"packageRules": [
+		{
+			"matchUpdateTypes": ["patch"],
+			"automerge": true
+		}
+	]
+}

.github/workflows/cd.yml

@@ -0,0 +1,236 @@
+---
+name: CD
+on:
+  workflow_dispatch:
+    inputs:
+      artifact-action:
+        description: Artifact action
+        type: choice
+        required: true
+        default: none
+        options:
+          - none
+          - build
+          - build-release
+      image-action:
+        description: Container image action
+        type: choice
+        required: true
+        default: none
+        options:
+          - none
+          - build
+          - build-release
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: false
+
+permissions:
+  contents: read
+
+jobs:
+  artifact:
+    if: github.repository_owner == 'jspaste' && inputs.artifact-action != 'none'
+    name: Release artifact
+    runs-on: ubuntu-latest
+    permissions:
+      attestations: write
+      contents: write
+      id-token: write
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@4bc047ad259df6fc24a6c9b0f9a0cb08cf17fbe5 # v2.0.1
+
+      - name: Save context
+        id: ctx
+        env:
+          CTX_BRANCH: ${{ github.head_ref || github.ref_name }}
+          CTX_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
+        run: |
+          echo "branch=${CTX_BRANCH}" >>"$GITHUB_OUTPUT"
+          echo "sha=${CTX_SHA}" >>"$GITHUB_OUTPUT"
+          echo "sha_short=${CTX_SHA::7}" >>"$GITHUB_OUTPUT"
+
+      - name: Save tags
+        id: tags
+        env:
+          BRANCH: ${{ steps.ctx.outputs.branch }}
+          SHA_SHORT: ${{ steps.ctx.outputs.sha_short }}
+        run: |
+          TIMESTAMP="$(date +%Y.%m.%d)"
+
+          if [[ "${BRANCH}" == "stable" ]]; then
+            TAG="latest"
+          else
+            TAG="snapshot"
+          fi
+
+          echo "tag=${TAG}" >>"$GITHUB_OUTPUT"
+          echo "extended=${TIMESTAMP}-${SHA_SHORT}" >>"$GITHUB_OUTPUT"
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: Install deps
+        run: bun install --frozen-lockfile
+
+      - name: Build artifact
+        run: |
+          bun run build:server
+
+          bun run build:standalone:darwin-arm64
+          chmod 755 ./dist/server
+          tar -c --owner=0 --group=0 --mtime='now' --utc .env.example LICENSE README.md -C ./dist/ server | xz -z -6 >./dist/backend_${{ steps.tags.outputs.tag }}_darwin-arm64.tar.xz
+          tar -tJf ./dist/backend_${{ steps.tags.outputs.tag }}_darwin-arm64.tar.xz >/dev/null
+
+          bun run build:standalone:linux-amd64-glibc
+          chmod 755 ./dist/server
+          tar -c --owner=0 --group=0 --mtime='now' --utc .env.example LICENSE README.md -C ./dist/ server | xz -z -6 >./dist/backend_${{ steps.tags.outputs.tag }}_linux-amd64-glibc.tar.xz
+          tar -tJf ./dist/backend_${{ steps.tags.outputs.tag }}_linux-amd64-glibc.tar.xz >/dev/null
+
+          bun run build:standalone:linux-amd64-musl
+          chmod 755 ./dist/server
+          tar -c --owner=0 --group=0 --mtime='now' --utc .env.example LICENSE README.md -C ./dist/ server | xz -z -6 >./dist/backend_${{ steps.tags.outputs.tag }}_linux-amd64-musl.tar.xz
+          tar -tJf ./dist/backend_${{ steps.tags.outputs.tag }}_linux-amd64-musl.tar.xz >/dev/null
+
+          bun run build:standalone:linux-arm64-glibc
+          chmod 755 ./dist/server
+          tar -c --owner=0 --group=0 --mtime='now' --utc .env.example LICENSE README.md -C ./dist/ server | xz -z -6 >./dist/backend_${{ steps.tags.outputs.tag }}_linux-arm64-glibc.tar.xz
+          tar -tJf ./dist/backend_${{ steps.tags.outputs.tag }}_linux-arm64-glibc.tar.xz >/dev/null
+
+          bun run build:standalone:linux-arm64-musl
+          chmod 755 ./dist/server
+          tar -c --owner=0 --group=0 --mtime='now' --utc .env.example LICENSE README.md -C ./dist/ server | xz -z -6 >./dist/backend_${{ steps.tags.outputs.tag }}_linux-arm64-musl.tar.xz
+          tar -tJf ./dist/backend_${{ steps.tags.outputs.tag }}_linux-arm64-musl.tar.xz >/dev/null
+
+          bun run build:standalone:windows-amd64
+          chmod 755 ./dist/server.exe
+          zip -j -X -9 -l -o ./dist/backend_${{ steps.tags.outputs.tag }}_windows-amd64.zip .env.example LICENSE README.md ./dist/server.exe
+          zip -T ./dist/backend_${{ steps.tags.outputs.tag }}_windows-amd64.zip
+
+      - if: inputs.artifact-action == 'build-release'
+        name: Release artifact
+        uses: ncipollo/release-action@440c8c1cb0ed28b9f43e4d1d670870f059653174 # v1.16.0
+        with:
+          name: ${{ steps.tags.outputs.extended }}
+          tag: ${{ steps.tags.outputs.extended }}
+          artifacts: dist/*.tar.xz,dist/*.zip
+          makeLatest: true
+          prerelease: ${{ steps.ctx.outputs.branch != 'stable' }}
+          generateReleaseNotes: ${{ steps.ctx.outputs.branch == 'stable' }}
+
+      - if: inputs.artifact-action == 'build-release'
+        name: Attest artifact
+        uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
+        with:
+          subject-path: |
+            dist/*.tar.xz
+            dist/*.zip
+
+  container:
+    if: github.repository_owner == 'jspaste' && inputs.image-action != 'none'
+    name: Release container image
+    runs-on: ubuntu-latest
+    env:
+      REGISTRY: ghcr.io
+
+    permissions:
+      attestations: write
+      id-token: write
+      packages: write
+
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
+        with:
+          egress-policy: audit
+
+      - name: Save context
+        id: ctx
+        env:
+          CTX_BRANCH: ${{ github.head_ref || github.ref_name }}
+          CTX_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
+        run: |
+          echo "branch=${CTX_BRANCH}" >>"$GITHUB_OUTPUT"
+          echo "sha=${CTX_SHA}" >>"$GITHUB_OUTPUT"
+          echo "sha_short=${CTX_SHA::7}" >>"$GITHUB_OUTPUT"
+
+      - name: Save tags
+        id: tags
+        env:
+          BRANCH: ${{ steps.ctx.outputs.branch }}
+          SHA: ${{ steps.ctx.outputs.sha }}
+          SHA_SHORT: ${{ steps.ctx.outputs.sha_short }}
+        run: |
+          TIMESTAMP="$(date +%Y.%m.%d)"
+          TIMESTAMP_ISO="$(date -u +%Y-%m-%dT%H:%M:%SZ)"
+
+          if [[ "${BRANCH}" == "stable" ]]; then
+            TAGS+=("latest")
+          else
+            TAGS+=("snapshot")
+          fi
+
+          TAGS+=("${SHA}")
+          TAGS+=("${TIMESTAMP}-${SHA_SHORT}")
+
+          echo "timestamp=${TIMESTAMP}" >>"$GITHUB_OUTPUT"
+          echo "timestamp_iso=${TIMESTAMP_ISO}" >>"$GITHUB_OUTPUT"
+          echo "version=${TIMESTAMP}-${SHA_SHORT}" >>"$GITHUB_OUTPUT"
+          echo "list=${TAGS[*]}" >>"$GITHUB_OUTPUT"
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: Build image
+        id: build-image
+        uses: redhat-actions/buildah-build@7a95fa7ee0f02d552a32753e7414641a04307056 # v2.13
+        with:
+          containerfiles: Dockerfile
+          platforms: linux/amd64,linux/arm64
+          image: ${{ github.repository }}
+          layers: true
+          oci: true
+          tags: ${{ steps.tags.outputs.list }}
+          extra-args: |
+            --squash
+            --identity-label=false
+            --label=org.opencontainers.image.created=${{ steps.tags.outputs.timestamp_iso }}
+            --label=org.opencontainers.image.revision=${{ steps.ctx.outputs.sha }}
+            --label=org.opencontainers.image.version=${{ steps.tags.outputs.version }}
+
+      - if: inputs.image-action == 'build-release'
+        name: Login to GHCR
+        uses: redhat-actions/podman-login@4934294ad0449894bcd1e9f191899d7292469603 # v1.7
+        with:
+          username: ${{ github.repository_owner }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          registry: ${{ env.REGISTRY }}
+
+      - if: inputs.image-action == 'build-release'
+        name: Push to GHCR
+        id: push-image
+        uses: redhat-actions/push-to-registry@5ed88d269cf581ea9ef6dd6806d01562096bee9c # v2.8
+        with:
+          image: ${{ steps.build-image.outputs.image }}
+          tags: ${{ steps.build-image.outputs.tags }}
+          registry: ${{ env.REGISTRY }}
+
+      - if: inputs.image-action == 'build-release'
+        name: Attest image
+        uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2.2.3
+        with:
+          subject-name: "${{ env.REGISTRY }}/${{ steps.build-image.outputs.image }}"
+          subject-digest: ${{ steps.push-image.outputs.digest }}
+          push-to-registry: false