Update https://git.quad4.io/actions/checkout action to v6

Reviewed-on: #16

.gitea/workflows/ci.yml

@@ -16,21 +16,21 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
       - name: Setup Go
-        uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0
+        uses: https://git.quad4.io/actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5.6.0
         with:
           go-version: '1.25.4'
           cache: true
 
       - name: Setup Node
-        uses: actions/setup-node@1d0ff469b7ec7b3cb9d8673fde0c81c44821de2a # v4.2.0
+        uses: https://git.quad4.io/actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
         with:
           node-version: '22'
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@7088e561eb65bb68695d245aa206f005ef30921d # v4.1.0
+        uses: https://git.quad4.io/actions/setup-pnpm@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4.2.0
         with:
           version: 9
 

.gitea/workflows/publish.yml

@@ -5,38 +5,42 @@ on:
     tags:
       - 'v*'
   workflow_dispatch:
+    inputs:
+      tag_name:
+        description: 'Tag name for the release'
+        required: true
+        type: string
 
 jobs:
   publish:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+        uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
 
       - name: Setup Go
-        uses: actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
+        uses: https://git.quad4.io/actions/setup-go@40f1582b2485089dde7abd97c1529aa768e1baff # v5
         with:
           go-version: '1.25.4'
           cache: true
 
       - name: Setup Node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
+        uses: https://git.quad4.io/actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
           node-version: '22'
 
       - name: Setup pnpm
-        uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4
+        uses: https://git.quad4.io/actions/setup-pnpm@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4
         with:
           version: 10
 
       - name: Install Task
-        uses: arduino/setup-task@b91d5d2c96a56797b48ac1e0e89220bf64044611 # v2
+        uses: https://git.quad4.io/actions/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1
         with:
-          version: 3.x
+          version: '3.46.3'
-          repo-token: ${{ secrets.GITEA_TOKEN }}
 
       - name: Generate SBOM
-        uses: CycloneDX/gh-gomod-generate-sbom@efc74245d6802c8cefd925620515442756c70d8f # v2
+        uses: https://git.quad4.io/actions/gh-gomod-generate-sbom@efc74245d6802c8cefd925620515442756c70d8f # v2
         with:
           version: v1
           args: mod -licenses -json -output bom.json
@@ -47,8 +51,9 @@ jobs:
           NODE_ENV: production
 
       - name: Create Release and Upload Assets
-        uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
+        uses: https://git.quad4.io/actions/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
         with:
+          tag_name: ${{ github.event.inputs.tag_name || github.ref_name }}
           files: |
             software-station
             bom.json

.gitea/workflows/renovate.yml

@@ -12,9 +12,9 @@ on:
 jobs:
   renovate:
     runs-on: ubuntu-latest
-    container: ghcr.io/renovatebot/renovate:37.440.7
+    container: ghcr.io/renovatebot/renovate:42.66.11
     steps:
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
+      - uses: https://git.quad4.io/actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
       - name: Fetch remote configuration
         run: curl -sL https://git.quad4.io/Quad4-Extra/renovate-config/raw/branch/master/config.js -o config.js
       - run: renovate

Makefile

@@ -1,74 +0,0 @@
-.PHONY: all build-frontend build-go build-wasm clean release run lint scan check format tidy test test-wasm dev docker-build
-
-BINARY_NAME=software-station
-FRONTEND_DIR=frontend
-BUILD_DIR=build
-VERIFIER_DIR=software-verifier
-WASM_OUT=frontend/static/verifier
-
-VERSION=$(shell grep '"version":' $(FRONTEND_DIR)/package.json | cut -d'"' -f4)
-BUILD_DATE=$(shell date -u +'%Y-%m-%dT%H:%M:%SZ')
-VCS_REF=$(shell git rev-parse --short HEAD 2>/dev/null || echo "unknown")
-
-all: build-wasm build-frontend build-go
-
-dev:
-	@echo "Starting development environment..."
-	@pnpm --prefix $(FRONTEND_DIR) dev & go run main.go
-
-build-wasm:
-	@echo "Building WASM verifier..."
-	mkdir -p $(WASM_OUT)
-	cp "$(shell go env GOROOT)/lib/wasm/wasm_exec.js" $(WASM_OUT)/wasm_exec.js
-	cd $(VERIFIER_DIR) && GOOS=js GOARCH=wasm go build -o ../$(WASM_OUT)/verifier.wasm .
-
-build-frontend: build-wasm
-	cd $(FRONTEND_DIR) && pnpm install && pnpm build
-	@echo "Injecting SRI hashes..."
-	go run scripts/sri-gen/main.go
-
-build-go:
-	go build -o $(BINARY_NAME) main.go
-
-release: build-frontend
-	CGO_ENABLED=0 go build -ldflags="-s -w" -o $(BINARY_NAME) main.go
-	@echo "Release build complete: $(BINARY_NAME)"
-
-run: all
-	./$(BINARY_NAME)
-
-format:
-	go fmt ./...
-	cd $(FRONTEND_DIR) && pnpm run format
-
-lint:
-	go vet ./...
-	cd $(FRONTEND_DIR) && pnpm run lint
-
-scan:
-	gosec ./...
-
-check:
-	cd $(FRONTEND_DIR) && pnpm run check
-
-tidy: format lint check
-
-test: test-wasm
-	go test -v -coverpkg=./... ./...
-
-test-wasm:
-	cd $(VERIFIER_DIR) && go test -v ./...
-
-clean:
-	rm -rf $(FRONTEND_DIR)/build
-	rm -rf $(WASM_OUT)
-	rm -f $(BINARY_NAME)
-	rm -f coverage.out
-
-docker-build:
-	docker build \
-		--build-arg VERSION=$(VERSION) \
-		--build-arg BUILD_DATE=$(BUILD_DATE) \
-		--build-arg VCS_REF=$(VCS_REF) \
-		-t $(BINARY_NAME):latest \
-		-t $(BINARY_NAME):$(VERSION) .

Taskfile.yml

@@ -21,7 +21,7 @@ tasks:
 
   all:
     desc: Build everything
-    deps: [build-go, build-frontend]
+    deps: [build-go]
 
   dev:
     desc: Start development environment (parallel)
@@ -77,6 +77,7 @@ tasks:
 
   build-go:
     desc: Build main Go application
+    deps: [build-frontend]
     sources:
       - "**/*.go"
       - exclude: "{{.VERIFIER_DIR}}/**/*"

renovate.json

@@ -1,3 +1,48 @@
 {
-  "$schema": "https://docs.renovatebot.com/renovate-schema.json"
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended"
+  ],
+  "regexManagers": [
+    {
+      "fileMatch": ["^\\.gitea/workflows/.*\\.yml$"],
+      "matchStrings": [
+        "uses: https://git\\.quad4\\.io/actions/(?<packageName>checkout|setup-go|setup-node)@(?<currentDigest>[a-f0-9]{40}) # (?<currentValue>v[0-9]+(\\.[0-9]+)*)"
+      ],
+      "depNameTemplate": "actions/{{{packageName}}}",
+      "datasourceTemplate": "github-tags"
+    },
+    {
+      "fileMatch": ["^\\.gitea/workflows/.*\\.yml$"],
+      "matchStrings": [
+        "uses: https://git\\.quad4\\.io/actions/setup-pnpm@(?<currentDigest>[a-f0-9]{40}) # (?<currentValue>v[0-9]+(\\.[0-9]+)*)"
+      ],
+      "depNameTemplate": "pnpm/action-setup",
+      "datasourceTemplate": "github-tags"
+    },
+    {
+      "fileMatch": ["^\\.gitea/workflows/.*\\.yml$"],
+      "matchStrings": [
+        "uses: https://git\\.quad4\\.io/actions/setup-task@(?<currentDigest>[a-f0-9]{40}) # (?<currentValue>v[0-9]+(\\.[0-9]+)*)"
+      ],
+      "depNameTemplate": "arduino/setup-task",
+      "datasourceTemplate": "github-tags"
+    },
+    {
+      "fileMatch": ["^\\.gitea/workflows/.*\\.yml$"],
+      "matchStrings": [
+        "uses: https://git\\.quad4\\.io/actions/gh-gomod-generate-sbom@(?<currentDigest>[a-f0-9]{40}) # (?<currentValue>v[0-9]+(\\.[0-9]+)*)"
+      ],
+      "depNameTemplate": "CycloneDX/gh-gomod-generate-sbom",
+      "datasourceTemplate": "github-tags"
+    },
+    {
+      "fileMatch": ["^\\.gitea/workflows/.*\\.yml$"],
+      "matchStrings": [
+        "uses: https://git\\.quad4\\.io/actions/action-gh-release@(?<currentDigest>[a-f0-9]{40}) # (?<currentValue>v[0-9]+(\\.[0-9]+)*)"
+      ],
+      "depNameTemplate": "softprops/action-gh-release",
+      "datasourceTemplate": "github-tags"
+    }
+  ]
 }