chore(release): harden winget pipeline#277
Merged
Merged
Conversation
…ail verify Reflects features added since last refresh: - Cloudflare Turnstile human verification on /join + /collect - Mandatory nickname gate, profanity filter, email verification (Resend) - Pre-event collection flow + Tower v2 UI - Enrich All advanced action - HUMAN_COOKIE_SECRET, RESEND_API_KEY, EMAIL_FROM_ADDRESS, SOUNDCHARTS_* - Security section: MultiFernet rotation, pinned image SHAs, IP-free identity
- Add server/scripts/seed_demo_event.py to populate a "demo" event with 4 enriched requests (BPM/key/genre) and 1 upvoted by a fake guest - Update playwright fixture to use DEMO01 when present, fall back to fresh-event creation. Avoids picking a stale expired event[0]. - Add Guest Collect (mobile) capture — forces collection_phase_override to render the Tower v2 nickname gate - Refresh all docs/images/*.png from new run
Previous /join and /collect captures only showed the NicknameGate. Seed script now creates a verified Guest + per-event GuestProfile so Playwright can drop a wrzdj_guest cookie and bypass the gate, capturing the actual Tower v2 leaderboard with rank badges, monogram tiles, vote counts, "My Picks" section, and gradient CTAs. Also captures the song detail sheets — tap a row to open the full metadata view (BPM, Camelot key, queue rank, requester avatar). - 12 screenshots total (was 11): adds gate, tower, and detail variants - Marcus's pick (Daft Punk - One More Time) linked to demo guest_id so the auto-open request sheet doesn't intercept clicks - All seed requests get submitted_during_collection=True so they show in the /collect leaderboard
Local DB had 25 dropped/stale events with test names ('asdasdsad',
'wrzdj are so cool uwu', repeated 'E2E-Recovery-Test', 'Abuse Test
Event', etc.) leaking into /events and /dashboard screenshots.
Cleared all events except DEMO01 (and dependent rows in requests,
request_votes, now_playing, play_history, guest_profiles), re-seeded
DEMO01, re-ran the 12-shot screenshot suite.
Unify screenshot filenames across the WrzDJ repo and the wrzdjweb
landing page so a single 'npm run screenshots' run drops finished
assets that can be rsynced verbatim to either side.
Renames (Playwright outputs in dashboard/e2e/screenshots.spec.ts):
- dj-dashboard -> screenshot-dashboard
- events-list -> screenshot-events-list
- event-management -> screenshot-event-management
- event-management-tab -> screenshot-event-management-tab
- admin-{overview,users,integrations,settings} -> screenshot-admin-*
- guest-join-gate-mobile -> screenshot-join-gate-mobile
- guest-join-mobile -> screenshot-join-mobile
- guest-join-detail-mobile -> screenshot-join-detail-mobile
- guest-collect-mobile -> screenshot-collect-mobile
- guest-collect-detail-mobile -> screenshot-collect-detail-mobile
- kiosk-display -> screenshot-kiosk
New scripts:
- scripts/png-to-webp.sh encodes every screenshot-*.png to .webp at
q=85 via cwebp. Wired into 'npm run screenshots' so PNG and WebP
variants stay in sync automatically.
- scripts/sync-screenshots-to-wrzdjweb.sh rsyncs the canonical files
to ~/github/wrzdjweb/images/ — landing-page deploys are now a copy,
no rename math required.
README.md updated to point at the new canonical paths.
…026-05 # Conflicts: # dashboard/e2e/screenshots.spec.ts # docs/images/admin-overview.png # docs/images/admin-settings.png # docs/images/admin-users.png # docs/images/dj-dashboard.png # docs/images/event-management-tab.png # docs/images/event-management.png # docs/images/events-list.png # docs/images/guest-join-mobile.png # docs/images/kiosk-display.png
…fy, asset retry)
Hardening tweaks driven by historical winget submission failures:
1. validate-tag.sh fails fast on malformed tags (e.g. v2026.4.08, rc suffixes)
before any builds run. New validate-tag job is needs-by build-bridge-app.
2. tag-to-semver.{sh,ps1} extract the date-tag→semver conversion that lived
inline in two places in release.yml. Paired bats + Pester tests cover
leading-zero handling, revision suffixes, and edge cases.
3. wait-for-asset.ps1 HEAD-polls the release asset URL with exponential
backoff before wingetcreate runs, eliminating CDN-replication 404 races
that previously required manual reruns.
4. update-winget job now skips on workflow_dispatch when win32 isn't built.
5. verify-arp-version.ps1 asserts the installed ARP DisplayVersion matches
the computed semver — catches version-injection regressions before they
reach winget validators (which reject ARP/manifest mismatches).
6. verify-uninstall.ps1 asserts silent uninstall exits 0 — winget validation
requires this; previously we ran it best-effort with no exit-code check.
7. winget-scripts-test.yml runs bats (ubuntu) + Pester (windows) on PRs
touching any of the above so script regressions get caught before tag.
All values from github context flow through env: per workflow injection
hardening guidance.
21/21 bats tests pass locally. Pester suites validated on Windows runner.
…ion) Pester v5 isolates Mock script blocks; $script:counter assignments inside Mocks don't propagate back to the It scope. Replace manual counters with Should -Invoke -Times -Exactly and -ParameterFilter for backoff verification. Fixes 3/19 failures from initial CI run.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Pre-emptive hardening of the winget release pipeline driven by historical friction analysis. Five tweaks (1, 3, 4, 5, 6 from the audit) plus the shared semver refactor and a new test workflow. Each script is unit-tested before being wired into
release.yml.What's added
validate-tag.shvalidate-tagjob (fail-fast)tag-to-semver.sh+.ps1verify-arp-version.ps1verify-uninstall.ps1wait-for-asset.ps1What's fixed (root causes from history)
--squirrel-firstrunE_ABORTmain.ts; ARP-version check now catches version-inject regressions that would shadow itenv:pattern; asset retry covers replication lagwinget-scripts-test.ymlruns bats + Pester on PRs touching scripts or release.ymlWhat's deferred
wingetcreate update --no-submiton PRs touching bridge-app (separate PR — needs Windows runner per PR, cost concern)Workflow injection hardening
All
${{ github... }}and${{ secrets... }}refs flow throughenv:. No untrusted-input concatenation inrun:blocks.Test plan
windows-latest(first run is this PR)winget-scripts-test.ymlgo greenci.ymlandcodeql.ymljobs still pass (no source code touched)v2026.05.02) to validate full release pipeline end-to-end before relying on it for a real release