Move out some scripts

Signed-off-by: nopeitsnothing <no@anonymousplanet.org>

.github/workflows/build-pdf.yml

@@ -1,158 +0,0 @@
-name: 📖 Build, Scan & Release PDF
-
-on:
-  workflow_dispatch:
-    inputs:
-      build_mode:
-        description: 'PDF build mode'
-        required: true
-        default: 'both'
-        type: choice
-        options:
-          - light
-          - dark
-          - both
-      release_mode:
-        description: 'Release update mode'
-        required: false
-        default: 'tag'
-        type: choice
-        options:
-          - tag
-          - latest
-  push:
-    branches:
-      - main
-    paths:
-      - "docs/**"
-      - "mkdocs.yml"
-      - "scripts/**"
-      - ".github/workflows/**"
-
-permissions:
-  contents: write
-  id-token: write
-
-jobs:
-  build:
-    name: Build PDFs (${{ inputs.build_mode || 'both' }})
-    runs-on: ubuntu-latest
-    steps:
-      - name: 🛠️ Checkout
-        uses: actions/checkout@v4
-
-      - name: 🐍 Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.13"
-
-      - name: 📦 Install MkDocs Material
-        run: pip install mkdocs-material
-
-      - name: Setup Chrome
-        uses: browser-actions/setup-chrome@v2
-        with:
-          chrome-version: 120
-          install-dependencies: true
-          install-chromedriver: true
-
-      - name: 🔑 Install GPG tools
-        run: |
-          sudo apt-get update
-          sudo apt-get install gnupg
-
-      - name: 🖨️ Build PDFs
-        env:
-          CI: true
-        run: python scripts/build_guide_pdf.py --${{ inputs.build_mode || 'both' }}
-
-      - name: 🔒 Sign PDFs with GPG key
-        env:
-          GPG_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-        run: |
-          cd ${{ github.workspace }}
-
-          # Import GPG key
-          export GPG_TTY=$(tty)
-          echo "$GPG_KEY" | gpg --batch --import 2>/dev/null || true
-
-          # Verify the key was imported
-          if gpg --list-secret-keys &>/dev/null; then
-            # Sign the PDFs (detach signature)
-            gpg --batch --yes --armor --detach-sign --output export/thgtoa.pdf.sig export/thgtoa.pdf 2>/dev/null || true
-            gpg --batch --yes --armor --detach-sign --output export/thgtoa-dark.pdf.sig export/thgtoa-dark.pdf 2>/dev/null || true
-
-            # Create combined hash file and sign it
-            sha256sum export/thgtoa.pdf > export/thgtoa.pdf.sha256
-            sha256sum export/thgtoa-dark.pdf > export/thgtoa-dark.sha256
-            gpg --batch --yes --armor --detach-sign --output export/thgtoa.pdf.sig export/thgtoa.pdf.sha256 2>/dev/null || true
-            gpg --batch --yes --armor --detach-sign --output export/thgtoa-dark.pdf.sig export/thgtoa-dark.pdf.sha256 2>/dev/null || true
-
-            # Create individual hash files
-            sha256sum export/thgtoa.pdf > export/thgtoa.pdf.sha256
-            sha256sum export/thgtoa-dark.pdf > export/thgtoa-dark.pdf.sha256
-          fi
-
-      - name: 📤 Upload PDF artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: pdf-artifacts-${{ inputs.build_mode || 'both' }}
-          path: |
-            export/*.pdf
-            export/*.sig
-            export/*.sha256
-          if-no-files-found: error
-          retention-days: 90
-          archive: false
-
-  scan-and-release:
-    name: Scan & Release
-    runs-on: ubuntu-latest
-    needs: build
-    if: always() && contains(needs.build.result, 'success')
-
-    steps:
-      - name: 🚀 Checkout
-        uses: actions/checkout@v4
-
-      - name: 🔽 Download PDF artifacts
-        uses: actions/download-artifact@v4
-        with:
-          pattern: pdf-artifacts
-          path: export/
-          merge-multiple: true
-
-      - name: 🦠 VirusTotal Scan & Release Update
-        env:
-          VT_API_KEY: ${{ secrets.VT_API_KEY }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_REPOSITORY: ${{ github.repository }}
-          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
-          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
-        run: |
-          chmod +x scripts/pdf_release.sh
-
-          # Determine build mode from input or default to both
-          BUILD_MODE="${{ inputs.build_mode || 'both' }}"
-          RELEASE_MODE="${{ inputs.release_mode || 'tag' }}"
-
-          echo "Running PDF release script..."
-          echo "Build Mode: $BUILD_MODE"
-          echo "Release Mode: $RELEASE_MODE"
-
-          # Run the release script
-          ./scripts/pdf_release.sh \
-            --build "$BUILD_MODE" \
-            --release "$RELEASE_MODE" \
-            --vt-api-key "$VT_API_KEY" \
-            --github-token "$GITHUB_TOKEN"
-
-      - name: 📊 Upload scan results artifact
-        uses: actions/upload-artifact@v4
-        with:
-          name: vt-scan-results-${{ inputs.build_mode || 'both' }}
-          path: |
-            export/virus-total-results.md
-          if-no-files-found: warn
-          retention-days: 30

.github/workflows/build-sign-release.yml

@@ -127,7 +127,11 @@ jobs:
         with:
           name: pdf-export-${{ inputs.build_mode || 'both' }}
           path: |
-            export/**
+            export/*.pdf
+            export/*.sig
+            export/checksums.sha256
+            export/checksums.sha256.sig
+            export/virus-total-results.md
           if-no-files-found: error
           retention-days: 90
           compression-level: 0

.github/workflows/vt-scan.yml

@@ -1,77 +0,0 @@
-name: '🦠 VirusTotal Scan'
-
-on:
-    workflow_dispatch:
-    push:
-      branches:
-        - 'main'
-      tags:
-        - 'v*'
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-    steps:
-      - name: '📦 Checkout'
-        uses: actions/checkout@v6
-
-      - name: '🔍 Download PDF artifacts from build workflow'
-        uses: actions/download-artifact@v7
-        with:
-          pattern: light-pdf-files,dark-pdf-files
-          path: pdfs
-          merge-multiple: true
-
-      - name: '🦠 Scan PDF files using VT'
-        uses: crazy-max/ghaction-virustotal@v5
-        with:
-          vt_api_key: ${{ secrets.VT_API_KEY }}
-          update_release_body: false  # We'll handle this manually in the next step
-          files: |
-            ./pdfs/thgtoa.pdf
-            ./pdfs/thgtoa-dark.pdf
-
-      - name: '📊 Extract VT scan results'
-        id: vt-scan
-        run: |
-          echo "status=completed" >> $GITHUB_OUTPUT
-
-      - name: '🔗 Generate VT report links'
-        run: |
-          # Create a markdown file with VT scan results and links
-          cat > vt-results.md << EOF
-          ## VirusTotal Scan Results
-
-          **Scan Date:** $(date -u +"%Y-%m-%d %H:%M UTC")
-
-          ### thgtoa.pdf (Light Mode)
-          - **VT Report:** https://www.virustotal.com/gui/file/$(sha256sum pdfs/thgtoa.pdf | cut -d' ' -f1)
-
-          ### thgtoa-dark.pdf (Dark Mode)
-          - **VT Report:** https://www.virustotal.com/gui/file/$(sha256sum pdfs/thgtoa-dark.pdf | cut -d' ' -f1)
-
-          ---
-          *Scan performed automatically by GitHub Actions*
-          EOF
-
-      - name: '📝 Update release with VT results (if tag exists)'
-        if: startsWith(github.ref, 'refs/tags/')
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GH_REPO: ${{ github.repository }}
-        run: |
-          # Get the latest release notes
-          RELEASE_NOTES=$(gh release view ${{ github.ref_name }} --json body --jq .body 2>/dev/null || echo "")
-
-          # Append VT results to release notes
-          if [ -n "$RELEASE_NOTES" ]; then
-            echo "" >> vt-results.md
-            echo "---" >> vt-results.md
-            echo "### Previous Release Notes" >> vt-results.md
-            echo "$RELEASE_NOTES" >> vt-results.md
-          fi
-
-          # Update the release with VT results
-          gh release edit ${{ github.ref_name }} --notes-file vt-results.md