Keep it clean, simple, only include the semver tag:
LATEST=$(git tag --list 'v*' --sort=-version:refname \
| grep -E '^v[0-9]+\.[0-9]+\.[0-9]+
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
commits_since(): when no prior tag exists, scope to commits not yet on
origin/main via merge-base instead of walking the entire history. This
is what caused the v2.0.1 entry to contain every commit back to project
inception.
categorise(): replace the minimal skip pattern with a compiled NOISE
regex that also drops:
- numbered series commits (3/8, 7/8, etc.)
- vague WIP messages (Tweaking, Moving some, Still broken, pt2...)
- one-word infrastructure fixes (Fix workflow, Fix path, Fix README)
- oops commits (Forgot to, Revert "...")
- joke messages (One job to rule them all)
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Previous filesystem edits to _save_images_as_pdf did not persist to
disk. Rewrote the function: quantize each dark-themed RGB image to
palette mode (256 colours, FASTOCTREE) so Pillow uses zlib/deflate
instead of JPEG (no libjpeg needed), save each as a single-page PDF,
then merge with qpdf. qpdf only accepts PDF inputs to --pages.
Also restores the orphaned footnote citations [^536] and [^537] in
docs/guide/index.md at the key disclosure law paragraph (line 8586).
Previous edit also did not persist to disk.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Previously the script crashed with a FileNotFoundError traceback when
system tools were absent. Now _check_dependencies() runs before any
work begins and prints install instructions for Linux/WSL, macOS, and
a pointer to develop.md for Windows.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Replaces the thin stub describing the old monolithic workflow with a
full developer reference covering:
- Prerequisites (Linux/macOS/Windows tabs)
- Repository layout
- Local build instructions for both PDFs and the MkDocs site
- Pipeline flow diagram (build → sign → release → changelog)
- What to check before pushing
- Every GitHub Secret: what it is, how to generate it, what breaks
without it, and a summary table
- Step-by-step release process using tag_release.py
- Release verification instructions (GPG + hash checks)
- Troubleshooting section for every known CI failure mode
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Interactive script for maintainers to create GPG-signed annotated tags.
Checks clean tree and branch, auto-increments version from latest tag,
pulls the message from the matching changelog entry, resolves the release
signing key (default: 9FA5436D0EE360985157382517ECA05F768DEDF6),
creates the tag, verifies the signature, then prints the push command.
Usage:
python scripts/tag_release.py # auto version
python scripts/tag_release.py --version v1.2.4
python scripts/tag_release.py --dry-run # preview only
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
convert.py: Pillow's PDF writer requires libjpeg for RGB images, which
is not available in the CI Python environment. Replace all Pillow PDF
saves with _save_images_as_pdf(), which writes pages as lossless PNGs
and assembles them with qpdf — no JPEG dependency needed.
build.yml: install mkdocs-material[imaging] instead of mkdocs-material
to satisfy the cairosvg dependency required by the social plugin.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Adds export/thgtoa.pdf.b2 and export/thgtoa-dark.pdf.b2 alongside
the existing .sha256 and .sig entries.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Merges the v1.2.2 and v1.2.3 draft entries into a single clean
release. Removes duplicate bullets, internal implementation noise,
and half-finished notes. Switches admonitions to success/warning/bug
types for better visual scanning. Adds a plain-English summary line
per version.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
update_changelog.py reads git log since the last version tag,
categorises commits by conventional-commit prefix, and prepends a
new ## [vX.Y.Z] entry to docs/changelog/index.md. changelog.yml
runs after build.yml succeeds and commits the result back to main
with [skip ci]. Supports dry_run and manual_version dispatch inputs.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
build.yml — builds PDFs, uploads artifact, no secrets required
sign.yml — hashes (SHA-256 + BLAKE2b) and GPG-signs, triggered via
workflow_run after build or manually with a build_run_id
release.yml — downloads artifacts, uploads to VirusTotal, publishes
tagged GitHub Release with all 12 assets attached
All three chain automatically on push to main. Each can be re-run or
triggered independently against any historical run.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Removes the dead Chromium dark mode path and BeautifulSoup CSS
injection code. Dark PDF is now produced by calling convert.py on the
finished light PDF. --both builds light then dark; --dark alone works
if the light PDF already exists.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
Replaces the broken --prefers-color-scheme=dark Chromium flag with a
pixel-level converter. Rasterizes pages via pdftoppm, remaps colors to
the hacker theme (#1f1f31 bg, #e0e0e0 text, #5e8bde links), and
reassembles with qpdf. Processes in batches of 50 pages to avoid OOM
on large documents like the 414-page guide.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
And also move the develop workflow information to docs/code to cleanup
the guide documents, preventing accidental addition to the PDF.
Signed-off-by: nopeitsnothing <no@anonymousplanet.org>
nopeitsnothing