Malin/paste.es
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: rebrand Hemmelig to paste.es for cloudhost.es

Browse Source 
- Set Spanish as default language with ephemeral/encrypted privacy focus
- Translate all user-facing strings and legal pages to Spanish
- Replace Norwegian flag with Spanish flag in footer
- Remove Hemmelig/terces.cloud links, add cloudhost.es sponsorship
- Rewrite PrivacyPage: zero data collection, ephemeral design emphasis
- Rewrite TermsPage: Spanish law, RGPD, paste.es/CloudHost.es references
- Update PWA manifest, HTML meta tags, package.json branding
- Rename webhook headers to X-Paste-Event / X-Paste-Signature
- Update API docs title and contact to paste.es / cloudhost.es

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Malin
2026-02-24 09:30:19 +01:00
commit bc9f96cbd4
268 changed files with 45773 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

168
.github/workflows/cli-release.yml vendored Normal file
View File

@@ -0,0 +1,168 @@
name: CLI Release
on:
push:
tags:
- 'cli-v*'
workflow_dispatch:
inputs:
version:
description: 'Version to release (e.g., 1.0.0)'
required: true
type: string
permissions:
contents: write
jobs:
build:
name: Build CLI
runs-on: ubuntu-latest
strategy:
matrix:
include:
- goos: linux
goarch: amd64
suffix: linux-amd64
- goos: linux
goarch: arm64
suffix: linux-arm64
- goos: darwin
goarch: amd64
suffix: darwin-amd64
- goos: darwin
goarch: arm64
suffix: darwin-arm64
- goos: windows
goarch: amd64
suffix: windows-amd64.exe
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup Go
uses: actions/setup-go@v5
with:
go-version: '1.21'
- name: Build binary
working-directory: cli-go
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
CGO_ENABLED: 0
run: |
go build -ldflags="-s -w" -o hemmelig-${{ matrix.suffix }} .
- name: Generate SHA256
working-directory: cli-go
run: |
sha256sum hemmelig-${{ matrix.suffix }} > hemmelig-${{ matrix.suffix }}.sha256
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: hemmelig-${{ matrix.suffix }}
path: |
cli-go/hemmelig-${{ matrix.suffix }}
cli-go/hemmelig-${{ matrix.suffix }}.sha256
release:
name: Create Release
needs: build
runs-on: ubuntu-latest
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: artifacts
- name: Prepare release files
run: |
mkdir -p release
find artifacts -type f -exec cp {} release/ \;
ls -la release/
- name: Generate checksums file
working-directory: release
run: |
cat *.sha256 > checksums.txt
cat checksums.txt
- name: Get version
id: version
run: |
if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
echo "version=${{ inputs.version }}" >> $GITHUB_OUTPUT
else
echo "version=${GITHUB_REF#refs/tags/cli-v}" >> $GITHUB_OUTPUT
fi
- name: Create Release
uses: softprops/action-gh-release@v2
with:
tag_name: cli-v${{ steps.version.outputs.version }}
name: Hemmelig CLI v${{ steps.version.outputs.version }}
draft: false
prerelease: false
files: |
release/hemmelig-*
release/checksums.txt
body: |
## Hemmelig CLI v${{ steps.version.outputs.version }}
Create encrypted, self-destructing secrets from the command line.
### Installation
#### Linux (amd64)
```bash
curl -L https://github.com/HemmeligOrg/Hemmelig.app/releases/download/cli-v${{ steps.version.outputs.version }}/hemmelig-linux-amd64 -o hemmelig
chmod +x hemmelig
sudo mv hemmelig /usr/local/bin/
```
#### Linux (arm64)
```bash
curl -L https://github.com/HemmeligOrg/Hemmelig.app/releases/download/cli-v${{ steps.version.outputs.version }}/hemmelig-linux-arm64 -o hemmelig
chmod +x hemmelig
sudo mv hemmelig /usr/local/bin/
```
#### macOS (Apple Silicon)
```bash
curl -L https://github.com/HemmeligOrg/Hemmelig.app/releases/download/cli-v${{ steps.version.outputs.version }}/hemmelig-darwin-arm64 -o hemmelig
chmod +x hemmelig
sudo mv hemmelig /usr/local/bin/
```
#### macOS (Intel)
```bash
curl -L https://github.com/HemmeligOrg/Hemmelig.app/releases/download/cli-v${{ steps.version.outputs.version }}/hemmelig-darwin-amd64 -o hemmelig
chmod +x hemmelig
sudo mv hemmelig /usr/local/bin/
```
#### Windows
Download `hemmelig-windows-amd64.exe` and add it to your PATH.
### Verify Download
```bash
# Download checksums
curl -L https://github.com/HemmeligOrg/Hemmelig.app/releases/download/cli-v${{ steps.version.outputs.version }}/checksums.txt -o checksums.txt
# Verify (Linux/macOS)
sha256sum -c checksums.txt --ignore-missing
```
### Usage
```bash
hemmelig "my secret message"
hemmelig "my secret" -t "Title" -e 7d -v 3
cat file.txt | hemmelig
```
See the [CLI documentation](https://github.com/HemmeligOrg/Hemmelig.app/blob/main/docs/cli.md) for more options.

59
.github/workflows/publish_docker_image.yaml vendored Normal file
View File

@@ -0,0 +1,59 @@
name: Publish Docker image
on:
release:
types: [published]
jobs:
push_to_registry:
name: Push Docker image to Docker Hub
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v3
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Get latest git tag
id: latest_tag
uses: 'WyriHaximus/github-action-get-previous-tag@v1'
with:
fallback: no-tag
- name: Get short SHA
id: short_sha
run: echo "sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: Get major version
id: major_version
run: |
echo "version=$(echo ${{ steps.latest_tag.outputs.tag }} | cut -d'.' -f1)" >> $GITHUB_OUTPUT
- name: Get minor version
id: minor_version
run: |
echo "version=$(echo ${{ steps.latest_tag.outputs.tag }} | cut -d'.' -f1,2)" >> $GITHUB_OUTPUT
- name: Build and push multi-arch image
uses: docker/build-push-action@v6
with:
context: .
platforms: linux/amd64,linux/arm64
push: true
tags: |
hemmeligapp/hemmelig:${{ steps.latest_tag.outputs.tag }}
hemmeligapp/hemmelig:${{ steps.minor_version.outputs.version }}
hemmeligapp/hemmelig:${{ steps.major_version.outputs.version }}
build-args: |
GIT_SHA=${{ steps.short_sha.outputs.sha }}
GIT_TAG=${{ steps.latest_tag.outputs.tag }}
cache-from: type=gha
cache-to: type=gha,mode=max

108
.github/workflows/release.yml vendored Normal file
View File

@@ -0,0 +1,108 @@
name: Generate Release Notes
on:
release:
types: [created]
jobs:
update-release-notes:
name: Update Release with Commit Notes
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Check out the repo
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get previous tag
id: prev_tag
run: |
# Get all tags sorted by version, exclude the current tag, take the first result
CURRENT_TAG="${{ github.event.release.tag_name }}"
PREV_TAG=$(git tag --sort=-version:refname | grep -v "^${CURRENT_TAG}$" | head -n 1)
if [ -z "$PREV_TAG" ]; then
echo "No previous tag found, will use initial commit"
# Use the initial commit as the starting point
PREV_TAG=$(git rev-list --max-parents=0 HEAD)
fi
echo "Previous tag/commit: $PREV_TAG"
echo "tag=$PREV_TAG" >> $GITHUB_OUTPUT
- name: Generate commit list
id: commits
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
REPO_URL="https://github.com/${{ github.repository }}"
CURRENT_TAG="${{ github.event.release.tag_name }}"
PREV_TAG="${{ steps.prev_tag.outputs.tag }}"
# Always use range format - PREV_TAG is guaranteed to be set (either previous tag or initial commit)
RANGE="${PREV_TAG}..${CURRENT_TAG}"
echo "Generating commits for range: $RANGE"
# Generate commit list with format: title - @nickname - sha with link
# Using tformat instead of format to ensure trailing newline
COMMITS=""
while IFS='|' read -r SHA SHORT_SHA TITLE AUTHOR || [ -n "$SHA" ]; do
[ -z "$SHA" ] && continue
# Try to get GitHub username from commit API
USERNAME=$(gh api "repos/${{ github.repository }}/commits/${SHA}" --jq '.author.login' 2>/dev/null || echo "")
if [ -n "$USERNAME" ]; then
AUTHOR_INFO="@${USERNAME}"
else
AUTHOR_INFO="${AUTHOR}"
fi
# Check if this is a PR merge commit
if [[ "$TITLE" =~ ^Merge\ pull\ request\ \#([0-9]+) ]]; then
PR_NUMBER="${BASH_REMATCH[1]}"
# Get PR title
PR_TITLE=$(gh pr view "$PR_NUMBER" --json title --jq '.title' 2>/dev/null || echo "$TITLE")
COMMITS="${COMMITS}- ${PR_TITLE} (#${PR_NUMBER}) by ${AUTHOR_INFO} ([\`${SHORT_SHA}\`](${REPO_URL}/commit/${SHA}))"$'\n'
else
COMMITS="${COMMITS}- ${TITLE} by ${AUTHOR_INFO} ([\`${SHORT_SHA}\`](${REPO_URL}/commit/${SHA}))"$'\n'
fi
done < <(git log "${RANGE}" --pretty=tformat:"%H|%h|%s|%an")
# Handle multiline output
{
echo "list<<EOF"
echo "$COMMITS"
echo "EOF"
} >> $GITHUB_OUTPUT
- name: Update Release Notes
uses: softprops/action-gh-release@v2
with:
tag_name: ${{ github.event.release.tag_name }}
body: |
## What's Changed
${{ steps.commits.outputs.list }}
**Full Changelog**: https://github.com/${{ github.repository }}/compare/${{ steps.prev_tag.outputs.tag }}...${{ github.event.release.tag_name }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
update-dockerhub-description:
name: Update Docker Hub Description
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Update Docker Hub description
uses: peter-evans/dockerhub-description@v4
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
repository: hemmeligapp/hemmelig
readme-filepath: ./docs/docker.md

51
.github/workflows/trivy.yaml vendored Normal file
View File

@@ -0,0 +1,51 @@
name: Trivy - Scan
on:
schedule:
# https://crontab.guru/daily
- cron: '0 0 * * *'
pull_request:
jobs:
scan_repository:
name: Scan the repository
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Run Trivy vulnerability scanner in repo mode
uses: aquasecurity/trivy-action@0.28.0
with:
scan-type: 'fs'
ignore-unfixed: true
format: 'sarif'
output: 'trivy-results.sarif'
severity: 'CRITICAL'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: 'trivy-results.sarif'
scan_vulnerabilities:
name: Scan the docker image
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Build an image from Dockerfile
run: |
docker build -t docker.io/hemmeligorg/hemmelig:${{ github.sha }} .
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@0.28.0
with:
image-ref: 'docker.io/hemmeligorg/hemmelig:${{ github.sha }}'
format: 'sarif'
output: 'trivy-results.sarif'
- name: Upload Trivy scan results to GitHub Security tab
uses: github/codeql-action/upload-sarif@v3
if: always()
with:
sarif_file: 'trivy-results.sarif'