diff --git a/.continue/rules/project.md b/.continue/rules/project.md new file mode 100644 index 0000000..681a9fb --- /dev/null +++ b/.continue/rules/project.md @@ -0,0 +1,86 @@ +# Project status — fullupgrade + +Last updated: 2026-04-27 + +## Project goal +This repository contains two Bash scripts for system administration and Git release management: +- `fullupgrade`: Arch Linux maintenance script +- `makerelease.sh`: Git release automation script + +The project is intentionally minimal and centered on these two scripts. + +## Current structure +- `fullupgrade`: system update and cleanup +- `makerelease.sh`: release workflow from `dev` to `main` +- `README.md`: English documentation with usage, warnings, and examples +- `LICENSE`: GPLv3 + +## Current analysis + +### 1) `fullupgrade` +Current behavior: +- updates `archlinux-keyring` +- runs `pacman -Syu --noconfirm` +- removes orphaned packages only when any are found +- cleans the pacman cache + +Notes: +- the script already uses `set -euo pipefail` +- it checks for root privileges before running package operations +- it can have a significant system impact + +Recommendations: +- keep documenting the system impact clearly +- consider whether `pacman -Sc` is the right cache cleanup level for every use case + +### 2) `makerelease.sh` +Current behavior: +- takes `VERSION` and `MESSAGE` as arguments +- checks that the current branch is `dev` +- checks out `main` +- merges `dev` into `main` +- pushes the branch +- creates an annotated tag +- pushes tags +- returns to `dev` + +Notes: +- the script currently does not use `set -euo pipefail` +- there is no check for a clean working tree +- there is no validation of the release message +- there is no guard against duplicate tags +- returning to `dev` is not protected if a command fails + +Recommendations: +- add `set -euo pipefail` +- verify the Git status before releasing +- validate `VERSION` and `MESSAGE` +- prevent duplicate tags +- use a `trap` to return to the initial branch on failure +- improve the help output + +### 3) `README.md` +Current status: +- the README has a first complete pass in English +- it explains both scripts, their requirements, usage, warnings, and an example release command + +Recommendations: +- keep it aligned with the actual script behavior +- add more examples only if they improve clarity + +## Project tracking rules +This file should be updated whenever: +- script behavior changes +- documentation changes materially +- new constraints or design decisions are introduced +- release workflow rules evolve + +## Current priorities +1. Secure the Bash scripts +2. Keep documentation aligned with the scripts +3. Make the release workflow more robust + +## Maintenance notes +- Always keep the README, the scripts, and this file consistent. +- If a script changes, update this note immediately. +- If a new usage rule appears, document it here. diff --git a/README.md b/README.md index 2d62217..2987254 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,79 @@ # fullupgrade +Minimal Bash tools for Arch Linux maintenance and Git release automation. + +## Overview + +This repository contains two small Bash scripts: + +- `fullupgrade`: updates an Arch Linux system and performs cleanup +- `makerelease.sh`: merges `dev` into `main` and creates a release tag + +The project is intentionally small and focused on a simple, opinionated workflow. + +## Requirements + +- Bash +- `pacman` for `fullupgrade` +- `git` for `makerelease.sh` +- root privileges for `fullupgrade` +- a local Git repository with `dev` and `main` branches for `makerelease.sh` + +## `fullupgrade` + +`fullupgrade` performs the following steps: + +1. updates `archlinux-keyring` +2. runs a full system synchronization with `pacman -Syu --noconfirm` +3. removes orphaned packages if any are found +4. cleans the pacman cache with `pacman -Sc --noconfirm` + +### Usage + +```bash +sudo ./fullupgrade +``` + +### Notes + +- The script must be run as `root`. +- It does not ask for confirmation. +- It can remove packages and clean the package cache, so review the output carefully. + +## `makerelease.sh` + +`makerelease.sh` automates a simple Git release workflow: + +1. checks that the current branch is `dev` +2. switches to `main` +3. merges `dev` into `main` +4. pushes `main` +5. creates an annotated tag using the provided version and message +6. pushes tags +7. switches back to `dev` + +### Usage + +```bash +./makerelease.sh VERSION "Release message" +``` + +### Example + +```bash +./makerelease.sh 1.2.0 "Release 1.2.0" +``` + +### Notes + +- Run the script from a clean, local Git repository. +- Make sure the `dev` branch contains the changes you want to release. +- The script may fail if Git state is unexpected or if a tag already exists. + +## Status + +This repository is intentionally minimal. `fullupgrade` is hardened with `set -euo pipefail`, while `makerelease.sh` may still need additional validation and safeguards. + +## License + +GPLv3 diff --git a/fullupgrade b/fullupgrade index 51d3857..ec43b34 100755 --- a/fullupgrade +++ b/fullupgrade @@ -1,6 +1,61 @@ #!/bin/bash +set -euo pipefail -pacman -Sy --noconfirm archlinux-keyring -pacman -Syu --noconfirm -pacman -Rns $(pacman -Qqtd) --noconfirm -pacman -Sc --noconfirm +show_help() { + cat <<'EOF' +Usage: fullupgrade + +Met à jour Arch Linux et effectue un nettoyage: + - mise à jour de archlinux-keyring + - synchronisation complète du système + - suppression des paquets orphelins + - nettoyage du cache pacman + +Attention: ce script modifie le système et s'exécute sans confirmation. +EOF +} + + +require_root() { + if [ "${EUID:-$(id -u)}" -ne 0 ]; then + echo "Erreur: ce script doit être exécuté en root." >&2 + exit 1 + fi +} + +cleanup_orphans() { + local orphans=() + + mapfile -t orphans < <(pacman -Qqtd) + + if [ "${#orphans[@]}" -gt 0 ]; then + pacman -Rns --noconfirm "${orphans[@]}" + else + echo "Aucun paquet orphelin à supprimer." + fi +} + +main() { + if [ "${1:-}" = "-h" ] || [ "${1:-}" = "--help" ]; then + show_help + exit 0 + fi + + require_root + + echo "Mise à jour de archlinux-keyring..." + pacman -Sy --noconfirm archlinux-keyring + + echo "Mise à jour complète du système..." + pacman -Syu --noconfirm + + echo "Recherche des paquets orphelins..." + cleanup_orphans + + echo "Nettoyage du cache pacman..." + pacman -Sc --noconfirm + + echo "Mise à jour terminée avec succès." +} + +main "$@"