feat: harden fullupgrade and document release workflow
Add set -euo pipefail, root checks, safer orphan cleanup, and a help message to fullupgrade. Refresh the README and project notes to match the current scripts and release process.
This commit is contained in:
@@ -0,0 +1,86 @@
|
||||
# Project status — fullupgrade
|
||||
|
||||
Last updated: 2026-04-27
|
||||
|
||||
## Project goal
|
||||
This repository contains two Bash scripts for system administration and Git release management:
|
||||
- `fullupgrade`: Arch Linux maintenance script
|
||||
- `makerelease.sh`: Git release automation script
|
||||
|
||||
The project is intentionally minimal and centered on these two scripts.
|
||||
|
||||
## Current structure
|
||||
- `fullupgrade`: system update and cleanup
|
||||
- `makerelease.sh`: release workflow from `dev` to `main`
|
||||
- `README.md`: English documentation with usage, warnings, and examples
|
||||
- `LICENSE`: GPLv3
|
||||
|
||||
## Current analysis
|
||||
|
||||
### 1) `fullupgrade`
|
||||
Current behavior:
|
||||
- updates `archlinux-keyring`
|
||||
- runs `pacman -Syu --noconfirm`
|
||||
- removes orphaned packages only when any are found
|
||||
- cleans the pacman cache
|
||||
|
||||
Notes:
|
||||
- the script already uses `set -euo pipefail`
|
||||
- it checks for root privileges before running package operations
|
||||
- it can have a significant system impact
|
||||
|
||||
Recommendations:
|
||||
- keep documenting the system impact clearly
|
||||
- consider whether `pacman -Sc` is the right cache cleanup level for every use case
|
||||
|
||||
### 2) `makerelease.sh`
|
||||
Current behavior:
|
||||
- takes `VERSION` and `MESSAGE` as arguments
|
||||
- checks that the current branch is `dev`
|
||||
- checks out `main`
|
||||
- merges `dev` into `main`
|
||||
- pushes the branch
|
||||
- creates an annotated tag
|
||||
- pushes tags
|
||||
- returns to `dev`
|
||||
|
||||
Notes:
|
||||
- the script currently does not use `set -euo pipefail`
|
||||
- there is no check for a clean working tree
|
||||
- there is no validation of the release message
|
||||
- there is no guard against duplicate tags
|
||||
- returning to `dev` is not protected if a command fails
|
||||
|
||||
Recommendations:
|
||||
- add `set -euo pipefail`
|
||||
- verify the Git status before releasing
|
||||
- validate `VERSION` and `MESSAGE`
|
||||
- prevent duplicate tags
|
||||
- use a `trap` to return to the initial branch on failure
|
||||
- improve the help output
|
||||
|
||||
### 3) `README.md`
|
||||
Current status:
|
||||
- the README has a first complete pass in English
|
||||
- it explains both scripts, their requirements, usage, warnings, and an example release command
|
||||
|
||||
Recommendations:
|
||||
- keep it aligned with the actual script behavior
|
||||
- add more examples only if they improve clarity
|
||||
|
||||
## Project tracking rules
|
||||
This file should be updated whenever:
|
||||
- script behavior changes
|
||||
- documentation changes materially
|
||||
- new constraints or design decisions are introduced
|
||||
- release workflow rules evolve
|
||||
|
||||
## Current priorities
|
||||
1. Secure the Bash scripts
|
||||
2. Keep documentation aligned with the scripts
|
||||
3. Make the release workflow more robust
|
||||
|
||||
## Maintenance notes
|
||||
- Always keep the README, the scripts, and this file consistent.
|
||||
- If a script changes, update this note immediately.
|
||||
- If a new usage rule appears, document it here.
|
||||
Reference in New Issue
Block a user