From 3590da7e269e4996410d3fd4c74bda17a7c4d155 Mon Sep 17 00:00:00 2001 From: Vincent Mahnke Date: Wed, 17 Jun 2026 16:50:13 +0200 Subject: [PATCH 1/4] fix: Removes offline and unavailable links --- web/www/sunders/json/links.json | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/web/www/sunders/json/links.json b/web/www/sunders/json/links.json index f597479..d7cd3cc 100644 --- a/web/www/sunders/json/links.json +++ b/web/www/sunders/json/links.json @@ -3,22 +3,17 @@ { "sectionTitle": "", "isExpandable": false, "isExpandedByDefault": true, "listEntries": [ { "sourceText": "1984 Actionday", "href": "https://1984actionday.wordpress.com/", "linkText": "When will you fight back?" }, { "sourceText": "ACLU", "href": "https://www.aclu.org/sites/default/files/field_document/061819-robot_surveillance.pdf", "linkText": "The Dawn of Robot Surveillance" }, - { "sourceText": "Adversarial Fashion", "href": "https://adversarialfashion.com/", "linkText": "Patterns on goods designed to trigger Automated License Plate Readers" }, { "sourceText": "Atlas of Surveillance", "href": "https://atlasofsurveillance.org/", "linkText": "Documenting Police Tech in Our Communities" }, { "sourceText": "Ban Facial Recognition", "href": "https://www.banfacialrecognition.com/", "linkText": "Ban Facial Recognition" }, { "sourceText": "Ban Facial Recognition", "href": "https://www.banfacialrecognition.com/festivals/", "linkText": "Ban Facial Recognition at Festivals" }, - { "sourceText": "Ban Facial Recognition", "href": "https://ban-facial-recognition.wesign.it/droitshumains/ban-facial-recognition-europe", "linkText": "Ban Facial Recognition Europe!" }, { "sourceText": "Electronic Frontier Foundation", "href": "https://www.eff.org/sls", "linkText": "Street Level Surveillance" }, - { "sourceText": "Every Two Years", "href": "https://everytwoyears.org/", "linkText": "Help Make Democracy" }, { "sourceText": "Fawkes", "href": "http://sandlab.cs.uchicago.edu/fawkes/", "linkText": "Image “Cloaking” for Personal Privacy" }, { "sourceText": "GitHub", "href": "https://github.com/unsurv", "linkText": "unsurv" }, - { "sourceText": "Insecam", "href": "https://www.insecam.org/", "linkText": "World biggest online cameras directory" }, + { "sourceText": "Insecam", "href": "http://www.insecam.org/", "linkText": "World biggest online cameras directory" }, { "sourceText": "No CCTV", "href": "http://www.no-cctv.org.uk/", "linkText": "Campaigning against camera surveillance in the UK & beyond" }, { "sourceText": "NYC Surveillance Camera Project", "href": "http://www.mediaeater.com/cameras/", "linkText": "NYC Surveillance Camera Project" }, { "sourceText": "Reclaim Your Face", "href": "https://reclaimyourface.eu/", "linkText": "Reclaim Your Face" }, { "sourceText": "S.T.O.P.", "href": "https://www.stopspying.org/", "linkText": "The Surveillance Technology Oversight Project" }, - { "sourceText": "Spy Blog", "href": "https://p10.secure.hostingprod.com/@spyblog.org.uk/ssl/spyblog/cctv-surveillance-cameras/", "linkText": "Category: CCTV surveillance cameras" }, - { "sourceText": "unsurv", "href": "https://www.unsurv.org/", "linkText": "unsurv.org" }, { "sourceText": "Wikipedia", "href": "https://www.wikipedia.org/wiki/Mass_surveillance_in_the_United_States", "linkText": "Mass Surveillance in the United States" }, { "sourceText": "Yale University", "href": "https://privacylab.yale.edu/", "linkText": "Privacy Lab" } ] } @@ -27,7 +22,6 @@ { "listTitle": "fra", "sections": [ { "sectionTitle": "", "isExpandable": false, "isExpandedByDefault": true, "listEntries": [ - { "sourceText": "Ban Facial Recognition", "href": "https://ban-facial-recognition.wesign.it/droitshumains/bannissons-la-reconnaissance-faciale-en-europe", "linkText": "Bannissons la reconnaissance faciale en Europe!" }, { "sourceText": "BUG BROTHER", "href": "http://bugbrother.blog.lemonde.fr/", "linkText": "Qui surveillera les surveillants?" }, { "sourceText": "LA QUADRATURE DU NET", "href": "https://www.laquadrature.net/fr", "linkText": "Internet & Libertés" }, { "sourceText": "Reclaim Your Face", "href": "https://reclaimyourface.eu/fr/", "linkText": "Reclaim Your Face FR" }, @@ -38,20 +32,17 @@ { "listTitle": "ger", "sections": [ { "sectionTitle": "", "isExpandable": false, "isExpandedByDefault": true, "listEntries": [ - { "sourceText": "AK Vorrat", "href": "http://wiki.vorratsdatenspeicherung.de/Arbeitsgruppe_Video%C3%BCberwachung", "linkText": "Arbeitsgruppe Videoüberwachung" }, + { "sourceText": "AK Vorrat", "href": "http://wiki.vorratsdatenspeicherung.de/Arbeitsgruppe_Videoüberwachung", "linkText": "Arbeitsgruppe Videoüberwachung" }, { "sourceText": "AK Vorrat", "href": "http://wiki.vorratsdatenspeicherung.de/images/Folder_cctv.pdf", "linkText": "Infobroschüre: Videoüberwachung? Sicherheit geht anders!" }, { "sourceText": "AK Vorrat, Ortsgruppe Hannover", "href": "http://wiki.vorratsdatenspeicherung.de/Ortsgruppen/Hannover/Videoueberwachung_in_Hannover", "linkText": "Videoüberwachung in Hannover" }, { "sourceText": "AKTION FREIHEIT STATT ANGST", "href": "https://www.aktion-freiheitstattangst.org/", "linkText": "Aktion Freiheit statt Angst e.V." }, - { "sourceText": "Ban Facial Recognition", "href": "https://ban-facial-recognition.wesign.it/droitshumains/verbot-der-gesichtserkennung-in-europa", "linkText": "Verbot der Gesichtserkennung in Europa!" }, { "sourceText": "Benjamin J. Kees", "href": "https://algoropticon.de/", "linkText": "Algorithmisches Panopticon" }, { "sourceText": "dieDatenschützer Rhein-Main", "href": "https://ddrm.de/category/videouberwachung-2/", "linkText": "Kategoriearchiv: Videoüberwachung" }, { "sourceText": "EPICENTER.WORKS", "href": "https://epicenter.works/thema/face-recognition", "linkText": "Face Recognition - Gesichtserkennung" }, { "sourceText": "EPICENTER.WORKS", "href": "https://überwachungspaket.at/", "linkText": "Stoppt das Überwachungspaket!" }, { "sourceText": "Frag den Staat", "href": "https://fragdenstaat.de/anfrage/informationen-zum-projekt-sicherheitsbahnhof-berlin-sudkreuz/", "linkText": "Informationen zum „Projekt Sicherheitsbahnhof“ Berlin Südkreuz" }, { "sourceText": "Frag den Staat", "href": "https://fragdenstaat.de/anfrage/datenschutzkonzept-fur-videouberwachung-am-bahnhof-berlin-sudkreuz/", "linkText": "Datenschutzkonzept für Videoüberwachung am Bahnhof Berlin Südkreuz" }, - { "sourceText": "Kassel-Watch-Log", "href": "https://www.ks-watch.de/", "linkText": "Videoüberwachung im öffentlichen Raum Kassel" }, { "sourceText": "Reclaim Your Face", "href": "https://reclaimyourface.eu/de/", "linkText": "Reclaim Your Face DE" }, - { "sourceText": "_STATTKAMERAS", "href": "https://stattkameras.de/", "linkText": "Gegen Videoüberwachung am Hansaplatz" } ] } ] } -- 2.51.2 From c6d87997b00cad5cf3375bfd3340107defdc00d5 Mon Sep 17 00:00:00 2001 From: Vincent Mahnke Date: Wed, 17 Jun 2026 16:56:15 +0200 Subject: [PATCH 2/4] fix: Removes buildx --- .forgejo/workflows/images.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.forgejo/workflows/images.yml b/.forgejo/workflows/images.yml index 6dfac7b..190d8d4 100644 --- a/.forgejo/workflows/images.yml +++ b/.forgejo/workflows/images.yml @@ -11,9 +11,6 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Login to Container Registry uses: docker/login-action@v3 with: -- 2.51.2 From f407b077f28a4f4d44b552b05a7c2efccd85ab01 Mon Sep 17 00:00:00 2001 From: Vincent Mahnke Date: Wed, 17 Jun 2026 16:59:21 +0200 Subject: [PATCH 3/4] fix: Uses docker binary --- .forgejo/workflows/images.yml | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/.forgejo/workflows/images.yml b/.forgejo/workflows/images.yml index 190d8d4..bc48a98 100644 --- a/.forgejo/workflows/images.yml +++ b/.forgejo/workflows/images.yml @@ -11,12 +11,25 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + - name: Check Docker CLI and daemon + run: | + if ! command -v docker >/dev/null 2>&1; then + echo "::error::docker CLI not found in PATH on this runner" + exit 1 + fi + + if ! docker info >/dev/null 2>&1; then + echo "::error::docker daemon is not reachable (check /var/run/docker.sock or DOCKER_HOST)" + docker version || true + env | grep '^DOCKER' || true + ls -l /var/run/docker.sock || true + exit 1 + fi + - name: Login to Container Registry - uses: docker/login-action@v3 - with: - registry: git.hamburg.ccc.de - username: ${{ secrets.REGISTRY_USERNAME }} - password: ${{ secrets.REGISTRY_TOKEN }} + if: github.event_name == 'push' + run: | + echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.hamburg.ccc.de -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin - name: Set image tags id: vars -- 2.51.2 From b2544cf2678875b108c82c6c10ced3458bc1c69d Mon Sep 17 00:00:00 2001 From: Vincent Mahnke Date: Wed, 17 Jun 2026 17:02:05 +0200 Subject: [PATCH 4/4] refactor: Uses kaniko builder --- .forgejo/workflows/images.yml | 68 ++++++++++++++--------------------- 1 file changed, 27 insertions(+), 41 deletions(-) diff --git a/.forgejo/workflows/images.yml b/.forgejo/workflows/images.yml index bc48a98..cb999c5 100644 --- a/.forgejo/workflows/images.yml +++ b/.forgejo/workflows/images.yml @@ -7,61 +7,47 @@ on: jobs: build: runs-on: docker + container: + image: ghcr.io/osscontainertools/kaniko:alpine steps: + - name: Install required system packages + run: apk add --no-cache nodejs git + - name: Checkout repository uses: actions/checkout@v4 - - - name: Check Docker CLI and daemon - run: | - if ! command -v docker >/dev/null 2>&1; then - echo "::error::docker CLI not found in PATH on this runner" - exit 1 - fi - - if ! docker info >/dev/null 2>&1; then - echo "::error::docker daemon is not reachable (check /var/run/docker.sock or DOCKER_HOST)" - docker version || true - env | grep '^DOCKER' || true - ls -l /var/run/docker.sock || true - exit 1 - fi - - - name: Login to Container Registry - if: github.event_name == 'push' - run: | - echo "${{ secrets.REGISTRY_TOKEN }}" | docker login git.hamburg.ccc.de -u "${{ secrets.REGISTRY_USERNAME }}" --password-stdin - name: Set image tags id: vars run: | - if [ "${{ github.ref_name }}" = "main" ] && [ "${{ github.event_name }}" = "push" ]; then + if [ "${{ forgejo.ref_name }}" = "main" ] && [ "${{ forgejo.event_name }}" = "push" ]; then echo "tag=latest" >> $GITHUB_OUTPUT else # renovate creates sub branches with `/`; these break the tagging in the build process - echo tag=$(echo "${{ github.ref_name }}" | sed 's/[^a-zA-Z0-9._-]/_/g') >> $GITHUB_OUTPUT + echo tag=$(echo "${{ forgejo.ref_name }}" | sed 's/[^a-zA-Z0-9._-]/_/g') >> $GITHUB_OUTPUT fi - name: Build web image + env: + KANIKO_NO_PUSH: ${{ forgejo.event_name != 'push' }} + KANIKO_GIT_HAMBURG_CCC_DE_USER: ${{ secrets.REGISTRY_USERNAME }} + KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.REGISTRY_TOKEN }} run: | - docker build -f ./Containerfile -t git.hamburg.ccc.de/ccchh/sunders/web:${{ steps.vars.outputs.tag }} . - working-directory: ./web + /kaniko/executor \ + --dockerfile="${{ forgejo.workspace }}/web/Containerfile" \ + --context="dir://${{ forgejo.workspace }}/web" \ + --destination=git.hamburg.ccc.de/ccchh/sunders/web:${{ steps.vars.outputs.tag }} \ + --no-push-cache \ + --credential-helpers=env - name: Build data_handler image + env: + KANIKO_NO_PUSH: ${{ forgejo.event_name != 'push' }} + KANIKO_GIT_HAMBURG_CCC_DE_USER: ${{ secrets.REGISTRY_USERNAME }} + KANIKO_GIT_HAMBURG_CCC_DE_PASSWORD: ${{ secrets.REGISTRY_TOKEN }} run: | - docker build -f ./Containerfile -t git.hamburg.ccc.de/ccchh/sunders/data_handler:${{ steps.vars.outputs.tag }} . - working-directory: ./data_handler - - - name: Push images to Container Registry - run: | - docker push git.hamburg.ccc.de/ccchh/sunders/web:${{ steps.vars.outputs.tag }} - docker push git.hamburg.ccc.de/ccchh/sunders/data_handler:${{ steps.vars.outputs.tag }} - if: github.event_name == 'push' - - - name: Update docker-compose.yml image tags - run: | - sed -i "s/:latest/:${{ steps.vars.outputs.tag }}/g" docker-compose.yml - - - name: Start Docker Compose services - run: | - docker compose up -d --wait - docker compose down \ No newline at end of file + /kaniko/executor \ + --dockerfile="${{ forgejo.workspace }}/data_handler/Containerfile" \ + --context="dir://${{ forgejo.workspace }}/data_handler" \ + --destination=git.hamburg.ccc.de/ccchh/sunders/data_handler:${{ steps.vars.outputs.tag }} \ + --no-push-cache \ + --credential-helpers=env \ No newline at end of file -- 2.51.2