Now, this requires some explanation.
Initially, we had the extract workflow, which did work. The problem is
that it can't commit to general-devel due to branch protection. If we
added a bypass that let it, though, it would enable anyone with write
access to this repository to write to general-devel (you can privilege
escalate easily).
Since we don't want that, this machine is setup:
1. TShock now triggers a workflow execution on a separate repo,
hakusaro/tshock_i18n.
2. On hakusaro/tshock_i18n, a modified extraction script exists.
3. The modified extraction script, targeting tshock, downloads and runs
itself.
4. @cardinal-system, a github user I control, creates and signs a commit
and pushes it back to tshock, bypassing branch protection (because is
allowed to).
Now, nobody except me can modify the code that controls the system that
enables @cardinal-system to commit to tshock, preserving that security
element.
But how is the workflow in hakusaro/tshock_i18n triggered? Through
another workflow of course.
The issue is that triggering requires using...a PAT. Who's PAT? My PAT.
Github just launched fine-grained PATs, so I created a fine-grained PAT
scoped to only the hakusaro/tshock_i18n repo, and only workflow
dispatches.
There are other methods that could be used to technically perform this
triggering using a classic PAT, but they require the `repo` scope, which
would give anyone with write-access the ability to write to
hakusaro/tshock_i18n, which is clearly not-desired.
I was originally kinda stuck, thinking I'd have to make a fine-grained
PAT on @cardinal-system but that isn't supported yet (you can't scope a
fine-grained PAT to another user's repo yet -- only all of your repos or
the org's repos, not a collaborator's repo). But the new fine-grained
PAT system enables creating a PAT that just has a small, isolated set of
things tied to one user.
This is the safest option, I think.
The only catch is that the trigger PAT will expire on October 20, 2023,
so it has to be rotated yearly, like the nuget token
(https://github.com/Pryaxis/TShock/issues/2669).
Fun stuff.
This adds the newly dumped field descriptions to the docs. In
particular, this adds field descriptions for the config file,
permissions, and ssc config. This also updates the sidebar with this
information.
The dumper formats have also been revamped for markdown.
Creating a long row of grass with vines below and then mowing it without breaking the vines below could cause a tile framing stack overflow due to all vines being cleared at once if one of them is being broken on the server or if the client simply loads the corresponding section.
Warning: this does not fix eventual existing worlds that are already in such a state.
* Init docsify
* Readme: fix build badge, remove contributors
The "all contributors" section is woefully out of date and for many
reasons, it's not something we're going to support. Going forward, we're
going to try to find a different / better / more inclusive way of doing
contributions in such a way that's meaningful to people.
* Fix build badge again
* Update experimental build download instructions
* Remove note about Travis CI being available
* Update install guide to use TShock.Server.exe.
* ∆: minor changes to setup instructions?
* Remove setup guide because it's out of date
* Update non-dev readme with instructions on using tshock
* Remove experimental downloads section from dev readme
* Add a link to github to non-dev docs
* Change example password
* Update non-dev readme with more data
* Move changelog to docs folder
* Rehead installing tshock
* Embed streamable video
* Create CNAME
* Update CNAME
* Update index to be a little more cool
* Rename homepage
* Rename changelog to changelog
* Document constileation and heaptile providers
* More command line docs
* Update developer readme
* Augment the readme
* Add nuget links
* Add a space
* What is the cost of lies?
* Modernize cli docs
* Document tile providers
* Clarify provider slowness
* Further doument tile providers
* ∆: modify markdown output for permissions to add wikilinks
* Remove AN
