x9/xetup
1
0
Fork 0
Code Issues 17 Pull requests Projects Releases 5 Packages Wiki Activity Actions

docs: version changelog as 0.7 + add web changelog page

Browse source 
- CHANGELOG.md: switch to Keep a Changelog versioning ([Unreleased], [0.7], [0.6]).
- web/changelog/: new page that fetches CHANGELOG.md from Forgejo (raw API via the
  /forgejo-api proxy) and renders it - single source of truth.
- Add Changelog to the nav on landing, navod and spec pages.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
X9 Dev 2026-06-02 14:07:27 +02:00
parent 3fc8c31032
commit f89093212f
5 changed files with 222 additions and 70 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

134
CHANGELOG.md
View file

@ -1,85 +1,79 @@
# Changelog # Changelog
All notable changes to xetup. Dates are when the change landed on `main`. All notable changes to xetup. Format based on [Keep a Changelog](https://keepachangelog.com).
No diacritics anywhere (project rule).
Builds are continuous: every push to `main` produces a signed `xetup.exe` Builds are continuous: every push to `main` produces a signed `xetup.exe` published as the
published as the `latest` release. No diacritics anywhere (project rule). `latest` release. Version tags (e.g. `v0.7`) mark notable milestones.
## 2026-06-02 ## [Unreleased]
### Fixed _Nothing yet._
- **Accent color now reliable in all profiles** (`04-default-profile.ps1`):
write `AccentPalette` (REG_BINARY, 8 shades from #223B47) alongside
`AccentColor`/`AccentColorMenu`. Without `AccentPalette`, Win11 ignores the
custom accent on Start/taskbar and falls back to the default - the cause of
"colors not applied everywhere". The full theme (Custom mode: dark system +
light apps, accent on Start/taskbar and title bars/borders) is written to the
Default hive (new users), the current user (HKCU) and `HKU\.DEFAULT`
(lock/welcome screen) so all profiles match. (`4d08d0c`)
- **BackInfo background color** (`assets/Backinfo/BackInfo.ini`):
`BackgroundColor 4668194 -> 2243399`. BackInfo reads the value as 0xRRGGBB
(RGB), not COLORREF/BGR, so #223B47 = 0x223B47 = 2243399; the BGR value
rendered with red/blue swapped. (`4d08d0c`)
### Docs ## [0.7] - 2026-06-02
- Web (spec, descriptions.json) updated for AccentPalette / all-profile theme
and the BackInfo background fix. (`917fc89`)
- `SPEC.md` + `CLAUDE.md` synced with all changes from this period. (`41f6d27`)
## 2026-06-01
### Fixed
- **Taskbar File Explorer pin** (`04-default-profile.ps1`): pin Explorer via its
AppUserModelID (`DesktopApplicationID="Microsoft.Windows.Explorer"`) instead of
a hand-made `File Explorer.lnk`. The custom shortcut pinned as a separate app -
clicking it launched a second Explorer that did not group with the running
window, and the icon could not be unpinned normally. (`451b9e2`)
- **Atera installed under SYSTEM** (`02-software.ps1`): install the Atera MSI via
a one-shot scheduled task running as `NT AUTHORITY\SYSTEM` (`msiexec /qn`), then
remove the task. Under SYSTEM the agent registers silently with no interactive
MFA window, so no technician input is needed. MSI staged in `C:\Windows\Temp`. (`451b9e2`)
### Docs
- Web (spec, descriptions.json, navod) updated for the Explorer AUMID pin and
Atera-under-SYSTEM. (`603fba5`)
## 2026-05-29
### Added ### Added
- **Code signing in CI**: the release workflow now signs `xetup.exe` on every push - **Code signing in CI**: the release workflow signs `xetup.exe` on every push (and via
(and via `workflow_dispatch`) using Azure Trusted Signing (certificate `workflow_dispatch`) using Azure Trusted Signing (certificate "X9.cz s.r.o.") through jsign,
"X9.cz s.r.o.") through jsign, plus an RFC3161 timestamp plus an RFC3161 timestamp (`timestamp.acs.microsoft.com`). jsign is pinned by version + sha256.
(`timestamp.acs.microsoft.com`). jsign is pinned by version + sha256. Trusted Trusted Signing certs are short-lived (~3 days); the timestamp keeps the signature valid past
Signing certs are short-lived (~3 days); the timestamp keeps the signature valid expiry. Only `AZURE_CLIENT_SECRET` is a Forgejo Actions secret. (`853908b`)
past expiry. Only `AZURE_CLIENT_SECRET` is a Forgejo Actions secret. (`853908b`)
- `workflow_dispatch` trigger for manual release runs. (`cdad15a`) - `workflow_dispatch` trigger for manual release runs. (`cdad15a`)
- **Keyboard layout**: CZ primary + US secondary, applied to all profiles via
`Set-WinUserLanguageList` (current user) and the `Preload` key in the Default hive and
`HKU\.DEFAULT`. (`94b7786`)
### Fixed ### Fixed
Field fixes from the first fresh Win11 deployment (Dell Latitude 5521 / GLBNTB63) (`94b7786`): - **winget** (02, 11): pass `--source winget` to every install. Fresh Win11 ISOs ship an App
- **winget**: pass `--source winget` to every install (02, 11). Fresh Win11 ISOs Installer with a stale pinned cert, so the msstore source fails with `0x8a15005e` and aborts
ship an App Installer with a stale pinned cert, so the msstore source fails with the install; forcing the winget source bypasses it. (`94b7786`)
`0x8a15005e` and aborts the install; forcing the winget source bypasses it. - **Network Discovery** (10): enable by resource-string group `-Group "@FirewallAPI.dll,-32752"`
- **Network Discovery** (10): enable by resource-string group instead of `-DisplayGroup "Network Discovery"`, which is localized and failed on Czech Windows. (`94b7786`)
`-Group "@FirewallAPI.dll,-32752"` instead of `-DisplayGroup "Network Discovery"`, - **Atera detection** (02): verify via the `AteraAgent` service (`Get-Service`) with a path-check
which is localized and failed on Czech Windows. fallback incl. `C:\ProgramData`, since Atera no longer installs to a fixed location. (`94b7786`)
- **Keyboard** (04): set CZ primary + US secondary via `Set-WinUserLanguageList` - **Windows Update log** (12): format installed updates via `$_.Result`/`$_.Title` instead of
(current user) and the `Preload` key in the Default hive and `HKU\.DEFAULT`. logging the raw objects (which printed "System.__ComObject"). (`94b7786`)
- **Atera detection** (02): verify via the `AteraAgent` service (`Get-Service`) - **UCPD** (02): the UCPD stop failure on Win11 24H2 (protected service) is logged WARN, not
with a path-check fallback incl. `C:\ProgramData`, since Atera no longer installs ERROR; the system-wide HKCR write succeeds regardless. (`94b7786`)
to a fixed location. - **Atera under SYSTEM** (02): install the MSI via a one-shot scheduled task running as
- **Windows Update log** (12): format installed updates via `$_.Result`/`$_.Title` `NT AUTHORITY\SYSTEM` (`msiexec /qn`). Under SYSTEM the agent registers silently with no
instead of logging the raw objects (which printed "System.__ComObject"). interactive MFA window. (`451b9e2`)
- **UCPD** (02): the UCPD stop failure on Win11 24H2 (protected service) is logged - **Taskbar File Explorer pin** (04): pin Explorer via its AppUserModelID
WARN, not ERROR; the system-wide HKCR write succeeds regardless. (`DesktopApplicationID="Microsoft.Windows.Explorer"`) instead of a hand-made `.lnk`. The custom
shortcut launched a second Explorer that did not group with the running window and could not be
unpinned. (`451b9e2`)
- **Accent color in all profiles** (04): write `AccentPalette` (REG_BINARY, 8 shades from #223B47)
alongside `AccentColor`. Without it Win11 drops the custom accent on Start/taskbar and falls back
to the default. The full theme (Custom mode: dark system + light apps; accent on Start/taskbar and
title bars/borders) is written to the Default hive, the current user (HKCU) and `HKU\.DEFAULT` so
all profiles match. (`4d08d0c`)
- **BackInfo background color**: `BackgroundColor 4668194 -> 2243399`. BackInfo reads the value as
0xRRGGBB (RGB), not COLORREF/BGR, so #223B47 = 2243399; the BGR value swapped red/blue. (`4d08d0c`)
### CI / Infra ### CI / Infra
- deploy.json update step made non-fatal (cosmetic, runs after the release is - deploy.json update step made non-fatal (cosmetic, runs after the release is published). (`8a7fc10`)
published). (`8a7fc10`) - Forgejo runner: bind-mount the docker socket into job containers so the deploy.json step's
- Forgejo runner: bind-mount the docker socket into job containers so the `docker exec` works. (`c8c8523`, `beceeb4`)
deploy.json step's `docker exec` works. (`c8c8523`, `beceeb4`) - docker-compose: mount `web/data` read-write so CI can refresh `deploy.json` (rest of the web
- docker-compose: mount `web/data` read-write so CI can refresh `deploy.json` docroot stays read-only). (`7becac7`)
(rest of the web docroot stays read-only). (`7becac7`)
### Docs ### Docs
- Web (spec, descriptions.json, navod, landing) updated for the field fixes and - Web (spec, descriptions.json, navod, landing) updated for all of the above.
code signing. (`133fc1e`) - `SPEC.md` + `CLAUDE.md` synced. Added this `CHANGELOG.md`.
## [0.6] - 2026-04-28
### Added
- Step 03: disable hibernation and Smart App Control; reworked Edge configuration
(mandatory policies + initial_preferences). (`0cfe751`)
### Fixed
- Reliability and robustness pass: watchdog kills a stalled script after 30 min of silence;
reboot-loop protection caps each step at 5 restarts; atomic `state.json` writes (tmp+rename);
email report retried 3x with a local HTML fallback; Default-hive unload retried; resume mode
fixed to actually run pending steps. (`d30767e`)
---
Earlier history (pre-0.6): see the git log - initial Go launcher, embedded PowerShell steps,
reboot-resume cycle, Forgejo CI build, and the static site at xetup.x9.cz.

155
web/changelog/index.html Normal file
View file

@ -0,0 +1,155 @@
<!DOCTYPE html>
<html lang="cs">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Changelog &ndash; xetup</title>
<link rel="icon" type="image/x-icon" href="/favicon.ico">
<style>
:root {
--bg: #0f1117;
--card: #1a1d27;
--border: #2a2d3a;
--text: #e0e0e0;
--muted: #888;
--accent: #223B47;
--green: #2ea043;
--blue: #58a6ff;
}
* { box-sizing: border-box; margin: 0; padding: 0; }
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
background: var(--bg); color: var(--text); min-height: 100vh;
}
header {
border-bottom: 1px solid var(--border); padding: 1rem 2rem;
display: flex; align-items: center; gap: .75rem;
position: sticky; top: 0; background: var(--bg); z-index: 100;
}
.logo-text { font-size: 1.1rem; font-weight: 700; color: #fff; letter-spacing: -.02em; }
.logo-sub { font-size: .8rem; color: var(--muted); margin-left: .2rem; }
header nav { margin-left: auto; display: flex; gap: 1.5rem; }
header nav a { color: var(--muted); text-decoration: none; font-size: .85rem; transition: color .15s; }
header nav a:hover, header nav a.active { color: var(--text); }
.content { max-width: 760px; margin: 0 auto; padding: 3rem 1.5rem 4rem; }
h1 { font-size: 1.9rem; font-weight: 800; color: #fff; letter-spacing: -.03em; margin-bottom: .4rem; }
.subtitle { color: var(--muted); font-size: .95rem; margin-bottom: 2.5rem; }
/* rendered markdown */
.md h2 {
font-size: 1.25rem; font-weight: 800; color: #fff; margin: 2.2rem 0 .3rem;
padding-bottom: .4rem; border-bottom: 1px solid var(--border);
}
.md h2:first-child { margin-top: 0; }
.md h3 {
font-size: .78rem; font-weight: 700; letter-spacing: .07em; text-transform: uppercase;
color: var(--blue); margin: 1.3rem 0 .5rem;
}
.md p { color: var(--muted); font-size: .9rem; line-height: 1.6; margin: .5rem 0; }
.md ul { list-style: none; margin: .3rem 0 .9rem; padding: 0; }
.md li {
color: var(--text); font-size: .89rem; line-height: 1.6;
padding: .35rem 0 .35rem 1.1rem; position: relative; border-bottom: 1px solid rgba(42,45,58,.5);
}
.md li:before { content: "\2022"; color: var(--accent); filter: brightness(2.2); position: absolute; left: .15rem; }
.md strong { color: #fff; font-weight: 600; }
.md em { color: var(--muted); font-style: italic; }
.md code {
background: rgba(255,255,255,.1); padding: .08rem .35rem; border-radius: 4px;
font-family: 'SFMono-Regular', Consolas, 'Liberation Mono', Menlo, monospace;
font-size: .82em; color: var(--blue);
}
.md a { color: var(--blue); text-decoration: none; }
.md a:hover { text-decoration: underline; }
.md hr { border: none; border-top: 1px solid var(--border); margin: 2rem 0; }
.loading { color: var(--muted); font-size: .9rem; }
footer {
border-top: 1px solid var(--border); padding: 1.2rem 2rem;
text-align: center; font-size: .8rem; color: var(--muted);
}
footer a { color: var(--muted); text-decoration: none; }
footer a:hover { color: var(--text); }
</style>
</head>
<body>
<header>
<a href="/" style="display:flex;align-items:center;gap:.6rem;text-decoration:none">
<img src="/x9-logo.jpeg" alt="X9.cz" style="height:28px;width:28px;border-radius:5px;object-fit:cover;">
<span class="logo-text">xetup</span><span class="logo-sub">by X9.cz</span>
</a>
<nav>
<a href="/navod/">Navod</a>
<a href="/spec/">Specifikace</a>
<a href="/changelog/" class="active">Changelog</a>
<a href="https://git.xetup.x9.cz/x9/xetup">Git</a>
</nav>
</header>
<div class="content">
<h1>Changelog</h1>
<p class="subtitle">Historie zmen &ndash; nacitano z <code>CHANGELOG.md</code> v repozitari</p>
<div class="md" id="md"><p class="loading">Nacitam changelog...</p></div>
</div>
<footer>
&copy; 2026 <a href="https://x9.cz">X9.cz s.r.o.</a>
&nbsp;&middot;&nbsp;
<a href="/">xetup.x9.cz</a>
&nbsp;&middot;&nbsp;
<a href="https://git.xetup.x9.cz/x9/xetup/raw/branch/main/CHANGELOG.md">Raw</a>
</footer>
<script>
(function () {
var API = '/forgejo-api';
var REPO = 'x9/xetup';
function esc(s) {
return s.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;');
}
function inline(s) {
s = esc(s);
s = s.replace(/`([^`]+)`/g, '<code>$1</code>');
s = s.replace(/\*\*([^*]+)\*\*/g, '<strong>$1</strong>');
s = s.replace(/\[([^\]]+)\]\(([^)]+)\)/g, '<a href="$2" target="_blank" rel="noopener">$1</a>');
s = s.replace(/(^|[\s(])_([^_]+)_/g, '$1<em>$2</em>');
return s;
}
function render(md) {
var lines = md.replace(/\r/g, '').split('\n');
var html = '', inList = false;
function closeList() { if (inList) { html += '</ul>'; inList = false; } }
for (var i = 0; i < lines.length; i++) {
var ln = lines[i];
if (/^# /.test(ln)) { closeList(); continue; } // page already has H1
if (/^## /.test(ln)) { closeList(); html += '<h2>' + inline(ln.slice(3)) + '</h2>'; continue; }
if (/^### /.test(ln)) { closeList(); html += '<h3>' + inline(ln.slice(4)) + '</h3>'; continue; }
if (/^---\s*$/.test(ln)) { closeList(); html += '<hr>'; continue; }
if (/^- /.test(ln)) { if (!inList) { html += '<ul>'; inList = true; } html += '<li>' + inline(ln.slice(2)) + '</li>'; continue; }
if (/^\s+\S/.test(ln) && inList) { // wrapped continuation of a bullet
html = html.replace(/<\/li>$/, ' ' + inline(ln.trim()) + '</li>');
continue;
}
if (/^\s*$/.test(ln)) { closeList(); continue; }
closeList(); html += '<p>' + inline(ln.trim()) + '</p>';
}
closeList();
return html;
}
fetch(API + '/repos/' + REPO + '/raw/CHANGELOG.md')
.then(function (r) { if (!r.ok) throw new Error(r.status); return r.text(); })
.then(function (md) { document.getElementById('md').innerHTML = render(md); })
.catch(function () {
document.getElementById('md').innerHTML =
'<p>Changelog se nepodarilo nacist. Otevri jej primo v repozitari: ' +
'<a href="https://git.xetup.x9.cz/x9/xetup/src/branch/main/CHANGELOG.md">CHANGELOG.md</a>.</p>';
});
})();
</script>
</body>
</html>

1
web/index.html
View file

@ -158,6 +158,7 @@
<nav> <nav>
<a href="/navod/">Navod</a> <a href="/navod/">Navod</a>
<a href="/spec/">Specifikace</a> <a href="/spec/">Specifikace</a>
<a href="/changelog/">Changelog</a>
<a href="https://git.xetup.x9.cz/x9/xetup">Git</a> <a href="https://git.xetup.x9.cz/x9/xetup">Git</a>
<a href="https://git.xetup.x9.cz/x9/xetup/issues">Issues</a> <a href="https://git.xetup.x9.cz/x9/xetup/issues">Issues</a>
</nav> </nav>

1
web/navod/index.html
View file

@ -123,6 +123,7 @@
<nav> <nav>
<a href="/navod/" class="active">Navod</a> <a href="/navod/" class="active">Navod</a>
<a href="/spec/">Specifikace</a> <a href="/spec/">Specifikace</a>
<a href="/changelog/">Changelog</a>
<a href="https://git.xetup.x9.cz/x9/xetup">Git</a> <a href="https://git.xetup.x9.cz/x9/xetup">Git</a>
</nav> </nav>
</header> </header>

1
web/spec/index.html
View file

@ -486,6 +486,7 @@
<nav> <nav>
<a href="/navod/">Navod</a> <a href="/navod/">Navod</a>
<a href="/spec/" class="active">Specifikace</a> <a href="/spec/" class="active">Specifikace</a>
<a href="/changelog/">Changelog</a>
<a href="https://git.xetup.x9.cz/x9/xetup">Git</a> <a href="https://git.xetup.x9.cz/x9/xetup">Git</a>
<a href="https://git.xetup.x9.cz/x9/xetup/issues">Issues</a> <a href="https://git.xetup.x9.cz/x9/xetup/issues">Issues</a>
</nav> </nav>