From c5f311f9ac90737da9456a498de278c01efddbb6 Mon Sep 17 00:00:00 2001
From: David Mandelberg <david@mandelberg.org>
Date: Wed, 5 Mar 2025 18:05:51 -0500
Subject: [PATCH 1/3] Don't specify the password on the command line

https://www.netmeister.org/blog/passing-passwords.html has a decent
overview of the security issues with that.

Since this is interactive, getting curl to prompt for the password is
probably the easiest alternative. From
https://curl.se/docs/manpage.html#-u

> If you simply specify the username, curl prompts for a password.

I don't have an easy way to test the actual command in this doc, but the
flag does seem to behave as documented at least:

```
$ curl --user user@example.com https://google.com
Enter host password for user 'user@example.com'
```

Fixes gitgitgadget/gitgitgadget#1843
---
 reply-to-this.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reply-to-this.md b/reply-to-this.md
index fa224ff..33d087e 100644
--- a/reply-to-this.md
+++ b/reply-to-this.md
@@ -15,5 +15,5 @@ Simply copy the file to the `new` subfolder in your mailer's maildir folder.
 You can use the command-line tool `curl` (provided that your version has IMAP support):
 
 ```sh
-curl -g --user "<email>:<password>" --url "imaps://imap.gmail.com/INBOX" -T /path/to/raw.txt
+curl -g --user "<email>" --url "imaps://imap.gmail.com/INBOX" -T /path/to/raw.txt
 ```
\ No newline at end of file

From 3bf13289280fc591a178c17cfac7bdffef3158d5 Mon Sep 17 00:00:00 2001
From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Thu, 6 Mar 2025 01:13:22 +0100
Subject: [PATCH 2/3] PR build: when called from forks, publish a Git bundle

When the HTML page(s) are not up to date, the PR build re-generates
them, commits the result and wants to push it to the branch.

However, this only works if the PR branch and the target branch are in
the same repository. Otherwise the workflow run's `GITHUB_TOKEN` lacks
write permission, even if the PR author gave permission to the
maintainers to push to that branch.

Let's fall back to doing the next best thing and publish a Git bundle,
and provide instructions how to fetch from them and update the PR with
those changes.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
---
 .github/workflows/pr.yml | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index eaa191d..2ab2096 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -6,6 +6,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: write
+      issues: write
     steps:
       - uses: actions/checkout@v4
         with:
@@ -19,7 +20,7 @@ jobs:
           git add -A \*.html &&
           git diff-index --cached --exit-code HEAD -- ||
           echo "need-to-commit=yes" >>$GITHUB_OUTPUT
-      - name: commit & push
+      - name: commit
         if: steps.check.outputs.need-to-commit == 'yes'
         run: |
           git config user.name "${{github.actor}}" &&
@@ -28,5 +29,21 @@ jobs:
           git update-index --refresh &&
           git diff-files --exit-code &&
           git diff-index --cached --exit-code HEAD -- &&
-          git push
-
+          git bundle create git.bundle ${{ github.event.pull_request.head.sha }}..${{ github.event.pull_request.head.ref }}
+      - name: commit
+        if: steps.check.outputs.need-to-commit == 'yes' && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name
+        run: git push
+      - name: publish bundle
+        id: bundle
+        if: steps.check.outputs.need-to-commit == 'yes' && github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
+        uses: actions/upload-artifact@v4
+        with:
+          name: bundle
+          path: git.bundle
+      - name: instructions how to fetch bundle
+        if: steps.check.outputs.need-to-commit == 'yes' && github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
+        run: |
+          body='The HTML pages are out of date. Please download the `bundle` artifact from ${{ steps.bundle.outputs.artifact-url }}, extract the `git.bundle` file from it, then run `git pull /path/to/git.bundle ${{ github.event.pull_request.head.ref }}` and then push to the PR branch'
+          echo "::error::$body" >&2
+          echo "$body" >>$GITHUB_STEP_SUMMARY
+          exit 1

From fcc9bf9fa3e8e5a3968be811c0beceecfc73aab8 Mon Sep 17 00:00:00 2001
From: dscho <dscho@users.noreply.github.com>
Date: Thu, 6 Mar 2025 00:49:17 +0000
Subject: [PATCH 3/3] Convert Markdown to HTML

---
 reply-to-this.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/reply-to-this.html b/reply-to-this.html
index f432339..b8c6255 100644
--- a/reply-to-this.html
+++ b/reply-to-this.html
@@ -33,7 +33,7 @@ <h3 id="if-your-mail-program-stores-mails-in-maildir-format-thunderbird-mutt-alp
 <p>Simply copy the file to the <code>new</code> subfolder in your mailer&#39;s maildir folder.</p>
 <h3 id="if-you-use-webmail-gmail-and-friends">If you use webmail (GMail and friends)</h3>
 <p>You can use the command-line tool <code>curl</code> (provided that your version has IMAP support):</p>
-<pre><code class="language-sh">curl -g --user &quot;&lt;email&gt;:&lt;password&gt;&quot; --url &quot;imaps://imap.gmail.com/INBOX&quot; -T /path/to/raw.txt
+<pre><code class="language-sh">curl -g --user &quot;&lt;email&gt;&quot; --url &quot;imaps://imap.gmail.com/INBOX&quot; -T /path/to/raw.txt
 </code></pre>
 
     </div>