Merge pull request #3 from SyntaxError-PEBKAC/codex/explain-repository-structure-and-build-process

Add self-hosted Windows GitHub Actions workflow for ESR check/build

Author: SyntaxError-PEBKAC

.github/ISSUE_TEMPLATE/build-failure.md

@@ -0,0 +1,35 @@
+---
+name: Build failure
+about: Report and triage ducksteps build/release failures
+title: "Build failure: <short error summary>"
+labels: ["build-failure"]
+assignees: []
+---
+
+## Failure summary
+- 
+
+## Environment
+- Date/time:
+- Branch:
+- Command run:
+- Shell (MozillaBuild/PowerShell):
+
+## Log locations
+- Main build log:
+- ESR watcher log (if relevant):
+
+## Error snippet
+```
+(paste the most useful block here)
+```
+
+## What I already tried
+- [ ] Re-run failed command
+- [ ] `./mach clobber` + rebuild
+- [ ] Clean objdir + rebuild
+- [ ] Checked tool paths (bash/7z/upx/git/gh)
+- [ ] Checked auth (if publish step failed)
+
+## Notes
+-

.github/ISSUE_TEMPLATE/esr-update.md

@@ -0,0 +1,27 @@
+---
+name: ESR update
+about: Track monthly/emergency Firefox ESR update work
+title: "ESR update: <version>"
+labels: ["esr-update"]
+assignees: []
+---
+
+## Target ESR version
+- 
+
+## Why this update
+- [ ] Monthly security update
+- [ ] Emergency/security hotfix
+- [ ] Other (explain)
+
+## Checklist
+- [ ] Source synced to target ESR
+- [ ] Build completed
+- [ ] Installer artifact produced
+- [ ] Standalone artifact produced
+- [ ] Release notes generated/updated
+- [ ] Tag created
+- [ ] Draft/published release created
+
+## Notes
+-

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,12 @@
+## Summary
+- 
+
+## Checklist
+- [ ] Build completed successfully
+- [ ] Installer artifact generated (.exe)
+- [ ] Standalone artifact generated (.7z)
+- [ ] Version bumped/confirmed for this release
+- [ ] Tag created/updated as intended
+- [ ] Release notes reviewed/updated
+
+Optional: comment `@codex review` for an automated review.

.github/workflows/esr-self-hosted.yml

@@ -0,0 +1,108 @@
+name: ESR Watcher + Build (Self-hosted Windows)
+
+on:
+  schedule:
+    - cron: '17 9 * * *'
+  workflow_dispatch:
+    inputs:
+      version:
+        description: 'Optional version override (example: 140.8.0). Leave empty to run check_esr_update.ps1.'
+        required: false
+        type: string
+      publish_draft:
+        description: 'If true, allow draft release publishing (otherwise force -NoPublish).'
+        required: false
+        default: false
+        type: boolean
+
+jobs:
+  build:
+    runs-on: [self-hosted, windows]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Resolve run mode
+        id: mode
+        shell: powershell
+        run: |
+          $version = "${{ inputs.version }}"
+          $isManual = "${{ github.event_name }}" -eq "workflow_dispatch"
+
+          if ($isManual -and -not [string]::IsNullOrWhiteSpace($version)) {
+            "run_mode=manual_version" >> $env:GITHUB_OUTPUT
+            "version=$version" >> $env:GITHUB_OUTPUT
+          } else {
+            "run_mode=esr_check" >> $env:GITHUB_OUTPUT
+            "version=" >> $env:GITHUB_OUTPUT
+          }
+
+      - name: Run check_esr_update.ps1 (default: -NoPublish)
+        if: steps.mode.outputs.run_mode == 'esr_check'
+        shell: powershell
+        env:
+          GH_TOKEN: ${{ secrets.DUCKSTEPS_GH_TOKEN }}
+        run: |
+          $publishDraft = "${{ inputs.publish_draft }}" -eq "true"
+          $args = @('-NoProfile', '-ExecutionPolicy', 'Bypass', '-File', '.\scripts\check_esr_update.ps1')
+
+          if (-not $publishDraft) {
+            $args += '-NoPublish'
+          }
+
+          powershell @args
+
+      - name: Run build_and_release.ps1 (manual version, default: -NoPublish)
+        if: steps.mode.outputs.run_mode == 'manual_version'
+        shell: powershell
+        env:
+          GH_TOKEN: ${{ secrets.DUCKSTEPS_GH_TOKEN }}
+        run: |
+          $publishDraft = "${{ inputs.publish_draft }}" -eq "true"
+          $version = "${{ steps.mode.outputs.version }}"
+
+          $args = @(
+            '-NoProfile',
+            '-ExecutionPolicy', 'Bypass',
+            '-File', '.\scripts\build_and_release.ps1',
+            '-Version', $version
+          )
+
+          if (-not $publishDraft) {
+            $args += '-NoPublish'
+          }
+
+          powershell @args
+
+      - name: Upload installer artifacts
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: ducksteps-installer
+          if-no-files-found: warn
+          path: |
+            D:\ducksteps-obj\esr140\dist\ducksteps-*-Setup.exe
+            D:\ducksteps-obj\esr140\dist\install\sea\*.installer.exe
+
+      - name: Upload standalone artifacts
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: ducksteps-standalone
+          if-no-files-found: warn
+          path: |
+            D:\ducksteps-obj\esr140\dist\ducksteps-*-Standalone.7z
+            D:\ducksteps-obj\esr140\dist\*.win64.zip
+
+      - name: Upload logs
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: ducksteps-logs
+          if-no-files-found: warn
+          path: |
+            D:\ducksteps-obj\esr140\dist\logs\*.log
+            D:\ducksteps-obj\esr140\dist\RELEASE_NOTES.md