chore: import upstream snapshot with attribution

This commit is contained in:
wehub-resource-sync
2026-07-13 12:26:02 +08:00
commit a0a48b5e45
437 changed files with 100767 additions and 0 deletions
@@ -0,0 +1,43 @@
name: Block Claude / Anthropic co-author trailers
# Rejects PRs that contain a `Co-authored-by: ... claude ...` or `... anthropic ...`
# trailer in any of their commits. Contributors can still use AI tools to help
# write code, but they must remove the co-author attribution before the PR is
# eligible to merge, per the project's contributor guidelines.
on:
pull_request:
types: [opened, synchronize, reopened]
jobs:
check:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Scan PR commits for disallowed co-author trailers
run: |
BASE_SHA="${{ github.event.pull_request.base.sha }}"
HEAD_SHA="${{ github.event.pull_request.head.sha }}"
FOUND=0
while IFS= read -r c; do
[ -z "$c" ] && continue
SUBJECT=$(git log -1 "$c" --format=%s)
if git log -1 "$c" --format="%B" | grep -qiE 'co-authored-by:.*(claude|anthropic)'; then
echo "::error::Commit $c ($SUBJECT) has a Claude/Anthropic co-author trailer. Please remove it before this PR can merge."
FOUND=1
fi
done < <(git log --format=%H "$BASE_SHA".."$HEAD_SHA")
if [ "$FOUND" != "0" ]; then
echo ""
echo "How to fix:"
echo " 1. Run: git rebase -i $BASE_SHA"
echo " 2. Mark each flagged commit as 'reword'"
echo " 3. Delete the Co-authored-by line from the commit message"
echo " 4. Save, then: git push --force-with-lease"
exit 1
fi
echo "No disallowed co-author trailers found."
+27
View File
@@ -0,0 +1,27 @@
name: CI
on:
push:
branches: [main]
pull_request:
jobs:
semgrep:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Install Semgrep
run: pip install semgrep
- name: Run Semgrep bracket-assign guard
run: |
set -e
semgrep --config .semgrep/rules/no-bracket-assign-hot-paths.yml \
--strict --json \
src/providers/ src/parser.ts > semgrep-out.json
FINDINGS=$(jq '.results | length' semgrep-out.json)
if [ "$FINDINGS" -gt 0 ]; then
jq -r '.results[] | "::error file=\(.path),line=\(.start.line)::\(.extra.message)"' semgrep-out.json
exit 1
fi
+23
View File
@@ -0,0 +1,23 @@
name: firstlook
on:
pull_request:
types: [opened, reopened, synchronize]
workflow_dispatch:
inputs:
pr-number:
description: 'PR number to scan (leave empty for all open PRs)'
required: false
type: string
jobs:
assess:
runs-on: ubuntu-latest
permissions:
pull-requests: write
contents: read
steps:
- uses: getagentseal/firstlook@main
with:
pr-number: ${{ inputs.pr-number }}
skip-users: 'dependabot[bot],renovate[bot]'
fail-on: 'unknown'
+75
View File
@@ -0,0 +1,75 @@
name: Release macOS Menubar
# Triggers on a `mac-v*` tag push (e.g. `git tag mac-v0.8.0 && git push origin mac-v0.8.0`),
# or manually via the Actions tab. Builds a universal arm64+x86_64 bundle, ad-hoc signs it,
# zips via `ditto`, and uploads the zip to the GitHub Release. The installer verifies
# the checksum and bundle identity before replacing the local app.
on:
push:
tags:
- 'mac-v*'
workflow_dispatch:
inputs:
version:
description: 'Version label for the bundle (e.g. v0.8.0 or dev-preview)'
required: true
default: 'dev-preview'
permissions:
contents: write # Needed to create the release + upload assets.
jobs:
build:
runs-on: macos-latest
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Resolve version label
id: version
run: |
if [[ "${GITHUB_REF}" == refs/tags/mac-v* ]]; then
echo "value=${GITHUB_REF#refs/tags/mac-}" >> "$GITHUB_OUTPUT"
else
echo "value=${{ github.event.inputs.version }}" >> "$GITHUB_OUTPUT"
fi
- name: Show Swift toolchain
run: swift --version
- name: Build + bundle + zip
run: mac/Scripts/package-app.sh "${{ steps.version.outputs.value }}"
- name: Upload artifact (for manual runs)
if: github.event_name == 'workflow_dispatch'
uses: actions/upload-artifact@v7
with:
name: CodeBurnMenubar-${{ steps.version.outputs.value }}
path: |
mac/.build/dist/CodeBurnMenubar-${{ steps.version.outputs.value }}.zip
mac/.build/dist/CodeBurnMenubar-${{ steps.version.outputs.value }}.zip.sha256
if-no-files-found: error
- name: Create / update GitHub Release
if: startsWith(github.ref, 'refs/tags/mac-v')
uses: softprops/action-gh-release@v3
with:
tag_name: ${{ github.ref_name }}
name: Menubar ${{ steps.version.outputs.value }}
body: |
Install with:
```
npm install -g codeburn
codeburn menubar
```
That command drops the app into `~/Applications`, records the persistent
`codeburn` CLI path used by the menubar, verifies the downloaded checksum,
clears quarantine after bundle verification, and launches it. If you download
the zip from this page directly and macOS shows "cannot verify developer",
right-click the app in Finder and pick Open to whitelist it once.
files: |
mac/.build/dist/CodeBurnMenubar-${{ steps.version.outputs.value }}.zip
mac/.build/dist/CodeBurnMenubar-${{ steps.version.outputs.value }}.zip.sha256
fail_on_unmatched_files: true