chore: import upstream snapshot with attribution
This commit is contained in:
@@ -0,0 +1,43 @@
|
||||
name: Block Claude / Anthropic co-author trailers
|
||||
|
||||
# Rejects PRs that contain a `Co-authored-by: ... claude ...` or `... anthropic ...`
|
||||
# trailer in any of their commits. Contributors can still use AI tools to help
|
||||
# write code, but they must remove the co-author attribution before the PR is
|
||||
# eligible to merge, per the project's contributor guidelines.
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
types: [opened, synchronize, reopened]
|
||||
|
||||
jobs:
|
||||
check:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
with:
|
||||
fetch-depth: 0
|
||||
|
||||
- name: Scan PR commits for disallowed co-author trailers
|
||||
run: |
|
||||
BASE_SHA="${{ github.event.pull_request.base.sha }}"
|
||||
HEAD_SHA="${{ github.event.pull_request.head.sha }}"
|
||||
FOUND=0
|
||||
while IFS= read -r c; do
|
||||
[ -z "$c" ] && continue
|
||||
SUBJECT=$(git log -1 "$c" --format=%s)
|
||||
if git log -1 "$c" --format="%B" | grep -qiE 'co-authored-by:.*(claude|anthropic)'; then
|
||||
echo "::error::Commit $c ($SUBJECT) has a Claude/Anthropic co-author trailer. Please remove it before this PR can merge."
|
||||
FOUND=1
|
||||
fi
|
||||
done < <(git log --format=%H "$BASE_SHA".."$HEAD_SHA")
|
||||
if [ "$FOUND" != "0" ]; then
|
||||
echo ""
|
||||
echo "How to fix:"
|
||||
echo " 1. Run: git rebase -i $BASE_SHA"
|
||||
echo " 2. Mark each flagged commit as 'reword'"
|
||||
echo " 3. Delete the Co-authored-by line from the commit message"
|
||||
echo " 4. Save, then: git push --force-with-lease"
|
||||
exit 1
|
||||
fi
|
||||
echo "No disallowed co-author trailers found."
|
||||
@@ -0,0 +1,27 @@
|
||||
name: CI
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [main]
|
||||
pull_request:
|
||||
|
||||
jobs:
|
||||
semgrep:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
|
||||
- name: Install Semgrep
|
||||
run: pip install semgrep
|
||||
|
||||
- name: Run Semgrep bracket-assign guard
|
||||
run: |
|
||||
set -e
|
||||
semgrep --config .semgrep/rules/no-bracket-assign-hot-paths.yml \
|
||||
--strict --json \
|
||||
src/providers/ src/parser.ts > semgrep-out.json
|
||||
FINDINGS=$(jq '.results | length' semgrep-out.json)
|
||||
if [ "$FINDINGS" -gt 0 ]; then
|
||||
jq -r '.results[] | "::error file=\(.path),line=\(.start.line)::\(.extra.message)"' semgrep-out.json
|
||||
exit 1
|
||||
fi
|
||||
@@ -0,0 +1,23 @@
|
||||
name: firstlook
|
||||
on:
|
||||
pull_request:
|
||||
types: [opened, reopened, synchronize]
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
pr-number:
|
||||
description: 'PR number to scan (leave empty for all open PRs)'
|
||||
required: false
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
assess:
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
pull-requests: write
|
||||
contents: read
|
||||
steps:
|
||||
- uses: getagentseal/firstlook@main
|
||||
with:
|
||||
pr-number: ${{ inputs.pr-number }}
|
||||
skip-users: 'dependabot[bot],renovate[bot]'
|
||||
fail-on: 'unknown'
|
||||
@@ -0,0 +1,75 @@
|
||||
name: Release macOS Menubar
|
||||
|
||||
# Triggers on a `mac-v*` tag push (e.g. `git tag mac-v0.8.0 && git push origin mac-v0.8.0`),
|
||||
# or manually via the Actions tab. Builds a universal arm64+x86_64 bundle, ad-hoc signs it,
|
||||
# zips via `ditto`, and uploads the zip to the GitHub Release. The installer verifies
|
||||
# the checksum and bundle identity before replacing the local app.
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- 'mac-v*'
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
version:
|
||||
description: 'Version label for the bundle (e.g. v0.8.0 or dev-preview)'
|
||||
required: true
|
||||
default: 'dev-preview'
|
||||
|
||||
permissions:
|
||||
contents: write # Needed to create the release + upload assets.
|
||||
|
||||
jobs:
|
||||
build:
|
||||
runs-on: macos-latest
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v6
|
||||
|
||||
- name: Resolve version label
|
||||
id: version
|
||||
run: |
|
||||
if [[ "${GITHUB_REF}" == refs/tags/mac-v* ]]; then
|
||||
echo "value=${GITHUB_REF#refs/tags/mac-}" >> "$GITHUB_OUTPUT"
|
||||
else
|
||||
echo "value=${{ github.event.inputs.version }}" >> "$GITHUB_OUTPUT"
|
||||
fi
|
||||
|
||||
- name: Show Swift toolchain
|
||||
run: swift --version
|
||||
|
||||
- name: Build + bundle + zip
|
||||
run: mac/Scripts/package-app.sh "${{ steps.version.outputs.value }}"
|
||||
|
||||
- name: Upload artifact (for manual runs)
|
||||
if: github.event_name == 'workflow_dispatch'
|
||||
uses: actions/upload-artifact@v7
|
||||
with:
|
||||
name: CodeBurnMenubar-${{ steps.version.outputs.value }}
|
||||
path: |
|
||||
mac/.build/dist/CodeBurnMenubar-${{ steps.version.outputs.value }}.zip
|
||||
mac/.build/dist/CodeBurnMenubar-${{ steps.version.outputs.value }}.zip.sha256
|
||||
if-no-files-found: error
|
||||
|
||||
- name: Create / update GitHub Release
|
||||
if: startsWith(github.ref, 'refs/tags/mac-v')
|
||||
uses: softprops/action-gh-release@v3
|
||||
with:
|
||||
tag_name: ${{ github.ref_name }}
|
||||
name: Menubar ${{ steps.version.outputs.value }}
|
||||
body: |
|
||||
Install with:
|
||||
|
||||
```
|
||||
npm install -g codeburn
|
||||
codeburn menubar
|
||||
```
|
||||
|
||||
That command drops the app into `~/Applications`, records the persistent
|
||||
`codeburn` CLI path used by the menubar, verifies the downloaded checksum,
|
||||
clears quarantine after bundle verification, and launches it. If you download
|
||||
the zip from this page directly and macOS shows "cannot verify developer",
|
||||
right-click the app in Finder and pick Open to whitelist it once.
|
||||
files: |
|
||||
mac/.build/dist/CodeBurnMenubar-${{ steps.version.outputs.value }}.zip
|
||||
mac/.build/dist/CodeBurnMenubar-${{ steps.version.outputs.value }}.zip.sha256
|
||||
fail_on_unmatched_files: true
|
||||
Reference in New Issue
Block a user