chore: import upstream snapshot with attribution
CI / test (20, macos-latest) (push) Has been cancelled
CI / test (20, ubuntu-latest) (push) Has been cancelled
CI / test (22, macos-latest) (push) Has been cancelled
CI / test (22, ubuntu-latest) (push) Has been cancelled

This commit is contained in:
wehub-resource-sync
2026-07-13 13:01:18 +08:00
commit 979fb22d7c
613 changed files with 113494 additions and 0 deletions
+70
View File
@@ -0,0 +1,70 @@
name: CI
# `paths-ignore` keeps doc-only / website / README / CHANGELOG churn from
# burning runner minutes. Source / config / workflow changes always run.
# `workflow_dispatch` gives a manual re-run button for flake debugging.
on:
push:
branches: [main]
paths-ignore:
- "README.md"
- "CHANGELOG.md"
- "AGENTS.md"
- "ROADMAP.md"
- "website/**"
- "docs/**"
- "assets/**"
- "deploy/**/README.md"
- "**/*.md"
- "**/*.mdx"
pull_request:
branches: [main]
paths-ignore:
- "README.md"
- "CHANGELOG.md"
- "AGENTS.md"
- "ROADMAP.md"
- "website/**"
- "docs/**"
- "assets/**"
- "deploy/**/README.md"
- "**/*.md"
- "**/*.mdx"
workflow_dispatch:
# Cancel in-flight PR runs when a force-push lands. Keep push runs to
# protect against partial state on main.
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
test:
runs-on: ${{ matrix.os }}
strategy:
# Don't bail the whole matrix on one cell's failure — we want to
# see whether the same failure reproduces across OSes (e.g.
# whether a flake is platform-specific or universal).
fail-fast: false
matrix:
# Windows held back: test/obsidian-export.test.ts has hardcoded
# POSIX paths (`/tmp/...`) that fail on D:\ drive runners.
# src/functions/obsidian-export.ts needs os.tmpdir() + path.join
# rework before Windows can be added back. Tracked as follow-up.
os: [ubuntu-latest, macos-latest]
node-version: [20, 22]
steps:
- uses: actions/checkout@v6
with:
persist-credentials: false
- uses: actions/setup-node@v6
with:
node-version: ${{ matrix.node-version }}
# Two-step install: generate a lockfile in-runner with
# --package-lock-only, then install from it with `npm ci`.
# Lockfiles are gitignored at the repo level.
- run: npm install --package-lock-only --legacy-peer-deps --no-audit --no-fund
- run: npm ci --legacy-peer-deps --no-audit --no-fund
- run: npm run build
- run: npm run skills:check
- run: npm test
+124
View File
@@ -0,0 +1,124 @@
name: Publish to npm
on:
release:
types: [published]
workflow_dispatch:
inputs:
packages:
description: "Packages to publish (comma-separated: agentmemory,mcp,fs-watcher)"
required: false
default: "agentmemory,mcp,fs-watcher"
# Workflow-level permissions stay minimal — only `contents: read`
# is required to check out the repo. `id-token: write` is granted on
# the publish job for npm's --provenance Sigstore OIDC mint.
permissions:
contents: read
jobs:
publish:
runs-on: ubuntu-latest
permissions:
contents: read
id-token: write
steps:
- uses: actions/checkout@v6
with:
# Don't persist the GITHUB_TOKEN to .git/config — the
# publish steps don't push back to the repo, so the token
# only needs to live in memory for this checkout.
persist-credentials: false
- uses: actions/setup-node@v6
with:
node-version: 22
registry-url: https://registry.npmjs.org
# Two-step install: generate a lockfile in-runner with
# --package-lock-only, then install from it with `npm ci`. Gives a
# single deterministic dep graph across build / test / publish
# within one job — important because publish uses `--provenance`.
# Lockfiles are gitignored at the repo level.
- run: npm install --package-lock-only --legacy-peer-deps --no-audit --no-fund
- run: npm ci --legacy-peer-deps --no-audit --no-fund
- run: npm run build
- run: npm test
- name: Publish @agentmemory/agentmemory
run: |
if npm view "@agentmemory/agentmemory@$(node -p "require('./package.json').version")" version >/dev/null 2>&1; then
echo "Version already published, skipping"
else
npm publish --provenance --access public
fi
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Wait for npm registry propagation
run: |
VERSION=$(node -p "require('./package.json').version")
for i in $(seq 1 24); do
if npm view "@agentmemory/agentmemory@$VERSION" version >/dev/null 2>&1; then
echo "Registry propagated after ${i} attempt(s)"
exit 0
fi
echo "Attempt $i: not yet available, sleeping 5s..."
sleep 5
done
echo "ERROR: registry never propagated after 2 minutes" >&2
exit 1
- name: Publish @agentmemory/mcp shim
working-directory: packages/mcp
run: |
SHIM_VERSION=$(node -p "require('./package.json').version")
if npm view "@agentmemory/mcp@$SHIM_VERSION" version >/dev/null 2>&1; then
echo "Shim version already published, skipping"
else
npm publish --provenance --access public
fi
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Wait for @agentmemory/mcp registry propagation
working-directory: packages/mcp
run: |
SHIM_VERSION=$(node -p "require('./package.json').version")
for i in $(seq 1 24); do
if npm view "@agentmemory/mcp@$SHIM_VERSION" version >/dev/null 2>&1; then
echo "Shim propagated after ${i} attempt(s)"
exit 0
fi
echo "Attempt $i: not yet available, sleeping 5s..."
sleep 5
done
echo "ERROR: shim never propagated after 2 minutes" >&2
exit 1
- name: Publish @agentmemory/fs-watcher connector
working-directory: integrations/filesystem-watcher
run: |
FSW_VERSION=$(node -p "require('./package.json').version")
if npm view "@agentmemory/fs-watcher@$FSW_VERSION" version >/dev/null 2>&1; then
echo "fs-watcher version already published, skipping"
else
npm publish --provenance --access public
fi
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
- name: Wait for @agentmemory/fs-watcher registry propagation
working-directory: integrations/filesystem-watcher
run: |
FSW_VERSION=$(node -p "require('./package.json').version")
for i in $(seq 1 24); do
if npm view "@agentmemory/fs-watcher@$FSW_VERSION" version >/dev/null 2>&1; then
echo "fs-watcher propagated after ${i} attempt(s)"
exit 0
fi
echo "Attempt $i: not yet available, sleeping 5s..."
sleep 5
done
echo "ERROR: fs-watcher never propagated after 2 minutes" >&2
exit 1