@dougefresh/ci 0.1.15 → 0.1.16

package/.github/actions/install-yq/scripts/windowsish.ps1

@@ -1,99 +0,0 @@
-$ErrorActionPreference = 'Stop'
-Set-StrictMode -Version Latest
-
-Write-Host "::group::Prep"
-
-# validate input and prepare some vars
-
-switch ($Env:RUNNER_ARCH)
-{
-    "X86" {
-        $_arch = "386"
-    }
-    "X64" {
-        $_arch = "amd64"
-    }
-    default {
-        Write-Host "Cannot handle arch of type $Env:RUNNER_ARCH"
-        Write-Host "Expected one of: [ X86 X64 ]"
-        exit 1
-    }
-}
-
-$_base_url = "https://github.com/mikefarah/yq/releases/download"
-
-$_root_name = "yq_windows_${_arch}"
-$_bin_name = "${_root_name}.exe"
-
-Write-Host "Creating temporary directory $Env:RUNNER_TEMP\${_root_name}\"
-New-Item "$Env:RUNNER_TEMP\${_root_name}\" -ItemType Directory -Force
-
-if ($Env:DL_COMPRESSED -eq "true")
-{
-    $_dl_name = "${_root_name}.zip"
-    $_dl_path = "$Env:RUNNER_TEMP\${_dl_name}"
-}
-else
-{
-    $_dl_name = "${_bin_name}"
-    $_dl_path = "$Env:RUNNER_TEMP\${_root_name}\${_dl_name}"
-    Write-Host "Creating temporary directory $Env:RUNNER_TEMP\${_root_name}\"
-    New-Item "$Env:RUNNER_TEMP\${_root_name}\" -ItemType Directory -Force
-}
-
-$_version = "$Env:YQ_VERSION"
-
-# default to _something_...
-if ($_version -eq "")
-{
-    $_version = "v4.44.3"
-}
-
-$_dl_url = "${_base_url}/${_version}/${_dl_name}"
-
-Write-Host "::endgroup::"
-
-# download artifact
-
-Write-Host "::group::Downloading yq ${_version}"
-
-Write-Host "Src: ${_dl_url}"
-Write-Host "Dst: ${_dl_path}"
-
-Invoke-WebRequest -Uri "${_dl_url}" -OutFile "${_dl_path}"
-
-Write-Host "::endgroup::"
-
-# expand archive, if necessary
-
-if ($Env:DL_COMPRESSED -eq "true")
-{
-    Write-Host "::group::Expanding archive"
-
-    Expand-Archive -LiteralPath "${_dl_path}" -DestinationPath "$Env:RUNNER_TEMP\${_root_name}\"
-
-    Write-Host "Removing ${_dl_path}"
-    Remove-Item -Force -Path "${_dl_path}"
-
-    Write-Host "::endgroup::"
-}
-
-# install into tool cache
-
-Write-Host "::group::Copying to tool cache"
-
-Write-Host "Creating tool cache directory $Env:RUNNER_TOOL_CACHE\yq\"
-New-Item "$Env:RUNNER_TOOL_CACHE\yq\" -ItemType Directory -Force
-
-Write-Host "Installing into tool cache:"
-Write-Host "Src: $Env:RUNNER_TEMP\${_root_name}\${_bin_name}"
-Write-Host "Dst: $Env:RUNNER_TOOL_CACHE\yq\yq.exe"
-Move-Item -Force -LiteralPath "$Env:RUNNER_TEMP\${_root_name}\${_bin_name}" -Destination "$Env:RUNNER_TOOL_CACHE\yq\yq.exe"
-
-Write-Host "Removing $Env:RUNNER_TEMP\${_root_name}"
-Remove-Item -Force -Recurse -Path "$Env:RUNNER_TEMP\${_root_name}"
-
-Write-Host "Adding $Env:RUNNER_TOOL_CACHE\yq\ to path..."
-Add-Content "$Env:GITHUB_PATH" "$Env:RUNNER_TOOL_CACHE\yq\"
-
-Write-Host "::endgroup::"

package/.github/actions/jobtaker/action.yml

@@ -1,29 +0,0 @@
-name: 'Jobtaker Review'
-description: 'Runs Claude Code jobtaker with provided config'
-inputs:
-  config:
-    description: 'JSON config from rust-config action'
-    required: true
-  anthropic_api_key:
-    description: 'Anthropic API key'
-    required: true
-
-runs:
-  using: 'composite'
-  steps:
-    - name: jobtaker
-      if: ${{ fromJSON(inputs.config).ai.enabled }}
-      uses: anthropics/claude-code-action@v1
-      with:
-        anthropic_api_key: ${{ inputs.anthropic_api_key }}
-        trigger_phrase: '@jobtaker'
-        allowed_bots: ${{ fromJSON(inputs.config).ai.allowed_bots }}
-        prompt_file: claude-prompt.md
-        claude_args: ${{ fromJSON(inputs.config).ai.claude_args }}
-        use_sticky_comment: ${{ fromJSON(inputs.config).ai.use_sticky_comment }}
-        track_progress: "${{ fromJSON(inputs.config).ai.track_progress }}"
-        path_to_claude_code_executable: ''
-        path_to_bun_executable: ''
-        show_full_output: 'false'
-        plugins: ''
-        plugin_marketplaces: ''

package/.github/actions/rust-config/action.yml

@@ -1,34 +0,0 @@
-name: Rust CI Config
-description: Merge Rust CI Config
-inputs:
-  git_token:
-    description: 'Token to authenticate for git'
-    required: false
-  arm64:
-    default: "ubicloud-standard-8-arm"
-    required: false
-  amd64:
-    default: "ubicloud-standard-4"
-    required: false
-outputs:
-  config:
-    description: 'Configuration JSON output'
-    value: ${{ steps.config.outputs.config }}
-runs:
-  using: composite
-  steps:
-    - name: Checkout code
-      uses: actions/checkout@v6
-      with:
-        token: ${{ inputs.git_token || github.token }}
-    - name: generate
-      id: generate
-      uses: dougefresh/ci@main
-    - name: replace runners
-      id: config
-      shell: bash
-      run: |
-        CONFIG="$(echo '${{ steps.generate.outputs.config }}' | sed \
-            -e 's/vars.RUNNER_ARM64/${{ inputs.arm64 }}/g' \
-            -e 's/vars.RUNNER_AMD64/${{ inputs.amd64 }}/g')"
-        echo "config=$CONFIG" >> $GITHUB_OUTPUT

package/.github/actions/rust-init/action.yml

@@ -1,75 +0,0 @@
-name: Rust Init
-description: Initialize a Rust project with a basic structure and dependencies.
-inputs:
-  git_token:
-    description: 'Token to authenticate for git'
-    required: false
-  packages:
-    description: 'Packages to install per OS, see .github/ci-configs/rust-default.yml'
-    required: false
-    default: ''
-  ref:
-    description: 'Ref to checkout'
-    required: false
-    default: ''
-runs:
-  using: composite
-  steps:
-    - name: Checkout code
-      uses: actions/checkout@v6
-      with:
-        token: ${{ inputs.git_token || github.token }}
-        ref: ${{ inputs.ref }}
-    - name: cache
-      uses: ubicloud/rust-cache@v2
-      with:
-        cache-on-failure: 'true'
-    - uses: actions-rust-lang/setup-rust-toolchain@v1
-      with:
-        toolchain: stable,nightly
-        components: rustfmt,clippy
-    # - name: Install nightyly
-    #   id: toolchain-nightly
-    #   uses: dtolnay/rust-toolchain@nightly
-    #   with:
-    #     components: "rustfmt,clippy"
-    # - name: Install stable
-    #   id: toolchain-stable
-    #   shell: bash
-    #   run: |
-    #     rustup toolchain install stable --component clippy --profile minimal --no-self-update
-    #     rustup default stable
-    #     echo "name=stable" >> $GITHUB_OUTPUT
-    - name: Debug versions
-      shell: bash
-      run: |
-        cargo +nightly --version
-        cargo +stable --version
-
-    - name: packages
-      shell: bash
-      if: ${{ inputs.packages }}
-      run: |
-        set -x
-        packages=""
-        case $RUNNER_OS in
-          Linux)
-            packages="${{ fromJSON(inputs.packages).Linux }}"
-            ;;
-          macOS)
-            packages="${{ fromJSON(inputs.packages).macOS }}"
-            ;;
-          *)
-            echo "Cannot handle OS of type $RUNNER_OS"
-            echo "Expected one of: [ Linux macOS ]"
-            exit 0
-            ;;
-        esac
-
-        if [ -z "$packages" ]; then
-          echo "No packages to install"
-          exit 0
-        fi
-
-        echo "Installing packages: $packages"
-        sudo $packages

package/.github/additional-prompt.md

@@ -1,62 +0,0 @@
-# Configuration Validation
-
-Before performing code review, validate your environment and permissions:
-
-## Tool Access
-
-Verify you can execute these commands:
-- `cargo check` / `cargo test` / `cargo clippy`
-- `bun run build` / `bun test`
-- `tsgo` (TypeScript compiler wrapper)
-
-If any tool fails, note it in your review.
-
-## Permission Audit
-
-Examine `claude_args` in `./src/defaults.ts` (variable: `DEFAULT_AI`):
-
-1. **Tool allowlist**: Verify the comma-separated list is syntactically correct
-2. **Security review**: Assess each allowed tool pattern for potential abuse:
-   - `Bash(*)` patterns: What commands could be chained?
-   - `mcp__github_inline_comment__*`: What GitHub API access is granted?
-   - File system access: Can sensitive files be read/modified?
-
-3. **Risk assessment**: For each concern, provide:
-   - Attack vector example
-   - Likelihood (high/medium/low)
-   - Mitigation suggestion
-
-Only flag **high likelihood** issues as blocking. Document medium/low risks for awareness.
-
-## Configuration Sync
-
-Compare workflow inputs in `.github/workflows/pr-review.yml` against `DEFAULT_AI` schema:
-- Are all `fromJSON(needs.config.outputs.config).ai.*` fields defined in `DEFAULT_AI`?
-- Do boolean/string types match between workflow and TypeScript?
-
-Report mismatches as configuration bugs.
-
-## User Config Validation
-
-If `.github/rust-ci.ts` exists, validate it:
-
-1. **Syntax**: Does it export a default function returning a `RustWorkflow`?
-2. **Logic**: Check for contradictions:
-   - Jobs disabled but referenced in other configs
-   - Empty matrices (no OS/toolchains/features)
-   - Invalid arch values (not in `Arch` enum)
-3. **Workflow impact**: What jobs will actually run? Flag if all jobs are disabled.
-
-## Workflow Integrity
-
-Validate `.github/workflows/pr-review.yml`:
-
-1. **Job dependencies**: Does `needs: [config]` chain correctly? Are outputs referenced before they exist?
-2. **Conditional logic**: Do all `if:` conditions reference valid event properties?
-3. **Secret validation**: Is `ANTHROPIC_API_KEY` checked before use?
-4. **Action versions**: Are pinned versions used (`@v1`, `@main`)? Flag unpinned refs.
-5. **Runner variables**: Are `vars.RUNNER*` placeholders resolved by the config action?
-6. **Input/output flow**: Trace `config.outputs.config` → `fromJSON()` → action inputs. Are all paths valid JSON?
-
-Flag any broken references, missing dependencies, or unreachable code paths.
-

package/.github/ci-configs/dummy.yml

@@ -1,24 +0,0 @@
-'$schema': https://github.com/CarteraMesh/ci/raw/refs/heads/main/schemas/rust-ci-config.schema.json
-
-release:
-  cargo-publish: false
-  debian: false
-  profile: release
-  bin: dummy
-  os:
-    - target: 'aarch64-unknown-linux-gnu'
-      os: 'ubicloud-standard-8-arm64'
-
-jobs:
-  semver:
-    if: false
-    continue-on-error: true
-  extra:
-    if: true
-    continue-on-error: false
-    name: extra-dummy
-    run: echo "Running extra job"
-
-pages:
-  mdbook:
-    if: true

package/.github/ci-configs/rust/ai.yml

@@ -1,65 +0,0 @@
-ai:
-  enabled: true
-  allowed_bots: '*'
-  claude_args: ''
-  use_sticky_comment: false
-  track_progress: true
-  prompt: |
-    Perform a comprehensive code review with the following focus areas:
-    Provide detailed feedback using inline comments for ONLY issues, no praise inline comments.
-    Use top-level comments for general observations or praise
-    Do not be shy, I am a big boy and can handle criticism gracefully. I welcome feedback and suggestions.
-
-    Review this PR against our team checklist:
-
-    ## Code Quality
-    - [ ] Code follows our style guide
-    - [ ] No commented-out code
-    - [ ] Meaningful variable names
-    - [ ] DRY principle followed
-
-    ## Testing
-    - [ ] Unit tests for new functions
-    - [ ] Integration tests for new endpoints
-    - [ ] Edge cases covered
-    - [ ] Test coverage > 80%
-
-    ## Documentation
-    - [ ] README updated if needed
-    - [ ] API docs updated
-    - [ ] Inline comments for complex logic
-    - [ ] CHANGELOG.md updated
-
-    ## Security
-    - [ ] No hardcoded credentials
-    - [ ] Input validation implemented
-    - [ ] Proper error handling
-    - [ ] No sensitive data in logs
-
-    For each item, check if it is satisfied and comment on any that need attention.
-    Post a summary comment with checklist results.
-  # https://code.claude.com/docs/en/settings
-  # https://www.schemastore.org/claude-code-settings.json
-  settings:
-    attribution:
-      commit: 'Generated with JobsTaker'
-      pr: ''
-    permissions:
-      allow:
-        - mcp__github_inline_comment__create_inline_comment,
-        - Bash(gh pr comment:*),
-        - Bash(gh pr diff:*),
-        - Bash(gh pr view:*),
-        - Bash(grep .*),
-        - Bash(rg .*),
-        - Bash(npm run lint)
-        - Bash(npm run test:*)
-        - Bash(cargo .*)
-      deny:
-        - Bash(cargo publis.*)
-        #   - Read(./.env)
-        #   - Read(./.env.*)
-        #   - Read(./secrets/**)
-    env:
-      CLAUDE_CODE_ENABLE_TELEMETRY: '0'
-      OTEL_METRICS_EXPORTER: otlp

package/.github/ci-configs/rust-default.yml

@@ -1,115 +0,0 @@
-global:
-  # to match $RUNNER_OS
-  packages:
-    Linux: ''
-    macOS: ''
-    Windows: ''
-  toolchains:
-    - stable
-    - nightly
-  features:
-    - default
-  rustlog: info
-  fireblocks:
-    enabled: false
-    set-env-vars: true
-
-pages:
-  mdbook:
-    if: false
-    path: docs
-    version: latest
-    command: mdbook build
-
-release:
-  cargo-publish: true # release to cargo, otherwise just tag
-  debian: false
-  profile: 'release'
-  os:
-    - target: aarch64-unknown-linux-gnu
-      os: ubicloud-standard-8-arm
-    - target: x86_64-unknown-linux-gnu
-      os: ubicloud-standard-4
-    - target: aarch64-apple-darwin
-      os: macos-latest
-#    - target: x86_64-pc-windows-msvc
-#      os: windows-latest
-jobs:
-  coverage:
-    if: true
-    continue-on-error: false
-    args:
-      test: ''
-      llvm: ''
-    run: |
-      cmd="cargo llvm-cov ${LLVM_ARGS} --locked --lcov --output-path lcov-${FEATURES}.info --no-fail-fast"
-      if [ "$FEATURES" == "default" ]; then
-        $cmd -- --no-capture $CARGO_ARGS
-      else
-        $cmd --features "$FEATURES" -- --no-capture $CARGO_ARGS
-      fi
-    matrix:
-      os: []
-      toolchains:
-        - stable
-      features:
-        - default
-  fmt:
-    if: true
-    continue-on-error: false
-    run: cargo +nightly fmt --check --all
-  clippy:
-    if: true
-    continue-on-error: false
-    flags: ''
-    matrix:
-      os: []
-      toolchains:
-        - stable
-      features:
-        - default
-
-  semver:
-    if: true
-    continue-on-error: false
-  hack:
-    if: true
-    continue-on-error: false
-    run: cargo hack --feature-powerset check
-  doc:
-    if: true
-    continue-on-error: false
-    run: cargo +nightly docs-rs
-
-  cargo-sort:
-    if: true
-    continue-on-error: false
-    run: |
-      if [ -f ./scripts/cargo-sort.sh ]; then
-        ./scripts/cargo-sort.sh
-      else
-        cargo sort -c -g
-      fi
-  dependencies:
-    if: true
-    continue-on-error: false
-    run: cargo machete --with-metadata
-
-  sanitizers:
-    enabled: true
-    matrix:
-      os: []
-      features:
-        - default
-    address:
-      if: true
-      continue-on-error: false
-      run: cargo test --lib --tests --no-fail-fast --target x86_64-unknown-linux-gnu -- --no-capture
-    leak:
-      if: true
-      continue-on-error: false
-      run: cargo test --target x86_64-unknown-linux-gnu  -- --no-capture
-    thread:
-      if: false
-      continue-on-error: false
-      run: cargo test --target x86_64-unknown-linux-gnu -- --test-threads=1

package/.github/ci-configs/test/01.yml

@@ -1,9 +0,0 @@
-global:
-  packages:
-    Linux: 'curl'
-  rustlog: debug
-  fireblocks:
-    enabled: true
-jobs:
-  coverage:
-    if: false

package/.github/dependabot.yml

@@ -1,26 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: github-actions
-    directory: /
-    schedule:
-      interval: weekly
-    groups:
-      actions-minor:
-        update-types:
-          - minor
-          - patch
-
-  - package-ecosystem: npm
-    directory: /
-    schedule:
-      interval: weekly
-    groups:
-      npm-development:
-        dependency-type: development
-        update-types:
-          - minor
-          - patch
-      npm-production:
-        dependency-type: production
-        update-types:
-          - patch

package/.github/prompts/create-release-notes.prompt.md

@@ -1,29 +0,0 @@
-# Create Release Notes
-
-You are an expert technical writer tasked with creating release notes for updates to this repository. Your specific task
-is to generate release notes that are clear, concise, and useful for developers and users of the project.
-
-## Guidelines
-
-Ensure you adhere to the following guidelines when creating release notes:
-
-- Use a clear and consistent format for the release notes
-- Include a summary of the changes made in the release
-- Highlight any new features, improvements, or bugfixes
-- If applicable, include instructions for upgrading or migrating to the new version
-- Use technical language that is appropriate for the audience, but avoid jargon that may not be understood by all users
-- Ensure that the release notes are easy to read and navigate
-- Include relevant issue or PR numbers where applicable
-- Use proper Markdown formatting
-- Use code blocks for commands, configuration examples, or code changes
-- Use note and warning callouts for important information
-
-## Versioning
-
-GitHub Actions are versioned using branch and tag names. The version in the project's `package.json` should reflect the
-changes made in the codebase and follow [Semantic Versioning](https://semver.org/) principles. Depending on the nature
-of the changes, please make sure to adjust the release notes accordingly:
-
-- For **major** changes, include a detailed description of the breaking changes and how users can adapt to them
-- For **minor** changes, highlight new features and improvements
-- For **patch** changes, focus on bugfixes and minor improvements

package/.github/prompts/unit-test.prompt.md

@@ -1,77 +0,0 @@
-# Create Unit Test(s)
-
-You are an expert software engineer tasked with creating unit tests for the repository. Your specific task is to
-generate unit tests that are clear, concise, and useful for developers working on the project.
-
-## Guidelines
-
-Ensure you adhere to the following guidelines when creating unit tests:
-
-- Use a clear and consistent format for the unit tests
-- Include a summary of the functionality being tested
-- Use descriptive test names that clearly convey their purpose
-- Ensure tests cover both the main path of success and edge cases
-- Use proper assertions to validate the expected outcomes
-- Use `jest` for writing and running tests
-- Place unit tests in the `__tests__` directory
-- Use fixtures for any necessary test data, placed in the `__fixtures__` directory
-
-## Example
-
-Use the following as an example of how to structure your unit tests:
-
-```typescript
-/**
- * Unit tests for the action's main functionality, src/main.ts
- */
-import { jest } from '@jest/globals';
-import * as core from '../__fixtures__/core.js';
-import { wait } from '../__fixtures__/wait.js';
-
-// Mocks should be declared before the module being tested is imported.
-jest.unstable_mockModule('@actions/core', () => core);
-jest.unstable_mockModule('../src/wait.js', () => ({ wait }));
-
-// The module being tested should be imported dynamically. This ensures that the
-// mocks are used in place of any actual dependencies.
-const { run } = await import('../src/main.js');
-
-describe('main.ts', () => {
-  beforeEach(() => {
-    // Set the action's inputs as return values from core.getInput().
-    core.getInput.mockImplementation(() => '500');
-
-    // Mock the wait function so that it does not actually wait.
-    wait.mockImplementation(() => Promise.resolve('done!'));
-  });
-
-  afterEach(() => {
-    jest.resetAllMocks();
-  });
-
-  it('Sets the time output', async () => {
-    await run();
-
-    // Verify the time output was set.
-    expect(core.setOutput).toHaveBeenNthCalledWith(
-      1,
-      'time',
-      // Simple regex to match a time string in the format HH:MM:SS.
-      expect.stringMatching(/^\d{2}:\d{2}:\d{2}/),
-    );
-  });
-
-  it('Sets a failed status', async () => {
-    // Clear the getInput mock and return an invalid value.
-    core.getInput.mockClear().mockReturnValueOnce('this is not a number');
-
-    // Clear the wait mock and return a rejected promise.
-    wait.mockClear().mockRejectedValueOnce(new Error('milliseconds is not a number'));
-
-    await run();
-
-    // Verify that the action was marked as failed.
-    expect(core.setFailed).toHaveBeenNthCalledWith(1, 'milliseconds is not a number');
-  });
-});
-```

package/.github/rust-ci.ts

@@ -1,5 +0,0 @@
-import { createRustWorkflow } from '@dougefresh/ci';
-
-export default function () {
-  return createRustWorkflow().extra('test-extra', 'echo hello').semver(false).disableSanitizers().build();
-}