@dougefresh/ci 0.1.15 → 0.1.17

package/.github/actions/install-yq/action.yaml

@@ -1,80 +0,0 @@
-name: Install YQ
-description: |
-  Installs a version of YQ into the job tool cache using simple shell scripts
-
-branding:
-  icon: copy
-  color: orange
-
-inputs:
-  version:
-    required: true
-    description: 'Version of YQ to install'
-    default: 'v4.49.2'
-  download-compressed:
-    required: false
-    description: "If 'true', downloads .tar.gz of binary rather than raw binary.  Save the tubes."
-    default: 'true'
-  force:
-    required: false
-    description: "If 'true', does not check for existing yq installation before continuing."
-    default: 'false'
-
-outputs:
-  found:
-    description: "If 'true', yq was already found on this runner"
-    value: "${{ steps.yq-check-unix.outputs.found == 'true' || steps.yq-check-windows.outputs.found == 'true' }}"
-  installed:
-    description: "If 'true', yq was installed by this action"
-    value:
-      "${{ inputs.force == 'true' || steps.yq-check-unix.outputs.found == 'false' ||
-      steps.yq-check-windows.outputs.found == 'false' }}"
-
-runs:
-  using: composite
-  steps:
-    - name: 'Check for yq - Unix-ish'
-      id: yq-check-unix
-      if: (runner.os == 'Linux' || runner.os == 'macOS')
-      shell: bash +e {0}
-      # language=bash
-      run: |
-        _yq_bin="$(which yq)"
-        if [ -f "${_yq_bin}" ]; then
-          echo "found=true" >> $GITHUB_OUTPUT
-        else
-          echo "found=false" >> $GITHUB_OUTPUT
-        fi
-
-    - name: 'Install yq - Unix-ish'
-      if:
-        (runner.os == 'Linux' || runner.os == 'macOS') && (steps.yq-check-unix.outputs.found == 'false' || inputs.force
-        == 'true')
-      shell: bash
-      env:
-        DL_COMPRESSED: "${{ inputs.download-compressed == 'true' }}"
-        YQ_VERSION: '${{ inputs.version }}'
-      run: $GITHUB_ACTION_PATH/scripts/unixish.sh
-
-    - name: 'Check for yq - Windows-ish'
-      id: yq-check-windows
-      if: runner.os == 'Windows'
-      shell: powershell
-      # language=powershell
-      run: |
-        if (Get-Command "yq.exe" -ErrorAction SilentlyContinue)
-        {
-            Add-Content $Env:GITHUB_OUTPUT "found=true"
-        }
-        else
-        {
-            Add-Content $Env:GITHUB_OUTPUT "found=false"
-        }
-
-    - name: 'Install yq - Windows-ish'
-      if: runner.os == 'Windows' && (steps.yq-check-windows.outputs.found == 'false' || inputs.force == 'true')
-      shell: powershell
-      env:
-        DL_COMPRESSED: "${{ inputs.download-compressed == 'true' }}"
-        YQ_VERSION: '${{ inputs.version }}'
-      run: '& $Env:GITHUB_ACTION_PATH\scripts\windowsish.ps1'

package/.github/actions/install-yq/scripts/unixish.sh

@@ -1,112 +0,0 @@
-#!/usr/bin/env bash
-
-set -euo pipefail
-
-echo '::group::Prep'
-
-# validate input and prepare some vars
-
-_base_url='https://github.com/mikefarah/yq/releases/download'
-
-_os=
-_arch=
-
-_root_name=
-_dl_name=
-_dl_path=
-_dl_url=
-
-case $RUNNER_OS in
-  Linux)
-    _os='linux'
-    ;;
-  macOS)
-    _os='darwin'
-    ;;
-
-  *)
-    echo "Cannot handle OS of type $RUNNER_OS"
-    echo "Expected one of: [ Linux macOS ]"
-    exit 1
-    ;;
-esac
-
-case $RUNNER_ARCH in
-  'X86')
-    _arch='386'
-    ;;
-  'X64')
-    _arch='amd64'
-    ;;
-  'ARM')
-    _arch='arm'
-    ;;
-  'ARM64')
-    _arch='arm64'
-    ;;
-
-  *)
-    echo "Cannot handle arch of type $RUNNER_ARCH"
-    echo "Expected one of: [ X86 X64 ARM ARM64 ]"
-    exit 1
-    ;;
-esac
-
-_root_name="yq_${_os}_${_arch}"
-
-echo "Creating temporary directory $RUNNER_TEMP/${_root_name}"
-mkdir -p "$RUNNER_TEMP/${_root_name}"
-
-if [[ $DL_COMPRESSED == 'true' ]]; then
-  _dl_name="${_root_name}.tar.gz"
-  _dl_path="$RUNNER_TEMP/${_dl_name}"
-else
-  _dl_name="${_root_name}"
-  _dl_path="$RUNNER_TEMP/${_root_name}/${_dl_name}"
-fi
-
-# default to _something_...
-_version="${YQ_VERSION}"
-
-if [ -z "${YQ_VERSION}" ]; then
-  _version='v4.44.3'
-fi
-
-_dl_url="${_base_url}/${_version}/${_dl_name}"
-
-echo '::endgroup::'
-
-echo "::group::Downloading yq ${_version}"
-
-echo "Src: ${_dl_url}"
-echo "Dst: ${_dl_path}"
-
-curl -L "${_dl_url}" -o "${_dl_path}"
-
-echo '::endgroup::'
-
-if [[ $DL_COMPRESSED == 'true' ]]; then
-  echo '::group::Expanding archive'
-  tar -xzv -C "$RUNNER_TEMP/${_root_name}" -f "${_dl_path}"
-  echo "Removing ${_dl_path}"
-  rm -rf "${_dl_path}"
-  echo '::endgroup::'
-fi
-
-echo '::group::Copying to tool cache'
-
-echo "Creating tool cache directory $RUNNER_TOOL_CACHE/yq"
-mkdir -p "$RUNNER_TOOL_CACHE/yq"
-
-echo "Installing into tool cache:"
-echo "Src: $RUNNER_TEMP/${_root_name}/${_root_name}"
-echo "Dst: $RUNNER_TOOL_CACHE/yq/yq"
-mv "$RUNNER_TEMP/${_root_name}/${_root_name}" "$RUNNER_TOOL_CACHE/yq/yq"
-
-echo "Removing $RUNNER_TEMP/${_root_name}"
-rm -rf "$RUNNER_TEMP/${_root_name}"
-
-echo "Adding $RUNNER_TOOL_CACHE/yq to path..."
-echo "$RUNNER_TOOL_CACHE/yq" >> $GITHUB_PATH
-
-echo '::endgroup::'

package/.github/actions/install-yq/scripts/windowsish.ps1

@@ -1,99 +0,0 @@
-$ErrorActionPreference = 'Stop'
-Set-StrictMode -Version Latest
-
-Write-Host "::group::Prep"
-
-# validate input and prepare some vars
-
-switch ($Env:RUNNER_ARCH)
-{
-    "X86" {
-        $_arch = "386"
-    }
-    "X64" {
-        $_arch = "amd64"
-    }
-    default {
-        Write-Host "Cannot handle arch of type $Env:RUNNER_ARCH"
-        Write-Host "Expected one of: [ X86 X64 ]"
-        exit 1
-    }
-}
-
-$_base_url = "https://github.com/mikefarah/yq/releases/download"
-
-$_root_name = "yq_windows_${_arch}"
-$_bin_name = "${_root_name}.exe"
-
-Write-Host "Creating temporary directory $Env:RUNNER_TEMP\${_root_name}\"
-New-Item "$Env:RUNNER_TEMP\${_root_name}\" -ItemType Directory -Force
-
-if ($Env:DL_COMPRESSED -eq "true")
-{
-    $_dl_name = "${_root_name}.zip"
-    $_dl_path = "$Env:RUNNER_TEMP\${_dl_name}"
-}
-else
-{
-    $_dl_name = "${_bin_name}"
-    $_dl_path = "$Env:RUNNER_TEMP\${_root_name}\${_dl_name}"
-    Write-Host "Creating temporary directory $Env:RUNNER_TEMP\${_root_name}\"
-    New-Item "$Env:RUNNER_TEMP\${_root_name}\" -ItemType Directory -Force
-}
-
-$_version = "$Env:YQ_VERSION"
-
-# default to _something_...
-if ($_version -eq "")
-{
-    $_version = "v4.44.3"
-}
-
-$_dl_url = "${_base_url}/${_version}/${_dl_name}"
-
-Write-Host "::endgroup::"
-
-# download artifact
-
-Write-Host "::group::Downloading yq ${_version}"
-
-Write-Host "Src: ${_dl_url}"
-Write-Host "Dst: ${_dl_path}"
-
-Invoke-WebRequest -Uri "${_dl_url}" -OutFile "${_dl_path}"
-
-Write-Host "::endgroup::"
-
-# expand archive, if necessary
-
-if ($Env:DL_COMPRESSED -eq "true")
-{
-    Write-Host "::group::Expanding archive"
-
-    Expand-Archive -LiteralPath "${_dl_path}" -DestinationPath "$Env:RUNNER_TEMP\${_root_name}\"
-
-    Write-Host "Removing ${_dl_path}"
-    Remove-Item -Force -Path "${_dl_path}"
-
-    Write-Host "::endgroup::"
-}
-
-# install into tool cache
-
-Write-Host "::group::Copying to tool cache"
-
-Write-Host "Creating tool cache directory $Env:RUNNER_TOOL_CACHE\yq\"
-New-Item "$Env:RUNNER_TOOL_CACHE\yq\" -ItemType Directory -Force
-
-Write-Host "Installing into tool cache:"
-Write-Host "Src: $Env:RUNNER_TEMP\${_root_name}\${_bin_name}"
-Write-Host "Dst: $Env:RUNNER_TOOL_CACHE\yq\yq.exe"
-Move-Item -Force -LiteralPath "$Env:RUNNER_TEMP\${_root_name}\${_bin_name}" -Destination "$Env:RUNNER_TOOL_CACHE\yq\yq.exe"
-
-Write-Host "Removing $Env:RUNNER_TEMP\${_root_name}"
-Remove-Item -Force -Recurse -Path "$Env:RUNNER_TEMP\${_root_name}"
-
-Write-Host "Adding $Env:RUNNER_TOOL_CACHE\yq\ to path..."
-Add-Content "$Env:GITHUB_PATH" "$Env:RUNNER_TOOL_CACHE\yq\"
-
-Write-Host "::endgroup::"

package/.github/actions/jobtaker/action.yml

@@ -1,29 +0,0 @@
-name: 'Jobtaker Review'
-description: 'Runs Claude Code jobtaker with provided config'
-inputs:
-  config:
-    description: 'JSON config from rust-config action'
-    required: true
-  anthropic_api_key:
-    description: 'Anthropic API key'
-    required: true
-
-runs:
-  using: 'composite'
-  steps:
-    - name: jobtaker
-      if: ${{ fromJSON(inputs.config).ai.enabled }}
-      uses: anthropics/claude-code-action@v1
-      with:
-        anthropic_api_key: ${{ inputs.anthropic_api_key }}
-        trigger_phrase: '@jobtaker'
-        allowed_bots: ${{ fromJSON(inputs.config).ai.allowed_bots }}
-        prompt_file: claude-prompt.md
-        claude_args: ${{ fromJSON(inputs.config).ai.claude_args }}
-        use_sticky_comment: ${{ fromJSON(inputs.config).ai.use_sticky_comment }}
-        track_progress: "${{ fromJSON(inputs.config).ai.track_progress }}"
-        path_to_claude_code_executable: ''
-        path_to_bun_executable: ''
-        show_full_output: 'false'
-        plugins: ''
-        plugin_marketplaces: ''

package/.github/actions/rust-config/action.yml

@@ -1,34 +0,0 @@
-name: Rust CI Config
-description: Merge Rust CI Config
-inputs:
-  git_token:
-    description: 'Token to authenticate for git'
-    required: false
-  arm64:
-    default: "ubicloud-standard-8-arm"
-    required: false
-  amd64:
-    default: "ubicloud-standard-4"
-    required: false
-outputs:
-  config:
-    description: 'Configuration JSON output'
-    value: ${{ steps.config.outputs.config }}
-runs:
-  using: composite
-  steps:
-    - name: Checkout code
-      uses: actions/checkout@v6
-      with:
-        token: ${{ inputs.git_token || github.token }}
-    - name: generate
-      id: generate
-      uses: dougefresh/ci@main
-    - name: replace runners
-      id: config
-      shell: bash
-      run: |
-        CONFIG="$(echo '${{ steps.generate.outputs.config }}' | sed \
-            -e 's/vars.RUNNER_ARM64/${{ inputs.arm64 }}/g' \
-            -e 's/vars.RUNNER_AMD64/${{ inputs.amd64 }}/g')"
-        echo "config=$CONFIG" >> $GITHUB_OUTPUT

package/.github/actions/rust-init/action.yml

@@ -1,75 +0,0 @@
-name: Rust Init
-description: Initialize a Rust project with a basic structure and dependencies.
-inputs:
-  git_token:
-    description: 'Token to authenticate for git'
-    required: false
-  packages:
-    description: 'Packages to install per OS, see .github/ci-configs/rust-default.yml'
-    required: false
-    default: ''
-  ref:
-    description: 'Ref to checkout'
-    required: false
-    default: ''
-runs:
-  using: composite
-  steps:
-    - name: Checkout code
-      uses: actions/checkout@v6
-      with:
-        token: ${{ inputs.git_token || github.token }}
-        ref: ${{ inputs.ref }}
-    - name: cache
-      uses: ubicloud/rust-cache@v2
-      with:
-        cache-on-failure: 'true'
-    - uses: actions-rust-lang/setup-rust-toolchain@v1
-      with:
-        toolchain: stable,nightly
-        components: rustfmt,clippy
-    # - name: Install nightyly
-    #   id: toolchain-nightly
-    #   uses: dtolnay/rust-toolchain@nightly
-    #   with:
-    #     components: "rustfmt,clippy"
-    # - name: Install stable
-    #   id: toolchain-stable
-    #   shell: bash
-    #   run: |
-    #     rustup toolchain install stable --component clippy --profile minimal --no-self-update
-    #     rustup default stable
-    #     echo "name=stable" >> $GITHUB_OUTPUT
-    - name: Debug versions
-      shell: bash
-      run: |
-        cargo +nightly --version
-        cargo +stable --version
-
-    - name: packages
-      shell: bash
-      if: ${{ inputs.packages }}
-      run: |
-        set -x
-        packages=""
-        case $RUNNER_OS in
-          Linux)
-            packages="${{ fromJSON(inputs.packages).Linux }}"
-            ;;
-          macOS)
-            packages="${{ fromJSON(inputs.packages).macOS }}"
-            ;;
-          *)
-            echo "Cannot handle OS of type $RUNNER_OS"
-            echo "Expected one of: [ Linux macOS ]"
-            exit 0
-            ;;
-        esac
-
-        if [ -z "$packages" ]; then
-          echo "No packages to install"
-          exit 0
-        fi
-
-        echo "Installing packages: $packages"
-        sudo $packages

package/.github/additional-prompt.md

@@ -1,62 +0,0 @@
-# Configuration Validation
-
-Before performing code review, validate your environment and permissions:
-
-## Tool Access
-
-Verify you can execute these commands:
-- `cargo check` / `cargo test` / `cargo clippy`
-- `bun run build` / `bun test`
-- `tsgo` (TypeScript compiler wrapper)
-
-If any tool fails, note it in your review.
-
-## Permission Audit
-
-Examine `claude_args` in `./src/defaults.ts` (variable: `DEFAULT_AI`):
-
-1. **Tool allowlist**: Verify the comma-separated list is syntactically correct
-2. **Security review**: Assess each allowed tool pattern for potential abuse:
-   - `Bash(*)` patterns: What commands could be chained?
-   - `mcp__github_inline_comment__*`: What GitHub API access is granted?
-   - File system access: Can sensitive files be read/modified?
-
-3. **Risk assessment**: For each concern, provide:
-   - Attack vector example
-   - Likelihood (high/medium/low)
-   - Mitigation suggestion
-
-Only flag **high likelihood** issues as blocking. Document medium/low risks for awareness.
-
-## Configuration Sync
-
-Compare workflow inputs in `.github/workflows/pr-review.yml` against `DEFAULT_AI` schema:
-- Are all `fromJSON(needs.config.outputs.config).ai.*` fields defined in `DEFAULT_AI`?
-- Do boolean/string types match between workflow and TypeScript?
-
-Report mismatches as configuration bugs.
-
-## User Config Validation
-
-If `.github/rust-ci.ts` exists, validate it:
-
-1. **Syntax**: Does it export a default function returning a `RustWorkflow`?
-2. **Logic**: Check for contradictions:
-   - Jobs disabled but referenced in other configs
-   - Empty matrices (no OS/toolchains/features)
-   - Invalid arch values (not in `Arch` enum)
-3. **Workflow impact**: What jobs will actually run? Flag if all jobs are disabled.
-
-## Workflow Integrity
-
-Validate `.github/workflows/pr-review.yml`:
-
-1. **Job dependencies**: Does `needs: [config]` chain correctly? Are outputs referenced before they exist?
-2. **Conditional logic**: Do all `if:` conditions reference valid event properties?
-3. **Secret validation**: Is `ANTHROPIC_API_KEY` checked before use?
-4. **Action versions**: Are pinned versions used (`@v1`, `@main`)? Flag unpinned refs.
-5. **Runner variables**: Are `vars.RUNNER*` placeholders resolved by the config action?
-6. **Input/output flow**: Trace `config.outputs.config` → `fromJSON()` → action inputs. Are all paths valid JSON?
-
-Flag any broken references, missing dependencies, or unreachable code paths.
-

package/.github/ci-configs/dummy.yml

@@ -1,24 +0,0 @@
-'$schema': https://github.com/CarteraMesh/ci/raw/refs/heads/main/schemas/rust-ci-config.schema.json
-
-release:
-  cargo-publish: false
-  debian: false
-  profile: release
-  bin: dummy
-  os:
-    - target: 'aarch64-unknown-linux-gnu'
-      os: 'ubicloud-standard-8-arm64'
-
-jobs:
-  semver:
-    if: false
-    continue-on-error: true
-  extra:
-    if: true
-    continue-on-error: false
-    name: extra-dummy
-    run: echo "Running extra job"
-
-pages:
-  mdbook:
-    if: true

package/.github/ci-configs/rust/ai.yml

@@ -1,65 +0,0 @@
-ai:
-  enabled: true
-  allowed_bots: '*'
-  claude_args: ''
-  use_sticky_comment: false
-  track_progress: true
-  prompt: |
-    Perform a comprehensive code review with the following focus areas:
-    Provide detailed feedback using inline comments for ONLY issues, no praise inline comments.
-    Use top-level comments for general observations or praise
-    Do not be shy, I am a big boy and can handle criticism gracefully. I welcome feedback and suggestions.
-
-    Review this PR against our team checklist:
-
-    ## Code Quality
-    - [ ] Code follows our style guide
-    - [ ] No commented-out code
-    - [ ] Meaningful variable names
-    - [ ] DRY principle followed
-
-    ## Testing
-    - [ ] Unit tests for new functions
-    - [ ] Integration tests for new endpoints
-    - [ ] Edge cases covered
-    - [ ] Test coverage > 80%
-
-    ## Documentation
-    - [ ] README updated if needed
-    - [ ] API docs updated
-    - [ ] Inline comments for complex logic
-    - [ ] CHANGELOG.md updated
-
-    ## Security
-    - [ ] No hardcoded credentials
-    - [ ] Input validation implemented
-    - [ ] Proper error handling
-    - [ ] No sensitive data in logs
-
-    For each item, check if it is satisfied and comment on any that need attention.
-    Post a summary comment with checklist results.
-  # https://code.claude.com/docs/en/settings
-  # https://www.schemastore.org/claude-code-settings.json
-  settings:
-    attribution:
-      commit: 'Generated with JobsTaker'
-      pr: ''
-    permissions:
-      allow:
-        - mcp__github_inline_comment__create_inline_comment,
-        - Bash(gh pr comment:*),
-        - Bash(gh pr diff:*),
-        - Bash(gh pr view:*),
-        - Bash(grep .*),
-        - Bash(rg .*),
-        - Bash(npm run lint)
-        - Bash(npm run test:*)
-        - Bash(cargo .*)
-      deny:
-        - Bash(cargo publis.*)
-        #   - Read(./.env)
-        #   - Read(./.env.*)
-        #   - Read(./secrets/**)
-    env:
-      CLAUDE_CODE_ENABLE_TELEMETRY: '0'
-      OTEL_METRICS_EXPORTER: otlp

package/.github/ci-configs/rust-default.yml

@@ -1,115 +0,0 @@
-global:
-  # to match $RUNNER_OS
-  packages:
-    Linux: ''
-    macOS: ''
-    Windows: ''
-  toolchains:
-    - stable
-    - nightly
-  features:
-    - default
-  rustlog: info
-  fireblocks:
-    enabled: false
-    set-env-vars: true
-
-pages:
-  mdbook:
-    if: false
-    path: docs
-    version: latest
-    command: mdbook build
-
-release:
-  cargo-publish: true # release to cargo, otherwise just tag
-  debian: false
-  profile: 'release'
-  os:
-    - target: aarch64-unknown-linux-gnu
-      os: ubicloud-standard-8-arm
-    - target: x86_64-unknown-linux-gnu
-      os: ubicloud-standard-4
-    - target: aarch64-apple-darwin
-      os: macos-latest
-#    - target: x86_64-pc-windows-msvc
-#      os: windows-latest
-jobs:
-  coverage:
-    if: true
-    continue-on-error: false
-    args:
-      test: ''
-      llvm: ''
-    run: |
-      cmd="cargo llvm-cov ${LLVM_ARGS} --locked --lcov --output-path lcov-${FEATURES}.info --no-fail-fast"
-      if [ "$FEATURES" == "default" ]; then
-        $cmd -- --no-capture $CARGO_ARGS
-      else
-        $cmd --features "$FEATURES" -- --no-capture $CARGO_ARGS
-      fi
-    matrix:
-      os: []
-      toolchains:
-        - stable
-      features:
-        - default
-  fmt:
-    if: true
-    continue-on-error: false
-    run: cargo +nightly fmt --check --all
-  clippy:
-    if: true
-    continue-on-error: false
-    flags: ''
-    matrix:
-      os: []
-      toolchains:
-        - stable
-      features:
-        - default
-
-  semver:
-    if: true
-    continue-on-error: false
-  hack:
-    if: true
-    continue-on-error: false
-    run: cargo hack --feature-powerset check
-  doc:
-    if: true
-    continue-on-error: false
-    run: cargo +nightly docs-rs
-
-  cargo-sort:
-    if: true
-    continue-on-error: false
-    run: |
-      if [ -f ./scripts/cargo-sort.sh ]; then
-        ./scripts/cargo-sort.sh
-      else
-        cargo sort -c -g
-      fi
-  dependencies:
-    if: true
-    continue-on-error: false
-    run: cargo machete --with-metadata
-
-  sanitizers:
-    enabled: true
-    matrix:
-      os: []
-      features:
-        - default
-    address:
-      if: true
-      continue-on-error: false
-      run: cargo test --lib --tests --no-fail-fast --target x86_64-unknown-linux-gnu -- --no-capture
-    leak:
-      if: true
-      continue-on-error: false
-      run: cargo test --target x86_64-unknown-linux-gnu  -- --no-capture
-    thread:
-      if: false
-      continue-on-error: false
-      run: cargo test --target x86_64-unknown-linux-gnu -- --test-threads=1