@invarn/cibuild 1.0.0 → 1.2.3

package/README.dev.md

@@ -0,0 +1,141 @@
+# cibuild
+
+Lightweight CI/CD pipeline runner for Android and iOS projects. Run your pipelines locally or on a remote runner using a simple YAML format.
+
+## Install
+
+```bash
+brew tap invarnhq/cibuild
+brew install cibuild
+```
+
+This installs two commands: `ci` and `cibuild` (both identical).
+
+## Getting Started
+
+There are three ways to set up a pipeline in your project:
+
+### 1. Create (recommended)
+
+Auto-detects your platform (iOS/Android), picks recommended build settings, and collects secrets from disk — fully non-interactive:
+
+```bash
+ci init --create
+```
+
+### 2. Interactive
+
+Walk through an interactive wizard to choose between creating or importing a pipeline:
+
+```bash
+ci init
+```
+
+### 3. Import
+
+Import an existing YAML pipeline file into your project:
+
+```bash
+ci init --import path/to/pipeline.yml
+```
+
+All three methods scaffold the `.ci/pipelines/` directory, validate dependencies, and add runtime files to `.gitignore`.
+
+For the full pipeline YAML format, step catalog, and examples, see [SPEC.md](SPEC.md).
+
+## Commands
+
+```bash
+ci init                                         # Interactive setup wizard
+ci init --create                                # Auto-create pipeline (non-interactive)
+ci init --import <path>                         # Import YAML pipeline (non-interactive)
+ci build                                        # Generate a standard pipeline for the current project
+ci run <path> [-w <name>]                       # Run locally (development mode)
+ci run <path> [-w <name>] --production          # Run on remote runner (production)
+ci run <path> [-w <name>] --validate-only       # Validate only, don't execute
+ci run <path> [-w <name>] --skip-validation     # Skip validation, run with interactive prompts
+ci validate <path> [-w <name>]                  # Validate pipeline (alias for --validate-only)
+ci detect-platform <path> [-w <name>]           # Detect platform from YAML pipeline
+ci edit <path> [-w <name>]                      # View pipeline and edit step inputs
+ci secrets add <var_name> <path> [-w <name>]    # Add a secret (prompted interactively)
+ci --help                                       # Show help
+```
+
+## Supported Formats
+
+- `.yml` / `.yaml` — YAML pipeline files
+- `.ts` — TypeScript pipeline files
+
+---
+
+## Development
+
+### Prerequisites
+
+- Node.js 20+
+- npm
+
+### Setup
+
+```bash
+npm install
+```
+
+### Build (development)
+
+Compiles TypeScript via `tsc` into `dist/src/`:
+
+```bash
+npm run build
+```
+
+### Watch mode
+
+```bash
+npm run dev
+```
+
+### Tests
+
+```bash
+npm test
+```
+
+---
+
+## Release Builds
+
+Two independent build pipelines exist depending on the distribution target.
+
+### Homebrew (native binary)
+
+Bundles with esbuild, then compiles to a standalone macOS binary via `pkg`. No obfuscation — `pkg` embeds the JS inside the binary, which already protects the source. Obfuscation is intentionally skipped here because it encodes `require()` string arguments, breaking `pkg`'s static analysis.
+
+```bash
+npm run release
+# Outputs:
+#   dist/cibuild-macos-arm64.tar.gz
+#   dist/cibuild-macos-x64.tar.gz
+```
+
+### npm (obfuscated JS)
+
+Bundles with esbuild, then obfuscates with `javascript-obfuscator` (base64 string encoding). Produces a single self-contained `.cjs` file.
+
+```bash
+npm run build:npm
+# Outputs:
+#   dist/cli.cjs  (minified + string-obfuscated)
+```
+
+### Releasing a new version
+
+Tagging and pushing a version tag triggers the GitHub Actions release workflow, which:
+1. Runs `npm run release` to build both macOS binaries
+2. Creates a release on `invarnhq/cibuild` with the binaries attached
+3. Auto-updates `Formula/cibuild.rb` in the public tap repo with the new version and SHA256 checksums
+
+```bash
+git tag v1.0.0
+git push origin v1.0.0
+```

package/README.md

@@ -1,141 +1,154 @@
 # cibuild
 
-Lightweight CI/CD pipeline runner for Android and iOS projects. Run your pipelines locally or on a remote runner using a simple YAML format.
+Lightweight CI/CD pipeline runner for Android and iOS projects. Define pipelines in YAML, run them locally or on a remote runner.
 
 ## Install
 
 ```bash
-brew tap invarnhq/cibuild
-brew install cibuild
+npm install -g @invarn/cibuild
 ```
 
-This installs two commands: `ci` and `cibuild` (both identical).
+This installs two identical commands: `ci` and `cibuild`.
 
-## Getting Started
-
-There are three ways to set up a pipeline in your project:
+## GitHub Actions
 
-### 1. Create (recommended)
+Use cibuild directly in your GitHub Actions workflows:
 
-Auto-detects your platform (iOS/Android), picks recommended build settings, and collects secrets from disk — fully non-interactive:
+```yaml
+name: CI
+on: [push, pull_request]
 
-```bash
-ci init --create
+jobs:
+  build:
+    runs-on: macos-latest
+    environment: cibuild
+    steps:
+      - uses: actions/checkout@v4
+      - uses: invarnhq/cibuild@v1
+        with:
+          workflow: release
 ```
 
-### 2. Interactive
+### Action Inputs
 
-Walk through an interactive wizard to choose between creating or importing a pipeline:
-
-```bash
-ci init
-```
+| Input | Required | Default | Description |
+|---|---|---|---|
+| `pipeline` | No | Auto-discover | Path to pipeline YAML file |
+| `workflow` | No | First workflow | Workflow name within the pipeline |
+| `version` | No | `latest` | cibuild version to install |
 
-### 3. Import
+### Secrets in GitHub Actions
 
-Import an existing YAML pipeline file into your project:
+Upload your local secrets to a GitHub Environment, then reference them in your workflow:
 
 ```bash
-ci init --import path/to/pipeline.yml
+ci secrets upload --env cibuild
 ```
 
-All three methods scaffold the `.ci/pipelines/` directory, validate dependencies, and add runtime files to `.gitignore`.
-
-For the full pipeline YAML format, step catalog, and examples, see [SPEC.md](SPEC.md).
-
-## Commands
-
-```bash
-ci init                                         # Interactive setup wizard
-ci init --create                                # Auto-create pipeline (non-interactive)
-ci init --import <path>                         # Import YAML pipeline (non-interactive)
-ci build                                        # Generate a standard pipeline for the current project
-ci run <path> [-w <name>]                       # Run locally (development mode)
-ci run <path> [-w <name>] --production          # Run on remote runner (production)
-ci run <path> [-w <name>] --validate-only       # Validate only, don't execute
-ci run <path> [-w <name>] --skip-validation     # Skip validation, run with interactive prompts
-ci validate <path> [-w <name>]                  # Validate pipeline (alias for --validate-only)
-ci detect-platform <path> [-w <name>]           # Detect platform from YAML pipeline
-ci edit <path> [-w <name>]                      # View pipeline and edit step inputs
-ci secrets add <var_name> <path> [-w <name>]    # Add a secret (prompted interactively)
-ci --help                                       # Show help
+```yaml
+jobs:
+  build:
+    runs-on: macos-latest
+    environment: cibuild
+    env:
+      CIBUILD_S__SLACK_WEBHOOK: ${{ secrets.CIBUILD_S__SLACK_WEBHOOK }}
+      CIBUILD_SW__RELEASE__KEYSTORE_PASS: ${{ secrets.CIBUILD_SW__RELEASE__KEYSTORE_PASS }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: invarnhq/cibuild@v1
+        with:
+          workflow: release
 ```
 
-## Supported Formats
-
-- `.yml` / `.yaml` — YAML pipeline files
-- `.ts` — TypeScript pipeline files
+The action automatically maps GitHub context to cibuild environment variables (`GIT_BRANCH`, `GIT_COMMIT`, `BUILD_NUMBER`, `BUILD_URL`).
 
----
-
-## Development
-
-### Prerequisites
+## Getting Started
 
-- Node.js 20+
-- npm
+### Option 1. Auto-create (recommended)
 
-### Setup
+From your project root, let cibuild scan the project and generate a pipeline with recommended defaults:
 
 ```bash
-npm install
+ci init --create
 ```
 
-### Build (development)
+This auto-detects the platform (iOS/Android), configures build settings, and collects secrets from disk — fully non-interactive, works with AI agents and scripts.
 
-Compiles TypeScript via `tsc` into `dist/src/`:
-
-```bash
-npm run build
-```
+### Option 2. Interactive wizard
 
-### Watch mode
+Walk through prompts to configure your pipeline step by step:
 
 ```bash
-npm run dev
+ci init
 ```
 
-### Tests
+### Option 3. Import existing pipeline
+
+If you already have a pipeline YAML file:
 
 ```bash
-npm test
+ci init --import path/to/pipeline.yml
 ```
 
----
+All three methods scaffold the `.ci/pipelines/` directory, validate dependencies, and set up `.gitignore`.
+
+### Customize
 
-## Release Builds
+cibuild works best when you start with `ci init --create` and build on top of the generated pipeline. The full pipeline format, step catalog, and customization rules are in the spec.
 
-Two independent build pipelines exist depending on the distribution target.
+Tell your AI coding agent:
 
-### Homebrew (native binary)
+> Set up and customize CI/CD pipelines for this project using cibuild according to the following spec: https://github.com/invarnhq/cibuild/blob/main/SPEC.md
 
-Bundles with esbuild, then compiles to a standalone macOS binary via `pkg`. No obfuscation — `pkg` embeds the JS inside the binary, which already protects the source. Obfuscation is intentionally skipped here because it encodes `require()` string arguments, breaking `pkg`'s static analysis.
+### Run
 
 ```bash
-npm run release
-# Outputs:
-#   dist/cibuild-macos-arm64.tar.gz
-#   dist/cibuild-macos-x64.tar.gz
+ci run                                         # Run the default pipeline
+ci run .ci/pipelines/cibuild.yml -w release    # Run a specific workflow
 ```
 
-### npm (obfuscated JS)
+## Commands
 
-Bundles with esbuild, then obfuscates with `javascript-obfuscator` (base64 string encoding). Produces a single self-contained `.cjs` file.
+| Command | Description |
+|---|---|
+| `ci init` | Interactive setup wizard |
+| `ci init --create` | Auto-create pipeline (non-interactive) |
+| `ci init --import <path>` | Import YAML pipeline (non-interactive) |
+| `ci build` | Generate a standard pipeline for the current project |
+| `ci run <path> [-w <name>]` | Run pipeline locally (development mode) |
+| `ci run <path> [-w <name>] --production` | Run on remote runner (production) |
+| `ci run <path> [-w <name>] --validate-only` | Validate only, don't execute |
+| `ci run <path> [-w <name>] --skip-validation` | Skip validation, run with interactive prompts |
+| `ci validate <path> [-w <name>]` | Validate pipeline (alias for --validate-only) |
+| `ci detect-platform <path> [-w <name>]` | Detect platform from YAML pipeline |
+| `ci edit <path> [-w <name>]` | View pipeline and edit step inputs |
+| `ci secrets add <var> <path> [-w <name>]` | Add a secret (prompted interactively) |
+| `ci secrets add <var> <path> --file <file>` | Add a secret from a file |
+| `ci --help` | Show help |
+
+### Options
+
+| Flag | Description |
+|---|---|
+| `-w, --workflow <name>` | Select a workflow (YAML pipelines only, defaults to first) |
+| `--production` | Execute on remote runner after validation (vs local) |
+| `--validate-only` | Run validation only, don't execute pipeline |
+| `--skip-validation` | Skip pre-execution validation (for development) |
+
+## Secrets
+
+Secrets are stored locally in `.cibuild-secrets.json` and never committed.
 
 ```bash
-npm run build:npm
-# Outputs:
-#   dist/cli.cjs  (minified + string-obfuscated)
+ci secrets add KEYSTORE_PASSWORD pipeline.yml
+ci secrets add KEYSTORE_BASE64 pipeline.yml --file release.keystore
+ci secrets add SLACK_WEBHOOK pipeline.yml -w release
 ```
 
-### Releasing a new version
+## Requirements
 
-Tagging and pushing a version tag triggers the GitHub Actions release workflow, which:
-1. Runs `npm run release` to build both macOS binaries
-2. Creates a release on `invarnhq/cibuild` with the binaries attached
-3. Auto-updates `Formula/cibuild.rb` in the public tap repo with the new version and SHA256 checksums
+- macOS or Linux (Node.js 18+ for npm install)
+- Android projects: JDK, Android SDK
+- iOS projects: macOS with Xcode (CocoaPods optional)
 
-```bash
-git tag v1.0.0
-git push origin v1.0.0
-```
+Run `ci init` from your project root to check all dependencies automatically.