@rtrentjones/greenlight 0.2.6 → 0.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/assets/skills/provider-github/SKILL.md +3 -2
  2. package/dist/bin.js +20 -10
  3. package/dist/{chunk-XBDQJVAX.js → chunk-ADS6BJJ5.js} +4 -1
  4. package/dist/{chunk-LM6M3DIV.js → chunk-VONSDNH4.js} +1 -1
  5. package/dist/index.js +2 -2
  6. package/dist/{mcp-KU7WKB5K.js → mcp-3L6HJ6BH.js} +1 -1
  7. package/package.json +1 -1
package/assets/skills/provider-github/SKILL.md CHANGED
@@ -25,8 +25,9 @@ pushes each to the right repo; see docs/provider-tokens.md):
25
25
 
26
26
  - **`GREENLIGHT_DISPATCH_TOKEN`** — on the **tool** repo, scoped **Contents: write** on the
27
27
  **wrapper** → the tool's build fires `repository_dispatch` so the wrapper deploys.
28
- - **`GREENLIGHT_STATUS_TOKEN`** — on the **wrapper** repo, scoped **Commit statuses: write** on the
29
- **tool** → the wrapper posts deploy/verify status back to the tool's commit.
28
+ - **`GREENLIGHT_STATUS_TOKEN_<TOOL>`** — on the **wrapper** repo, scoped **Commit statuses: write**
29
+ on the **tool** → the wrapper posts deploy/verify status back to the tool's commit. **Per-tool
30
+ suffix** (e.g. `…_BAMCP`) because it lives on the shared wrapper alongside other tools' tokens.
30
31
 
31
32
  Provider creds (OCI/Cloudflare/…) live **only in the wrapper**; the tool repo holds just the
32
33
  dispatch PAT (its build pushes to GHCR with the built-in `github.token`).
package/dist/bin.js CHANGED
@@ -5,8 +5,8 @@ import {
5
5
  loadConfig,
6
6
  resolveUrl,
7
7
  verifyAll
8
- } from "./chunk-LM6M3DIV.js";
9
- import "./chunk-XBDQJVAX.js";
8
+ } from "./chunk-VONSDNH4.js";
9
+ import "./chunk-ADS6BJJ5.js";
10
10
  import "./chunk-WFZTRXBF.js";
11
11
  import "./chunk-KP3Y6WRU.js";
12
12
  import "./chunk-UXHHLEYO.js";
@@ -351,9 +351,12 @@ var PACKS = [
351
351
  setupUrl: "https://github.com/settings/personal-access-tokens/new"
352
352
  },
353
353
  {
354
+ // Stored on the shared wrapper, scoped to THIS tool's repo → per-tool name
355
+ // (GREENLIGHT_STATUS_TOKEN_<TOOL>) so multiple tools' status tokens don't collide.
354
356
  envVar: "GREENLIGHT_STATUS_TOKEN",
355
- label: "GitHub PAT, Commits:write on the TOOL (WRAPPER posts deploy status back)",
357
+ label: "GitHub PAT, Commit statuses:write on the TOOL (WRAPPER posts deploy status back)",
356
358
  optional: true,
359
+ perTool: true,
357
360
  setupUrl: "https://github.com/settings/personal-access-tokens/new"
358
361
  }
359
362
  ],
@@ -387,7 +390,7 @@ function tokensForTool(tool) {
387
390
  }
388
391
 
389
392
  // src/version.ts
390
- var MODULE_REF = "v0.2.6";
393
+ var MODULE_REF = "v0.2.7";
391
394
  var MODULE_SOURCE_BASE = "git::https://github.com/RTrentJones/greenlight.git//infra/modules";
392
395
  function moduleSource(module, ref = MODULE_REF) {
393
396
  return `${MODULE_SOURCE_BASE}/${module}?ref=${ref}`;
@@ -797,7 +800,8 @@ async function gatherSecrets(name, repo, env, prefill) {
797
800
  for (const pack of packs) {
798
801
  console.log(`\u2500\u2500 ${pack.name}${pack.setupUrl ? ` \u2192 ${pack.setupUrl}` : ""}`);
799
802
  for (const tok of pack.tokens) {
800
- const key = tok.envVar.toUpperCase();
803
+ const suffix = `_${name.toUpperCase().replace(/-/g, "_")}`;
804
+ const key = tok.envVar.toUpperCase() + (tok.perTool ? suffix : "");
801
805
  if (key === "GITHUB_TOKEN") {
802
806
  console.log(" \xB7 GITHUB_TOKEN \u2014 provided automatically by Actions; skipping");
803
807
  continue;
@@ -1317,13 +1321,13 @@ concurrency:
1317
1321
 
1318
1322
  jobs:
1319
1323
  build:
1320
- runs-on: ubuntu-latest
1324
+ # Native arm64 runner \u2014 builds the arm64 image directly (no QEMU emulation, much faster).
1325
+ runs-on: ubuntu-24.04-arm
1321
1326
  steps:
1322
1327
  - uses: actions/checkout@v4
1323
1328
  - name: Resolve image ref (GHCR namespaces are lowercase)
1324
1329
  id: img
1325
- run: echo "ref=ghcr.io/\${GITHUB_REPOSITORY_OWNER,,}/${name}:prod" >> "$GITHUB_OUTPUT"
1326
- - uses: docker/setup-qemu-action@v3
1330
+ run: echo "base=ghcr.io/\${GITHUB_REPOSITORY_OWNER,,}/${name}" >> "$GITHUB_OUTPUT"
1327
1331
  - uses: docker/setup-buildx-action@v3
1328
1332
  - uses: docker/login-action@v3
1329
1333
  with:
@@ -1335,7 +1339,12 @@ jobs:
1335
1339
  context: .
1336
1340
  platforms: linux/arm64
1337
1341
  push: true
1338
- tags: \${{ steps.img.outputs.ref }}
1342
+ # :prod is the moving deploy tag; :<sha> is immutable (rollback + deploy-identity).
1343
+ tags: |
1344
+ \${{ steps.img.outputs.base }}:prod
1345
+ \${{ steps.img.outputs.base }}:\${{ github.sha }}
1346
+ cache-from: type=gha
1347
+ cache-to: type=gha,mode=max
1339
1348
  - name: Notify wrapper to deploy
1340
1349
  env:
1341
1350
  GH_TOKEN: \${{ secrets.GREENLIGHT_DISPATCH_TOKEN }}
@@ -1402,7 +1411,8 @@ jobs:
1402
1411
  - name: Report status back to ${toolRepo}
1403
1412
  if: \${{ always() && github.event.client_payload.sha != '' }}
1404
1413
  env:
1405
- GH_TOKEN: \${{ secrets.GREENLIGHT_STATUS_TOKEN }}
1414
+ # Per-tool name: the status PAT lives on the shared wrapper, scoped to this tool's repo.
1415
+ GH_TOKEN: \${{ secrets.GREENLIGHT_STATUS_TOKEN_${name.toUpperCase().replace(/-/g, "_")} }}
1406
1416
  run: |
1407
1417
  [ -z "$GH_TOKEN" ] && exit 0
1408
1418
  gh api repos/${toolRepo}/statuses/\${{ github.event.client_payload.sha }} \\
package/dist/{chunk-XBDQJVAX.js → chunk-ADS6BJJ5.js} RENAMED
@@ -9,7 +9,10 @@ import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/
9
9
  async function verifyMcp(baseUrl, spec) {
10
10
  const checks = [];
11
11
  const client = new Client({ name: "greenlight-verify", version: "0.0.0" });
12
- const transport = new StreamableHTTPClientTransport(new URL(baseUrl));
12
+ const transport = new StreamableHTTPClientTransport(
13
+ new URL(baseUrl),
14
+ spec.headers ? { requestInit: { headers: spec.headers } } : void 0
15
+ );
13
16
  try {
14
17
  await client.connect(transport);
15
18
  checks.push({ name: "initialize handshake", pass: true });
package/dist/{chunk-LM6M3DIV.js → chunk-VONSDNH4.js} RENAMED
@@ -229,7 +229,7 @@ async function verify(baseUrl, spec, opts) {
229
229
  case "api":
230
230
  return verifyApi(baseUrl, spec);
231
231
  case "mcp": {
232
- const { verifyMcp: verifyMcp2 } = await import("./mcp-KU7WKB5K.js");
232
+ const { verifyMcp: verifyMcp2 } = await import("./mcp-3L6HJ6BH.js");
233
233
  return verifyMcp2(baseUrl, spec);
234
234
  }
235
235
  case "playwright": {
package/dist/index.js CHANGED
@@ -2,8 +2,8 @@ import {
2
2
  defineConfig,
3
3
  defineVerify,
4
4
  loadConfig
5
- } from "./chunk-LM6M3DIV.js";
6
- import "./chunk-XBDQJVAX.js";
5
+ } from "./chunk-VONSDNH4.js";
6
+ import "./chunk-ADS6BJJ5.js";
7
7
  import "./chunk-WFZTRXBF.js";
8
8
  import "./chunk-KP3Y6WRU.js";
9
9
  import "./chunk-UXHHLEYO.js";
package/dist/{mcp-KU7WKB5K.js → mcp-3L6HJ6BH.js} RENAMED
@@ -1,6 +1,6 @@
1
1
  import {
2
2
  verifyMcp
3
- } from "./chunk-XBDQJVAX.js";
3
+ } from "./chunk-ADS6BJJ5.js";
4
4
  import "./chunk-QFKE5JKC.js";
5
5
  export {
6
6
  verifyMcp
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rtrentjones/greenlight",
3
- "version": "0.2.6",
3
+ "version": "0.2.7",
4
4
  "description": "Greenlight CLI — setup and lifecycle for the harness.",
5
5
  "license": "MIT",
6
6
  "repository": {