pushci 1.7.5 → 1.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/README.md +71 -3
  2. package/bin/pushci-darwin-amd64 +0 -0
  3. package/bin/pushci-darwin-arm64 +0 -0
  4. package/bin/pushci-linux-amd64 +0 -0
  5. package/bin/pushci-linux-arm64 +0 -0
  6. package/bin/pushci-windows-amd64.exe +0 -0
  7. package/bin/pushci-windows-arm64.exe +0 -0
  8. package/package.json +1 -1
package/README.md CHANGED
@@ -1,8 +1,9 @@
1
1
  # PushCI
2
2
 
3
3
  [![npm version](https://img.shields.io/npm/v/pushci.svg)](https://www.npmjs.com/package/pushci)
4
+ [![npm downloads](https://img.shields.io/npm/dm/pushci.svg)](https://www.npmjs.com/package/pushci)
4
5
  [![License: BUSL-1.1](https://img.shields.io/badge/License-BUSL--1.1-blue.svg)](LICENSE)
5
- [![CI](https://github.com/finsavvyai/pushci/actions/workflows/ci.yml/badge.svg)](https://github.com/finsavvyai/pushci/actions/workflows/ci.yml)
6
+ [![Release](https://img.shields.io/github/v/release/finsavvyai/pushci-cli)](https://github.com/finsavvyai/pushci-cli/releases/latest)
6
7
  [![MCP](https://img.shields.io/badge/MCP-compatible-purple.svg)](https://pushci.dev/ai)
7
8
 
8
9
  **Zero-config AI CI/CD. Runs on your machine. Free forever.**
@@ -16,8 +17,22 @@ pushci init # AI detects your stack in 30 seconds
16
17
  git push # tests run automatically
17
18
  ```
18
19
 
19
- <!-- TODO: Add 30-second demo GIF here -->
20
- <!-- ![PushCI Demo](assets/demo.gif) -->
20
+ ```
21
+ $ pushci init
22
+ Detecting stack ........................ Node 20 + Vite + Vitest
23
+ Detecting deploy target ................ Cloudflare Workers (wrangler.toml)
24
+ Writing pushci.yml ..................... 14 lines
25
+ Installing pre-push hook ............... done
26
+
27
+ $ git push
28
+ → running pushci run
29
+ ✓ lint 3.2s
30
+ ✓ test 8.4s
31
+ ✓ build 12.1s
32
+ → 24 commits ahead of origin/main · all checks passed
33
+ ```
34
+
35
+ See it live at <a href="https://pushci.dev">pushci.dev</a> (the terminal in the hero is real, not a render).
21
36
 
22
37
  ## Why PushCI?
23
38
 
@@ -183,6 +198,59 @@ personas:
183
198
  fail: ["Avast, the build hath sunk."]
184
199
  ```
185
200
 
201
+ ## Secrets
202
+
203
+ PushCI resolves secret references inline in `pushci.yml` env blocks.
204
+ Three schemes are supported today; PushCI never writes a plaintext
205
+ secret to disk it didn't already encrypt.
206
+
207
+ | Scheme | Backed by | Best for |
208
+ |---|---|---|
209
+ | `keychain://service[#account]` | macOS Keychain / Windows Credential Manager / Linux Secret Service, with AES-encrypted fallback at `~/.pushci/keychain.enc` for headless CI | Local dev, individual machines |
210
+ | `vault://path#field` | HashiCorp Vault AppRole (`VAULT_ADDR` + `VAULT_ROLE_ID` + `VAULT_SECRET_ID`) | Teams, audited environments |
211
+ | `pushci secrets set KEY VAL` | Per-project AES file at `.pushci/secrets.enc`, machine-bound | Quick one-offs, throwaway scripts |
212
+
213
+ ```yaml
214
+ # pushci.yml
215
+ stages:
216
+ - name: publish
217
+ env:
218
+ NPM_TOKEN: keychain://npm-publish-token
219
+ DEPLOY_KEY: keychain://deploy-bot#prod
220
+ DB_PASSWORD: vault://secret/data/prod/db#password
221
+ checks:
222
+ - name: publish
223
+ run: npm publish
224
+ ```
225
+
226
+ **Managing keychain entries from the CLI:**
227
+
228
+ ```bash
229
+ pushci secrets keychain set npm-publish-token npm_xxxxxxxxxxxx
230
+ pushci secrets keychain set deploy-bot#prod s3cr3t
231
+ pushci secrets keychain get npm-publish-token
232
+ pushci secrets keychain list # fallback-file entries only
233
+ pushci secrets keychain rm npm-publish-token
234
+ ```
235
+
236
+ On macOS the storage layout matches the `security` CLI verbatim, so the
237
+ common `.zshrc` helper functions work side-by-side:
238
+
239
+ ```bash
240
+ secret() { security find-generic-password -a "$USER" -s "$1" -w 2>/dev/null; }
241
+ secret-set() { security add-generic-password -a "$USER" -s "$1" -w "$2" -U; }
242
+ ```
243
+
244
+ Entries written by `secret-set` are readable by `pushci secrets keychain
245
+ get`, and vice versa — no `go-keyring-base64:` prefix gymnastics.
246
+
247
+ **Headless Linux CI:** when D-Bus and Secret Service aren't running,
248
+ PushCI falls back transparently to an AES-encrypted file at
249
+ `~/.pushci/keychain.enc` with a machine-bound key. A one-time stderr
250
+ warning fires the first time a fallback read or write happens, so the
251
+ behavior is never silent. Override account default with the `#account`
252
+ suffix; the current OS user is used when omitted.
253
+
186
254
  ## Configuration
187
255
 
188
256
  `pushci.yml` is optional — `pushci init` generates one that works, and
package/bin/pushci-darwin-amd64 CHANGED
Binary file
package/bin/pushci-darwin-arm64 CHANGED
Binary file
package/bin/pushci-linux-amd64 CHANGED
Binary file
package/bin/pushci-linux-arm64 CHANGED
Binary file
package/bin/pushci-windows-amd64.exe CHANGED
Binary file
package/bin/pushci-windows-arm64.exe CHANGED
Binary file
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "pushci",
3
- "version": "1.7.5",
3
+ "version": "1.8.1",
4
4
  "description": "AI-native CI/CD that runs on your machine. Zero config, zero cost. Works inside AI agent sandboxes (Claude, Cursor, Windsurf). 33 languages, 40+ frameworks, 22 deploy targets, 25 installable skills, Tailscale mesh, blast radius analysis.",
5
5
  "bin": {
6
6
  "pushci": "bin/pushci.js"