diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..fc26601 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,60 @@ +version: 2 +updates: + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "10:00" + timezone: "America/Toronto" + open-pull-requests-limit: 5 + labels: + - "dependencies" + - "javascript" + + - package-ecosystem: "npm" + directory: "/apps/codex-claw" + schedule: + interval: "weekly" + day: "monday" + time: "10:15" + timezone: "America/Toronto" + open-pull-requests-limit: 5 + labels: + - "dependencies" + - "javascript" + + - package-ecosystem: "npm" + directory: "/apps/landing" + schedule: + interval: "weekly" + day: "monday" + time: "10:30" + timezone: "America/Toronto" + open-pull-requests-limit: 5 + labels: + - "dependencies" + - "javascript" + + - package-ecosystem: "npm" + directory: "/packages/codex-claw" + schedule: + interval: "weekly" + day: "monday" + time: "10:45" + timezone: "America/Toronto" + open-pull-requests-limit: 5 + labels: + - "dependencies" + - "javascript" + + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "11:00" + timezone: "America/Toronto" + open-pull-requests-limit: 5 + labels: + - "dependencies" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..c04f0e0 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,50 @@ +name: CI + +on: + pull_request: + branches: + - main + push: + branches: + - main + +permissions: + contents: read + +jobs: + validate: + name: Validate app and package + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup pnpm + uses: pnpm/action-setup@v4 + with: + version: 9.15.4 + + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: 20 + cache: pnpm + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Run CodexClaw app tests + run: pnpm -C apps/codex-claw test + + - name: Build CodexClaw app + run: pnpm -C apps/codex-claw build + + - name: Build landing page + run: pnpm -C apps/landing build + + - name: Check package contents + run: pnpm pack:codex-claw + + - name: Audit dependencies + run: pnpm audit --audit-level low diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..1604d65 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,37 @@ +name: CodeQL + +on: + pull_request: + branches: + - main + push: + branches: + - main + schedule: + - cron: "22 10 * * 1" + +permissions: + actions: read + contents: read + security-events: write + +jobs: + analyze: + name: Analyze JavaScript and TypeScript + runs-on: ubuntu-latest + timeout-minutes: 10 + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: javascript-typescript + build-mode: none + + - name: Perform CodeQL analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:javascript-typescript" diff --git a/.github/workflows/release-package.yml b/.github/workflows/release-package.yml new file mode 100644 index 0000000..d9d4cc2 --- /dev/null +++ b/.github/workflows/release-package.yml @@ -0,0 +1,66 @@ +name: Release Package + +on: + push: + tags: + - "v*" + workflow_dispatch: + +permissions: + contents: write + +jobs: + codex-claw-package: + name: Build CodexClaw release package + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Setup pnpm + uses: pnpm/action-setup@v4 + with: + version: 9.15.4 + + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: 20 + cache: pnpm + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Run CodexClaw app tests + run: pnpm -C apps/codex-claw test + + - name: Build CodexClaw app + run: pnpm -C apps/codex-claw build + + - name: Build landing page + run: pnpm -C apps/landing build + + - name: Build package archive + run: pnpm package:codex-claw + + - name: Write SHA256 checksums + shell: bash + run: | + cd dist/release + sha256sum *.tgz > SHA256SUMS.txt + + - name: Upload workflow artifact + uses: actions/upload-artifact@v4 + with: + name: codex-claw-release-package + path: | + dist/release/*.tgz + dist/release/SHA256SUMS.txt + if-no-files-found: error + + - name: Attach package to GitHub release + if: startsWith(github.ref, 'refs/tags/') + env: + GH_TOKEN: ${{ github.token }} + run: gh release upload "$GITHUB_REF_NAME" dist/release/*.tgz dist/release/SHA256SUMS.txt --clobber diff --git a/package.json b/package.json index c47874d..81a1b64 100644 --- a/package.json +++ b/package.json @@ -15,6 +15,7 @@ "format": "pnpm -C apps/codex-claw format", "check": "pnpm -C apps/codex-claw check", "pack:codex-claw": "pnpm -C packages/codex-claw exec npm pack --dry-run", + "package:codex-claw": "node -e \"require('node:fs').mkdirSync('dist/release',{recursive:true})\" && pnpm -C packages/codex-claw exec npm pack --pack-destination ../../dist/release", "release:codex-claw": "pnpm -C packages/codex-claw exec npm publish --tag alpha --access public", "bump:codex-claw:patch": "pnpm -C packages/codex-claw version patch --no-git-tag-version", "bump:codex-claw:minor": "pnpm -C packages/codex-claw version minor --no-git-tag-version",