diff --git a/.github/scripts/generate-changelog.sh b/.github/scripts/generate-changelog.sh new file mode 100755 index 000000000..14c7f74b5 --- /dev/null +++ b/.github/scripts/generate-changelog.sh @@ -0,0 +1,126 @@ +#!/usr/bin/env bash +# generate-changelog.sh — Generate a path-scoped changelog between consecutive tags. +# +# Usage: +# generate-changelog.sh \ +# --tag-prefix "cli/v" \ +# --source-dir "src/client/acontext-cli" \ +# --display-name "CLI" \ +# --output "/path/to/CHANGELOG.txt" \ +# --footer "Binary artifacts are available in this release." +# +# Requires GITHUB_REF (e.g. refs/tags/cli/v0.1.16) to be set. + +set -euo pipefail + +# --------------------------------------------------------------------------- +# Argument parsing +# --------------------------------------------------------------------------- +TAG_PREFIX="" +SOURCE_DIR="" +DISPLAY_NAME="" +OUTPUT="" +FOOTER="" + +while [[ $# -gt 0 ]]; do + case "$1" in + --tag-prefix) TAG_PREFIX="$2"; shift 2 ;; + --source-dir) SOURCE_DIR="$2"; shift 2 ;; + --display-name) DISPLAY_NAME="$2"; shift 2 ;; + --output) OUTPUT="$2"; shift 2 ;; + --footer) FOOTER="$2"; shift 2 ;; + *) echo "Unknown option: $1" >&2; exit 1 ;; + esac +done + +if [[ -z "$TAG_PREFIX" || -z "$SOURCE_DIR" || -z "$DISPLAY_NAME" || -z "$OUTPUT" ]]; then + echo "Error: --tag-prefix, --source-dir, --display-name, and --output are required." >&2 + exit 1 +fi + +# --------------------------------------------------------------------------- +# Derive version & current tag from GITHUB_REF +# --------------------------------------------------------------------------- +if [[ -z "${GITHUB_REF:-}" ]]; then + echo "Error: GITHUB_REF is not set." >&2 + exit 1 +fi + +CURRENT_TAG="${GITHUB_REF#refs/tags/}" +VERSION="${CURRENT_TAG#"$TAG_PREFIX"}" + +# --------------------------------------------------------------------------- +# Find previous tag with the same prefix +# --------------------------------------------------------------------------- +PREV_TAG=$(git tag -l "${TAG_PREFIX}*" --sort=-v:refname \ + | { grep -v "^${CURRENT_TAG}$" || true; } \ + | head -1) + +# --------------------------------------------------------------------------- +# Build changelog +# --------------------------------------------------------------------------- +{ + echo "# ${DISPLAY_NAME} v${VERSION}" + echo "" + + if [[ -z "$PREV_TAG" ]]; then + echo "Initial release." + else + # Get path-scoped commits between the two tags + COMMITS=$(git log --oneline "${PREV_TAG}..${CURRENT_TAG}" -- "${SOURCE_DIR}" 2>/dev/null) || true + + if [[ -n "$COMMITS" ]]; then + echo "## What's Changed" + echo "" + + # Collect commits into categories + FEATS="" + FIXES="" + OTHER="" + + while IFS= read -r line; do + # Strip the short SHA prefix (first word) + MSG="${line#* }" + # Strip conventional commit prefix to get the description + DESC="${MSG#*: }" + case "$MSG" in + feat:*|feat\(*) FEATS="${FEATS}- ${DESC}"$'\n' ;; + fix:*|fix\(*) FIXES="${FIXES}- ${DESC}"$'\n' ;; + *) OTHER="${OTHER}- ${MSG}"$'\n' ;; + esac + done <<< "$COMMITS" + + if [[ -n "$FEATS" ]]; then + echo "### Features" + printf '%s' "$FEATS" + echo "" + fi + + if [[ -n "$FIXES" ]]; then + echo "### Bug Fixes" + printf '%s' "$FIXES" + echo "" + fi + + if [[ -n "$OTHER" ]]; then + echo "### Other" + printf '%s' "$OTHER" + echo "" + fi + else + echo "No path-scoped changes in this release." + echo "" + fi + + echo "**Full Changelog**: https://github.com/memodb-io/Acontext/compare/${PREV_TAG}...${CURRENT_TAG}" + fi + + if [[ -n "$FOOTER" ]]; then + echo "" + echo "---" + echo "" + echo "$FOOTER" + fi +} > "$OUTPUT" + +echo "Changelog written to ${OUTPUT}" diff --git a/.github/workflows/_reusable-docker-release.yaml b/.github/workflows/_reusable-docker-release.yaml index f9e985066..b10b9cbd1 100644 --- a/.github/workflows/_reusable-docker-release.yaml +++ b/.github/workflows/_reusable-docker-release.yaml @@ -19,6 +19,10 @@ on: description: "Human-readable component name (e.g. Core)" required: true type: string + source_dir: + description: "Source directory for changelog scoping (e.g. src/server/core)" + required: true + type: string permissions: contents: write @@ -30,10 +34,12 @@ jobs: timeout-minutes: 60 steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + fetch-depth: 0 - name: Log in to GitHub Container Registry - uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0 + uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 with: registry: ghcr.io username: ${{ github.repository_owner }} @@ -41,7 +47,7 @@ jobs: - name: Extract metadata (tags, labels) for Docker id: meta - uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf # v6.0.0 + uses: docker/metadata-action@030e881283bb7a6894de51c315a6bfe6a94e05cf with: images: ghcr.io/memodb-io/${{ inputs.image_name }} tags: | @@ -49,13 +55,13 @@ jobs: type=semver,pattern={{version}},match=${{ inputs.tag_prefix }}(\d+\.\d+\.\d+)$ - name: Set up QEMU - uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0 + uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd - name: Build and Push Docker image - uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 + uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 with: platforms: linux/amd64,linux/arm64 context: ${{ inputs.context }} @@ -67,19 +73,16 @@ jobs: cache-from: type=gha,scope=${{ inputs.image_name }} cache-to: type=gha,mode=max,scope=${{ inputs.image_name }} - - name: Extract version from tag - id: version - run: | - TAG_NAME=${GITHUB_REF#refs/tags/${{ inputs.tag_prefix }}} - echo "version=$TAG_NAME" >> $GITHUB_OUTPUT - - name: Generate Changelog run: | - echo "# ${{ inputs.display_name }} v${{ steps.version.outputs.version }}" > ${{ github.workspace }}-CHANGELOG.txt - echo "" >> ${{ github.workspace }}-CHANGELOG.txt - echo "Published to https://github.com/memodb-io/Acontext/pkgs/container/${{ inputs.image_name }}" >> ${{ github.workspace }}-CHANGELOG.txt + bash .github/scripts/generate-changelog.sh \ + --tag-prefix "${{ inputs.tag_prefix }}" \ + --source-dir "${{ inputs.source_dir }}" \ + --display-name "${{ inputs.display_name }}" \ + --output "${{ github.workspace }}-CHANGELOG.txt" \ + --footer "Published to https://github.com/memodb-io/Acontext/pkgs/container/${{ inputs.image_name }}" - name: Create Release - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b with: body_path: ${{ github.workspace }}-CHANGELOG.txt diff --git a/.github/workflows/api-release.yaml b/.github/workflows/api-release.yaml index 52615a8fa..2dfd1dcda 100644 --- a/.github/workflows/api-release.yaml +++ b/.github/workflows/api-release.yaml @@ -4,7 +4,6 @@ on: push: tags: - "api/v*" - workflow_dispatch: permissions: contents: write @@ -18,3 +17,4 @@ jobs: context: ./src/server/api/go tag_prefix: "api/v" display_name: API + source_dir: src/server/api/go diff --git a/.github/workflows/api-test.yaml b/.github/workflows/api-test.yaml index a4f1e4d86..37170fb0a 100644 --- a/.github/workflows/api-test.yaml +++ b/.github/workflows/api-test.yaml @@ -30,9 +30,9 @@ jobs: working-directory: src/server/api/go steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Setup Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 with: go-version-file: src/server/api/go/go.mod cache: true @@ -42,7 +42,7 @@ jobs: run: go test -v -timeout 30m -coverprofile=coverage.out -covermode=atomic ./... - name: Upload coverage artifact if: always() - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: go-api-coverage path: src/server/api/go/coverage.out diff --git a/.github/workflows/cli-release.yaml b/.github/workflows/cli-release.yaml index c0007e962..0cda46a31 100644 --- a/.github/workflows/cli-release.yaml +++ b/.github/workflows/cli-release.yaml @@ -4,7 +4,6 @@ on: push: tags: - 'cli/v*' - workflow_dispatch: permissions: contents: write @@ -16,22 +15,21 @@ jobs: timeout-minutes: 10 steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 - - - name: Extract version from tag - id: version - run: | - TAG_NAME=${GITHUB_REF#refs/tags/cli/v} - echo "version=$TAG_NAME" >> $GITHUB_OUTPUT + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + fetch-depth: 0 - name: Generate Changelog run: | - echo "# CLI v${{ steps.version.outputs.version }}" > ${{ github.workspace }}-CHANGELOG.txt - echo "" >> ${{ github.workspace }}-CHANGELOG.txt - echo "Binary artifacts are available in this release." >> ${{ github.workspace }}-CHANGELOG.txt + bash .github/scripts/generate-changelog.sh \ + --tag-prefix "cli/v" \ + --source-dir "src/client/acontext-cli" \ + --display-name "CLI" \ + --output "${{ github.workspace }}-CHANGELOG.txt" \ + --footer "Binary artifacts are available in this release." - name: Create Release with Notes - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b with: body_path: ${{ github.workspace }}-CHANGELOG.txt @@ -48,16 +46,16 @@ jobs: goarch: arm64 steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Read Go version from go.mod id: go-version run: | GO_VERSION=$(grep '^go ' src/client/acontext-cli/go.mod | awk '{print $2}') - echo "version=$GO_VERSION" >> $GITHUB_OUTPUT + echo "version=$GO_VERSION" >> "$GITHUB_OUTPUT" - name: Go Release Binaries - uses: wangyoucao577/go-release-action@279495102627de7960cbc33434ab01a12bae144b # v1 + uses: wangyoucao577/go-release-action@279495102627de7960cbc33434ab01a12bae144b with: goversion: ${{ steps.go-version.outputs.version }} github_token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/cli-test.yaml b/.github/workflows/cli-test.yaml index 462dde5ce..a65ccc898 100644 --- a/.github/workflows/cli-test.yaml +++ b/.github/workflows/cli-test.yaml @@ -32,10 +32,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 with: go-version-file: src/client/acontext-cli/go.mod cache: true @@ -48,7 +48,7 @@ jobs: run: go test -v -race -coverprofile=coverage.out ./... - name: Upload coverage - uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5 + uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de with: file: ./coverage.out flags: unittests @@ -64,10 +64,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 with: go-version-file: src/client/acontext-cli/go.mod cache: true @@ -80,7 +80,7 @@ jobs: run: go build ./... - name: Run golangci-lint - uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9 + uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 with: version: latest working-directory: src/client/acontext-cli @@ -102,10 +102,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 with: go-version-file: src/client/acontext-cli/go.mod cache: true @@ -133,7 +133,7 @@ jobs: fi - name: Upload artifact - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f if: ${{ !cancelled() }} with: name: acontext-cli-${{ matrix.os }} @@ -155,10 +155,10 @@ jobs: steps: - name: Checkout code - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 with: go-version-file: src/client/acontext-cli/go.mod cache: true diff --git a/.github/workflows/client-release-py.yaml b/.github/workflows/client-release-py.yaml index 2e2ae1f09..9a1d5dd47 100644 --- a/.github/workflows/client-release-py.yaml +++ b/.github/workflows/client-release-py.yaml @@ -4,7 +4,6 @@ on: push: tags: - 'sdk-py/v*' - workflow_dispatch: permissions: contents: write @@ -21,15 +20,17 @@ jobs: UV_PUBLISH_TOKEN: ${{ secrets.PYPI_API_TOKEN }} steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: "3.13" - name: Install uv - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7 + uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a with: version: "latest" @@ -37,7 +38,7 @@ jobs: id: version run: | TAG_NAME=${GITHUB_REF#refs/tags/sdk-py/v} - echo "version=$TAG_NAME" >> $GITHUB_OUTPUT + echo "version=$TAG_NAME" >> "$GITHUB_OUTPUT" - name: Build distribution run: uv build @@ -47,11 +48,14 @@ jobs: - name: Generate Changelog run: | - echo "# Python SDK v${{ steps.version.outputs.version }}" > ${{ github.workspace }}-CHANGELOG.txt - echo "" >> ${{ github.workspace }}-CHANGELOG.txt - echo "Published to https://pypi.org/project/acontext/${{ steps.version.outputs.version }}/" >> ${{ github.workspace }}-CHANGELOG.txt + bash .github/scripts/generate-changelog.sh \ + --tag-prefix "sdk-py/v" \ + --source-dir "src/client/acontext-py" \ + --display-name "Python SDK" \ + --output "${{ github.workspace }}-CHANGELOG.txt" \ + --footer "Published to https://pypi.org/project/acontext/${{ steps.version.outputs.version }}/" - name: Create Release - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b with: body_path: ${{ github.workspace }}-CHANGELOG.txt diff --git a/.github/workflows/client-release-ts.yaml b/.github/workflows/client-release-ts.yaml index e07f31289..42611d3ff 100644 --- a/.github/workflows/client-release-ts.yaml +++ b/.github/workflows/client-release-ts.yaml @@ -4,7 +4,6 @@ on: push: tags: - 'sdk-ts/v*' - workflow_dispatch: permissions: contents: write @@ -20,12 +19,12 @@ jobs: working-directory: src/client/acontext-ts steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: - node-version: '20' + node-version: '22' registry-url: 'https://registry.npmjs.org' cache: 'npm' cache-dependency-path: src/client/acontext-ts/package-lock.json @@ -69,23 +68,24 @@ jobs: id: version run: | VERSION=$(node -p "require('./package.json').version") - echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "version=$VERSION" >> "$GITHUB_OUTPUT" - name: Check if version exists id: check_version run: | VERSION="${{ steps.version.outputs.version }}" - if npm view @acontext/acontext@$VERSION version > /dev/null 2>&1; then - echo "exists=true" >> $GITHUB_OUTPUT + if npm view "@acontext/acontext@$VERSION" version > /dev/null 2>&1; then + echo "exists=true" >> "$GITHUB_OUTPUT" echo "Version $VERSION already exists on npm" else - echo "exists=false" >> $GITHUB_OUTPUT + echo "exists=false" >> "$GITHUB_OUTPUT" echo "Version $VERSION does not exist on npm" fi - name: Publish to npm if: steps.check_version.outputs.exists == 'false' - run: npm publish --access public + # Auth via OIDC trusted publishers (id-token: write) — do NOT set NODE_AUTH_TOKEN + run: npm publish --access public --provenance - name: Stop containers working-directory: src/server @@ -100,21 +100,26 @@ jobs: needs: publish steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + fetch-depth: 0 - name: Extract version from tag id: version run: | TAG_NAME=${GITHUB_REF#refs/tags/sdk-ts/v} - echo "version=$TAG_NAME" >> $GITHUB_OUTPUT + echo "version=$TAG_NAME" >> "$GITHUB_OUTPUT" - name: Generate Changelog run: | - echo "# TypeScript SDK v${{ steps.version.outputs.version }}" > ${{ github.workspace }}-CHANGELOG.txt - echo "" >> ${{ github.workspace }}-CHANGELOG.txt - echo "Published to npm as @acontext/acontext@${{ steps.version.outputs.version }}" >> ${{ github.workspace }}-CHANGELOG.txt + bash .github/scripts/generate-changelog.sh \ + --tag-prefix "sdk-ts/v" \ + --source-dir "src/client/acontext-ts" \ + --display-name "TypeScript SDK" \ + --output "${{ github.workspace }}-CHANGELOG.txt" \ + --footer "Published to npm as @acontext/acontext@${{ steps.version.outputs.version }}" - name: Create Release - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b with: body_path: ${{ github.workspace }}-CHANGELOG.txt diff --git a/.github/workflows/client-test-py.yaml b/.github/workflows/client-test-py.yaml index c9b743969..1677b0326 100644 --- a/.github/workflows/client-test-py.yaml +++ b/.github/workflows/client-test-py.yaml @@ -25,10 +25,10 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Install uv - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7 + uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a - name: Set up Python run: uv python install 3.13 diff --git a/.github/workflows/client-test-ts.yaml b/.github/workflows/client-test-ts.yaml index bb69676a2..a59a965a2 100644 --- a/.github/workflows/client-test-ts.yaml +++ b/.github/workflows/client-test-ts.yaml @@ -25,12 +25,12 @@ jobs: permissions: contents: read steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: - node-version: "20" + node-version: '22' cache: "npm" cache-dependency-path: src/client/acontext-ts/package-lock.json diff --git a/.github/workflows/core-release.yaml b/.github/workflows/core-release.yaml index 42f6e5f9e..96e4a26ea 100644 --- a/.github/workflows/core-release.yaml +++ b/.github/workflows/core-release.yaml @@ -4,7 +4,6 @@ on: push: tags: - "core/v*" - workflow_dispatch: permissions: contents: write @@ -18,3 +17,4 @@ jobs: context: ./src/server/core tag_prefix: "core/v" display_name: Core + source_dir: src/server/core diff --git a/.github/workflows/core-test.yaml b/.github/workflows/core-test.yaml index b83acb6b0..bd11dd936 100644 --- a/.github/workflows/core-test.yaml +++ b/.github/workflows/core-test.yaml @@ -33,10 +33,10 @@ jobs: run: working-directory: src/server/ steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Install uv - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7 + uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a - name: Set up Python run: uv python install @@ -64,7 +64,7 @@ jobs: uv run -m pytest --junit-xml=junit/test-results-${{ matrix.python-version }}.xml --cov=. --cov-report=xml:coverage-${{ matrix.python-version }}.xml tests/ -s -v - name: Upload pytest test results and coverage - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f with: name: pytest-results-${{ matrix.python-version }} path: | diff --git a/.github/workflows/dashboard-test.yaml b/.github/workflows/dashboard-test.yaml index 236cb3774..fb99b9127 100644 --- a/.github/workflows/dashboard-test.yaml +++ b/.github/workflows/dashboard-test.yaml @@ -28,15 +28,15 @@ jobs: run: working-directory: dashboard steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Setup pnpm - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 with: version: 10 - name: Set up Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: "22" cache: "pnpm" diff --git a/.github/workflows/docs-test.yaml b/.github/workflows/docs-test.yaml index c51728183..793c77213 100644 --- a/.github/workflows/docs-test.yaml +++ b/.github/workflows/docs-test.yaml @@ -28,15 +28,15 @@ jobs: run: working-directory: docs steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up pnpm - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 with: - version: 9 + version: 10 - name: Set up Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: "22" cache: "pnpm" diff --git a/.github/workflows/e2e-test.yaml b/.github/workflows/e2e-test.yaml index d87164b07..05e04c139 100644 --- a/.github/workflows/e2e-test.yaml +++ b/.github/workflows/e2e-test.yaml @@ -27,10 +27,10 @@ jobs: timeout-minutes: 30 steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Docker Buildx - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 + uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd - name: Build Images run: | diff --git a/.github/workflows/landingpage-test.yaml b/.github/workflows/landingpage-test.yaml index e790baefc..ab9c972fd 100644 --- a/.github/workflows/landingpage-test.yaml +++ b/.github/workflows/landingpage-test.yaml @@ -28,15 +28,15 @@ jobs: run: working-directory: landingpage steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Setup pnpm - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 with: version: 10 - name: Set up Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: "22" cache: "pnpm" @@ -68,15 +68,15 @@ jobs: run: working-directory: landingpage steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Setup pnpm - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 with: version: 10 - name: Set up Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: "22" cache: "pnpm" @@ -103,15 +103,15 @@ jobs: run: working-directory: landingpage steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Setup pnpm - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 with: version: 10 - name: Set up Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: "22" cache: "pnpm" @@ -134,7 +134,7 @@ jobs: CI: true - name: Upload Playwright report - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f if: ${{ !cancelled() }} with: name: playwright-report diff --git a/.github/workflows/package-release-claude-code.yaml b/.github/workflows/package-release-claude-code.yaml index 56275d90c..4680f4438 100644 --- a/.github/workflows/package-release-claude-code.yaml +++ b/.github/workflows/package-release-claude-code.yaml @@ -4,7 +4,6 @@ on: push: tags: - 'package-claude-code/v*' - workflow_dispatch: permissions: contents: write @@ -19,18 +18,18 @@ jobs: working-directory: src/packages/claude-code steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: - node-version: '20' + node-version: '22' - name: Extract version from package.json id: pkg_version run: | VERSION=$(node -p "require('./package.json').version") - echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "Package version: $VERSION" - name: Extract version from tag @@ -40,10 +39,10 @@ jobs: run: | if [[ "$GIT_REF" == refs/tags/* ]]; then TAG_NAME=${GIT_REF#refs/tags/package-claude-code/v} - echo "version=$TAG_NAME" >> $GITHUB_OUTPUT + echo "version=$TAG_NAME" >> "$GITHUB_OUTPUT" echo "Tag version: $TAG_NAME" else - echo "version=" >> $GITHUB_OUTPUT + echo "version=" >> "$GITHUB_OUTPUT" fi - name: Verify tag matches package.json @@ -122,7 +121,9 @@ jobs: needs: verify steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + fetch-depth: 0 - name: Extract version from tag id: version @@ -130,29 +131,31 @@ jobs: GIT_REF: ${{ github.ref }} run: | TAG_NAME=${GIT_REF#refs/tags/package-claude-code/v} - echo "version=$TAG_NAME" >> $GITHUB_OUTPUT + echo "version=$TAG_NAME" >> "$GITHUB_OUTPUT" - name: Generate Changelog - env: - VERSION: ${{ steps.version.outputs.version }} - CHANGELOG_FILE: ${{ github.workspace }}-CHANGELOG.txt run: | - cat > "$CHANGELOG_FILE" << EOF - # Claude Code Plugin v${VERSION} - - ## Installation - - \`\`\`bash - claude mcp add-from-marketplace acontext --publisher memodb-io - \`\`\` - - ## Release Checklist - - [x] Version synced across package.json, plugin.json, marketplace.json - - [x] Tests passed - - [x] Plugin bundles built and verified - EOF + FOOTER=$(cat <<'FOOTEREOF' +## Installation + +```bash +claude mcp add-from-marketplace acontext --publisher memodb-io +``` + +## Release Checklist +- [x] Version synced across package.json, plugin.json, marketplace.json +- [x] Tests passed +- [x] Plugin bundles built and verified +FOOTEREOF + ) + bash .github/scripts/generate-changelog.sh \ + --tag-prefix "package-claude-code/v" \ + --source-dir "src/packages/claude-code" \ + --display-name "Claude Code Plugin" \ + --output "${{ github.workspace }}-CHANGELOG.txt" \ + --footer "$FOOTER" - name: Create Release - uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2 + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b with: body_path: ${{ github.workspace }}-CHANGELOG.txt diff --git a/.github/workflows/package-release-openclaw.yaml b/.github/workflows/package-release-openclaw.yaml index f12bbf6d4..8ce05eee2 100644 --- a/.github/workflows/package-release-openclaw.yaml +++ b/.github/workflows/package-release-openclaw.yaml @@ -4,7 +4,6 @@ on: push: tags: - 'package-openclaw/v*' - workflow_dispatch: permissions: contents: write @@ -20,15 +19,15 @@ jobs: working-directory: src/packages/openclaw steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Set up Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: - node-version: '20' + node-version: '22' registry-url: 'https://registry.npmjs.org' cache: 'npm' - cache-dependency-path: src/packages/openclaw/package.json + cache-dependency-path: src/packages/openclaw/package-lock.json - name: Update npm run: npm install -g npm@latest @@ -37,7 +36,7 @@ jobs: id: version run: | VERSION=$(node -p "require('./package.json').version") - echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "Package version: $VERSION" - name: Extract version from tag @@ -47,10 +46,10 @@ jobs: run: | if [[ "$GIT_REF" == refs/tags/* ]]; then TAG_NAME=${GIT_REF#refs/tags/package-openclaw/v} - echo "tag_version=$TAG_NAME" >> $GITHUB_OUTPUT + echo "tag_version=$TAG_NAME" >> "$GITHUB_OUTPUT" echo "Tag version: $TAG_NAME" else - echo "tag_version=" >> $GITHUB_OUTPUT + echo "tag_version=" >> "$GITHUB_OUTPUT" fi - name: Verify version matches tag @@ -71,16 +70,17 @@ jobs: VERSION: ${{ steps.version.outputs.version }} run: | if npm view "@acontext/openclaw@$VERSION" version > /dev/null 2>&1; then - echo "exists=true" >> $GITHUB_OUTPUT + echo "exists=true" >> "$GITHUB_OUTPUT" echo "Version $VERSION already exists on npm" else - echo "exists=false" >> $GITHUB_OUTPUT + echo "exists=false" >> "$GITHUB_OUTPUT" echo "Version $VERSION does not exist on npm" fi - name: Publish to npm if: steps.check_version.outputs.exists == 'false' - run: npm publish --access public + # Auth via OIDC trusted publishers (id-token: write) — do NOT set NODE_AUTH_TOKEN + run: npm publish --access public --provenance - name: Publish skipped (version exists) if: steps.check_version.outputs.exists == 'true' @@ -96,7 +96,9 @@ jobs: needs: publish steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + fetch-depth: 0 - name: Extract version from tag id: version @@ -104,26 +106,30 @@ jobs: GIT_REF: ${{ github.ref }} run: | TAG_NAME=${GIT_REF#refs/tags/package-openclaw/v} - echo "version=$TAG_NAME" >> $GITHUB_OUTPUT + echo "version=$TAG_NAME" >> "$GITHUB_OUTPUT" - name: Generate Changelog env: VERSION: ${{ steps.version.outputs.version }} - CHANGELOG_FILE: ${{ github.workspace }}-CHANGELOG.txt run: | - cat > "$CHANGELOG_FILE" << EOF - # OpenClaw Plugin v${VERSION} - - Published to npm as @acontext/openclaw@${VERSION} - - ## Installation - - \`\`\`bash - openclaw plugins install @acontext/openclaw@${VERSION} - \`\`\` - EOF + FOOTER=$(cat <> $GITHUB_OUTPUT + echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "Package version: $VERSION" - name: Extract version from tag id: tag_version + env: + GIT_REF: ${{ github.ref }} run: | - if [[ "${{ github.ref }}" == refs/tags/* ]]; then - TAG_NAME=${GITHUB_REF#refs/tags/package-sandbox-cloudflare/v} - echo "tag_version=$TAG_NAME" >> $GITHUB_OUTPUT + if [[ "$GIT_REF" == refs/tags/* ]]; then + TAG_NAME=${GIT_REF#refs/tags/package-sandbox-cloudflare/v} + echo "tag_version=$TAG_NAME" >> "$GITHUB_OUTPUT" echo "Tag version: $TAG_NAME" else - echo "tag_version=" >> $GITHUB_OUTPUT + echo "tag_version=" >> "$GITHUB_OUTPUT" fi - name: Verify version matches tag @@ -66,17 +67,18 @@ jobs: id: check_version run: | VERSION="${{ steps.version.outputs.version }}" - if npm view @acontext/create-sandbox-cloudflare@$VERSION version > /dev/null 2>&1; then - echo "exists=true" >> $GITHUB_OUTPUT + if npm view "@acontext/create-sandbox-cloudflare@$VERSION" version > /dev/null 2>&1; then + echo "exists=true" >> "$GITHUB_OUTPUT" echo "Version $VERSION already exists on npm" else - echo "exists=false" >> $GITHUB_OUTPUT + echo "exists=false" >> "$GITHUB_OUTPUT" echo "Version $VERSION does not exist on npm" fi - name: Publish to npm if: steps.check_version.outputs.exists == 'false' - run: npm publish --access public + # Auth via OIDC trusted publishers (id-token: write) — do NOT set NODE_AUTH_TOKEN + run: npm publish --access public --provenance # Note: prepublishOnly script in package.json will automatically: # 1. Copy template files from src/server/sandbox/cloudflare to template/ # 2. Replace template variables in package.json and wrangler.jsonc @@ -93,29 +95,40 @@ jobs: needs: publish steps: - name: Checkout repository - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd + with: + fetch-depth: 0 - name: Extract version from tag id: version run: | TAG_NAME=${GITHUB_REF#refs/tags/package-sandbox-cloudflare/v} - echo "version=$TAG_NAME" >> $GITHUB_OUTPUT + echo "version=$TAG_NAME" >> "$GITHUB_OUTPUT" - name: Generate Changelog + env: + VERSION: ${{ steps.version.outputs.version }} run: | - echo "# Package Sandbox Cloudflare v${{ steps.version.outputs.version }}" > ${{ github.workspace }}-CHANGELOG.txt - echo "" >> ${{ github.workspace }}-CHANGELOG.txt - echo "Published to npm as @acontext/create-sandbox-cloudflare@${{ steps.version.outputs.version }}" >> ${{ github.workspace }}-CHANGELOG.txt - echo "" >> ${{ github.workspace }}-CHANGELOG.txt - echo "## Usage" >> ${{ github.workspace }}-CHANGELOG.txt - echo "" >> ${{ github.workspace }}-CHANGELOG.txt - echo "\`\`\`bash" >> ${{ github.workspace }}-CHANGELOG.txt - echo "npm create @acontext/sandbox-cloudflare@${{ steps.version.outputs.version }} my-app" >> ${{ github.workspace }}-CHANGELOG.txt - echo "# or" >> ${{ github.workspace }}-CHANGELOG.txt - echo "npx @acontext/create-sandbox-cloudflare@${{ steps.version.outputs.version }} my-app" >> ${{ github.workspace }}-CHANGELOG.txt - echo "\`\`\`" >> ${{ github.workspace }}-CHANGELOG.txt + FOOTER=$(cat <> $GITHUB_OUTPUT + echo "repository_owner=$(echo "$REPO_OWNER" | tr '[:upper:]' '[:lower:]')" >> "$GITHUB_OUTPUT" - name: Set up Helm - uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 # v4 + uses: azure/setup-helm@1a275c3b69536ee54be43f2070a358922e12c8d4 with: version: ${{ env.HELM_VERSION }} - name: Package Helm chart run: | - helm dependency update ${{ env.CHART_PATH }} + helm dependency update "${{ env.CHART_PATH }}" + + - name: Verify version matches tag + run: | + TAG_VERSION=${GITHUB_REF#refs/tags/chart/v} + CHART_VERSION=$(grep '^version:' "${{ env.CHART_PATH }}/Chart.yaml" | cut -d ' ' -f 2) + if [ "$TAG_VERSION" != "$CHART_VERSION" ]; then + echo "Tag version ($TAG_VERSION) does not match Chart.yaml version ($CHART_VERSION)" + exit 1 + fi - name: Publish new helm chart for acontext + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GH_ACTOR: ${{ github.actor }} run: | - echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io --username ${{ github.actor }} --password-stdin + echo "$GH_TOKEN" | helm registry login ghcr.io --username "$GH_ACTOR" --password-stdin - ACONEXT_CHART_VERSION_TAG=$(cat ${{ env.CHART_PATH }}/Chart.yaml | grep version: | cut -d " " -f 2) + ACONEXT_CHART_VERSION_TAG=$(grep '^version:' "${{ env.CHART_PATH }}/Chart.yaml" | cut -d " " -f 2) - echo "ACONEXT_CHART_VERSION_TAG=${ACONEXT_CHART_VERSION_TAG}" >> $GITHUB_ENV + echo "ACONEXT_CHART_VERSION_TAG=${ACONEXT_CHART_VERSION_TAG}" >> "$GITHUB_ENV" - helm package ${{ env.CHART_PATH }}/ --version="${ACONEXT_CHART_VERSION_TAG}" + helm package "${{ env.CHART_PATH }}/" --version="${ACONEXT_CHART_VERSION_TAG}" - helm push ${{ env.CHART_NAME }}-"${ACONEXT_CHART_VERSION_TAG}".tgz oci://ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/helm-charts + helm push "${{ env.CHART_NAME }}-${ACONEXT_CHART_VERSION_TAG}.tgz" "oci://ghcr.io/${{ steps.resolve_parameters.outputs.repository_owner }}/helm-charts" - name: Output chart location run: | echo "Chart published to: ${{ env.REGISTRY }}/${{ steps.resolve_parameters.outputs.repository_owner }}/helm-charts/${{ env.CHART_NAME }}:${ACONEXT_CHART_VERSION_TAG}" echo "Install with: helm install my-release oci://${{ env.REGISTRY }}/${{ steps.resolve_parameters.outputs.repository_owner }}/helm-charts/${{ env.CHART_NAME }} --version ${ACONEXT_CHART_VERSION_TAG}" + - name: Generate Changelog + run: | + CHART_VERSION=${GITHUB_REF#refs/tags/chart/v} + bash .github/scripts/generate-changelog.sh \ + --tag-prefix "chart/v" \ + --source-dir "charts/acontext" \ + --display-name "Helm Chart" \ + --output "${{ github.workspace }}-CHANGELOG.txt" \ + --footer "Published to ghcr.io OCI registry. Install with: helm install my-release oci://ghcr.io/memodb-io/helm-charts/acontext --version ${CHART_VERSION}" + + - name: Create Release + uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b + with: + body_path: ${{ github.workspace }}-CHANGELOG.txt + diff --git a/.github/workflows/security-reusable.yaml b/.github/workflows/security-reusable.yaml index 18e596c30..f61327d13 100644 --- a/.github/workflows/security-reusable.yaml +++ b/.github/workflows/security-reusable.yaml @@ -20,9 +20,9 @@ jobs: path: src/client/acontext-cli steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Setup Go - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 with: go-version-file: ${{ matrix.path }}/go.mod cache: true @@ -39,11 +39,11 @@ jobs: timeout-minutes: 15 steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Install uv - uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a # v7 + uses: astral-sh/setup-uv@6ee6290f1cbc4156c0bdd66691b2c144ef8df19a - name: Setup Python - uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6 + uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 with: python-version: '3.13' cache: 'pip' @@ -69,15 +69,17 @@ jobs: timeout-minutes: 15 steps: - name: Checkout - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Setup Node - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: - node-version: '20' + node-version: '22' cache: 'npm' cache-dependency-path: src/client/acontext-ts/package-lock.json - name: Setup pnpm - run: npm install -g pnpm + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 + with: + version: 10 - name: Audit TS SDK working-directory: src/client/acontext-ts run: npm audit --audit-level=high --omit=dev diff --git a/.github/workflows/ui-release.yaml b/.github/workflows/ui-release.yaml index 38a4f63ff..41ecb8cb1 100644 --- a/.github/workflows/ui-release.yaml +++ b/.github/workflows/ui-release.yaml @@ -4,7 +4,6 @@ on: push: tags: - "ui/v*" - workflow_dispatch: permissions: contents: write @@ -18,3 +17,4 @@ jobs: context: ./src/server/ui tag_prefix: "ui/v" display_name: UI + source_dir: src/server/ui diff --git a/.github/workflows/ui-test.yaml b/.github/workflows/ui-test.yaml index 79b49a2d7..f3e52b00c 100644 --- a/.github/workflows/ui-test.yaml +++ b/.github/workflows/ui-test.yaml @@ -28,15 +28,15 @@ jobs: run: working-directory: src/server/ui steps: - - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd - name: Setup pnpm - uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 # v4 + uses: pnpm/action-setup@41ff72655975bd51cab0327fa583b6e92b6d3061 with: version: 10 - name: Set up Node.js - uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f with: node-version: "22" cache: "pnpm" diff --git a/AGENTS.md b/AGENTS.md index 1a2656b28..b651733b1 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -76,18 +76,20 @@ When releasing a new version, follow these steps in order: | Component | Tag Pattern | Publishes To | Source Directory | Workflow | | ------------------ | ----------------------------------- | ------------------------------------------- | --------------------------------- | ----------------------------------------- | -| API | `api/vX.Y.Z` | ghcr.io (Docker, multi-arch) | `src/server/api/go` | `release-api-docker.yaml` | -| Core | `core/vX.Y.Z` | ghcr.io (Docker, multi-arch) | `src/server/core` | `release-core-docker.yaml` | -| UI (OSS) | `ui/vX.Y.Z` | ghcr.io (Docker, multi-arch) | `src/server/ui` | `release-ui-docker.yaml` | -| TypeScript SDK | `sdk-ts/vX.Y.Z` | npm (`@acontext/acontext`) | `src/client/acontext-ts` | `release-sdk-ts.yaml` | -| Python SDK | `sdk-py/vX.Y.Z` | PyPI (`acontext`) | `src/client/acontext-py` | `release-sdk-py.yaml` | -| CLI | `cli/vX.Y.Z` | GitHub Releases (binaries) | `src/client/acontext-cli` | `release-cli.yaml` | -| OpenClaw Plugin | `package-openclaw/vX.Y.Z` | npm (`@acontext/openclaw`) | `src/packages/openclaw` | `release-package-openclaw.yaml` | -| Sandbox Cloudflare | `package-sandbox-cloudflare/vX.Y.Z` | npm (`@acontext/create-sandbox-cloudflare`) | `src/packages/sandbox-cloudflare` | `release-package-sandbox-cloudflare.yaml` | -| Claude Code Plugin | `package-claude-code/vX.Y.Z` | Claude Plugin Marketplace | `src/packages/claude-code` | `release-package-claude-code.yaml` | -| Helm Chart | `chart/vX.Y.Z` | ghcr.io (OCI helm chart) | `charts/acontext` | `release-helm.yaml` | +| API | `api/vX.Y.Z` | ghcr.io (Docker, multi-arch) | `src/server/api/go` | `api-release.yaml` | +| Core | `core/vX.Y.Z` | ghcr.io (Docker, multi-arch) | `src/server/core` | `core-release.yaml` | +| UI (OSS) | `ui/vX.Y.Z` | ghcr.io (Docker, multi-arch) | `src/server/ui` | `ui-release.yaml` | +| TypeScript SDK | `sdk-ts/vX.Y.Z` | npm (`@acontext/acontext`) | `src/client/acontext-ts` | `client-release-ts.yaml` | +| Python SDK | `sdk-py/vX.Y.Z` | PyPI (`acontext`) | `src/client/acontext-py` | `client-release-py.yaml` | +| CLI | `cli/vX.Y.Z` | GitHub Releases (binaries) | `src/client/acontext-cli` | `cli-release.yaml` | +| OpenClaw Plugin | `package-openclaw/vX.Y.Z` | npm (`@acontext/openclaw`) | `src/packages/openclaw` | `package-release-openclaw.yaml` | +| Sandbox Cloudflare | `package-sandbox-cloudflare/vX.Y.Z` | npm (`@acontext/create-sandbox-cloudflare`) | `src/packages/sandbox-cloudflare` | `package-release-sandbox-cloudflare.yaml` | +| Claude Code Plugin | `package-claude-code/vX.Y.Z` | Claude Plugin Marketplace | `src/packages/claude-code` | `package-release-claude-code.yaml` | +| Helm Chart | `chart/vX.Y.Z` | ghcr.io (OCI helm chart) | `charts/acontext` | `publish-chart.yaml` | + + +All workflows create a GitHub Release with a path-scoped changelog generated by `.github/scripts/generate-changelog.sh`. The script finds the previous tag with the same prefix, collects commits scoped to the component's source directory, and groups them by conventional commit type (Features, Bug Fixes, Other). The checkout step in the job that runs `generate-changelog.sh` must use `fetch-depth: 0` so that full git history and tags are available; without it the script cannot find previous tags and falls back to "Initial release." Docker builds produce multi-platform images (`linux/amd64`, `linux/arm64`). npm/PyPI workflows skip publishing if the version already exists on the registry. npm packages use OIDC trusted publishers for authentication — do NOT add `NODE_AUTH_TOKEN` or npm tokens to the publish step. -All workflows create a GitHub Release with changelog. Docker builds produce multi-platform images (`linux/amd64`, `linux/arm64`). npm/PyPI workflows skip publishing if the version already exists on the registry. ### Pull Requests - All PRs must follow the template at `.github/PULL_REQUEST_TEMPLATE.md`. ### Unit Test