polymech/zeroclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,300 Commits 104 Branches 136 Tags
10973eb075a12bbd8cbb007553ced6d81fd5c3a8
Commit Graph

151 Commits

Author SHA1 Message Date
Will Sarg e30cd4ac67 ci(homebrew): handle existing upstream remote and main base 2026-02-22 21:24:25 +08:00
Will Sarg f1d4d4fbaf ci(homebrew): prefer HOMEBREW_UPSTREAM_PR_TOKEN with fallback 2026-02-22 21:24:25 +08:00
Will Sarg 905e714659 ci(homebrew): use gh-managed auth with explicit fork access checks (#1372) 2026-02-22 04:28:15 -05:00
Will Sarg 43c6f64080 ci(homebrew): fix bot fork auth clone path (#1329) 
* ci(homebrew): authenticate git ops via header-safe token flow

* ci(homebrew): fix patch step indentation in workflow
 2026-02-21 21:45:33 -05:00
Will Sarg fdf7f4eac5 ci(build-fast): align toolchain with stable release build 2026-02-21 20:49:17 -05:00
Will Sarg 0178d7d6e3 Merge remote-tracking branch 'origin/main' into codex/v0.1.5-prep 2026-02-21 20:18:38 -05:00
Will Sarg 44cac0755c ci(release): add bot-owned Homebrew publish workflow (#1323) 2026-02-21 20:18:08 -05:00
Will Sarg fbc0c8a053 ci(intake): warn and retarget non-promotion PRs from main to dev (#1319) 2026-02-21 17:45:50 -05:00
Will Sarg 6195d1bb79 ci(policy): restrict main PR authors and target bot PRs to dev (#1310) 2026-02-21 17:00:45 -05:00
Will Sarg 19f7682e4d fix(license): adopt rust-style dual-license layout for github detection (#1308) 2026-02-21 16:48:22 -05:00
Will Sarg f44c93598f chore(license): make apache primary while preserving dual-license (#1307) 2026-02-21 16:43:36 -05:00
Alex Gorevski f74e957f5e Merge pull request #1286 from zeroclaw-labs/dependabot/github_actions/main/actions-all-f6e1870857 
chore(deps): bump github/codeql-action from 4.32.3 to 4.32.4 in the actions-all group
 2026-02-21 13:32:58 -08:00
Will Sarg 4bc1385aed chore(branch): reconcile dev for clean main promotion (#1290) 
* ci(docker): restrict image publish to v* tag pushes (#1280)

* ci(workflow): adopt main/dev split with dev->main promotion gate (#1283)

* ci(docker): restrict image publish to v* tag pushes (#1280)

* ci(workflow): adopt dev->main promotion flow
 2026-02-21 13:56:32 -05:00
dependabot[bot] 9fd9bc82dd chore(deps): bump github/codeql-action in the actions-all group 
Bumps the actions-all group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).


Updates `github/codeql-action` from 4.32.3 to 4.32.4
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/github/codeql-action/compare/9e907b5e64f6b83e7804b09294d44122997950d6...89a39a4e59826350b863aa6b6252a07ad50cf83e)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-version: 4.32.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-all
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-02-21 18:44:44 +00:00
Will Sarg dbb2c80c1a ci(workflow): adopt main/dev split with dev->main promotion gate (#1283) 
* ci(docker): restrict image publish to v* tag pushes (#1280)

* ci(workflow): adopt dev->main promotion flow
 2026-02-21 13:39:07 -05:00
Will Sarg 3e29c6d1eb ci(docker): restrict image publish to v* tag pushes (#1280) 2026-02-21 13:27:44 -05:00
Will Sarg ebb2ad8008 ci(policy): enforce root license edits by willsarg only (#1279) 2026-02-21 12:27:12 -05:00
Will Sarg 15bd708ec3 fix(release): avoid duplicate SHA256SUMS upload in GitHub release (#1277) 2026-02-21 12:25:53 -05:00
Will Sarg 5e453549e0 fix(release): make tag publish resilient and include license assets (#1276) 2026-02-21 12:12:30 -05:00
Will Sarg da32355ae9 ci(policy): restrict root license file edits to owners (#1273) 
* ci(policy): restrict root license file edits to owners

* ci(vorpal): satisfy actionlint output redirection rule
 2026-02-21 11:39:50 -05:00
Chummy dc49c95597 ci: remove cargo-slicer from fast build workflow 2026-02-21 22:24:54 +08:00
Will Sarg fe52698cdc ci(security): add manual vorpal reviewdog workflow (#1256) 2026-02-21 09:19:12 -05:00
Chummy 4b55e3c859 fix(ci): scope workflow-owner gate to pull_request events 2026-02-21 22:10:00 +08:00
Chummy 151bb9cdb2 fix(ci): expose workflow_changed output for fast-build gate 
Refs #1249
 2026-02-21 21:58:35 +08:00
Chummy 2556a7e202 fix(ci): run fast-build checks for workflow-only changes 
Refs #1249
 2026-02-21 21:58:35 +08:00
Chummy f85e34010e fix(ci): harden fast build when cargo-slicer rustc-driver drifts 
Refs #1249
 2026-02-21 21:58:35 +08:00
Yijun Yu 66ee7e31ac ci: enable MIR-precise analysis for 27% faster builds 
Update ci-build-fast.yml to use MIR-precise mode, which reads actual
compiler MIR to build a ground-truth call graph. This stubs 1,060 mono
items (vs 799 with syn-based analysis), reducing fresh build wall time
by 27.2% on a 48-core server (vs 9.1% with syn alone).

Update docs with new benchmark table showing both modes.
 2026-02-21 17:57:07 +08:00
Yijun Yu c34187f7d9 ci: add accelerated release build via cargo-slicer 
Add ci-build-fast.yml that runs a cargo-slicer-optimized release build
alongside the existing Build (Smoke) job. cargo-slicer stubs 2,059
unreachable library functions at the MIR level, skipping their LLVM
codegen. Benchmarks show -11.7% wall time on a 48-core server and
-28.6% on a Raspberry Pi 4; 2-vCPU CI runners should see ~25-30%.

The new job is non-blocking — it does not gate merges.
 2026-02-21 17:57:07 +08:00
Will Sarg 0a40989294 fix(release): verify ghcr tag via anonymous token flow (#1207) 2026-02-21 03:24:27 -05:00
Will Sarg 049029897d fix(release): write sigstore bundle during cosign signing (#1201) 2026-02-21 03:04:46 -05:00
Will Sarg eb19bc1ff2 fix(release): remove conflicting cosign oidc issuer override (#1198) 2026-02-21 02:51:10 -05:00
Will Sarg 1f4fea7afc fix(release): run matrix build step with bash shell (#1196) 2026-02-21 02:37:12 -05:00
Will Sarg 1e16f59fd5 fix(release): skip blacksmith rust-cache on windows jobs (#1195) 2026-02-21 02:33:17 -05:00
Alex Gorevski 1e01cd9713 fix ci-run 2026-02-20 11:51:16 -08:00
Alex Gorevski d0de947d3e fix the bash scripts for binary size 2026-02-20 11:45:44 -08:00
Alex Gorevski da2d524211 feat(ci): block workflows if binary increases beyond 20mb 2026-02-20 11:19:02 -08:00
Alex Gorevski 0ea541027b Merge pull request #1129 from zeroclaw-labs/bugfix/actionlint 
fix(ci): use grouped redirect for GITHUB_OUTPUT writes in pub-release
 2026-02-20 09:46:17 -08:00
Alex Gorevski 152aa52c7d Merge pull request #1128 from zeroclaw-labs/feat/build-with-release-fast 
feat(ci): build with release-fast
 2026-02-20 09:45:13 -08:00
Alex Gorevski 72027ff8f3 fix(ci): use grouped redirect for GITHUB_OUTPUT writes in pub-release 
Replace individual >> redirects with a single grouped { ... } >> block
to resolve shellcheck SC2129 and satisfy actionlint.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-20 09:43:27 -08:00
Alex Gorevski b3a6f73b4a Merge pull request #810 from zeroclaw-labs/fix/first-interaction-input-keys-761 
fix(ci): correct first-interaction input keys
 2026-02-20 09:38:50 -08:00
Alex Gorevski ae7f297d17 feat(ci): build with release-fast 2026-02-20 09:20:25 -08:00
Will Sarg 3e868902ab fix(ci): sync release publishing with GHCR and add runbook (#1087) 2026-02-20 07:10:09 -05:00
dependabot[bot] bd7b59151a chore(deps): bump actions/download-artifact from 4.3.0 to 7.0.0 (#1073) 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4.3.0 to 7.0.0.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/d3f86a106a0bac45b974a628896c90dbdf5c8093...37930b1c2abaa49bbe596cd826c3c89aef350131)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-20 05:27:25 -05:00
dependabot[bot] 12fd87623a chore(deps): bump sigstore/cosign-installer from 3.8.2 to 4.0.0 (#1067) 
Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 3.8.2 to 4.0.0.
- [Release notes](https://github.com/sigstore/cosign-installer/releases)
- [Commits](https://github.com/sigstore/cosign-installer/compare/3454372f43399081ed03b604cb2d021dabca52bb...faadad0cce49287aee09b3a48701e75088a2c6ad)

---
updated-dependencies:
- dependency-name: sigstore/cosign-installer
  dependency-version: 4.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-20 04:39:29 -05:00
Chummy f10bb998e0 fix(build): unblock low-resource installs and release binaries (#1041) 
* fix(build): unblock low-resource installs and release binaries

* fix(ci): use supported intel macOS runner label
 2026-02-19 23:24:43 -05:00
Alex Gorevski fedfd6ae01 Merge pull request #847 from agorevski/algore/cicd-descript-release-matrix 
perf(ci): reduce GitHub Actions costs ~60-65% across all workflows
 2026-02-19 06:54:40 -08:00
Chummy b611609c30 ci(docker): publish multi-arch latest and harden release tagging path 2026-02-19 19:32:18 +08:00
Alex Gorevski 00c0995213 fix(ci): restore broken YAML structure in 3 workflows, revert aggressive STALE_HOURS 
- pr-auto-response.yml: restore permissions, steps, and checkout in
  contributor-tier-issues job (broken by runner swap)
- pr-check-stale.yml: restore steps block and step name
- pr-intake-checks.yml: restore steps block, checkout, and timeout
- pr-check-status.yml: revert STALE_HOURS from 4 to 48 (not a cost
  optimization; 4h is too aggressive), switch to ubuntu-latest per
  PR description

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-02-18 21:26:14 -08:00
Alex Gorevski 825f42071c Merge branch 'main' into algore/cicd-descript-release-matrix 2026-02-18 21:15:51 -08:00
Alex Gorevski 44725da08c perf(ci): reduce GitHub Actions costs ~60-65% across all workflows 
Analysis of Feb 17 data showed 400+ workflow runs/day consuming ~398 billable minutes (~200 hours/month projected). Implemented targeted optimizations:

High-impact changes:

- sec-audit.yml: add path filters (Cargo.toml, src/**, crates/**, deny.toml); skip docs-only PRs

- test-benchmarks.yml: move from every-push-to-main to weekly schedule; retention 30d -> 7d

- pub-docker-img.yml: tighten PR smoke build path filters to Docker-specific files only

- sec-codeql.yml: reduce from twice-daily (14 runs/week) to weekly

Medium-impact changes:

- ci-run.yml: merge lint + lint-strict-delta into single job; drop --release from smoke build

- feature-matrix.yml: remove push trigger (weekly-only); remove redundant cargo test step

- dependabot.yml: monthly instead of weekly; reduce PR limits from 11 to 5/month; group all deps

Runner cost savings:

- Switch 6 lightweight API-only workflows to ubuntu-latest (PR Labeler, Intake, Auto Responder, Check Stale, Check Status, Sync Contributors)

- pr-check-status.yml: reduce from every 12h to daily

New files:

- docs/ci-cost-optimization.md: comprehensive analysis and revised architecture documentation

- scripts/ci/fetch_actions_data.py: reusable GitHub Actions cost analysis script

Estimated impact: daily billable minutes ~400 -> ~120-150 (60-65%% reduction), monthly hours ~200 -> ~60-75, Dependabot PRs ~44/month -> ~5 (89%% reduction)
 2026-02-18 21:14:47 -08:00