core/cli
8
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions 1

ci(workflows): use host-uk/build@dev for releases (#264)

Browse source 
* ci(workflows): use host-uk/build@dev for releases

- Replace manual Go bootstrap with host-uk/build@dev action
- Add matrix builds for linux/amd64, linux/arm64, darwin/universal, windows/amd64
- Update README URLs from Snider/Core to host-uk/core
- Simplify artifact handling with merge-multiple

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* docs(mkdocs): update repo references to host-uk/core

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* chore(coderabbit): disable auto-review, manual trigger only

Trigger with @coderabbitai review to control costs.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* feat(ci): implement semver release channels

- Rename dev-release.yml → alpha-release.yml
- Alpha builds: v0.0.4-alpha.{run_number} (prerelease)
- Add pr-build.yml for draft releases
- PR builds: v0.0.4-pr.{num}.bid.{id} (draft, not published)
- Add attestation permissions for SLSA compliance
- No more deleting/recreating dev tag

Versioning strategy:
- Draft: +pr.{NUM}.bid.{ID} (testable, not published)
- Alpha: -alpha.{N} (canary channel)
- Beta: -beta (quality scored)
- RC: -rc.{N} (release candidate)
- Stable: no suffix

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* fix(ci): use build@v3 and dot notation for versions

- Switch from host-uk/build@dev to host-uk/build@v3
- Use dots instead of + for build metadata (GitHub tag compatible)
- v0.0.4.pr.{num}.bid.{id} format for PR drafts

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* ci(workflows): update all actions to latest versions

- actions/setup-go: v5 → v6 (Go 1.25+ support)
- actions/upload-artifact: v4 → v6 (immutable artifacts)
- actions/download-artifact: v4 → v7 (attestations support)
- actions/github-script: v7 → v8 (Node 20)
- actions/checkout: standardized on v6

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* ci: temporarily use self-hosted runners

Testing build on local runners while GitHub hosted runners are backed up.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* ci: fix webkit dep for Ubuntu 20.04 runners

Fall back to libwebkit2gtk-4.0-dev on older Ubuntu.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* test: skip unwritable dir test when running as root

Docker self-hosted runners run as root, which can write anywhere.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

* ci: revert to ubuntu-latest runners

Self-hosted runners need environment parity work (ARM64, root user, SDK tools).
Keep self-hosted for future local-llm integration tasks.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Snider 2026-02-04 08:54:24 +00:00 committed by GitHub
parent 15bc295fd4
commit b6fbb781d5
28 changed files with 1143 additions and 88 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.coderabbit.yaml
View file

@ -1,7 +1,10 @@
# CodeRabbit Configuration # CodeRabbit Configuration
# Inherits from: https://github.com/host-uk/coderabbit/.coderabbit.yaml # Inherits from: https://github.com/host-uk/coderabbit/.coderabbit.yaml
# Manual trigger only: @coderabbitai review
reviews: reviews:
auto_review:
enabled: false
review_status: false review_status: false
path_instructions: path_instructions:

3
.github/workflows/agent-verify.yml vendored
View file

@ -1,4 +1,5 @@
name: Agent Verification Workflow # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issues
name: "Agent Verification: Issue Labeled"
on: on:
issues: issues:

92
.github/workflows/alpha-release-manual.yml vendored Normal file
View file

@ -0,0 +1,92 @@
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
name: "Alpha Release: Manual"
on:
workflow_dispatch:
permissions:
contents: write
id-token: write
attestations: write
env:
NEXT_VERSION: "0.0.4"
jobs:
build:
strategy:
matrix:
include:
- os: ubuntu-latest
platform: linux/amd64
- os: ubuntu-latest
platform: linux/arm64
- os: macos-latest
platform: darwin/universal
- os: windows-latest
platform: windows/amd64
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v6
- name: Build
uses: host-uk/build@v3
with:
build-name: core
build-platform: ${{ matrix.platform }}
build: true
package: true
sign: false
release:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Download artifacts
uses: actions/download-artifact@v7
with:
path: dist
merge-multiple: true
- name: Prepare release files
run: |
mkdir -p release
cp dist/* release/ 2>/dev/null || true
ls -la release/
- name: Create alpha release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
VERSION="v${{ env.NEXT_VERSION }}-alpha.${{ github.run_number }}"
gh release create "$VERSION" \
--title "Alpha: $VERSION" \
--notes "Canary build from dev branch.
**Version:** $VERSION
**Commit:** ${{ github.sha }}
**Built:** $(date -u +'%Y-%m-%d %H:%M:%S UTC')
**Run:** ${{ github.run_id }}
## Channel: Alpha (Canary)
This is an automated pre-release for early testing.
- Systems and early adopters can test breaking changes
- Quality scoring determines promotion to beta
- Use stable releases for production
## Installation
\`\`\`bash
# macOS/Linux
curl -fsSL https://github.com/host-uk/core/releases/download/$VERSION/core-linux-amd64 -o core
chmod +x core && sudo mv core /usr/local/bin/
\`\`\`
" \
--prerelease \
--target dev \
release/*

93
.github/workflows/alpha-release-push.yml vendored Normal file
View file

@ -0,0 +1,93 @@
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push
name: "Alpha Release: Push"
on:
push:
branches: [dev]
permissions:
contents: write
id-token: write
attestations: write
env:
NEXT_VERSION: "0.0.4"
jobs:
build:
strategy:
matrix:
include:
- os: ubuntu-latest
platform: linux/amd64
- os: ubuntu-latest
platform: linux/arm64
- os: macos-latest
platform: darwin/universal
- os: windows-latest
platform: windows/amd64
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v6
- name: Build
uses: host-uk/build@v3
with:
build-name: core
build-platform: ${{ matrix.platform }}
build: true
package: true
sign: false
release:
needs: build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Download artifacts
uses: actions/download-artifact@v7
with:
path: dist
merge-multiple: true
- name: Prepare release files
run: |
mkdir -p release
cp dist/* release/ 2>/dev/null || true
ls -la release/
- name: Create alpha release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
VERSION="v${{ env.NEXT_VERSION }}-alpha.${{ github.run_number }}"
gh release create "$VERSION" \
--title "Alpha: $VERSION" \
--notes "Canary build from dev branch.
**Version:** $VERSION
**Commit:** ${{ github.sha }}
**Built:** $(date -u +'%Y-%m-%d %H:%M:%S UTC')
**Run:** ${{ github.run_id }}
## Channel: Alpha (Canary)
This is an automated pre-release for early testing.
- Systems and early adopters can test breaking changes
- Quality scoring determines promotion to beta
- Use stable releases for production
## Installation
\`\`\`bash
# macOS/Linux
curl -fsSL https://github.com/host-uk/core/releases/download/$VERSION/core-linux-amd64 -o core
chmod +x core && sudo mv core /usr/local/bin/
\`\`\`
" \
--prerelease \
--target dev \
release/*

48
.github/workflows/dev-release.yml.disabled → .github/workflows/alpha-release.yml vendored
View file

@ -1,4 +1,4 @@
name: Dev Release name: Alpha Release
on: on:
push: push:
@ -7,9 +7,12 @@ on:
permissions: permissions:
contents: write contents: write
id-token: write
attestations: write
env: env:
CORE_VERSION: dev # Next version - update when releasing
NEXT_VERSION: "0.0.4"
jobs: jobs:
build: build:
@ -26,10 +29,10 @@ jobs:
platform: windows/amd64 platform: windows/amd64
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v6
- name: Build - name: Build
uses: host-uk/build@dev uses: host-uk/build@v3
with: with:
build-name: core build-name: core
build-platform: ${{ matrix.platform }} build-platform: ${{ matrix.platform }}
@ -41,10 +44,10 @@ jobs:
needs: build needs: build
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v6
- name: Download artifacts - name: Download artifacts
uses: actions/download-artifact@v4 uses: actions/download-artifact@v7
with: with:
path: dist path: dist
merge-multiple: true merge-multiple: true
@ -55,34 +58,37 @@ jobs:
cp dist/* release/ 2>/dev/null || true cp dist/* release/ 2>/dev/null || true
ls -la release/ ls -la release/
- name: Delete existing dev release - name: Create alpha release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: gh release delete dev -y || true
- name: Delete existing dev tag
run: git push origin :refs/tags/dev || true
- name: Create dev release
env: env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: | run: |
gh release create dev \ VERSION="v${{ env.NEXT_VERSION }}-alpha.${{ github.run_number }}"
--title "Development Build" \
--notes "Latest development build from the dev branch.
gh release create "$VERSION" \
--title "Alpha: $VERSION" \
--notes "Canary build from dev branch.
**Version:** $VERSION
**Commit:** ${{ github.sha }} **Commit:** ${{ github.sha }}
**Built:** $(date -u +'%Y-%m-%d %H:%M:%S UTC') **Built:** $(date -u +'%Y-%m-%d %H:%M:%S UTC')
**Run:** ${{ github.run_id }}
## Channel: Alpha (Canary)
This is an automated pre-release for early testing.
- Systems and early adopters can test breaking changes
- Quality scoring determines promotion to beta
- Use stable releases for production
## Installation ## Installation
\`\`\`bash \`\`\`bash
# macOS/Linux # macOS/Linux
curl -fsSL https://github.com/host-uk/core/releases/download/dev/core-linux-amd64 -o core curl -fsSL https://github.com/host-uk/core/releases/download/$VERSION/core-linux-amd64 -o core
chmod +x core && sudo mv core /usr/local/bin/ chmod +x core && sudo mv core /usr/local/bin/
\`\`\` \`\`\`
" \
This is a pre-release for testing. Use tagged releases for production." \
--prerelease \ --prerelease \
--target dev \ --target dev \
release/* release/*

3
.github/workflows/auto-label.yml vendored
View file

@ -1,4 +1,5 @@
name: Auto Label Issues # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issues
name: "Auto Label: Issue Created/Edited"
on: on:
issues: issues:

3
.github/workflows/auto-project.yml vendored
View file

@ -1,4 +1,5 @@
name: Auto-add to Project # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#issues
name: "Auto Project: Issue Created/Labeled"
on: on:
issues: issues:

41
.github/workflows/ci-manual.yml vendored Normal file
View file

@ -0,0 +1,41 @@
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
name: "CI: Manual"
on:
workflow_dispatch:
env:
CORE_VERSION: dev
jobs:
qa:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version-file: 'go.mod'
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev
- name: Build core CLI
run: |
go build -ldflags "-X github.com/host-uk/core/pkg/cli.AppVersion=${{ env.CORE_VERSION }}" -o /usr/local/bin/core .
core --version
- name: Generate code
run: go generate ./internal/cmd/updater/...
- name: Run QA
# Skip lint until golangci-lint supports Go 1.25
run: core go qa --skip=lint
- name: Verify build
run: |
core build --targets=linux/amd64 --ci
dist/linux_amd64/core --version

42
.github/workflows/ci-pull-request.yml vendored Normal file
View file

@ -0,0 +1,42 @@
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
name: "CI: Pull Request"
on:
pull_request:
branches: [dev, main]
env:
CORE_VERSION: dev
jobs:
qa:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version-file: 'go.mod'
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev
- name: Build core CLI
run: |
go build -ldflags "-X github.com/host-uk/core/pkg/cli.AppVersion=${{ env.CORE_VERSION }}" -o /usr/local/bin/core .
core --version
- name: Generate code
run: go generate ./internal/cmd/updater/...
- name: Run QA
# Skip lint until golangci-lint supports Go 1.25
run: core go qa --skip=lint
- name: Verify build
run: |
core build --targets=linux/amd64 --ci
dist/linux_amd64/core --version

42
.github/workflows/ci-push.yml vendored Normal file
View file

@ -0,0 +1,42 @@
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push
name: "CI: Push"
on:
push:
branches: [dev, main]
env:
CORE_VERSION: dev
jobs:
qa:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version-file: 'go.mod'
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev
- name: Build core CLI
run: |
go build -ldflags "-X github.com/host-uk/core/pkg/cli.AppVersion=${{ env.CORE_VERSION }}" -o /usr/local/bin/core .
core --version
- name: Generate code
run: go generate ./internal/cmd/updater/...
- name: Run QA
# Skip lint until golangci-lint supports Go 1.25
run: core go qa --skip=lint
- name: Verify build
run: |
core build --targets=linux/amd64 --ci
dist/linux_amd64/core --version

4
.github/workflows/ci.yml vendored
View file

@ -24,7 +24,9 @@ jobs:
- name: Install system dependencies - name: Install system dependencies
run: | run: |
sudo apt-get update sudo apt-get update
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev # Try 4.1 first (Ubuntu 22.04+), fall back to 4.0 (Ubuntu 20.04)
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev || \
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev
- name: Build core CLI - name: Build core CLI
run: | run: |

32
.github/workflows/codeql-pull-request.yml vendored Normal file
View file

@ -0,0 +1,32 @@
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
name: "CodeQL: Pull Request"
on:
pull_request:
branches: [dev, main]
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: go
- name: Autobuild
uses: github/codeql-action/autobuild@v4
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
with:
category: "/language:go"

32
.github/workflows/codeql-push.yml vendored Normal file
View file

@ -0,0 +1,32 @@
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push
name: "CodeQL: Push"
on:
push:
branches: [dev, main]
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: go
- name: Autobuild
uses: github/codeql-action/autobuild@v4
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
with:
category: "/language:go"

32
.github/workflows/codeql-schedule.yml vendored Normal file
View file

@ -0,0 +1,32 @@
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule
name: "CodeQL: Schedule"
on:
schedule:
- cron: "0 6 * * 1"
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: go
- name: Autobuild
uses: github/codeql-action/autobuild@v4
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
with:
category: "/language:go"

30
.github/workflows/codescan-pull-request.yml vendored Normal file
View file

@ -0,0 +1,30 @@
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
name: "Code Scanning: Pull Request"
on:
pull_request:
branches: ["dev"]
jobs:
CodeQL:
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
steps:
- name: "Checkout Repository"
uses: actions/checkout@v6
- name: "Initialize CodeQL"
uses: github/codeql-action/init@v4
with:
languages: go,javascript,typescript
- name: "Autobuild"
uses: github/codeql-action/autobuild@v4
- name: "Perform CodeQL Analysis"
uses: github/codeql-action/analyze@v4

30
.github/workflows/codescan-push.yml vendored Normal file
View file

@ -0,0 +1,30 @@
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push
name: "Code Scanning: Push"
on:
push:
branches: ["dev"]
jobs:
CodeQL:
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
steps:
- name: "Checkout Repository"
uses: actions/checkout@v6
- name: "Initialize CodeQL"
uses: github/codeql-action/init@v4
with:
languages: go,javascript,typescript
- name: "Autobuild"
uses: github/codeql-action/autobuild@v4
- name: "Perform CodeQL Analysis"
uses: github/codeql-action/analyze@v4

30
.github/workflows/codescan-schedule.yml vendored Normal file
View file

@ -0,0 +1,30 @@
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule
name: "Code Scanning: Schedule"
on:
schedule:
- cron: "0 2 * * 1-5"
jobs:
CodeQL:
runs-on: ubuntu-latest
permissions:
security-events: write
actions: read
contents: read
steps:
- name: "Checkout Repository"
uses: actions/checkout@v6
- name: "Initialize CodeQL"
uses: github/codeql-action/init@v4
with:
languages: go,javascript,typescript
- name: "Autobuild"
uses: github/codeql-action/autobuild@v4
- name: "Perform CodeQL Analysis"
uses: github/codeql-action/analyze@v4

46
.github/workflows/coverage-manual.yml vendored Normal file
View file

@ -0,0 +1,46 @@
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
name: "Coverage: Manual"
on:
workflow_dispatch:
env:
CORE_VERSION: dev
jobs:
coverage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version-file: 'go.mod'
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev
- name: Build core CLI
run: |
go build -ldflags "-X github.com/host-uk/core/pkg/cli.AppVersion=${{ env.CORE_VERSION }}" -o /usr/local/bin/core .
core --version
- name: Generate code
run: go generate ./internal/cmd/updater/...
- name: Run coverage
run: core go cov
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
- name: Upload coverage report
uses: actions/upload-artifact@v6
with:
name: coverage-report
path: coverage.txt

47
.github/workflows/coverage-pull-request.yml vendored Normal file
View file

@ -0,0 +1,47 @@
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
name: "Coverage: Pull Request"
on:
pull_request:
branches: [dev, main]
env:
CORE_VERSION: dev
jobs:
coverage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version-file: 'go.mod'
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev
- name: Build core CLI
run: |
go build -ldflags "-X github.com/host-uk/core/pkg/cli.AppVersion=${{ env.CORE_VERSION }}" -o /usr/local/bin/core .
core --version
- name: Generate code
run: go generate ./internal/cmd/updater/...
- name: Run coverage
run: core go cov
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
- name: Upload coverage report
uses: actions/upload-artifact@v6
with:
name: coverage-report
path: coverage.txt

47
.github/workflows/coverage-push.yml vendored Normal file
View file

@ -0,0 +1,47 @@
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push
name: "Coverage: Push"
on:
push:
branches: [dev, main]
env:
CORE_VERSION: dev
jobs:
coverage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- name: Set up Go
uses: actions/setup-go@v6
with:
go-version-file: 'go.mod'
- name: Install system dependencies
run: |
sudo apt-get update
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev
- name: Build core CLI
run: |
go build -ldflags "-X github.com/host-uk/core/pkg/cli.AppVersion=${{ env.CORE_VERSION }}" -o /usr/local/bin/core .
core --version
- name: Generate code
run: go generate ./internal/cmd/updater/...
- name: Run coverage
run: core go cov
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
- name: Upload coverage report
uses: actions/upload-artifact@v6
with:
name: coverage-report
path: coverage.txt

6
.github/workflows/coverage.yml vendored
View file

@ -24,7 +24,9 @@ jobs:
- name: Install system dependencies - name: Install system dependencies
run: | run: |
sudo apt-get update sudo apt-get update
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev # Try 4.1 first (Ubuntu 22.04+), fall back to 4.0 (Ubuntu 20.04)
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.1-dev || \
sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev
- name: Build core CLI - name: Build core CLI
run: | run: |
@ -43,7 +45,7 @@ jobs:
token: ${{ secrets.CODECOV_TOKEN }} token: ${{ secrets.CODECOV_TOKEN }}
- name: Upload coverage report - name: Upload coverage report
uses: actions/upload-artifact@v4 uses: actions/upload-artifact@v6
with: with:
name: coverage-report name: coverage-report
path: coverage.txt path: coverage.txt

89
.github/workflows/pr-build-manual.yml vendored Normal file
View file

@ -0,0 +1,89 @@
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#workflow_dispatch
name: "PR Build: Manual"
on:
workflow_dispatch:
inputs:
pr_number:
description: 'PR number to build'
required: true
type: number
permissions:
contents: write
pull-requests: read
env:
NEXT_VERSION: "0.0.4"
jobs:
build:
strategy:
matrix:
include:
- os: ubuntu-latest
platform: linux/amd64
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v6
- name: Build
uses: host-uk/build@v3
with:
build-name: core
build-platform: ${{ matrix.platform }}
build: true
package: true
sign: false
draft-release:
needs: build
runs-on: ubuntu-latest
env:
PR_NUM: ${{ inputs.pr_number }}
PR_SHA: ${{ github.sha }}
steps:
- uses: actions/checkout@v6
- name: Download artifacts
uses: actions/download-artifact@v7
with:
path: dist
merge-multiple: true
- name: Prepare release files
run: |
mkdir -p release
cp dist/* release/ 2>/dev/null || true
ls -la release/
- name: Create draft release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
TAG="v${{ env.NEXT_VERSION }}.pr.${PR_NUM}.bid.${{ github.run_id }}"
# Delete existing draft for this PR if it exists
gh release delete "$TAG" -y 2>/dev/null || true
git push origin ":refs/tags/$TAG" 2>/dev/null || true
gh release create "$TAG" \
--title "Draft: PR #${PR_NUM}" \
--notes "Draft build for PR #${PR_NUM}.
**Version:** $TAG
**PR:** #${PR_NUM}
**Commit:** ${PR_SHA}
**Built:** $(date -u +'%Y-%m-%d %H:%M:%S UTC')
**Run:** ${{ github.run_id }}
## Channel: Draft
This is a draft build for testing PR changes before merge.
Not intended for production use.
Build artifacts available for download and testing.
" \
--draft \
--prerelease \
release/*

89
.github/workflows/pr-build-pull-request.yml vendored Normal file
View file

@ -0,0 +1,89 @@
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
name: "PR Build: Pull Request"
on:
pull_request:
types: [opened, synchronize, reopened]
permissions:
contents: write
pull-requests: read
env:
NEXT_VERSION: "0.0.4"
jobs:
build:
# Only build if PR is from the same repo (not forks)
if: github.event.pull_request.head.repo.full_name == github.repository
strategy:
matrix:
include:
- os: ubuntu-latest
platform: linux/amd64
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v6
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Build
uses: host-uk/build@v3
with:
build-name: core
build-platform: ${{ matrix.platform }}
build: true
package: true
sign: false
draft-release:
needs: build
runs-on: ubuntu-latest
env:
PR_NUM: ${{ github.event.pull_request.number }}
PR_SHA: ${{ github.event.pull_request.head.sha }}
steps:
- uses: actions/checkout@v6
- name: Download artifacts
uses: actions/download-artifact@v7
with:
path: dist
merge-multiple: true
- name: Prepare release files
run: |
mkdir -p release
cp dist/* release/ 2>/dev/null || true
ls -la release/
- name: Create draft release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
TAG="v${{ env.NEXT_VERSION }}.pr.${PR_NUM}.bid.${{ github.run_id }}"
# Delete existing draft for this PR if it exists
gh release delete "$TAG" -y 2>/dev/null || true
git push origin ":refs/tags/$TAG" 2>/dev/null || true
gh release create "$TAG" \
--title "Draft: PR #${PR_NUM}" \
--notes "Draft build for PR #${PR_NUM}.
**Version:** $TAG
**PR:** #${PR_NUM}
**Commit:** ${PR_SHA}
**Built:** $(date -u +'%Y-%m-%d %H:%M:%S UTC')
**Run:** ${{ github.run_id }}
## Channel: Draft
This is a draft build for testing PR changes before merge.
Not intended for production use.
Build artifacts available for download and testing.
" \
--draft \
--prerelease \
release/*

97
.github/workflows/pr-build.yml vendored Normal file
View file

@ -0,0 +1,97 @@
name: PR Build
on:
pull_request:
types: [opened, synchronize, reopened]
workflow_dispatch:
inputs:
pr_number:
description: 'PR number to build'
required: true
type: number
permissions:
contents: write
pull-requests: read
env:
# Next version - update when releasing
NEXT_VERSION: "0.0.4"
jobs:
build:
# Only build if PR is from the same repo (not forks) or manually triggered
if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name == 'workflow_dispatch'
strategy:
matrix:
include:
- os: ubuntu-latest
platform: linux/amd64
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
with:
ref: ${{ github.event.pull_request.head.sha || github.sha }}
- name: Build
uses: host-uk/build@v3
with:
build-name: core
build-platform: ${{ matrix.platform }}
build: true
package: true
sign: false
draft-release:
needs: build
runs-on: ubuntu-latest
env:
# Safe: PR number is numeric, not user-controlled string
PR_NUM: ${{ github.event.pull_request.number || inputs.pr_number }}
PR_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
steps:
- uses: actions/checkout@v6
- name: Download artifacts
uses: actions/download-artifact@v7
with:
path: dist
merge-multiple: true
- name: Prepare release files
run: |
mkdir -p release
cp dist/* release/ 2>/dev/null || true
ls -la release/
- name: Create draft release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
# Use dots for build metadata (semver v1 compatible)
TAG="v${{ env.NEXT_VERSION }}.pr.${PR_NUM}.bid.${{ github.run_id }}"
# Delete existing draft for this PR if it exists
gh release delete "$TAG" -y 2>/dev/null || true
git push origin ":refs/tags/$TAG" 2>/dev/null || true
gh release create "$TAG" \
--title "Draft: PR #${PR_NUM}" \
--notes "Draft build for PR #${PR_NUM}.
**Version:** $TAG
**PR:** #${PR_NUM}
**Commit:** ${PR_SHA}
**Built:** $(date -u +'%Y-%m-%d %H:%M:%S UTC')
**Run:** ${{ github.run_id }}
## Channel: Draft
This is a draft build for testing PR changes before merge.
Not intended for production use.
Build artifacts available for download and testing.
" \
--draft \
--prerelease \
release/*

77
.github/workflows/release.yml vendored
View file

@ -1,4 +1,5 @@
name: Release # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#push
name: "Release: Tag Push"
on: on:
push: push:
@ -14,74 +15,31 @@ jobs:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
goos: linux platform: linux/amd64
goarch: amd64
ext: ""
- os: ubuntu-latest - os: ubuntu-latest
goos: linux platform: linux/arm64
goarch: arm64
ext: ""
- os: macos-latest - os: macos-latest
goos: darwin platform: darwin/universal
goarch: amd64
ext: ""
- os: macos-latest
goos: darwin
goarch: arm64
ext: ""
- os: windows-latest - os: windows-latest
goos: windows platform: windows/amd64
goarch: amd64
ext: ".exe"
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v6
- name: Setup Go - name: Build
uses: actions/setup-go@v6 uses: host-uk/build@v3
with: with:
go-version: '1.23' build-name: core
cache: true build-platform: ${{ matrix.platform }}
build: true
- name: Build CLI package: true
shell: bash sign: false
env:
GOOS: ${{ matrix.goos }}
GOARCH: ${{ matrix.goarch }}
CGO_ENABLED: "0"
run: |
mkdir -p dist
go build -ldflags="-s -w -X main.Version=${{ github.ref_name }}" \
-o dist/core${{ matrix.ext }} \
.
- name: Create archive (Unix)
if: matrix.goos != 'windows'
shell: bash
run: |
cd dist
tar -czvf core-${{ matrix.goos }}-${{ matrix.goarch }}.tar.gz core
rm core
- name: Create archive (Windows)
if: matrix.goos == 'windows'
shell: pwsh
run: |
cd dist
Compress-Archive -Path core.exe -DestinationPath core-${{ matrix.goos }}-${{ matrix.goarch }}.zip
Remove-Item core.exe
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: core-${{ matrix.goos }}-${{ matrix.goarch }}
path: dist/core-*
release: release:
needs: build needs: build
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v6
- name: Download artifacts - name: Download artifacts
uses: actions/download-artifact@v7 uses: actions/download-artifact@v7
@ -98,8 +56,9 @@ jobs:
- name: Create release - name: Create release
env: env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG_NAME: ${{ github.ref_name }}
run: | run: |
gh release create ${{ github.ref_name }} \ gh release create "$TAG_NAME" \
--title "Release ${{ github.ref_name }}" \ --title "Release $TAG_NAME" \
--generate-notes \ --generate-notes \
release/* release/*

166
ISSUES_TRIAGE.md Normal file
View file

@ -0,0 +1,166 @@
# Issues Triage
Generated: 2026-02-02
## Summary
- **Total Open Issues**: 46
- **High Priority**: 6
- **Audit Meta-Issues**: 13 (for Jules AI)
- **Audit Derived Issues**: 20 (created from audits)
---
## High Priority Issues
| # | Title | Labels |
|---|-------|--------|
| 183 | audit: OWASP Top 10 security review | priority:high, jules |
| 189 | audit: Test coverage and quality | priority:high, jules |
| 191 | audit: API design and consistency | priority:high, jules |
| 218 | Increase test coverage for low-coverage packages | priority:high, testing |
| 219 | Add tests for edge cases, error paths, integration | priority:high, testing |
| 168 | feat(crypt): Implement standalone pkg/crypt | priority:high, enhancement |
---
## Audit Meta-Issues (For Jules AI)
These are high-level audit tasks that spawn sub-issues:
| # | Title | Complexity |
|---|-------|------------|
| 183 | audit: OWASP Top 10 security review | large |
| 184 | audit: Authentication and authorization flows | medium |
| 186 | audit: Secrets, credentials, and configuration security | medium |
| 187 | audit: Error handling and logging practices | medium |
| 188 | audit: Code complexity and maintainability | large |
| 189 | audit: Test coverage and quality | large |
| 190 | audit: Performance bottlenecks and optimization | large |
| 191 | audit: API design and consistency | large |
| 192 | audit: Documentation completeness and quality | large |
| 193 | audit: Developer experience (DX) review | large |
| 197 | [Audit] Concurrency and Race Condition Analysis | medium |
| 198 | [Audit] CI/CD Pipeline Security | medium |
| 199 | [Audit] Architecture Patterns | large |
| 201 | [Audit] Error Handling and Recovery | medium |
| 202 | [Audit] Configuration Management | medium |
---
## By Category
### Security (4 issues)
| # | Title | Priority |
|---|-------|----------|
| 221 | Remove StrictHostKeyChecking=no from SSH commands | - |
| 222 | Sanitize user input in execInContainer to prevent injection | - |
| 183 | audit: OWASP Top 10 security review | high |
| 213 | Add logging for security events (authentication, access) | - |
### Testing (3 issues)
| # | Title | Priority |
|---|-------|----------|
| 218 | Increase test coverage for low-coverage packages | high |
| 219 | Add tests for edge cases, error paths, integration | high |
| 220 | Configure branch coverage measurement in test tooling | - |
### Error Handling (4 issues)
| # | Title |
|---|-------|
| 227 | Standardize on cli.Error for user-facing errors, deprecate cli.Fatal |
| 228 | Implement panic recovery mechanism with graceful shutdown |
| 229 | Log all errors at handling point with contextual information |
| 230 | Centralize user-facing error strings in i18n translation files |
### Documentation (6 issues)
| # | Title |
|---|-------|
| 231 | Update README.md to reflect actual configuration management |
| 233 | Add CONTRIBUTING.md with contribution guidelines |
| 234 | Add CHANGELOG.md to track version changes |
| 235 | Add user documentation: user guide, FAQ, troubleshooting |
| 236 | Add configuration documentation to README |
| 237 | Add Architecture Decision Records (ADRs) |
### Architecture (3 issues)
| # | Title |
|---|-------|
| 215 | Refactor Core struct to smaller, focused components |
| 216 | Introduce typed messaging system for IPC (replace interface{}) |
| 232 | Create centralized configuration service |
### Performance (2 issues)
| # | Title |
|---|-------|
| 224 | Add streaming API to pkg/io/local for large file handling |
| 225 | Use background goroutines for long-running operations |
### Logging (3 issues)
| # | Title |
|---|-------|
| 212 | Implement structured logging (JSON format) |
| 213 | Add logging for security events |
| 214 | Implement log retention policy |
### New Features (7 issues)
| # | Title | Priority |
|---|-------|----------|
| 168 | feat(crypt): Implement standalone pkg/crypt | high |
| 167 | feat(config): Implement standalone pkg/config | - |
| 170 | feat(plugin): Consolidate pkg/module into pkg/plugin | - |
| 171 | feat(cli): Implement build variants | - |
| 217 | Implement authentication and authorization features | - |
| 211 | feat(setup): add .core/setup.yaml for dev environment | - |
### Help System (5 issues)
| # | Title | Complexity |
|---|-------|------------|
| 133 | feat(help): Implement display-agnostic help system | large |
| 134 | feat(help): Remove Wails dependencies from pkg/help | large |
| 135 | docs(help): Create help content for core CLI | large |
| 136 | feat(help): Add CLI help command | small |
| 138 | feat(help): Implement Catalog and Topic types | large |
| 139 | feat(help): Implement full-text search | small |
---
## Potential Duplicates / Overlaps
1. **Error Handling**: #187, #201, #227-230 all relate to error handling
2. **Documentation**: #192, #231-237 all relate to documentation
3. **Configuration**: #202, #167, #232 all relate to configuration
4. **Security Audits**: #183, #184, #186, #221, #222 all relate to security
---
## Recommendations
1. **Close audit meta-issues as work is done**: Issues #183-202 are meta-audit issues that should be closed once their derived issues are created/completed.
2. **Link related issues**: Create sub-issue relationships:
- #187 (audit: error handling) -> #227, #228, #229, #230
- #192 (audit: docs) -> #231, #233, #234, #235, #236, #237
- #202 (audit: config) -> #167, #232
3. **Good first issues**: #136, #139 are marked as good first issues
4. **Consider closing duplicates**:
- #187 vs #201 (both about error handling)
- #192 vs #231-237 (documentation)
5. **Priority order for development**:
1. Security fixes (#221, #222)
2. Test coverage (#218, #219)
3. Core infrastructure (#168 - crypt, #167 - config)
4. Error handling standardization (#227-230)
5. Documentation (#233-237)

4
mkdocs.yml
View file

@ -2,8 +2,8 @@ site_name: Core Framework
site_url: https://core.help site_url: https://core.help
site_description: 'A Web3 Framework for building Go desktop applications with Wails v3' site_description: 'A Web3 Framework for building Go desktop applications with Wails v3'
site_author: 'Snider' site_author: 'Snider'
repo_url: 'https://github.com/Snider/Core' repo_url: 'https://github.com/host-uk/core'
repo_name: 'Snider/Core' repo_name: 'host-uk/core'
theme: theme:
name: material name: material

3
pkg/release/config_test.go
View file

@ -304,6 +304,9 @@ func TestConfig_SetProjectDir_Good(t *testing.T) {
func TestWriteConfig_Bad(t *testing.T) { func TestWriteConfig_Bad(t *testing.T) {
t.Run("returns error for unwritable directory", func(t *testing.T) { t.Run("returns error for unwritable directory", func(t *testing.T) {
if os.Geteuid() == 0 {
t.Skip("root can write to any directory")
}
dir := t.TempDir() dir := t.TempDir()
// Create .core directory and make it unwritable // Create .core directory and make it unwritable