Skip to content
Release

fix: robust account detection, 1M context, multi-instance session safety #81

Sign in to view logs

fix: robust account detection, 1M context, multi-instance session safety

fix: robust account detection, 1M context, multi-instance session safety #81

Workflow file for this run

.github/workflows/release.yml at 43ec08a
name: Release
on:
push:
branches: [main]
workflow_dispatch:
jobs:
# Security gate - must pass before release
security:
name: Security Gate
runs-on: ${{ vars.GH_RUNNER_DEFAULT || 'ubuntu-latest' }}
steps:
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Check for AI artifact leakage
run: |
FAILED=false
# Block local-only AI assistant files
for file in STATE.md TODO.md CLAUDE.md; do
[ -f "$file" ] && echo "::error::$file detected - local AI file leaked" && FAILED=true
done
# ai/ submodule reference is OK, but actual contents would indicate a problem
# (submodule contents aren't checked out in CI unless explicitly requested)
if [ -d ai/ ] && [ "$(ls -A ai/ 2>/dev/null)" ]; then
echo "::error::ai/ directory has contents - submodule was checked out"
FAILED=true
fi
[ "$FAILED" = true ] && exit 1
echo "✓ Security check passed"
- name: Install Gitleaks
run: |
curl -sSfL https://github.com/gitleaks/gitleaks/releases/download/v8.28.0/gitleaks_8.28.0_linux_x64.tar.gz | tar xz
chmod +x gitleaks
- name: Run Gitleaks
run: ./gitleaks detect --source . --verbose
# Semantic release - creates version tags and changelog
release:
name: Release
needs: security
if: github.repository == 'hyperi-io/claudemeter'
runs-on: ${{ vars.GH_RUNNER_DEFAULT || 'ubuntu-latest' }}
permissions:
contents: write
issues: write
pull-requests: write
outputs:
new_release_published: ${{ steps.semantic.outputs.new_release_published }}
new_release_version: ${{ steps.semantic.outputs.new_release_version }}
steps:
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v3
with:
app-id: ${{ secrets.GH_APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
- uses: actions/checkout@v6
with:
fetch-depth: 0
token: ${{ steps.app-token.outputs.token }}
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '24'
- name: Install dependencies
run: npm ci
- name: Semantic Release
id: semantic
uses: cycjimmy/semantic-release-action@v6
with:
semantic_version: 25
extra_plugins: |
@semantic-release/changelog@6
@semantic-release/git@10
env:
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
# Build and publish VSIX to GitHub Releases
publish:
name: Publish
needs: release
if: needs.release.outputs.new_release_published == 'true'
runs-on: ${{ vars.GH_RUNNER_DEFAULT || 'ubuntu-latest' }}
permissions:
contents: write
steps:
- name: Generate GitHub App Token
id: app-token
uses: actions/create-github-app-token@v3
with:
app-id: ${{ secrets.GH_APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
- uses: actions/checkout@v6
with:
ref: v${{ needs.release.outputs.new_release_version }}
token: ${{ steps.app-token.outputs.token }}
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '24'
- name: Install dependencies
run: npm ci
- name: Build extension
run: npm run build
- name: Package VSIX
run: npx @vscode/vsce package --no-dependencies
- name: Get VSIX filename
id: vsix
run: |
VSIX_FILE=$(ls *.vsix | head -1)
echo "filename=$VSIX_FILE" >> $GITHUB_OUTPUT
echo "Built: $VSIX_FILE"
- name: Upload VSIX to Release
uses: softprops/action-gh-release@v2
with:
tag_name: v${{ needs.release.outputs.new_release_version }}
files: ${{ steps.vsix.outputs.filename }}
fail_on_unmatched_files: true
env:
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
- name: Publish to VS Code Marketplace
run: npx @vscode/vsce publish --packagePath ${{ steps.vsix.outputs.filename }}
env:
VSCE_PAT: ${{ secrets.VSCE_PAT }}
- name: Summary
run: |
echo "## Release Published" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Version:** v${{ needs.release.outputs.new_release_version }}" >> $GITHUB_STEP_SUMMARY
echo "**VSIX:** ${{ steps.vsix.outputs.filename }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "[View Release](https://github.com/${{ github.repository }}/releases/tag/v${{ needs.release.outputs.new_release_version }})" >> $GITHUB_STEP_SUMMARY