harald/zeroclaw
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 3
363 commits 1 branch 0 tags 7.8 MiB
Commit graph

9 commits

Author SHA1 Message Date
fettpl
0e8d02cd3c
ci: add SHA256 checksums to release artifacts (#386) 
* ci: add SHA256 checksums to release artifacts

Generate a SHA256SUMS file after downloading all build artifacts and
include it in the GitHub Release. Users can verify download integrity
with `sha256sum -c SHA256SUMS`.

Closes #358

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* ci: whitelist lxc-ci self-hosted runner label for actionlint

Add actionlint.yaml config to declare lxc-ci as a known custom label
for self-hosted runners, fixing the actionlint CI check.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 15:12:34 -05:00
Chummy
ec39009048
Merge pull request #396 from fettpl/fix/365-release-signatures 
ci: add cosign keyless signing for release artifacts
 2026-02-17 01:11:06 +08:00
fettpl
fed1997f62 ci: add cosign keyless signing for release artifacts 
- Add sigstore/cosign keyless signing to the release workflow
- Each artifact gets a detached .sig signature and .pem certificate
- Uses GitHub Actions OIDC for keyless signing (no secret management)
- Adds id-token: write permission for OIDC token generation
- Signatures and certificates are uploaded alongside binaries

Users can verify artifacts with:
  cosign verify-blob --certificate <file>.pem --signature <file>.sig \
    --certificate-oidc-issuer=https://token.actions.githubusercontent.com \
    --certificate-identity-regexp="github.com/zeroclaw-labs/zeroclaw" \
    <file>

Closes #365

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 17:55:40 +01:00
fettpl
9df5a07640 ci: pin all GitHub Actions to full SHA digests 
Pin every third-party GitHub Action to its current commit SHA with a
version comment, eliminating supply chain risk from mutable version
tags. Mutable tags (v4, v2, etc.) can be force-pushed by upstream
maintainers; SHA digests are immutable.

18 unique actions pinned across 9 workflow files.

Closes #357

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 17:32:18 +01:00
Will Sarg
9d21e2b28c
ci: route trusted docker and release publish jobs to self-hosted (#371) 2026-02-16 11:00:25 -05:00
dependabot[bot]
8338b9c7a7
build(deps): bump actions/upload-artifact from 4 to 6 (#314) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-16 07:42:07 -05:00
Will Sarg
82ffb36f90
chore(ci): document and harden workflow pipeline (#241) 
* docs(ci): add CI workflow map and cross-links

* chore(ci): harden workflow determinism and safety

* chore(ci): address workflow review feedback

* style(ci): normalize workflow and ci-map formatting
 2026-02-15 20:42:47 -05:00
Will Sarg
8eb57836d8
chore: update Docker and release workflows for improved efficiency and security (#239) 2026-02-15 19:43:46 -05:00
argenis de la rosa
05cb353f7f feat: initial release — ZeroClaw v0.1.0 
- 22 AI providers (OpenRouter, Anthropic, OpenAI, Mistral, etc.)
- 7 channels (CLI, Telegram, Discord, Slack, iMessage, Matrix, Webhook)
- 5-step onboarding wizard with Project Context personalization
- OpenClaw-aligned system prompt (SOUL.md, IDENTITY.md, USER.md, AGENTS.md, etc.)
- SQLite memory backend with auto-save
- Skills system with on-demand loading
- Security: autonomy levels, command allowlists, cost limits
- 532 tests passing, 0 clippy warnings
 2026-02-13 12:19:14 -05:00