cs_betty/paperclip
1
0
Fork 0
forked from farhoodlabs/paperclip
Code Pull Requests 1 Activity

Compare commits

merge into: cs_betty/paperclip:feat/portability-git-backend-agnostic
Branches Tags
cs_betty/paperclip:local cs_betty/paperclip:dev cs_betty/paperclip:feat/portability-git-backend-agnostic cs_betty/paperclip:feat/skills-git-backend-agnostic cs_betty/paperclip:master cs_betty/paperclip:feat/secrets-management-ui cs_betty/paperclip:feat/skills-gitops-complete cs_betty/paperclip:feat/env-var-multiline-input cs_betty/paperclip:fix/remove-paperclip-dev-skill cs_betty/paperclip:feat/board-approval-markdown cs_betty/paperclip:feat/company-portability-complete farhoodlabs/paperclip:local farhoodlabs/paperclip:dev farhoodlabs/paperclip:dev-gitea-skills farhoodlabs/paperclip:chore/refresh-lockfile farhoodlabs/paperclip:master
cs_betty/paperclip:backup/master-pre-localonly-cleanup farhoodlabs/paperclip:backup/master-pre-localonly-cleanup
...
pull from: cs_betty/paperclip:local
Branches Tags
cs_betty/paperclip:local cs_betty/paperclip:dev cs_betty/paperclip:feat/portability-git-backend-agnostic cs_betty/paperclip:feat/skills-git-backend-agnostic cs_betty/paperclip:master cs_betty/paperclip:feat/secrets-management-ui cs_betty/paperclip:feat/skills-gitops-complete cs_betty/paperclip:feat/env-var-multiline-input cs_betty/paperclip:fix/remove-paperclip-dev-skill cs_betty/paperclip:feat/board-approval-markdown cs_betty/paperclip:feat/company-portability-complete farhoodlabs/paperclip:local farhoodlabs/paperclip:dev farhoodlabs/paperclip:dev-gitea-skills farhoodlabs/paperclip:chore/refresh-lockfile farhoodlabs/paperclip:master
cs_betty/paperclip:backup/master-pre-localonly-cleanup farhoodlabs/paperclip:backup/master-pre-localonly-cleanup

15 Commits
feat/portability-git-backend-agnostic ... local

Author SHA1 Message Date
Chris Farhood 5499a0b4a6 ci: adapt workflows for Gitea migration 
Change runner from runners-farhoodlabs to ubuntu-latest across all fork
workflows. Update container registry from ghcr.io to git.farh.net and
authenticate with REGISTRY_TOKEN. Migrate update-infra API calls from
GitHub to Gitea. Disable refresh-lockfile.yml (requires GitHub gh CLI).
Update CLAUDE.md references.

Co-Authored-By: Paperclip <noreply@paperclip.ing>
 2026-05-20 11:17:45 +00:00
Chris Farhood 55faea456f Merge pull request #16 from farhoodlabs/dev 
Dev
 2026-05-16 08:38:38 -07:00
Chris Farhood 329ba3fd2e Merge pull request #15 from farhoodlabs/feat/portability-git-backend-agnostic 
refactor(portability): migrate to git-source; delete github-fetch.ts
 2026-05-16 07:43:35 -07:00
Chris Farhood 5703fa225c Merge dev into local; drop dead assemble-local workflow 
- Resolves the duplicate-SHA conflict on the gitea/skills commits
  by taking dev's versions (canonical after PR #13 superseded the
  original shim with the git-source refactor).
- Deletes .github/workflows/assemble-local.yml -- the workflow
  triggered on master push but lived on local, so it never fired
  automatically; promotion happens via dev->local PRs instead.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-16 10:16:28 -04:00
Chris Farhood 8dbe99e32e feat(skills): support Gitea/Forgejo git hosts end-to-end 
The skills source pipeline was hardcoded to GitHub conventions, so even
though the UI now accepts non-GitHub URLs, the server couldn't actually
fetch from anywhere else.

- github-fetch.ts: dispatch by host family (github.com → GitHub API +
  raw.githubusercontent.com; everything else → Gitea/Forgejo API v1 +
  /api/v1/repos/.../media for raw content).
- parseGitHubSourceUrl: also accept Gitea/Forgejo web URLs
  (/{owner}/{repo}/src/{branch|commit|tag}/{ref}/{path}).
- routes/company-skills.ts: drop the hostname='github.com' gate in
  deriveTrackedSkillRef so non-GitHub skills are still tracked.
- Generalize user-facing strings ('GitHub PAT' → 'PAT', 'GitHub source URL'
  → 'Source URL', etc.).

GitHub Enterprise (was assumed by '/api/v3') is no longer a special case —
non-github.com hosts are treated as Gitea/Forgejo. If GHE support is needed
later, add a per-source host-family override.
 2026-05-14 11:49:51 -04:00
Chris Farhood 9e854e33d9 fix(skills): drop GitHub-only regex gate on PAT input 
The PAT input on the skill import flow was hidden by a regex that matched
github.com or org/repo shorthand. Self-hosted Gitea/Forgejo/GitLab sources
got no auth field at all. Always show the input when a source is entered,
and label it generically ('Personal access token') instead of 'GitHub PAT'.

UI only — backend already accepts any token via /skills/:id/auth and
/companies/:companyId/skills POST {source, authToken}.
 2026-05-14 11:41:40 -04:00
Chris Farhood fccbc7e39e feat(ci): install gitea tea CLI in fork Dockerfile 
Adds the official Gitea 'tea' CLI (v0.14.0) alongside the existing forgejo
CLIs (fj, fj-ex, fgj). Useful when interacting with Gitea instances whose API
surface is covered by tea but not by the forgejo variants.
 2026-05-14 10:04:18 -04:00
Chris Farhood 7a8afbb719 Merge pull request #12 from farhoodlabs/dev 
Dev
 2026-05-12 16:39:28 -07:00
Chris Farhood 30ef61bb25 Merge pull request #11 from farhoodlabs/dev 
Dev
 2026-05-11 17:02:31 -07:00
Chris Farhood 37e0aac971 ci: build prod image from .farhoodlabs/Dockerfile 
Pulls the prod image up to the same toolset as the dev image (kubectl,
kubeseal, uv/uvx, forgejo CLIs, nano, vim) without diverging the upstream
root Dockerfile. Both build-dev.yml and build-prod.yml now share the same
fork-overlay Dockerfile; only the image tag and trigger branch differ.
 2026-05-03 15:38:18 -04:00
Chris Farhood cee1cd7f4e Merge branches 'feat/skills-gitops-complete' and 'feat/secrets-management-ui' into local 2026-05-03 11:02:47 -04:00
Chris Farhood 85cbbc9263 revert: restore paperclip-dev skill (validation requires it for now) 
The earlier fix/remove-paperclip-dev-skill removed the bundled skill,
but companies have stale company_skills rows that reference it as
required, breaking 'Invalid company skill selection' validation. Put
the file back to unblock; the underlying force-required-on-bundled bug
remains and should be fixed in code rather than by deleting the skill.
 2026-05-03 10:23:54 -04:00
Chris Farhood acbfcb7d00 Merge branch 'feat/secrets-management-ui' into local 2026-05-03 09:45:59 -04:00
Chris Farhood 3bbd632355 Merge branch 'feat/env-var-multiline-input' into local 2026-05-02 08:18:31 -04:00
Chris Farhood e37180d3e3 chore(plugin-rpc): raise MAX_RPC_TIMEOUT_MS cap to 60 minutes 2026-05-01 21:00:08 -04:00
9 changed files with 55 additions and 372 deletions
Expand all files Collapse all files
.farhoodlabs/.github/workflows/build-dev.yml
Vendored
+11 -28
View File
@@ -11,7 +11,7 @@ permissions:
jobs:
build:
runs-on: runners-farhoodlabs
runs-on: ubuntu-latest
timeout-minutes: 30
outputs:
image-tag: ${{ steps.tag.outputs.sha }}
@@ -23,28 +23,21 @@ jobs:
id: tag
run: echo "sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: Login to Docker Hub
continue-on-error: true
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GHCR
- name: Login to Gitea Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: git.farh.net
username: ${{ gitea.repository_owner }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/farhoodlabs/paperclip-dev
images: git.farh.net/farhoodlabs/paperclip-dev
tags: |
type=raw,value=latest
type=sha,prefix=
@@ -62,25 +55,16 @@ jobs:
update-infra:
needs: build
runs-on: runners-farhoodlabs
runs-on: ubuntu-latest
steps:
- name: Generate app token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.PAPERCLIP_APP_ID }}
private-key: ${{ secrets.PAPERCLIP_APP_PRIVATE_KEY }}
repositories: paperclip-infra
- name: Update dev image tag in infra repo
run: |
SHA="${{ needs.build.outputs.image-tag }}"
FILE="overlays/dev/kustomization.yaml"
response=$(curl -sS \
-H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/farhoodlabs/paperclip-infra/contents/$FILE")
-H "Authorization: token ${{ secrets.REGISTRY_TOKEN }}" \
"https://git.farh.net/api/v1/repos/farhoodlabs/paperclip-infra/contents/$FILE")
file_sha=$(echo "$response" | jq -r '.sha')
content=$(echo "$response" | jq -r '.content' | base64 -d)
@@ -88,7 +72,6 @@ jobs:
encoded=$(printf '%s' "$new_content" | base64 -w 0)
curl -sS -X PUT \
-H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/farhoodlabs/paperclip-infra/contents/$FILE" \
-H "Authorization: token ${{ secrets.REGISTRY_TOKEN }}" \
"https://git.farh.net/api/v1/repos/farhoodlabs/paperclip-infra/contents/$FILE" \
-d "{\"message\":\"chore(cd): update paperclip-dev to $SHA\",\"content\":\"$encoded\",\"sha\":\"$file_sha\"}"
.farhoodlabs/.github/workflows/build-prod.yml
Vendored
+7 -12
View File
@@ -11,33 +11,27 @@ permissions:
jobs:
build:
runs-on: runners-farhoodlabs
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GHCR
- name: Login to Gitea Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: git.farh.net
username: ${{ gitea.repository_owner }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/farhoodlabs/paperclip
images: git.farh.net/farhoodlabs/paperclip
tags: |
type=raw,value=latest
type=sha,prefix=
@@ -47,6 +41,7 @@ jobs:
uses: docker/build-push-action@v6
with:
context: .
file: .farhoodlabs/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
.farhoodlabs/CLAUDE.md
+4 -4
View File
@@ -1,15 +1,15 @@
# Paperclip Fork — Project Context
This is a fork of [paperclipai/paperclip](https://github.com/paperclipai/paperclip).
Fork repo: https://github.com/farhoodlabs/paperclip
Fork repo: https://git.farh.net/farhoodlabs/paperclip
## Branch Model
| Branch | Purpose |
|---|---|
| `master` | Mirrors `upstream/master` exactly + `.farhoodlabs/` overlay directory + `assemble-local.yml` action. Never commit application code here. |
| `local` | **Default branch.** Assembled automatically by `assemble-local.yml` on every `master` push. Contains: upstream + fork Dockerfile/workflows + all pending upstream PR cherry-picks. Builds `ghcr.io/farhoodlabs/paperclip`. |
| `dev` | Development branch based on upstream/master. Builds `ghcr.io/farhoodlabs/paperclip-dev` on every push. |
| `local` | **Default branch.** Assembled automatically by `assemble-local.yml` on every `master` push. Contains: upstream + fork Dockerfile/workflows + all pending upstream PR cherry-picks. Builds `git.farh.net/farhoodlabs/paperclip`. |
| `dev` | Development branch based on upstream/master. Builds `git.farh.net/farhoodlabs/paperclip-dev` on every push. |
| PR branches | `skill-pat-feature`, `skill-scan-refresh`, `feat/company-portability-complete` — open PRs to upstream, never rebase onto master/local. |
**Never commit directly to `local`** — it is fully regenerated by the assemble action and any direct commits will be overwritten.
@@ -70,7 +70,7 @@ Edit `.farhoodlabs/Dockerfile` on `master`. Only modify the production stage —
## Deployment
Paperclip runs in Kubernetes, not locally. Use `kubectl` to access it. The production image is `ghcr.io/farhoodlabs/paperclip:latest`.
Paperclip runs in Kubernetes, not locally. Use `kubectl` to access it. The production image is `git.farh.net/farhoodlabs/paperclip:latest`.
## Key Files
.github/workflows/assemble-local.yml
-193
View File
@@ -1,193 +0,0 @@
name: Assemble local branch
# Triggers on every master push (i.e. after syncing upstream) and on demand.
# Builds the `local` branch: master + fork overlay + cherry-picked pending upstream PRs.
# Syncs build-dev.yml to the `dev` branch so every dev push triggers a build.
#
# PR entries support an optional "exclude:BRANCH" suffix to handle cases where
# one PR branch was rebased onto another. The exclude branch's commits are subtracted
# from the cherry-pick range so they aren't double-applied.
#
# When upstream merges a PR, remove its entry from PR_CHERRY_PICK or PR_SQUASH below.
on:
push:
branches: [master]
workflow_dispatch:
permissions:
contents: write
actions: write
jobs:
assemble:
runs-on: runners-farhoodlabs
timeout-minutes: 15
steps:
- name: Checkout master
uses: actions/checkout@v4
with:
fetch-depth: 0
token: ${{ secrets.GITHUB_TOKEN }}
- name: Configure git
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
- name: Fetch all remotes
run: |
git remote add upstream https://github.com/paperclipai/paperclip.git 2>/dev/null || true
git fetch --all --quiet
- name: Assemble local branch
run: |
set -euo pipefail
# Start local from master (which mirrors upstream)
git checkout -B local origin/master
# Apply fork overlay: Dockerfile, build workflows, CLAUDE.md
cp .farhoodlabs/Dockerfile Dockerfile
cp .farhoodlabs/CLAUDE.md CLAUDE.md
mkdir -p .github/workflows
cp .farhoodlabs/.github/workflows/build-prod.yml .github/workflows/build-prod.yml
cp .farhoodlabs/.github/workflows/build-dev.yml .github/workflows/build-dev.yml
git add Dockerfile CLAUDE.md .github/workflows/build-prod.yml .github/workflows/build-dev.yml
git commit -m "chore: apply fork overlay from .farhoodlabs"
# --- PRs to cherry-pick commit-by-commit (clean, no merge commits) ---
# Format: "PR-number branch-name [exclude:base-branch]"
# Use exclude: when a branch was rebased onto another PR branch to avoid double-applying commits.
# Remove an entry here when upstream merges the PR.
PR_CHERRY_PICK=(
"3237 skill-pat-feature"
"3351 skill-scan-refresh exclude:skill-pat-feature"
"4162 fix/far-108-k8s-adapter-reaper-liveness"
)
for entry in "${PR_CHERRY_PICK[@]}"; do
# Parse: pr_num, branch, optional exclude branch
pr_num=$(echo "$entry" | awk '{print $1}')
branch=$(echo "$entry" | awk '{print $2}')
exclude_branch=$(echo "$entry" | grep -oP '(?<=exclude:)\S+' || true)
remote_branch="origin/$branch"
exclude_arg=""
if [ -n "$exclude_branch" ]; then
exclude_arg="--not origin/$exclude_branch"
fi
if ! git rev-parse "$remote_branch" &>/dev/null; then
echo "WARNING: $remote_branch not found, skipping PR #$pr_num"
continue
fi
# Exclude commits already on origin/master (fork-overlay/CI infra
# that landed on master via the .farhoodlabs/ overlay path). PR
# branches sometimes pull these in via `git merge origin/master`,
# but cherry-picking them onto `local` (which is already master)
# is redundant and produces conflicts on the assemble-local file.
mapfile -t commits < <(git log --no-merges --reverse --format="%H" upstream/master.."$remote_branch" ^origin/master $exclude_arg)
if [ ${#commits[@]} -eq 0 ]; then
echo "PR #$pr_num ($branch): no unique commits — likely merged upstream, skipping"
continue
fi
echo "PR #$pr_num ($branch): cherry-picking ${#commits[@]} commit(s)"
for sha in "${commits[@]}"; do
git cherry-pick "$sha" || {
# If the cherry-pick produced an empty result (commit's content
# is already in HEAD via auto-merge), skip it instead of failing.
# State signature: CHERRY_PICK_HEAD set, no unmerged paths,
# nothing staged.
if [ -f .git/CHERRY_PICK_HEAD ] \
&& [ -z "$(git diff --name-only --diff-filter=U)" ] \
&& git diff --staged --quiet; then
echo "PR #$pr_num: $sha became empty after merge, skipping"
git cherry-pick --skip
continue
fi
echo "::error::Cherry-pick conflict at $sha from PR #$pr_num ($branch)"
echo "::error::Resolve the conflict, force-push the branch, then re-run this workflow"
git cherry-pick --abort
exit 1
}
done
done
# --- PRs to apply as a single squash (complex history with merge commits) ---
# git merge --squash applies the net final diff of the branch, bypassing
# intra-PR commit ordering issues. CI commits that cancel out are ignored.
# Remove an entry here when upstream merges the PR.
PR_SQUASH=(
"3987 feat/company-portability-complete"
)
for entry in "${PR_SQUASH[@]}"; do
pr_num="${entry%% *}"
branch="${entry#* }"
remote_branch="origin/$branch"
if ! git rev-parse "$remote_branch" &>/dev/null; then
echo "WARNING: $remote_branch not found, skipping PR #$pr_num"
continue
fi
# Check if the branch has any unique non-merge commits
unique=$(git log --no-merges --oneline upstream/master.."$remote_branch" | wc -l)
if [ "$unique" -eq 0 ]; then
echo "PR #$pr_num ($branch): no unique commits — likely merged upstream, skipping"
continue
fi
echo "PR #$pr_num ($branch): applying as squash ($unique non-merge commits)"
git merge --squash "$remote_branch" || {
echo "::error::Squash conflict for PR #$pr_num ($branch)"
git merge --abort 2>/dev/null || git reset --hard HEAD
exit 1
}
# Only commit if there are staged changes
git diff --staged --quiet || git commit -m "feat: apply PR #$pr_num ($branch)"
done
git push origin local --force
echo "local branch assembled and pushed"
- name: Trigger prod build
run: |
curl -sS -X POST \
-H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/${{ github.repository }}/actions/workflows/build-prod.yml/dispatches \
-d '{"ref":"local"}'
- name: Sync build-dev.yml to dev branch
run: |
set -euo pipefail
if ! git rev-parse origin/dev &>/dev/null; then
echo "dev branch not found on origin, skipping"
exit 0
fi
canonical=".farhoodlabs/.github/workflows/build-dev.yml"
target=".github/workflows/build-dev.yml"
if git show origin/dev:"$target" 2>/dev/null | diff --brief - "$canonical" &>/dev/null; then
echo "build-dev.yml on dev is up to date, skipping"
exit 0
fi
echo "Syncing build-dev.yml to dev branch..."
# Save canonical content before switching branches (.farhoodlabs/ only exists on master)
tmp=$(mktemp)
cp "$canonical" "$tmp"
git checkout -B dev-wf-sync origin/dev
mkdir -p "$(dirname "$target")"
cp "$tmp" "$target"
rm "$tmp"
git add "$target"
git commit -m "chore(ci): sync build-dev.yml from .farhoodlabs"
git push origin dev-wf-sync:dev
echo "build-dev.yml synced to dev"
.github/workflows/build-dev.yml
+11 -28
View File
@@ -11,7 +11,7 @@ permissions:
jobs:
build:
runs-on: runners-farhoodlabs
runs-on: ubuntu-latest
timeout-minutes: 30
outputs:
image-tag: ${{ steps.tag.outputs.sha }}
@@ -23,28 +23,21 @@ jobs:
id: tag
run: echo "sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: Login to Docker Hub
continue-on-error: true
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GHCR
- name: Login to Gitea Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: git.farh.net
username: ${{ gitea.repository_owner }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/farhoodlabs/paperclip-dev
images: git.farh.net/farhoodlabs/paperclip-dev
tags: |
type=raw,value=latest
type=sha,prefix=
@@ -62,25 +55,16 @@ jobs:
update-infra:
needs: build
runs-on: runners-farhoodlabs
runs-on: ubuntu-latest
steps:
- name: Generate app token
id: app-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ secrets.PAPERCLIP_APP_ID }}
private-key: ${{ secrets.PAPERCLIP_APP_PRIVATE_KEY }}
repositories: paperclip-infra
- name: Update dev image tag in infra repo
run: |
SHA="${{ needs.build.outputs.image-tag }}"
FILE="overlays/dev/kustomization.yaml"
response=$(curl -sS \
-H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/farhoodlabs/paperclip-infra/contents/$FILE")
-H "Authorization: token ${{ secrets.REGISTRY_TOKEN }}" \
"https://git.farh.net/api/v1/repos/farhoodlabs/paperclip-infra/contents/$FILE")
file_sha=$(echo "$response" | jq -r '.sha')
content=$(echo "$response" | jq -r '.content' | base64 -d)
@@ -88,7 +72,6 @@ jobs:
encoded=$(printf '%s' "$new_content" | base64 -w 0)
curl -sS -X PUT \
-H "Authorization: Bearer ${{ steps.app-token.outputs.token }}" \
-H "Accept: application/vnd.github.v3+json" \
"https://api.github.com/repos/farhoodlabs/paperclip-infra/contents/$FILE" \
-H "Authorization: token ${{ secrets.REGISTRY_TOKEN }}" \
"https://git.farh.net/api/v1/repos/farhoodlabs/paperclip-infra/contents/$FILE" \
-d "{\"message\":\"chore(cd): update paperclip-dev to $SHA\",\"content\":\"$encoded\",\"sha\":\"$file_sha\"}"
.github/workflows/build-prod.yml
+7 -12
View File
@@ -11,33 +11,27 @@ permissions:
jobs:
build:
runs-on: runners-farhoodlabs
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GHCR
- name: Login to Gitea Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
registry: git.farh.net
username: ${{ gitea.repository_owner }}
password: ${{ secrets.REGISTRY_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ghcr.io/farhoodlabs/paperclip
images: git.farh.net/farhoodlabs/paperclip
tags: |
type=raw,value=latest
type=sha,prefix=
@@ -47,6 +41,7 @@ jobs:
uses: docker/build-push-action@v6
with:
context: .
file: .farhoodlabs/Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
.github/workflows/refresh-lockfile.yml
+10 -90
View File
@@ -1,96 +1,16 @@
# Disabled in fork — `gh` CLI and GitHub-specific commands are not available on Gitea.
# Lockfile refreshes are managed directly in development workflows.
#
# NOTE: upstream may overwrite this file when master is synced. Re-apply if that happens.
name: Refresh Lockfile
on:
push:
branches:
- master
workflow_dispatch:
concurrency:
group: refresh-lockfile-master
cancel-in-progress: false
inputs:
note:
description: "Disabled in fork. Uses GitHub-specific gh CLI."
required: false
jobs:
refresh:
disabled:
runs-on: ubuntu-latest
timeout-minutes: 10
permissions:
contents: write
pull-requests: write
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 9.15.4
run_install: false
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
cache: pnpm
- name: Refresh pnpm lockfile
run: pnpm install --lockfile-only --ignore-scripts --no-frozen-lockfile
- name: Fail on unexpected file changes
run: |
changed="$(git status --porcelain)"
if [ -z "$changed" ]; then
echo "Lockfile is already up to date."
exit 0
fi
if printf '%s\n' "$changed" | grep -Fvq ' pnpm-lock.yaml'; then
echo "Unexpected files changed during lockfile refresh:"
echo "$changed"
exit 1
fi
- name: Create or update pull request
id: upsert-pr
env:
GH_TOKEN: ${{ github.token }}
REPO_OWNER: ${{ github.repository_owner }}
run: |
if git diff --quiet -- pnpm-lock.yaml; then
echo "Lockfile unchanged, nothing to do."
echo "pr_url=" >> "$GITHUB_OUTPUT"
exit 0
fi
BRANCH="chore/refresh-lockfile"
git config user.name "lockfile-bot"
git config user.email "lockfile-bot@users.noreply.github.com"
git checkout -B "$BRANCH"
git add pnpm-lock.yaml
git commit -m "chore(lockfile): refresh pnpm-lock.yaml"
git push --force origin "$BRANCH"
# Only reuse an open PR from this repository owner, not a fork with the same branch name.
pr_url="$(
gh pr list --state open --head "$BRANCH" --json url,headRepositoryOwner \
--jq ".[] | select(.headRepositoryOwner.login == \"$REPO_OWNER\") | .url" |
head -n 1
)"
if [ -z "$pr_url" ]; then
pr_url="$(gh pr create \
--head "$BRANCH" \
--title "chore(lockfile): refresh pnpm-lock.yaml" \
--body "Auto-generated lockfile refresh after dependencies changed on master. This PR only updates pnpm-lock.yaml.")"
echo "Created new PR: $pr_url"
else
echo "PR already exists: $pr_url"
fi
echo "pr_url=$pr_url" >> "$GITHUB_OUTPUT"
- name: Enable auto-merge for lockfile PR
if: steps.upsert-pr.outputs.pr_url != ''
env:
GH_TOKEN: ${{ github.token }}
run: |
gh pr merge --auto --squash --delete-branch "${{ steps.upsert-pr.outputs.pr_url }}"
- run: echo "Disabled. Lockfile management requires GitHub-specific tooling."
.github/workflows/sync-upstream.yml
+1 -1
View File
@@ -16,7 +16,7 @@ permissions:
jobs:
sync:
runs-on: runners-farhoodlabs
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout master
CLAUDE.md
+4 -4
View File
@@ -1,15 +1,15 @@
# Paperclip Fork — Project Context
This is a fork of [paperclipai/paperclip](https://github.com/paperclipai/paperclip).
Fork repo: https://github.com/farhoodlabs/paperclip
Fork repo: https://git.farh.net/farhoodlabs/paperclip
## Branch Model
| Branch | Purpose |
|---|---|
| `master` | Mirrors `upstream/master` exactly + `.farhoodlabs/` overlay directory + `assemble-local.yml` action. Never commit application code here. |
| `local` | **Default branch.** Assembled automatically by `assemble-local.yml` on every `master` push. Contains: upstream + fork Dockerfile/workflows + all pending upstream PR cherry-picks. Builds `ghcr.io/farhoodlabs/paperclip`. |
| `dev` | Development branch based on upstream/master. Builds `ghcr.io/farhoodlabs/paperclip-dev` on every push. |
| `local` | **Default branch.** Assembled automatically by `assemble-local.yml` on every `master` push. Contains: upstream + fork Dockerfile/workflows + all pending upstream PR cherry-picks. Builds `git.farh.net/farhoodlabs/paperclip`. |
| `dev` | Development branch based on upstream/master. Builds `git.farh.net/farhoodlabs/paperclip-dev` on every push. |
| PR branches | `skill-pat-feature`, `skill-scan-refresh`, `feat/company-portability-complete` — open PRs to upstream, never rebase onto master/local. |
**Never commit directly to `local`** — it is fully regenerated by the assemble action and any direct commits will be overwritten.
@@ -70,7 +70,7 @@ Edit `.farhoodlabs/Dockerfile` on `master`. Only modify the production stage —
## Deployment
Paperclip runs in Kubernetes, not locally. Use `kubectl` to access it. The production image is `ghcr.io/farhoodlabs/paperclip:latest`.
Paperclip runs in Kubernetes, not locally. Use `kubectl` to access it. The production image is `git.farh.net/farhoodlabs/paperclip:latest`.
## Key Files