From 27aa4b118dbe6efda24c4bd562d33636dab64b05 Mon Sep 17 00:00:00 2001 From: louisdevzz Date: Thu, 5 Mar 2026 00:38:21 +0700 Subject: [PATCH 1/4] chore(github): remove .github/release directory ZeroBuild does not have releases yet, removing release configuration files --- .github/release/canary-policy.json | 39 ------------------- .github/release/docs-deploy-policy.json | 10 ----- .github/release/ghcr-tag-policy.json | 18 --------- .../release/ghcr-vulnerability-policy.json | 17 -------- .github/release/nightly-owner-routing.json | 9 ----- .github/release/prerelease-stage-gates.json | 33 ---------------- .../release/release-artifact-contract.json | 30 -------------- 7 files changed, 156 deletions(-) delete mode 100644 .github/release/canary-policy.json delete mode 100644 .github/release/docs-deploy-policy.json delete mode 100644 .github/release/ghcr-tag-policy.json delete mode 100644 .github/release/ghcr-vulnerability-policy.json delete mode 100644 .github/release/nightly-owner-routing.json delete mode 100644 .github/release/prerelease-stage-gates.json delete mode 100644 .github/release/release-artifact-contract.json diff --git a/.github/release/canary-policy.json b/.github/release/canary-policy.json deleted file mode 100644 index e032311..0000000 --- a/.github/release/canary-policy.json +++ /dev/null @@ -1,39 +0,0 @@ -{ - "schema_version": "zeroclaw.canary-policy.v1", - "release_channel": "stable", - "observation_window_minutes": 60, - "minimum_sample_size": 500, - "cohorts": [ - { - "name": "canary-5pct", - "traffic_percent": 5, - "duration_minutes": 20 - }, - { - "name": "canary-20pct", - "traffic_percent": 20, - "duration_minutes": 20 - }, - { - "name": "canary-50pct", - "traffic_percent": 50, - "duration_minutes": 20 - }, - { - "name": "canary-100pct", - "traffic_percent": 100, - "duration_minutes": 60 - } - ], - "observability_signals": [ - "error_rate", - "crash_rate", - "p95_latency_ms", - "sample_size" - ], - "thresholds": { - "max_error_rate": 0.02, - "max_crash_rate": 0.01, - "max_p95_latency_ms": 1200 - } -} diff --git a/.github/release/docs-deploy-policy.json b/.github/release/docs-deploy-policy.json deleted file mode 100644 index ba8db88..0000000 --- a/.github/release/docs-deploy-policy.json +++ /dev/null @@ -1,10 +0,0 @@ -{ - "schema_version": "zeroclaw.docs-deploy-policy.v1", - "production_branch": "main", - "allow_manual_production_dispatch": true, - "require_preview_evidence_on_manual_production": true, - "allow_manual_rollback_dispatch": true, - "rollback_ref_must_be_ancestor_of_production_branch": true, - "docs_preview_retention_days": 14, - "docs_guard_artifact_retention_days": 21 -} diff --git a/.github/release/ghcr-tag-policy.json b/.github/release/ghcr-tag-policy.json deleted file mode 100644 index bbac3ff..0000000 --- a/.github/release/ghcr-tag-policy.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "schema_version": "zeroclaw.ghcr-tag-policy.v1", - "release_tag_regex": "^v[0-9]+\\.[0-9]+\\.[0-9]+$", - "sha_tag_prefix": "sha-", - "sha_tag_length": 12, - "latest_tag": "latest", - "require_latest_on_release": true, - "immutable_tag_classes": [ - "release", - "sha" - ], - "rollback_priority": [ - "sha", - "release" - ], - "contract_artifact_retention_days": 21, - "scan_artifact_retention_days": 14 -} diff --git a/.github/release/ghcr-vulnerability-policy.json b/.github/release/ghcr-vulnerability-policy.json deleted file mode 100644 index 64209b0..0000000 --- a/.github/release/ghcr-vulnerability-policy.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "schema_version": "zeroclaw.ghcr-vulnerability-policy.v1", - "required_tag_classes": [ - "release", - "sha", - "latest" - ], - "blocking_severities": [ - "HIGH", - "CRITICAL" - ], - "max_blocking_findings_per_tag": 0, - "require_blocking_count_parity": true, - "require_artifact_id_parity": true, - "scan_artifact_retention_days": 14, - "audit_artifact_retention_days": 21 -} diff --git a/.github/release/nightly-owner-routing.json b/.github/release/nightly-owner-routing.json deleted file mode 100644 index a9d44ea..0000000 --- a/.github/release/nightly-owner-routing.json +++ /dev/null @@ -1,9 +0,0 @@ -{ - "schema_version": "zeroclaw.nightly-owner-routing.v1", - "owners": { - "default": "@louisdevzz", - "whatsapp-web": "@louisdevzz", - "browser-native": "@louisdevzz", - "nightly-all-features": "@louisdevzz" - } -} diff --git a/.github/release/prerelease-stage-gates.json b/.github/release/prerelease-stage-gates.json deleted file mode 100644 index e2614ae..0000000 --- a/.github/release/prerelease-stage-gates.json +++ /dev/null @@ -1,33 +0,0 @@ -{ - "schema_version": "zeroclaw.prerelease-stage-gates.v1", - "stage_order": ["alpha", "beta", "rc", "stable"], - "required_previous_stage": { - "beta": "alpha", - "rc": "beta", - "stable": "rc" - }, - "required_checks": { - "alpha": [ - "CI Required Gate", - "Security Audit" - ], - "beta": [ - "CI Required Gate", - "Security Audit", - "Feature Matrix Summary" - ], - "rc": [ - "CI Required Gate", - "Security Audit", - "Feature Matrix Summary", - "Nightly Summary & Routing" - ], - "stable": [ - "CI Required Gate", - "Security Audit", - "Feature Matrix Summary", - "Verify Artifact Set", - "Nightly Summary & Routing" - ] - } -} diff --git a/.github/release/release-artifact-contract.json b/.github/release/release-artifact-contract.json deleted file mode 100644 index 1459588..0000000 --- a/.github/release/release-artifact-contract.json +++ /dev/null @@ -1,30 +0,0 @@ -{ - "schema_version": "zeroclaw.release-artifact-contract.v1", - "release_archive_patterns": [ - "zeroclaw-x86_64-unknown-linux-gnu.tar.gz", - "zeroclaw-x86_64-unknown-linux-musl.tar.gz", - "zeroclaw-aarch64-unknown-linux-gnu.tar.gz", - "zeroclaw-aarch64-unknown-linux-musl.tar.gz", - "zeroclaw-armv7-unknown-linux-gnueabihf.tar.gz", - "zeroclaw-armv7-linux-androideabi.tar.gz", - "zeroclaw-aarch64-linux-android.tar.gz", - "zeroclaw-x86_64-unknown-freebsd.tar.gz", - "zeroclaw-x86_64-apple-darwin.tar.gz", - "zeroclaw-aarch64-apple-darwin.tar.gz", - "zeroclaw-x86_64-pc-windows-msvc.zip" - ], - "required_manifest_files": [ - "release-manifest.json", - "release-manifest.md", - "SHA256SUMS" - ], - "required_sbom_files": [ - "zeroclaw.cdx.json", - "zeroclaw.spdx.json" - ], - "required_notice_files": [ - "LICENSE-APACHE", - "LICENSE-MIT", - "NOTICE" - ] -} From a64807b5522194b9579407457b58bce4dd9c4001 Mon Sep 17 00:00:00 2001 From: louisdevzz Date: Thu, 5 Mar 2026 00:40:22 +0700 Subject: [PATCH 2/4] chore(github): update hardcoded GitHub usernames to louisdevzz - Update RELEASE_AUTHORIZED_ACTORS in pub-release.yml - Update workflow owner approval list - Update license file owner guard - Update main-branch-flow.md documentation --- .github/workflows/main-branch-flow.md | 2 +- .github/workflows/pub-release.yml | 2 +- .github/workflows/scripts/ci_license_file_owner_guard.js | 2 +- .github/workflows/scripts/ci_workflow_owner_approval.js | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main-branch-flow.md b/.github/workflows/main-branch-flow.md index 07cb147..23a4d68 100644 --- a/.github/workflows/main-branch-flow.md +++ b/.github/workflows/main-branch-flow.md @@ -77,7 +77,7 @@ Notes: - `flake-probe` (single-retry telemetry; optional block via `CI_BLOCK_ON_FLAKE_SUSPECTED`) - `docs-quality` 7. If `.github/workflows/**` changed, `workflow-owner-approval` must pass. -8. If root license files (`LICENSE-APACHE`, `LICENSE-MIT`) changed, `license-file-owner-guard` allows only PR author `willsarg`. +8. If root license files (`LICENSE-APACHE`, `LICENSE-MIT`) changed, `license-file-owner-guard` allows only PR author `louisdevzz`. 9. `lint-feedback` posts actionable comment if lint/docs gates fail. 10. `CI Required Gate` aggregates results to final pass/fail. 11. Maintainer merges PR once checks and review policy are satisfied. diff --git a/.github/workflows/pub-release.yml b/.github/workflows/pub-release.yml index db0ec27..6b648e6 100644 --- a/.github/workflows/pub-release.yml +++ b/.github/workflows/pub-release.yml @@ -121,7 +121,7 @@ jobs: --release-ref "${{ steps.vars.outputs.release_ref }}" \ --release-tag "${{ steps.vars.outputs.release_tag }}" \ --publish-release "${{ steps.vars.outputs.publish_release }}" \ - --authorized-actors "${{ vars.RELEASE_AUTHORIZED_ACTORS || 'willsarg,theonlyhennygod,chumyin' }}" \ + --authorized-actors "${{ vars.RELEASE_AUTHORIZED_ACTORS || 'louisdevzz' }}" \ --authorized-tagger-emails "${{ vars.RELEASE_AUTHORIZED_TAGGER_EMAILS || '' }}" \ --require-annotated-tag true \ --output-json artifacts/release-trigger-guard.json \ diff --git a/.github/workflows/scripts/ci_license_file_owner_guard.js b/.github/workflows/scripts/ci_license_file_owner_guard.js index ee0befa..f968d27 100644 --- a/.github/workflows/scripts/ci_license_file_owner_guard.js +++ b/.github/workflows/scripts/ci_license_file_owner_guard.js @@ -11,7 +11,7 @@ module.exports = async ({ github, context, core }) => { return; } - const ownerAllowlist = ["willsarg"]; + const ownerAllowlist = ["louisdevzz"]; if (ownerAllowlist.length === 0) { core.setFailed("License owner allowlist is empty."); diff --git a/.github/workflows/scripts/ci_workflow_owner_approval.js b/.github/workflows/scripts/ci_workflow_owner_approval.js index 2f3bf29..0e39c25 100644 --- a/.github/workflows/scripts/ci_workflow_owner_approval.js +++ b/.github/workflows/scripts/ci_workflow_owner_approval.js @@ -10,7 +10,7 @@ module.exports = async ({ github, context, core }) => { return; } - const baseOwners = ["theonlyhennygod", "willsarg", "chumyin"]; + const baseOwners = ["louisdevzz"]; const configuredOwners = (process.env.WORKFLOW_OWNER_LOGINS || "") .split(",") .map((login) => login.trim().toLowerCase()) From dac9ca25279b33987a1f995ff53e7721b2aeac72 Mon Sep 17 00:00:00 2001 From: louisdevzz Date: Thu, 5 Mar 2026 00:41:40 +0700 Subject: [PATCH 3/4] chore(github): update project name references in GitHub configs Normalize artifact names, schema versions, and documentation to use current project naming conventions --- .github/ISSUE_TEMPLATE/bug_report.yml | 10 ++--- .github/ISSUE_TEMPLATE/config.yml | 11 ++--- .github/codeql/codeql-config.yml | 2 +- .github/pull_request_template.md | 2 +- .github/security/deny-ignore-governance.json | 2 +- .../gitleaks-allowlist-governance.json | 2 +- .github/security/unsafe-audit-governance.json | 2 +- .github/workflows/ci-run.yml | 2 +- .../workflows/ci-supply-chain-provenance.yml | 10 ++--- .github/workflows/docs-deploy.yml | 4 +- .github/workflows/main-branch-flow.md | 4 +- .github/workflows/pr-auto-response.yml | 4 +- .github/workflows/pub-docker-img.yml | 6 +-- .github/workflows/pub-prerelease.yml | 6 +-- .github/workflows/pub-release.yml | 42 +++++++++---------- .github/workflows/sec-audit.yml | 20 ++++----- .github/workflows/sync-contributors.yml | 8 ++-- 17 files changed, 67 insertions(+), 70 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index 8ac7419..442329f 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -1,5 +1,5 @@ name: Bug Report -description: Report a reproducible defect in ZeroClaw +description: Report a reproducible defect in ZeroBuild title: "[Bug]: " labels: - bug @@ -16,7 +16,7 @@ body: attributes: label: Summary description: One-line description of the problem. - placeholder: zeroclaw daemon exits immediately when ... + placeholder: zerobuild daemon exits immediately when ... validations: required: true @@ -72,8 +72,8 @@ body: label: Steps to reproduce description: Please provide exact commands/config. placeholder: | - 1. zeroclaw onboard --interactive - 2. zeroclaw daemon + 1. zerobuild onboard --interactive + 2. zerobuild daemon 3. Observe crash in logs render: bash validations: @@ -103,7 +103,7 @@ body: - type: input id: version attributes: - label: ZeroClaw version + label: ZeroBuild version placeholder: v0.1.0 / commit SHA validations: required: true diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml index 4de85aa..74cf629 100644 --- a/.github/ISSUE_TEMPLATE/config.yml +++ b/.github/ISSUE_TEMPLATE/config.yml @@ -1,17 +1,14 @@ blank_issues_enabled: false contact_links: - name: Security vulnerability report - url: https://github.com/zeroclaw-labs/zeroclaw/security/policy + url: https://github.com/potlock/zerobuild/security/policy about: Please report security vulnerabilities privately via SECURITY.md policy. - name: Private vulnerability report template - url: https://github.com/zeroclaw-labs/zeroclaw/blob/main/docs/security/private-vulnerability-report-template.md + url: https://github.com/potlock/zerobuild/blob/main/docs/security/private-vulnerability-report-template.md about: Use this template when filing a private vulnerability report in Security Advisories. - - name: 私密漏洞报告模板(中文) - url: https://github.com/zeroclaw-labs/zeroclaw/blob/main/docs/security/private-vulnerability-report-template.zh-CN.md - about: 使用该中文模板通过 Security Advisories 进行私密漏洞提交。 - name: Contribution guide - url: https://github.com/zeroclaw-labs/zeroclaw/blob/main/CONTRIBUTING.md + url: https://github.com/potlock/zerobuild/blob/main/CONTRIBUTING.md about: Please read contribution and PR requirements before opening an issue. - name: PR workflow & reviewer expectations - url: https://github.com/zeroclaw-labs/zeroclaw/blob/main/docs/pr-workflow.md + url: https://github.com/potlock/zerobuild/blob/main/docs/pr-workflow.md about: Read risk-based PR tracks, CI gates, and merge criteria before filing feature requests. diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml index 5c82c1b..aa6a694 100644 --- a/.github/codeql/codeql-config.yml +++ b/.github/codeql/codeql-config.yml @@ -1,4 +1,4 @@ -# CodeQL configuration for ZeroClaw +# CodeQL configuration for ZeroBuild # # We intentionally ignore integration tests under `tests/` because they often # contain security-focused fixtures (example secrets, malformed payloads, etc.) diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index fe3cd6f..e65e792 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -65,7 +65,7 @@ cargo test - Data-hygiene status (`pass|needs-follow-up`): - Redaction/anonymization notes: -- Neutral wording confirmation (use ZeroClaw/project-native labels if identity-like wording is needed): +- Neutral wording confirmation (use ZeroBuild/project-native labels if identity-like wording is needed): ## Compatibility / Migration diff --git a/.github/security/deny-ignore-governance.json b/.github/security/deny-ignore-governance.json index d959274..1dd40cb 100644 --- a/.github/security/deny-ignore-governance.json +++ b/.github/security/deny-ignore-governance.json @@ -1,5 +1,5 @@ { - "schema_version": "zeroclaw.deny-governance.v1", + "schema_version": "zerobuild.deny-governance.v1", "advisories": [ { "id": "RUSTSEC-2025-0141", diff --git a/.github/security/gitleaks-allowlist-governance.json b/.github/security/gitleaks-allowlist-governance.json index 4ec7714..963099e 100644 --- a/.github/security/gitleaks-allowlist-governance.json +++ b/.github/security/gitleaks-allowlist-governance.json @@ -1,5 +1,5 @@ { - "schema_version": "zeroclaw.secrets-governance.v1", + "schema_version": "zerobuild.secrets-governance.v1", "paths": [ { "pattern": "src/security/leak_detector\\.rs", diff --git a/.github/security/unsafe-audit-governance.json b/.github/security/unsafe-audit-governance.json index e8edb6c..aba6bf7 100644 --- a/.github/security/unsafe-audit-governance.json +++ b/.github/security/unsafe-audit-governance.json @@ -1,5 +1,5 @@ { - "schema_version": "zeroclaw.unsafe-audit-governance.v1", + "schema_version": "zerobuild.unsafe-audit-governance.v1", "ignore_paths": [], "ignore_pattern_ids": [] } diff --git a/.github/workflows/ci-run.yml b/.github/workflows/ci-run.yml index fd74bf4..229f747 100644 --- a/.github/workflows/ci-run.yml +++ b/.github/workflows/ci-run.yml @@ -105,7 +105,7 @@ jobs: - name: Build binary (smoke check) run: cargo build --profile release-fast --locked --verbose - name: Check binary size - run: bash scripts/ci/check_binary_size.sh target/release-fast/zeroclaw + run: bash scripts/ci/check_binary_size.sh target/release-fast/zerobuild flake-probe: name: Test Flake Retry Probe diff --git a/.github/workflows/ci-supply-chain-provenance.yml b/.github/workflows/ci-supply-chain-provenance.yml index 55eb28c..a17cc81 100644 --- a/.github/workflows/ci-supply-chain-provenance.yml +++ b/.github/workflows/ci-supply-chain-provenance.yml @@ -49,8 +49,8 @@ jobs: mkdir -p artifacts host_target="$(rustc -vV | sed -n 's/^host: //p')" cargo build --profile release-fast --locked --target "$host_target" - cp "target/${host_target}/release-fast/zeroclaw" "artifacts/zeroclaw-${host_target}" - sha256sum "artifacts/zeroclaw-${host_target}" > "artifacts/zeroclaw-${host_target}.sha256" + cp "target/${host_target}/release-fast/zerobuild" "artifacts/zerobuild-${host_target}" + sha256sum "artifacts/zerobuild-${host_target}" > "artifacts/zerobuild-${host_target}.sha256" - name: Generate provenance statement shell: bash @@ -58,8 +58,8 @@ jobs: set -euo pipefail host_target="$(rustc -vV | sed -n 's/^host: //p')" python3 scripts/ci/generate_provenance.py \ - --artifact "artifacts/zeroclaw-${host_target}" \ - --subject-name "zeroclaw-${host_target}" \ + --artifact "artifacts/zerobuild-${host_target}" \ + --subject-name "zerobuild-${host_target}" \ --output "artifacts/provenance-${host_target}.intoto.json" - name: Install cosign @@ -104,7 +104,7 @@ jobs: { echo "### Supply Chain Provenance" echo "- Target: \`${host_target}\`" - echo "- Artifact: \`artifacts/zeroclaw-${host_target}\`" + echo "- Artifact: \`artifacts/zerobuild-${host_target}\`" echo "- Statement: \`artifacts/provenance-${host_target}.intoto.json\`" echo "- Signature: \`artifacts/provenance-${host_target}.intoto.json.sig\`" } >> "$GITHUB_STEP_SUMMARY" diff --git a/.github/workflows/docs-deploy.yml b/.github/workflows/docs-deploy.yml index a344c7b..c1fa38a 100644 --- a/.github/workflows/docs-deploy.yml +++ b/.github/workflows/docs-deploy.yml @@ -217,7 +217,7 @@ jobs: cp -R docs/. site/docs/ cp README.md site/README.md cat > site/index.md <<'EOF' - # ZeroClaw Docs Preview + # ZeroBuild Docs Preview This preview bundle is produced by `.github/workflows/docs-deploy.yml`. @@ -260,7 +260,7 @@ jobs: cp -R docs/. site/docs/ cp README.md site/README.md cat > site/index.md <<'EOF' - # ZeroClaw Documentation + # ZeroBuild Documentation This site is deployed automatically from `main` by `.github/workflows/docs-deploy.yml`. diff --git a/.github/workflows/main-branch-flow.md b/.github/workflows/main-branch-flow.md index 23a4d68..e61e11b 100644 --- a/.github/workflows/main-branch-flow.md +++ b/.github/workflows/main-branch-flow.md @@ -85,7 +85,7 @@ Notes: ### 2) PR from fork -> `dev` -1. External contributor opens PR from `fork/` into `zeroclaw:dev`. +1. External contributor opens PR from `fork/` into `zerobuild:dev`. 2. Immediately on `opened`: - `pull_request_target` workflows start with base-repo context and base-repo token: - `pr-intake-checks.yml` @@ -182,7 +182,7 @@ Workflow: `.github/workflows/pub-release.yml` - trigger provenance is emitted as `release-trigger-guard` artifacts. 3. `build-release` builds matrix artifacts across Linux/macOS/Windows targets. 4. `verify-artifacts` runs `scripts/ci/release_artifact_guard.py` against `.github/release/release-artifact-contract.json` in verify-stage mode (archive contract required; manifest/SBOM/notice checks intentionally skipped) and uploads `release-artifact-guard-verify` evidence. -5. In publish mode, workflow generates SBOM (`CycloneDX` + `SPDX`), `SHA256SUMS`, and a checksum provenance statement (`zeroclaw.sha256sums.intoto.json`) plus audit-event envelope. +5. In publish mode, workflow generates SBOM (`CycloneDX` + `SPDX`), `SHA256SUMS`, and a checksum provenance statement (`zerobuild.sha256sums.intoto.json`) plus audit-event envelope. 6. In publish mode, after manifest generation, workflow reruns `release_artifact_guard.py` in full-contract mode and emits `release-artifact-guard.publish.json` plus `audit-event-release-artifact-guard-publish.json`. 7. In publish mode, workflow keyless-signs release artifacts and composes a supply-chain release-notes preface via `release_notes_with_supply_chain_refs.py`. 8. In publish mode, workflow verifies GHCR release-tag availability. diff --git a/.github/workflows/pr-auto-response.yml b/.github/workflows/pr-auto-response.yml index 9cf1a7c..52143aa 100644 --- a/.github/workflows/pr-auto-response.yml +++ b/.github/workflows/pr-auto-response.yml @@ -55,12 +55,12 @@ jobs: Before maintainers triage it, please confirm: - Repro steps are complete and run on latest `main` - - Environment details are included (OS, Rust version, ZeroClaw version) + - Environment details are included (OS, Rust version, ZeroBuild version) - Sensitive values are redacted This helps us keep issue throughput high and response latency low. pr_message: | - Thanks for contributing to ZeroClaw. + Thanks for contributing to ZeroBuild. For faster review, please ensure: - PR template sections are fully completed diff --git a/.github/workflows/pub-docker-img.yml b/.github/workflows/pub-docker-img.yml index 0942182..41b0dd0 100644 --- a/.github/workflows/pub-docker-img.yml +++ b/.github/workflows/pub-docker-img.yml @@ -61,18 +61,18 @@ jobs: load: true provenance: false sbom: false - tags: zeroclaw-pr-smoke:latest + tags: zerobuild-pr-smoke:latest labels: ${{ steps.meta.outputs.labels || '' }} platforms: linux/amd64 cache-from: type=gha cache-to: type=gha,mode=max - name: Verify image - run: docker run --rm zeroclaw-pr-smoke:latest --version + run: docker run --rm zerobuild-pr-smoke:latest --version publish: name: Build and Push Docker Image - if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'zeroclaw-labs/zeroclaw' + if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') && github.repository == 'zerobuild-labs/zerobuild' runs-on: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] timeout-minutes: 45 permissions: diff --git a/.github/workflows/pub-prerelease.yml b/.github/workflows/pub-prerelease.yml index 01c0830..c982fa1 100644 --- a/.github/workflows/pub-prerelease.yml +++ b/.github/workflows/pub-prerelease.yml @@ -203,9 +203,9 @@ jobs: run: | set -euo pipefail mkdir -p artifacts - cp target/x86_64-unknown-linux-gnu/release-fast/zeroclaw artifacts/zeroclaw - tar czf artifacts/zeroclaw-x86_64-unknown-linux-gnu.tar.gz -C artifacts zeroclaw - rm artifacts/zeroclaw + cp target/x86_64-unknown-linux-gnu/release-fast/zerobuild artifacts/zerobuild + tar czf artifacts/zerobuild-x86_64-unknown-linux-gnu.tar.gz -C artifacts zerobuild + rm artifacts/zerobuild - name: Generate manifest + checksums shell: bash diff --git a/.github/workflows/pub-release.yml b/.github/workflows/pub-release.yml index 6b648e6..6d3bd06 100644 --- a/.github/workflows/pub-release.yml +++ b/.github/workflows/pub-release.yml @@ -172,14 +172,14 @@ jobs: # a broadly compatible GLIBC baseline for user distributions. - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] target: x86_64-unknown-linux-gnu - artifact: zeroclaw + artifact: zerobuild archive_ext: tar.gz cross_compiler: "" linker_env: "" linker: "" - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] target: x86_64-unknown-linux-musl - artifact: zeroclaw + artifact: zerobuild archive_ext: tar.gz cross_compiler: "" linker_env: "" @@ -187,14 +187,14 @@ jobs: use_cross: true - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] target: aarch64-unknown-linux-gnu - artifact: zeroclaw + artifact: zerobuild archive_ext: tar.gz cross_compiler: gcc-aarch64-linux-gnu linker_env: CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER linker: aarch64-linux-gnu-gcc - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] target: aarch64-unknown-linux-musl - artifact: zeroclaw + artifact: zerobuild archive_ext: tar.gz cross_compiler: "" linker_env: "" @@ -202,14 +202,14 @@ jobs: use_cross: true - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] target: armv7-unknown-linux-gnueabihf - artifact: zeroclaw + artifact: zerobuild archive_ext: tar.gz cross_compiler: gcc-arm-linux-gnueabihf linker_env: CARGO_TARGET_ARMV7_UNKNOWN_LINUX_GNUEABIHF_LINKER linker: arm-linux-gnueabihf-gcc - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] target: armv7-linux-androideabi - artifact: zeroclaw + artifact: zerobuild archive_ext: tar.gz cross_compiler: "" linker_env: "" @@ -218,7 +218,7 @@ jobs: android_api: 21 - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] target: aarch64-linux-android - artifact: zeroclaw + artifact: zerobuild archive_ext: tar.gz cross_compiler: "" linker_env: "" @@ -227,7 +227,7 @@ jobs: android_api: 21 - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] target: x86_64-unknown-freebsd - artifact: zeroclaw + artifact: zerobuild archive_ext: tar.gz cross_compiler: "" linker_env: "" @@ -235,21 +235,21 @@ jobs: use_cross: true - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] target: x86_64-apple-darwin - artifact: zeroclaw + artifact: zerobuild archive_ext: tar.gz cross_compiler: "" linker_env: "" linker: "" - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] target: aarch64-apple-darwin - artifact: zeroclaw + artifact: zerobuild archive_ext: tar.gz cross_compiler: "" linker_env: "" linker: "" - os: [self-hosted, Linux, X64, aws-india, blacksmith-2vcpu-ubuntu-2404, hetzner] target: x86_64-pc-windows-msvc - artifact: zeroclaw.exe + artifact: zerobuild.exe archive_ext: zip cross_compiler: "" linker_env: "" @@ -368,19 +368,19 @@ jobs: if: runner.os != 'Windows' run: | cd target/${{ matrix.target }}/release-fast - tar czf ../../../zeroclaw-${{ matrix.target }}.${{ matrix.archive_ext }} ${{ matrix.artifact }} + tar czf ../../../zerobuild-${{ matrix.target }}.${{ matrix.archive_ext }} ${{ matrix.artifact }} - name: Package (Windows) if: runner.os == 'Windows' run: | cd target/${{ matrix.target }}/release-fast - 7z a ../../../zeroclaw-${{ matrix.target }}.${{ matrix.archive_ext }} ${{ matrix.artifact }} + 7z a ../../../zerobuild-${{ matrix.target }}.${{ matrix.archive_ext }} ${{ matrix.artifact }} - name: Upload artifact uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6 with: - name: zeroclaw-${{ matrix.target }} - path: zeroclaw-${{ matrix.target }}.${{ matrix.archive_ext }} + name: zerobuild-${{ matrix.target }} + path: zerobuild-${{ matrix.target }}.${{ matrix.archive_ext }} retention-days: 7 verify-artifacts: @@ -469,11 +469,11 @@ jobs: - name: Generate SBOM (CycloneDX) run: | - syft dir:. --source-name zeroclaw -o cyclonedx-json=artifacts/zeroclaw.cdx.json -o spdx-json=artifacts/zeroclaw.spdx.json + syft dir:. --source-name zerobuild -o cyclonedx-json=artifacts/zerobuild.cdx.json -o spdx-json=artifacts/zerobuild.spdx.json { echo "### SBOM Generated" - echo "- CycloneDX: zeroclaw.cdx.json" - echo "- SPDX: zeroclaw.spdx.json" + echo "- CycloneDX: zerobuild.cdx.json" + echo "- SPDX: zerobuild.spdx.json" } >> "$GITHUB_STEP_SUMMARY" - name: Attach license and notice files @@ -504,8 +504,8 @@ jobs: set -euo pipefail python3 scripts/ci/generate_provenance.py \ --artifact artifacts/SHA256SUMS \ - --subject-name "zeroclaw-${RELEASE_TAG}-sha256sums" \ - --output artifacts/zeroclaw.sha256sums.intoto.json + --subject-name "zerobuild-${RELEASE_TAG}-sha256sums" \ + --output artifacts/zerobuild.sha256sums.intoto.json - name: Emit SHA256SUMS provenance audit event shell: bash @@ -513,7 +513,7 @@ jobs: set -euo pipefail python3 scripts/ci/emit_audit_event.py \ --event-type release_sha256sums_provenance \ - --input-json artifacts/zeroclaw.sha256sums.intoto.json \ + --input-json artifacts/zerobuild.sha256sums.intoto.json \ --output-json artifacts/audit-event-release-sha256sums-provenance.json \ --artifact-name release-sha256sums-provenance \ --retention-days 30 diff --git a/.github/workflows/sec-audit.yml b/.github/workflows/sec-audit.yml index 9c1b031..271a0bf 100644 --- a/.github/workflows/sec-audit.yml +++ b/.github/workflows/sec-audit.yml @@ -312,7 +312,7 @@ jobs: cat > artifacts/gitleaks-summary.json <> "$GITHUB_STEP_SUMMARY" - name: Upload SBOM artifacts uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 with: name: sbom-snapshot - path: artifacts/zeroclaw.*.json + path: artifacts/zerobuild.*.json retention-days: 14 - name: Emit SBOM audit event @@ -408,10 +408,10 @@ jobs: set -euo pipefail cat > artifacts/sbom-summary.json < NOTICE << 'EOF' - ZeroClaw - Copyright 2025 ZeroClaw Labs + ZeroBuild + Copyright 2025 ZeroBuild Labs - This product includes software developed at ZeroClaw Labs (https://github.com/zeroclaw-labs). + This product includes software developed at ZeroBuild Labs (https://github.com/zerobuild-labs). Contributors ============ - The following individuals have contributed to ZeroClaw: + The following individuals have contributed to ZeroBuild: EOF From f4148de51d947f4ffc3a3cd14045717e250f9d66 Mon Sep 17 00:00:00 2001 From: louisdevzz Date: Thu, 5 Mar 2026 00:42:48 +0700 Subject: [PATCH 4/4] chore(config): update environment variable naming --- .env.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.env.example b/.env.example index 8b4e8ac..190d459 100644 --- a/.env.example +++ b/.env.example @@ -1,4 +1,4 @@ -# ZeroClaw Environment Variables +# Zerobuild Environment Variables # Copy this file to `.env` and fill in your local values. # Never commit `.env` or any real secrets.