10 Commits

Author SHA1 Message Date
Zonghao Yuan cb5daf58ce fix(ci): grant CLA bot pull-request write permission (#115)
The CLA Assistant workflow had `pull-requests: read`, which prevented
the GITHUB_TOKEN from posting the sign-CLA comment on PRs. Change to
`pull-requests: write` so the bot can comment.

Also removed the `protect-cla-signatures` ruleset (GitHub-side) that
marked the signatures branch as protected, blocking the bot from
pushing signature records.

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-27 20:04:10 +08:00
yuanzonghao b39452ab2f chore(ci): add noreply@anthropic.com to CLA allowlist
Co-authored commits from Claude Code were failing the CLA check
because the bot email had not signed the CLA. Whitelist it so
AI-assisted PRs pass without requiring --admin merge.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-24 19:08:24 +08:00
Zonghao Yuan 61ef027a0e fix(cla): route signatures to unprotected cla-signatures branch (#100)
The CLA bot run on PR #99 failed with 'Resource not accessible by
integration' because it tried to commit cla-signatures/version-1.json
to the branch-protection-protected main branch. The CLA Assistant
action cannot push to protected branches (contributor-assistant/
github-action#150); PAT identity is not granted bypass even though
the PAT owner is repo admin.

Fix: store signatures on a dedicated orphan branch 'cla-signatures'
that has no protection rules, so the PAT can commit freely. This is
the workaround recommended by the action maintainers and the dominant
community solution.

Also brings the staging copy of cla.yml up to parity with main (the
guard step + SHA pin from PR #93 had not been back-merged to staging):
- Add the 'fail on missing CLA_BOT_TOKEN' guard step
- Pin action to contributor-assistant/github-action@ca4a40a7... (v2.6.1);
  the old 'cla-assistant-action' path 404s and was a second reason the
  bot never fired
2026-06-18 23:19:20 +08:00
yuanzonghao 6ee74a0680 chore(repo): address pr-agent review on CLA workflow
Address the valid points from pr-agent on PR #89, skip the inaccurate
ones (e.g. the $contributorName placeholder it suggested does not exist
in cla-assistant-action; create-file-commit-message fires before any
signer exists).

- cla.yml: move 'token configured?' check into job env and put the whole
  step-level if inside a single ${{ }} so && / || are evaluated as a
  boolean (step-level if cannot safely reference secrets.* directly)
- cla.yml: declare minimal explicit permissions (contents/pull-requests/
  issues/statuses) — this workflow runs on pull_request_target with a token
- cla.yml: drop the overly broad '*bot' allowlist wildcard; keep explicit
  bot + maintainer accounts only
- cla.yml: clean up the stray trailing '@' in create-file-commit-message
  (used once, at signature-store creation, before any signer exists)
- README{,.en,.ja}: clarify that the CLA is signed via a PR comment, not
  before opening the PR — matches the actual CONTRIBUTING flow
2026-06-17 19:49:48 +08:00
yuanzonghao 2b0b9c6f8d feat(repo): add CLA mechanism for external contributors
Introduce a Contributor License Agreement (CLA) so external contributions
can be licensed under AGPL-3.0 and any other terms (incl. closed-source),
keeping the AGPL-3.0 codebase usable in closed-source projects.

- CLA.md: authoritative English CLA (ICLA + employer authorization, v1.0)
- CLA.zh.md: non-binding Chinese reference translation
- CONTRIBUTING.md: bilingual contributing guide, points to CLA
- .github/workflows/cla.yml: self-hosted cla-assistant-action that records
  signatures into cla-signatures/version-1.json; exempts maintainers & bots
  via allowlist; skips when CLA_BOT_TOKEN is unset
- .github/PULL_REQUEST_TEMPLATE.md: guides contributors to sign
- README.{md,en.md,ja.md}: add License & contributing footer
- app/terms: note CLA requirement in the IP section

Enforcement requires repo-level setup (PAT secret + branch protection)
documented in cla.yml; not covered by this commit.
2026-06-17 12:23:46 +08:00
yuanzonghao e39e9e1c86 chore(ci): disable PR Agent auto-describe and AI title
Collaborators' hand-written PR titles and descriptions were being
overwritten by the automatic /describe run. Disable auto_describe on the
Claude job and set generate_ai_title = false so human-authored metadata
is preserved. Manual /describe via PR comment still works.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-07 22:27:54 +08:00
yuanzonghao 81b99625d3 chore(ci): tune PR Agent config
- split per-model banners so two model jobs no longer overwrite each other
- raise reviewer findings cap to 8, broaden /improve to readability/cleanup
- enable dual-publishing for high-score suggestions (inline annotations)
- switch Claude model from opus-4-7 to opus-4-6 (fallback sonnet-4-6)
- raise reasoning_effort to high, response_language to zh-CN
- drop two dead config keys silently ignored by upstream schema
- add best_practices.md with 6 project-specific invariants for /improve
2026-06-07 15:29:34 +08:00
yuanzonghao 4972243a93 fix: address PR Agent review findings across 6 files
Restrict PR Agent workflow to trusted collaborators on PR comments only,
fix UTF-8 byte counting in gallery-pack, correct portrait-to-landscape
fallback orientation, track inserted freeform beats in visitedBeatIds,
allow clearing stored TTS key, and guard empty-string fuzzy match in
style selector.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-07 14:40:37 +08:00
yuanzonghao 57b3ac78cd feat(ci): add dual-model PR Agent for automated code review
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-07 12:02:17 +08:00
yuanzonghao c82f887a02 feat(deploy): add Docker Compose self-hosted deployment option
Add multi-platform Docker image build (amd64 + arm64) with GitHub Actions
CI that pushes to GHCR on every merge to main. Users can self-host with
a single `docker compose up -d` command.

- Dockerfile: multi-stage build with Next.js standalone output (~150-200MB)
- docker-compose.yml: one-command self-hosted deployment
- .github/workflows/docker.yml: CI workflow with QEMU cross-compilation
- next.config.ts: conditional `output: "standalone"` via BUILD_STANDALONE env
- README (zh/en/ja): restructure deploy section to include Docker option

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-06 21:57:57 +08:00