ci: Phase 4 - Pin GitHub Actions and add safety validation#79
Open
ci: Phase 4 - Pin GitHub Actions and add safety validation#79
Conversation
Add comprehensive Claude Code support infrastructure: - Update renovate.json with weekly updates, auto-merge patch/minor, manual major review, and GitHub Actions pinning support - Create .claude/ directory structure with settings, rules, hooks - Add 4 enhanced personas (BasicBitch, Spellchuck, Godmode, SageDaddy) - Transform 12 core and standards rules from .mdc to .md format - Add security-block hook for dangerous command prevention - Create .claudeignore template file - Add AGENTS.md discoverability layer - Build cursor-to-claude rule transformer utility Refs: Phase 1 implementation plan
Add comprehensive IDE selection and enhanced CLI features: - Add --ide flag for choosing cursor|claude|both - Add interactive IDE selection prompt when --ide not specified - Add --dry-run flag to preview downloads without writing files - Add --validate flag for post-download file validation - Create ide-selection.mjs utility for IDE choice handling - Update download-files.mjs to support IDE-specific downloads - Update commands.mjs with IDE-aware interactive mode - Update CLI help text with examples for all new flags - Support downloading both Cursor and Claude configurations Refs: Phase 2 implementation plan
Complete content migration from Cursor to Claude Code format: - Transform 6 test rules (playwright, vitest, testing-pyramid, etc.) - Transform 9 utils rules (git-branch, release-*, changelog-*) - Create .claude/commands/ with 6 slash commands: - /dev, /refactor, /version, /changelog, /commit, /testing-pyramid - All rules converted from .mdc (Cursor) to .md (Claude) format - Commands include usage guidelines, workflow steps, and agent recommendations Refs: Phase 3 implementation plan
Pin all GitHub Actions to specific commit SHAs to prevent supply chain attacks: - actions/checkout: v4.2.2 (11bd71901bbe5b1630ceea73d27597364c9af683) - actions/setup-node: v4.1.0 (1a4442cacd436585991a76fe714fa58850bd193c) - actions/configure-pages: v4.0.0 (1f0c5cde4dec8825aff22eac11aa73c856b5c886) - actions/upload-pages-artifact: v3.0.1 (56afc609e74202658d3ffba0e8f6f4625a7d4af5) - actions/deploy-pages: v4.0.5 (d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e) - actions/dependency-review-action: v4.5.0 (3b139cfc5fae8b618d3eae3675e383bb1769c019) - dorny/paths-filter: v3.0.2 (de90cc6fb38fc0963ad72b210f1f284cd68cea36) Renovate will still update these via SHA due to helpers:pinGitHubActionDigests config. Refs: Phase 4 - GitHub Actions pinning
Add safety features: - Generate SHA-256 hashes for all files - Create validation utilities - Support pattern scanning for security Refs: Phase 4 implementation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
feat(claude): Phase 1 - Foundation for Claude Code supportAdd comprehensive Claude Code support infrastructure:
manual major review, and GitHub Actions pinning support
Refs: Phase 1 implementation plan
feat(cli): Phase 2 - CLI enhancements for IDE selectionAdd comprehensive IDE selection and enhanced CLI features:
Refs: Phase 2 implementation plan
feat(claude): Phase 3 - Content migration for Claude CodeComplete content migration from Cursor to Claude Code format:
Refs: Phase 3 implementation plan
ci: Pin GitHub Actions to commit SHAs for supply chain securityPin all GitHub Actions to specific commit SHAs to prevent supply chain attacks:
Renovate will still update these via SHA due to helpers:pinGitHubActionDigests config.
Refs: Phase 4 - GitHub Actions pinning
feat(safety): Add checksum generation and validation utilitiesAdd safety features:
Refs: Phase 4 implementation