orama

DeBros/orama

Fork 0

mirror of https://github.com/DeBrosOfficial/orama.git synced 2026-06-16 23:54:13 +00:00

Commit Graph

Author	SHA1	Message	Date
anonpenguin23	9bbe7a8f64	ci(security): simplify to repo-specific layout, drop unsupported cache expr GitHub rejected the prior workflow on registration (0 jobs created, rerequestable=false) — most likely the dynamic `cache: \${{ ... && ... \|\| ... }}` expression in setup-node and/or the missing .python-version file referenced unconditionally. Switching to a static config tailored to this repo's actual layout (sdk/ for JS, core/ for Go, no Python).	2026-05-12 11:16:54 +03:00
anonpenguin23	3676b000a6	chore: adopt DeBros DAO baseline rules + release 0.122.11 Standardization batch — no application code changes. Pulls in the DeBros DAO baseline rules (v0.1.0, sha 51ce3f8) for supply-chain defense and toolchain pinning. Files added: - DEBROS.md + debros.json — adopted-rules manifest - .debros/compliance/{go,javascript-typescript,zig}.md — per-language compliance docs - .github/workflows/security.yml — auto-detecting security CI (npm audit + go vulncheck), runs on main + weekly cron - renovate.json — 30-day dependency cooldown, no auto-merge, vulnerability alerts bypass cooldown - .nvmrc — pin Node 20.18.0 - vault/.zigversion — pin Zig 0.14.0 - sdk/.npmrc, website/.npmrc — supply-chain hardening (ignore-scripts, strict-peer-dependencies, save-exact, etc.) Files modified: - core/go.mod, os/agent/go.mod, website/invest-api/go.mod — add `toolchain go1.24.6` directive for reproducible builds - VERSION + sdk/package.json — bump to 0.122.11	2026-05-12 11:10:10 +03:00

Author

SHA1

Message

Date

anonpenguin23

9bbe7a8f64

ci(security): simplify to repo-specific layout, drop unsupported cache expr

GitHub rejected the prior workflow on registration (0 jobs created,
rerequestable=false) — most likely the dynamic `cache: \${{ ... && ... || ... }}`
expression in setup-node and/or the missing .python-version file referenced
unconditionally. Switching to a static config tailored to this repo's
actual layout (sdk/ for JS, core/ for Go, no Python).

2026-05-12 11:16:54 +03:00

anonpenguin23

3676b000a6

chore: adopt DeBros DAO baseline rules + release 0.122.11

Standardization batch — no application code changes. Pulls in the
DeBros DAO baseline rules (v0.1.0, sha 51ce3f8) for supply-chain
defense and toolchain pinning.

Files added:
- DEBROS.md + debros.json — adopted-rules manifest
- .debros/compliance/{go,javascript-typescript,zig}.md — per-language
  compliance docs
- .github/workflows/security.yml — auto-detecting security CI
  (npm audit + go vulncheck), runs on main + weekly cron
- renovate.json — 30-day dependency cooldown, no auto-merge,
  vulnerability alerts bypass cooldown
- .nvmrc — pin Node 20.18.0
- vault/.zigversion — pin Zig 0.14.0
- sdk/.npmrc, website/.npmrc — supply-chain hardening
  (ignore-scripts, strict-peer-dependencies, save-exact, etc.)

Files modified:
- core/go.mod, os/agent/go.mod, website/invest-api/go.mod —
  add `toolchain go1.24.6` directive for reproducible builds
- VERSION + sdk/package.json — bump to 0.122.11

2026-05-12 11:10:10 +03:00

2 Commits