wifi-densepose

History

ruv 3833929dcb cog-ha-matter (ADR-116 P8): CI release workflow + fix inherited filename bug New `.github/workflows/cog-ha-matter-release.yml`: * Triggers on `cog-ha-matter-v` tag-push + manual dispatch Three jobs: build-x86_64, build-arm, publish-gcs * x86_64: native ubuntu-latest cargo build * arm: aarch64-unknown-linux-gnu via apt-installed gcc-aarch64-linux-gnu linker (no `cross` dep needed — keeps workflow self-contained) * Each build job runs make build-{arch} + make sign-{arch} + gated Ed25519 sign step (skipped when COGNITUM_OWNER_SIGNING_KEY secret is unset — workflow still produces unsigned artifacts so we get build coverage now and signing later without re-merging) * publish-gcs job gated on `vars.HAS_GCP_CREDENTIALS == 'true'` so the workflow is safe to merge before credentials land — no-op until the org admin sets the variable * Uploads binary + sha256 + (optional) sig to `gs://cognitum-apps/cogs/{arch}/cog-ha-matter-{arch}` * Prints the app-registry.json snippet for the cognitum-one PR (so the publish step's output is the exact JSON the user pastes) Fixed a bug inherited from cog-pose-estimation's Makefile: the precedent produces `dist/cog-cog-pose-estimation-arm` (double `cog-` prefix because CRATE name already starts with `cog-`) but the manifest URL has single prefix `cog-pose-estimation-arm`. The upload path doesn't match the binary_url — a latent bug in the pose cog's pipeline. My copy now produces `dist/cog-ha-matter-arm` matching the manifest URL `cog-ha-matter-{{ARCH}}`. Changed: Makefile (build / sign / upload / verify / clean targets), workflow (artifact names + gsutil paths), README (local dry-run instructions). The cog-pose-estimation precedent is unchanged — separate fix if/when the user wants to align it. What this iter does NOT do (P8 remaining): * provision GCP_CREDENTIALS / COGNITUM_OWNER_SIGNING_KEY secrets (user action — needs org admin access) * actually run the workflow (needs a `cog-ha-matter-v0.1.0` tag push, or workflow_dispatch from the Actions tab) * append to app-registry.json in cognitum-one (separate repo PR) Next iter: tag a v0.0.1-dev (so the workflow runs once + we see any build-time errors on real CI runners) OR scaffold the app-registry.json patch payload as a check-in doc. Co-Authored-By: claude-flow <ruv@ruv.net>	2026-05-23 23:05:54 -04:00
..
workflows	cog-ha-matter (ADR-116 P8): CI release workflow + fix inherited filename bug	2026-05-23 23:05:54 -04:00
dependabot.yml	security: pin GitHub Actions to SHAs and bump vulnerable npm deps (#442 )	2026-04-28 08:46:51 -04:00

ruv 3833929dcb cog-ha-matter (ADR-116 P8): CI release workflow + fix inherited filename bug

New `.github/workflows/cog-ha-matter-release.yml`:

  * Triggers on `cog-ha-matter-v*` tag-push + manual dispatch
  * Three jobs: build-x86_64, build-arm, publish-gcs
  * x86_64: native ubuntu-latest cargo build
  * arm: aarch64-unknown-linux-gnu via apt-installed gcc-aarch64-linux-gnu
    linker (no `cross` dep needed — keeps workflow self-contained)
  * Each build job runs make build-{arch} + make sign-{arch} +
    gated Ed25519 sign step (skipped when COGNITUM_OWNER_SIGNING_KEY
    secret is unset — workflow still produces unsigned artifacts so
    we get build coverage now and signing later without re-merging)
  * publish-gcs job gated on `vars.HAS_GCP_CREDENTIALS == 'true'`
    so the workflow is safe to merge before credentials land —
    no-op until the org admin sets the variable
  * Uploads binary + sha256 + (optional) sig to
    `gs://cognitum-apps/cogs/{arch}/cog-ha-matter-{arch}`
  * Prints the app-registry.json snippet for the cognitum-one PR
    (so the publish step's output is the exact JSON the user pastes)

Fixed a bug inherited from cog-pose-estimation's Makefile: the
precedent produces `dist/cog-cog-pose-estimation-arm` (double
`cog-` prefix because CRATE name already starts with `cog-`) but
the manifest URL has single prefix `cog-pose-estimation-arm`. The
upload path doesn't match the binary_url — a latent bug in the
pose cog's pipeline.

My copy now produces `dist/cog-ha-matter-arm` matching the
manifest URL `cog-ha-matter-{{ARCH}}`. Changed: Makefile (build /
sign / upload / verify / clean targets), workflow (artifact names
+ gsutil paths), README (local dry-run instructions). The
cog-pose-estimation precedent is unchanged — separate fix if/when
the user wants to align it.

What this iter does NOT do (P8 remaining):
  * provision GCP_CREDENTIALS / COGNITUM_OWNER_SIGNING_KEY secrets
    (user action — needs org admin access)
  * actually run the workflow (needs a `cog-ha-matter-v0.1.0` tag
    push, or workflow_dispatch from the Actions tab)
  * append to app-registry.json in cognitum-one (separate repo PR)

Next iter: tag a v0.0.1-dev (so the workflow runs once + we see
any build-time errors on real CI runners) OR scaffold the
app-registry.json patch payload as a check-in doc.

Co-Authored-By: claude-flow <ruv@ruv.net>

2026-05-23 23:05:54 -04:00

workflows

cog-ha-matter (ADR-116 P8): CI release workflow + fix inherited filename bug

2026-05-23 23:05:54 -04:00

dependabot.yml

security: pin GitHub Actions to SHAs and bump vulnerable npm deps (#442 )

2026-04-28 08:46:51 -04:00