vrr/eigent
2
0
Fork 0
mirror of https://github.com/eigent-ai/eigent.git synced 2026-05-23 12:44:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
1782 commits 747 branches 72 tags 630 MiB
Commit graph

48 commits

Author SHA1 Message Date
Wendong-Fan
3ad844af5a
Merge branch 'main' into feat-pre-built 2026-01-17 17:02:29 +00:00
4pmtong
64ea7f233f 🔥 npm ci 2026-01-17 19:21:29 +08:00
4pmtong
925e6da250 fix built without package-lock.json 2026-01-17 19:11:57 +08:00
4pmtong
220ff848f3 🎨 cache npm 2026-01-17 18:42:24 +08:00
4pmtong
fd7d1af052 fix timeout 2026-01-17 18:09:17 +08:00
bytecraftii
4a805a5981 Update contributing 2026-01-16 23:25:24 -08:00
bytecraftii
e5150200cf Update contributing 2026-01-16 18:53:50 -08:00
bytecraftii
feb717b7de Update contributing 2026-01-16 18:50:11 -08:00
bytecraftii
f9ba728e5d Update contributing 2026-01-16 18:42:27 -08:00
sd416
719bf043ff
Merge pull request #1 from sd416/dependabot/github_actions/tj-actions/changed-files-47 
chore(deps): bump tj-actions/changed-files from 45 to 47
 2026-01-16 11:49:22 +05:30
sd416
0ebc769ffc
Merge pull request #2 from sd416/dependabot/github_actions/actions/download-artifact-7 
chore(deps): bump actions/download-artifact from 4 to 7
 2026-01-16 11:49:16 +05:30
sd416
cf1b75f3a4
Merge pull request #3 from sd416/dependabot/github_actions/actions/setup-python-6 
chore(deps): bump actions/setup-python from 4 to 6
 2026-01-16 11:49:10 +05:30
sd416
a3e83b4f6d
Merge pull request #4 from sd416/dependabot/github_actions/actions/setup-node-6 
chore(deps): bump actions/setup-node from 4 to 6
 2026-01-16 11:49:03 +05:30
dependabot[bot]
8a1d711bf8
chore(deps): bump actions/upload-artifact from 4 to 6 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 06:18:21 +00:00
dependabot[bot]
818b176f55
chore(deps): bump actions/setup-node from 4 to 6 
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 6.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 06:18:17 +00:00
dependabot[bot]
b7faebac86
chore(deps): bump actions/setup-python from 4 to 6 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4 to 6.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4...v6)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 06:18:12 +00:00
dependabot[bot]
54c5fc220c
chore(deps): bump actions/download-artifact from 4 to 7 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 7.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v7)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '7'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 06:18:08 +00:00
dependabot[bot]
d95f93ae5c
chore(deps): bump tj-actions/changed-files from 45 to 47 
Bumps [tj-actions/changed-files](https://github.com/tj-actions/changed-files) from 45 to 47.
- [Release notes](https://github.com/tj-actions/changed-files/releases)
- [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md)
- [Commits](https://github.com/tj-actions/changed-files/compare/v45...v47)

---
updated-dependencies:
- dependency-name: tj-actions/changed-files
  dependency-version: '47'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2026-01-16 06:18:04 +00:00
Wendong-Fan
9446f8aa89 cicd security 2026-01-13 21:55:29 +08:00
Cole Murray
102a864d43 fix(security): prevent arbitrary code execution in CI workflow 
SECURITY FIX: The previous CI workflow was vulnerable to arbitrary code
execution from fork PRs due to using `pull_request_target` with checkout
of untrusted PR code.

Attack vector:
- Attacker forks repo and adds malicious node_modules/.bin/markdownlint-cli
- Opens PR to trigger CI workflow
- npx executes attacker's script with repository write permissions
- Attacker can exfiltrate credentials, comment on PRs, or push code

Fix:
- Split workflow into two separate files
- ci.yml: Uses pull_request_target for commenting (no code checkout)
- lint-markdown.yml: Uses pull_request for linting (safe to checkout)

The pull_request trigger runs fork PRs with read-only permissions and
no access to repository secrets, making it safe to checkout and execute
PR code.

Additional improvements:
- Updated actions to latest versions (checkout@v4, github-script@v7, paths-filter@v3)
- Pin markdownlint-cli version to prevent supply chain attacks
- Added security comments explaining the rationale

Reference: https://securitylab.github.com/research/github-actions-preventing-pwn-requests/
 2026-01-12 23:10:48 -08:00
Wendong-Fan
0375d7aa66 update cicd setting in workflows 2026-01-03 03:13:40 +08:00
罗鹏铖
19761dc23a
Add CodeQL analysis workflow configuration 2025-12-04 17:06:23 +08:00
sw3205933776
bc0267c0c3 update 2025-11-14 15:47:33 +08:00
sw3205933776
81cfacf341 update 2025-11-14 15:32:06 +08:00
sw3205933776
95e09cfc8e update 2025-09-17 15:25:12 +08:00
sw3205933776
cf6070a13f update 2025-09-17 15:23:10 +08:00
sw3205933776
4065f32607 update 2025-09-17 15:22:16 +08:00
sw3205933776
defe656c28 fix: add latest-x64-mac.yml to release artifacts for auto-update (#246) 2025-08-28 10:50:08 +08:00
Wendong-Fan
6057be8e9f fix: cd uv dependency 2025-08-28 09:59:17 +08:00
Wendong-Fan
d6cfbec9e2 enhance: Feature GitHub actions update #229 2025-08-27 19:59:04 +08:00
sw3205933776
ce68dabbac edit build config 2025-08-22 11:35:06 +08:00
sw3205933776
24a699414f edit build config 2025-08-21 15:09:27 +08:00
sw3205933776
9858ba9012 edit build config 2025-08-21 14:56:08 +08:00
sw3205933776
768519cd16 edit build config 2025-08-21 14:31:51 +08:00
sw3205933776
a022ba3297 edit build config 2025-08-20 17:28:48 +08:00
sw3205933776
bfbd6d359f edit build config 2025-08-20 16:09:16 +08:00
sw3205933776
4ca60865c7 edit build config 2025-08-20 15:17:03 +08:00
sw3205933776
931c178dcf edit build config 2025-08-20 14:59:43 +08:00
sw3205933776
dc73404011 edit build config 2025-08-20 14:35:24 +08:00
sw3205933776
a2bc5a6e49 edit build config 2025-08-20 11:56:36 +08:00
sw3205933776
11b7edee44 edit build config 2025-08-20 11:48:24 +08:00
sw3205933776
c8a2d4f9c1 edit build config 2025-08-20 11:24:01 +08:00
sw3205933776
b68f8176c3 fix:indentation in build.yml 2025-08-20 11:09:23 +08:00
sw3205933776
424cbbb38b Change UV installation method 2025-08-20 11:06:44 +08:00
sw3205933776
c8a7184c3a Setup Python in GitHub Actions 2025-08-20 11:01:17 +08:00
sw3205933776
30a19f72b0 Update Node.js version in GitHub Actions 2025-08-20 10:50:01 +08:00
sw3205933776
3bdbf3a56c update GitHub Actions workflow 2025-08-20 10:04:58 +08:00
puzhen
723df5a03e Initial commit of eigent-main 2025-08-12 01:16:39 +02:00