The remote_contract job was effectively dead code — it only ran on
workflow_dispatch (excluded push and pull_request events) and was
configured with continue-on-error, so it never blocked releases.
Removing it simplifies the pipeline and eliminates the always()
workaround in the release job's if-condition.
Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>
* refactor: replace super_clipboard with pasteboard, drop cargokit/Rust
super_clipboard pulled in super_native_extensions (a Rust native layer
built via cargokit), whose precompiled-binary download from GitHub
release assets has been intermittently failing the build ("Connection
closed while receiving data"). It was used for exactly one feature -
reading a clipboard image into the composer - in a single file; the
other 12 imports were dead.
- Swap super_clipboard -> pasteboard (platform-channel, no Rust).
- Rewrite readClipboardImageAsXFileInternal() on Pasteboard.image
(PNG bytes), collapsing three helpers into one.
- Remove 12 unused super_clipboard imports.
- Regenerated plugin registrants / lockfiles drop super_native_extensions.
Removes the Rust toolchain requirement and the flaky download entirely.
Text copy/paste already used Flutter's built-in Clipboard and is
unaffected.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* ci: keep TestFlight package release-only
---------
Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* ci: gate TestFlight behind opt-in toggle + Xcode 27 build fixes
TestFlight is now opt-in (default OFF). A workflow_dispatch boolean
`enable_testflight` (or the `ENABLE_TESTFLIGHT` repo variable) drives a
`prepare.outputs.testflight_enabled` flag that gates the macOS
app-store-pkg build leg and both testflight_ios/testflight_macos upload
legs. Missing Apple signing secrets no longer fail the normal DMG/IPA
release path (package-macos-app-store-pkg.sh hard-exits without them).
Xcode 27 build compatibility:
- Align Apple deployment targets so no pod sits below the app minimum
(Xcode 27 rejects this): macOS pods + RunnerTests -> 15.6, iOS pods
-> 15.5 to match the Runner targets.
- Add a `lipo` shim (scripts/xcode-tools/lipo) wired onto PATH in the
iOS/macOS build phases; Xcode 27 only accepts one `-verify_arch`
architecture per call while Flutter passes them all at once.
- macOS project hygiene: correct PrivacyInfo.xcprivacy path, set app
display name + LSApplicationCategoryType.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* test: make temp-dir cleanup resilient to concurrent-write races
The assistant execution target tests deleted their temp HOME/workspace
dirs with a raw recursive delete in addTearDown. A background flush
(e.g. controller dispose still persisting state) can keep writing into
the dir while the delete walks it, so the delete races and fails with
"Directory not empty" (errno 39), failing the test on CI.
Route all unguarded teardown deletes through the existing
_resilientDelete helper (re-check existence + retry), and harden that
helper so its final fallback never re-throws — a temp-dir cleanup
failure must never fail a test.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---------
Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
* chore(security): add gitleaks config allowlisting vendored/test fixtures
Suppress false positives so `gitleaks detect` is clean:
- third_party/* (cargokit ships a public binary-verification key)
- workspace_management_unit_test.dart (obfuscated "token" fixture)
- gatewayruntime/runtime_test.go (hardcoded "device-1" test key pair)
Real leaked secrets are purged from history, not allowlisted.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
* chore(security): remove historical secret fixtures
* chore(release): bump build metadata for 1.1.5+2
* chore(release): bump version to 1.1.5+2
* chore(release): bump build metadata for 1.1.5+2
---------
Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>
* ci(release): add TestFlight release matrix
* chore(release): bump version to 1.1.5+2
* chore(release): bump build metadata for 1.1.5+2
* ci(release): add TestFlight release matrix
---------
Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>
* ci(release): load Vault secrets per-platform in build matrix
The build matrix loaded all 17 signing secrets in one shared block for
every platform. vault-action's ignoreNotFound only suppresses path-level
404s, not field-level "No match data" errors, so a single missing field
(e.g. APPLE_MAC_PROVISION_PROFILE_BASE64) failed every leg — including
linux/windows/android that need no Apple secrets.
Split the load into per-OS-family steps gated by matrix.platform:
- Apple (macos/ios): Apple cert + provisioning + keychain + export method
- Windows: WINDOWS_PFX_* + codesign subject
- Android: ANDROID_KEYSTORE_* + key alias/password
Linux requests nothing.
Also drop APP_STORE_CONNECT_* from the build matrix: only
testflight_upload.sh consumes them and it runs in the release job, which
loads them itself. The build matrix no longer depends on them.
Add shell: bash to the Export step (its `{ … } >> $GITHUB_ENV` brace
syntax is bash-only and would fail under the default pwsh on windows).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
---------
Co-authored-by: Haitao Pan <haitao.pan@xworkmate.ai>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>
The build matrix loaded every signing secret in one shared block for all
platforms. vault-action's ignoreNotFound only suppresses path-level 404s,
not field-level "No match data" errors, so a single missing field failed
every leg — including linux/windows/android that need no Apple secrets.
Split the load into per-OS-family steps gated by matrix.platform (Apple
for macos/ios, Windows, Android); linux requests nothing. Add shell: bash
to the Export step (its `{ … } >> $GITHUB_ENV` brace syntax is bash-only
and would fail under the default pwsh on windows).
Co-authored-by: Haitao Pan <manbuzhe2009@qq.com>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
Reposition the remote provider contract check as a skippable test-stage
quality gate (needs: build, continue-on-error) so it can never block
build or release. release uses always() to wait without being gated.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- Pin actions/checkout, actions/setup-go, actions/upload-artifact, actions/download-artifact to specific commit hashes for supply chain security
- Remove build-rust-ffi.yml workflow as Rust FFI is no longer used
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
