anand-testcompare
diff --git a/‎.github/workflows/build.yml‎
Lines changed: 7 additions & 6 deletions b/‎.github/workflows/build.yml‎
Lines changed: 7 additions & 6 deletions
diff --git a/‎.github/workflows/bundle.yml‎
Lines changed: 8 additions & 7 deletions b/‎.github/workflows/bundle.yml‎
Lines changed: 8 additions & 7 deletions
diff --git a/‎.github/workflows/pr-title.yml‎
Lines changed: 24 additions & 7 deletions b/‎.github/workflows/pr-title.yml‎
Lines changed: 24 additions & 7 deletions
diff --git a/‎.github/workflows/pr.yml‎
Lines changed: 18 additions & 16 deletions b/‎.github/workflows/pr.yml‎
Lines changed: 18 additions & 16 deletions
diff --git a/‎.github/workflows/publish.yml‎
Lines changed: 14 additions & 19 deletions b/‎.github/workflows/publish.yml‎
Lines changed: 14 additions & 19 deletions
diff --git a/‎.github/workflows/refresh-docs-snapshot.yml‎
Lines changed: 8 additions & 7 deletions b/‎.github/workflows/refresh-docs-snapshot.yml‎
Lines changed: 8 additions & 7 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 29 additions & 14 deletions b/‎.github/workflows/release.yml‎
Lines changed: 29 additions & 14 deletions
@@ -1,4 +1,4 @@
-name: Build Artifact
+name: 03-build-artifact
 
 on:
   workflow_dispatch:
@@ -11,27 +11,28 @@ permissions:
 
 jobs:
   build:
+    name: 01-build-artifact
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
+      - name: 01-checkout
         uses: actions/checkout@v4
 
-      - name: Setup Tooling
+      - name: 02-setup-tooling
         uses: jdx/mise-action@d6e32c1796099e0f1f3ac741c220a8b7eae9e5dd
         with:
           install: true
           cache: true
           experimental: true
         env:
           # Required for aqua-backed tool installs to avoid GitHub API rate limits in CI.
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
 
-      - name: Build
+      - name: 03-build
         run: |
           mise run setup
           mise run build
 
-      - name: Upload dist artifact
+      - name: 04-upload-dist-artifact
         uses: actions/upload-artifact@v4
         with:
           name: opencode-palantir-dist
 
@@ -1,4 +1,4 @@
-name: Bundle Plugin (with data)
+name: 04-bundle-plugin-with-data
 
 on:
   workflow_dispatch:
@@ -8,28 +8,29 @@ permissions:
 
 jobs:
   bundle:
+    name: 01-bundle-plugin-with-data
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
+      - name: 01-checkout
         uses: actions/checkout@v4
 
-      - name: Setup Tooling
+      - name: 02-setup-tooling
         uses: jdx/mise-action@d6e32c1796099e0f1f3ac741c220a8b7eae9e5dd
         with:
           install: true
           cache: true
           experimental: true
         env:
           # Required for aqua-backed tool installs to avoid GitHub API rate limits in CI.
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
 
-      - name: Build
+      - name: 03-build
         run: |
           mise run setup
           mise run test
           mise run build
 
-      - name: Create bundle
+      - name: 04-create-bundle
         run: |
           mkdir -p bundle
           cp -R dist bundle/dist
@@ -44,7 +45,7 @@ jobs:
 
           tar -czf opencode-palantir-bundle.tgz -C bundle .
 
-      - name: Upload bundle
+      - name: 05-upload-bundle
         uses: actions/upload-artifact@v4
         with:
           name: opencode-palantir-bundle
 
@@ -1,19 +1,36 @@
-name: 'LintPrTitle'
+name: 02-pr-title-validation
 
 on:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - edited
       - synchronize
+      - reopened
 
 permissions:
-  pull-requests: write
+  pull-requests: read
 
 jobs:
-  ValidatePrTitle:
+  validate-title:
+    name: 01-validate-title
     runs-on: ubuntu-latest
     steps:
-      - uses: amannn/action-semantic-pull-request@v5
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: 01-validate-pr-title
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
+        with:
+          script: |
+            const title = context.payload.pull_request?.title ?? '';
+            const conventionalCommitPattern = /^(build|chore|ci|docs|feat|fix|perf|refactor|revert|style|test)(\([A-Za-z0-9._/-]+\))?!?: .+/;
+
+            if (conventionalCommitPattern.test(title)) {
+              core.info(`PR title is conventional: ${title}`);
+              return;
+            }
+
+            core.setFailed(
+              [
+                'PR title must follow Conventional Commits, e.g. "fix: handle empty docs snapshot" or "feat(cli): add setup command".',
+                `Received: ${title || '<empty>'}`,
+              ].join('\n')
+            );
@@ -1,40 +1,42 @@
-name: Pr
+name: 01-pr-validation
 
 on:
   pull_request:
-  pull_request_target:
   workflow_dispatch:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
 permissions:
-  actions: read
   contents: read
 
 jobs:
-  Check:
+  check:
+    name: 01-check
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
+      - name: 01-checkout
         uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha || github.ref }}
 
-      - name: Setup Tooling
+      - name: 02-setup-tooling
         uses: jdx/mise-action@d6e32c1796099e0f1f3ac741c220a8b7eae9e5dd
         with:
           install: true
           cache: true
           experimental: true
         env:
           # Required for aqua-backed tool installs to avoid GitHub API rate limits in CI.
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Run Checks
-        run: |
-          mise run setup
-          mise run lint
-          mise run test
-          mise run build
+          GITHUB_TOKEN: ${{ github.token }}
+
+      - name: 03-install-dependencies
+        run: mise run setup
+
+      - name: 04-lint
+        run: mise run lint
+
+      - name: 05-test
+        run: mise run test
+
+      - name: 06-build
+        run: mise run build
@@ -1,4 +1,4 @@
-name: Publish Package
+name: 07-publish-package
 
 on:
   workflow_dispatch:
@@ -19,48 +19,43 @@ permissions:
 
 jobs:
   publish:
+    name: 01-publish-package
     runs-on: ubuntu-latest
+    if: github.ref == 'refs/heads/main'
     steps:
-      - uses: actions/checkout@v4
+      - name: 01-checkout
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - uses: jdx/mise-action@d6e32c1796099e0f1f3ac741c220a8b7eae9e5dd
+      - name: 02-setup-tooling
+        uses: jdx/mise-action@d6e32c1796099e0f1f3ac741c220a8b7eae9e5dd
         with:
           install: true
           cache: true
           experimental: true
         env:
           # Required for aqua-backed tool installs to avoid GitHub API rate limits in CI.
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
 
-      - name: Setup
+      - name: 03-setup
         run: mise run setup
 
-      - name: Test
+      - name: 04-test
         run: mise run test
 
-      - id: inputs
-        uses: simenandre/setup-inputs@v1
-
-      - name: Publish to npm with OIDC
+      - name: 05-publish-to-npm-with-oidc
         run: |
-          TAG="${{ steps.inputs.outputs.tag }}"
-          if [ -z "$TAG" ]; then
-            TAG="latest"
-          fi
+          TAG="${{ github.event.inputs.tag || github.event.client_payload.tag || 'latest' }}"
 
           echo "Publishing with tag: $TAG"
           mise run publish --tag "$TAG"
 
-      - name: Verify published version
+      - name: 06-verify-published-version
         run: |
           set -euo pipefail
 
-          TAG="${{ steps.inputs.outputs.tag }}"
-          if [ -z "$TAG" ]; then
-            TAG="latest"
-          fi
+          TAG="${{ github.event.inputs.tag || github.event.client_payload.tag || 'latest' }}"
 
           NAME="$(node -p 'require("./package.json").name')"
           VERSION="$(node -p 'require("./package.json").version')"
 
@@ -1,4 +1,4 @@
-name: Refresh Docs Snapshot
+name: 05-refresh-docs-snapshot
 
 on:
   workflow_dispatch:
@@ -9,28 +9,29 @@ permissions:
 
 jobs:
   refresh:
+    name: 01-refresh-docs-snapshot
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
+      - name: 01-checkout
         uses: actions/checkout@v4
 
-      - name: Setup Tooling
+      - name: 02-setup-tooling
         uses: jdx/mise-action@d6e32c1796099e0f1f3ac741c220a8b7eae9e5dd
         with:
           install: true
           cache: true
           experimental: true
         env:
           # Required for aqua-backed tool installs to avoid GitHub API rate limits in CI.
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ github.token }}
 
-      - name: Refresh docs parquet
+      - name: 03-refresh-docs-parquet
         run: |
           mise run setup
           mkdir -p .memory
           DOCS_SUMMARY_PATH=.memory/docs-refresh-summary.json bun run src/docs/fetch-cli.ts
 
-      - name: Build PR body
+      - name: 04-build-pr-body
         run: |
           node <<'NODE'
           const fs = require('fs');
@@ -56,7 +57,7 @@ jobs:
           fs.writeFileSync('.memory/docs-refresh-pr-body.md', `${body}\n`, 'utf8');
           NODE
 
-      - name: Create pull request
+      - name: 05-create-pull-request
         uses: peter-evans/create-pull-request@v7
         with:
           branch: chore/refresh-docs-snapshot
 
@@ -1,4 +1,4 @@
-name: Release
+name: 06-release
 
 on:
   push:
@@ -9,17 +9,21 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
 
 permissions:
-  contents: write
-  pull-requests: write
+  contents: read
 
 jobs:
   process:
+    name: 01-release-please
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     outputs:
       releases_created: ${{ steps.release-please.outputs.releases_created }}
       prs_created: ${{ steps.release-please.outputs.prs_created }}
     steps:
-      - uses: googleapis/release-please-action@v4
+      - name: 01-release-please
+        uses: googleapis/release-please-action@v4
         id: release-please
         with:
           token: ${{ secrets.RELEASE_PLEASE_TOKEN || github.token }}
@@ -28,22 +32,33 @@ jobs:
           skip-github-pull-request: false
 
   dispatch-publish:
+    name: 02-dispatch-publish
     needs: process
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
     if: needs.process.outputs.releases_created == 'true' || needs.process.outputs.prs_created == 'true'
     steps:
-      - name: Dispatch publish for releases
+      - name: 01-dispatch-latest-publish
         if: needs.process.outputs.releases_created == 'true'
-        uses: peter-evans/repository-dispatch@v2
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          event-type: publish-package
-          client-payload: '{"tag": "latest"}'
+          script: |
+            await github.rest.repos.createDispatchEvent({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              event_type: 'publish-package',
+              client_payload: { tag: 'latest' },
+            });
 
-      - name: Dispatch publish for prerelease
+      - name: 02-dispatch-next-publish
         if: needs.process.outputs.prs_created == 'true'
-        uses: peter-evans/repository-dispatch@v2
+        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8
         with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          event-type: publish-package
-          client-payload: '{"tag": "next"}'
+          script: |
+            await github.rest.repos.createDispatchEvent({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              event_type: 'publish-package',
+              client_payload: { tag: 'next' },
+            });