From b5960f35911761e48f6cd0e6b3da6f7a881dc2f4 Mon Sep 17 00:00:00 2001 From: StreamDemon Date: Thu, 2 Jul 2026 00:57:41 +0800 Subject: [PATCH 1/2] chore: add CI, MIT license (code-only) + IP notice, and .gitattributes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - CI: GitHub Actions runs `vp check` (format+lint+typecheck) and the test suite on every PR and push to main, via the project's own vite-plus dep (pnpm install + pnpm exec vp) — no separate installer needed. - LICENSE: MIT for the RiftForge software, with an explicit notice that the transcribed Rifts rules content is © Palladium Books and not covered. - README: "License & intellectual property" section documenting the carve-out. - .gitattributes: normalize line endings to LF (stops CRLF churn on Windows). Co-Authored-By: Claude Opus 4.8 (1M context) Claude-Session: https://claude.ai/code/session_018ur5Eu6dC17feVQH5smrFw --- .gitattributes | 2 ++ .github/workflows/ci.yml | 37 +++++++++++++++++++++++++++++++++++++ LICENSE | 31 +++++++++++++++++++++++++++++++ README.md | 12 ++++++++++++ 4 files changed, 82 insertions(+) create mode 100644 .gitattributes create mode 100644 .github/workflows/ci.yml create mode 100644 LICENSE diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..275cee1 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,2 @@ +# Normalize line endings to LF in the repository (prevents CRLF churn on Windows). +* text=auto eol=lf diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..49eaa6d --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,37 @@ +name: CI + +on: + push: + branches: [main] + pull_request: + +concurrency: + group: ci-${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + check: + name: Check & Test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Set up pnpm + uses: pnpm/action-setup@v4 + with: + version: 11.9.0 + + - name: Set up Node.js + uses: actions/setup-node@v4 + with: + node-version: 22 + cache: pnpm + + - name: Install dependencies + run: pnpm install --frozen-lockfile + + - name: Format, lint & typecheck + run: pnpm exec vp run rules#check + + - name: Tests + run: pnpm exec vp run rules#test diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..5d233c8 --- /dev/null +++ b/LICENSE @@ -0,0 +1,31 @@ +MIT License + +Copyright (c) 2026 StreamDemon + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + +--- + +NOTE: The MIT license above applies to the RiftForge SOFTWARE only — the source +code, schemas, and engine. It does NOT cover the Rifts® game rules content +transcribed from Rifts® Ultimate Edition (e.g. under packages/rules/src/content/ +and docs/), which is copyright © Palladium Books Inc. Rifts® is a registered +trademark owned by Kevin Siembieda and Palladium Books Inc. That content is +included here for personal reference only and is not licensed for redistribution. +See the "License & intellectual property" section of README.md. diff --git a/README.md b/README.md index db93365..d275644 100644 --- a/README.md +++ b/README.md @@ -46,3 +46,15 @@ vp run ready # check + test + build across the workspace The `Rifts Ultimate Edition` rulebook PDF is **not** committed (it's copyrighted by Palladium Books); it lives locally under `docs/rules/` and is git-ignored. `docs/rules/PAGE_MAP.md` indexes where each rule is transcribed from. + +## License & intellectual property + +The RiftForge **software** — the code, schemas, and engine — is licensed under the +[MIT License](LICENSE). + +The **Rifts® game rules content** transcribed from *Rifts® Ultimate Edition* (the data +under `packages/rules/src/content/` and `docs/`) is **© Palladium Books Inc.** and is +**not** covered by the MIT license. Rifts® is a registered trademark of Kevin Siembieda +and Palladium Books Inc. That content is included here for personal reference only and +is not licensed for redistribution. RiftForge is an unofficial, fan-made project and is +not affiliated with or endorsed by Palladium Books. From 414b4f48409f2b0e385bc3207c6b083e06bec734 Mon Sep 17 00:00:00 2001 From: StreamDemon Date: Thu, 2 Jul 2026 01:10:24 +0800 Subject: [PATCH 2/2] ci: add build step, least-privilege token, SHA-pinned actions Addresses Cubic review on PR #3: - run `vp run rules#build` so broken packages are caught in CI, not at release - restrict GITHUB_TOKEN to `contents: read` (least privilege) - pin actions/checkout, actions/setup-node, pnpm/action-setup to commit SHAs instead of mutable major tags (supply-chain hardening) Job name kept as "Check & Test" to match the required status check. Co-Authored-By: Claude Opus 4.8 (1M context) Claude-Session: https://claude.ai/code/session_018ur5Eu6dC17feVQH5smrFw --- .github/workflows/ci.yml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 49eaa6d..d8237c9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -5,24 +5,30 @@ on: branches: [main] pull_request: +# Least privilege: this workflow only needs to read the repository. +permissions: + contents: read + concurrency: group: ci-${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true jobs: + # Job name is the required status-check context in branch protection — keep it stable. check: name: Check & Test runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Checkout + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 - name: Set up pnpm - uses: pnpm/action-setup@v4 + uses: pnpm/action-setup@b906affcce14559ad1aafd4ab0e942779e9f58b1 # v4 with: version: 11.9.0 - name: Set up Node.js - uses: actions/setup-node@v4 + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4 with: node-version: 22 cache: pnpm @@ -35,3 +41,6 @@ jobs: - name: Tests run: pnpm exec vp run rules#test + + - name: Build + run: pnpm exec vp run rules#build