From 1b250a12affc32f6b644de79315ce11a77224993 Mon Sep 17 00:00:00 2001
From: Gabe Cohen <gabe.cohen@toolsforhumanity.com>
Date: Fri, 7 Nov 2025 10:14:36 -0800
Subject: [PATCH 1/3] fix swift build

---
 .github/workflows/codeql.yml        | 112 ++++++++++++++++++++++++++++
 .github/workflows/publish-swift.yml |  27 ++++---
 2 files changed, 128 insertions(+), 11 deletions(-)
 create mode 100644 .github/workflows/codeql.yml

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 00000000..90b3999c
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,112 @@
+name: CodeQL Security Analysis
+
+on:
+  push:
+    branches: ['main']
+  pull_request:
+    branches: ['main']
+  schedule:
+    - cron: '0 0 * * 0'  # Weekly on Sunday
+
+permissions:
+  security-events: write
+  contents: read
+  actions: read
+
+jobs:
+  analyze-rust:
+    name: Analyze Rust
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Rust toolchain
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: stable
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: rust
+          queries: security-extended
+
+      - name: Build Rust code
+        run: cargo build --release
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:rust"
+
+  analyze-swift:
+    name: Analyze Swift
+    runs-on: macos-15
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Rust toolchain
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: stable
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: swift
+          queries: security-extended
+
+      - name: Generate Swift bindings
+        run: bash scripts/package-swift.sh
+
+      - name: Build Swift package
+        working-directory: swift
+        run: swift build
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:swift"
+
+  analyze-javascript:
+    name: Analyze JavaScript
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Setup Rust toolchain
+        uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          toolchain: stable
+
+      - name: Install wasm-pack
+        run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: javascript-typescript
+          queries: security-extended
+
+      - name: Build WASM bindings
+        run: bash scripts/build-wasm.sh
+
+      - name: Install dependencies
+        run: |
+          cd js/packages/core
+          npm install
+
+      - name: Build TypeScript
+        run: |
+          cd js/packages/core
+          npm run build
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: "/language:javascript-typescript"
diff --git a/.github/workflows/publish-swift.yml b/.github/workflows/publish-swift.yml
index e3696208..de5f6edb 100644
--- a/.github/workflows/publish-swift.yml
+++ b/.github/workflows/publish-swift.yml
@@ -78,17 +78,22 @@ jobs:
           VERSION=${{ steps.version.outputs.version }}
           CHECKSUM=${{ steps.checksum.outputs.checksum }}
 
-          python <<PY
-import pathlib
-import re
-
-package = pathlib.Path('idkit-swift/Package.swift')
-text = package.read_text()
-text = re.sub(r'url: "[^"]+"', f'url: "{ASSET_URL}"', text)
-text = re.sub(r'checksum: "[^"]+"', f'checksum: "{CHECKSUM}"', text)
-text = re.sub(r'// Release version: .*', f'// Release version: {VERSION}', text)
-package.write_text(text)
-PY
+          python3 <<'EOF'
+          import pathlib
+          import re
+          import os
+
+          asset_url = os.environ['ASSET_URL']
+          version = os.environ['VERSION']
+          checksum = os.environ['CHECKSUM']
+
+          package = pathlib.Path('idkit-swift/Package.swift')
+          text = package.read_text()
+          text = re.sub(r'url: "[^"]+"', f'url: "{asset_url}"', text)
+          text = re.sub(r'checksum: "[^"]+"', f'checksum: "{checksum}"', text)
+          text = re.sub(r'// Release version: .*', f'// Release version: {version}', text)
+          package.write_text(text)
+          EOF
 
       - name: Commit and tag release
         working-directory: idkit-swift

From 952ccf03fe83a4192d7257843d5ba8e82cebd7a3 Mon Sep 17 00:00:00 2001
From: Gabe Cohen <gabe.cohen@toolsforhumanity.com>
Date: Fri, 7 Nov 2025 10:23:35 -0800
Subject: [PATCH 2/3] update ci

---
 .github/workflows/codeql.yml  | 17 +++++++++++++++++
 .github/workflows/lint-pr.yml | 25 -------------------------
 2 files changed, 17 insertions(+), 25 deletions(-)
 delete mode 100644 .github/workflows/lint-pr.yml

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 90b3999c..d1cf83f1 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -74,39 +74,56 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
+      - name: Check if WASM build script exists
+        id: check_script
+        run: |
+          if [ -f "scripts/build-wasm.sh" ]; then
+            echo "script_exists=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "script_exists=false" >> "$GITHUB_OUTPUT"
+          fi
+
       - name: Setup Node.js
+        if: steps.check_script.outputs.script_exists == 'true'
         uses: actions/setup-node@v4
         with:
           node-version: '20'
 
       - name: Setup Rust toolchain
+        if: steps.check_script.outputs.script_exists == 'true'
         uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
           toolchain: stable
 
       - name: Install wasm-pack
+        if: steps.check_script.outputs.script_exists == 'true'
         run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
 
       - name: Initialize CodeQL
+        if: steps.check_script.outputs.script_exists == 'true'
         uses: github/codeql-action/init@v3
         with:
           languages: javascript-typescript
           queries: security-extended
 
       - name: Build WASM bindings
+        if: steps.check_script.outputs.script_exists == 'true'
         run: bash scripts/build-wasm.sh
 
       - name: Install dependencies
+        if: steps.check_script.outputs.script_exists == 'true'
         run: |
           cd js/packages/core
           npm install
 
       - name: Build TypeScript
+        if: steps.check_script.outputs.script_exists == 'true'
         run: |
           cd js/packages/core
           npm run build
 
       - name: Perform CodeQL Analysis
+        if: steps.check_script.outputs.script_exists == 'true'
         uses: github/codeql-action/analyze@v3
         with:
           category: "/language:javascript-typescript"
diff --git a/.github/workflows/lint-pr.yml b/.github/workflows/lint-pr.yml
deleted file mode 100644
index 04b3c9d5..00000000
--- a/.github/workflows/lint-pr.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-name: Validate PR conventions
-permissions:
-    contents: read
-
-on:
-    pull_request:
-        types:
-            - opened
-            - edited
-            - synchronize
-
-jobs:
-    lint-pr:
-        name: Ensure PR follows conventional commits
-        runs-on: ubuntu-latest
-        permissions:
-            contents: read
-            pull-requests: read
-        steps:
-            - uses: amannn/action-semantic-pull-request@v4
-              env:
-                  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-              with:
-                  validateSingleCommit: true
-                  validateSingleCommitMatchesPrTitle: true

From 8451eef0f796c6becf5f5d62a8d5b79c873b80a4 Mon Sep 17 00:00:00 2001
From: Gabe Cohen <gabe.cohen@toolsforhumanity.com>
Date: Fri, 7 Nov 2025 10:58:57 -0800
Subject: [PATCH 3/3] remove codeql for now

---
 .github/workflows/codeql.yml | 129 -----------------------------------
 1 file changed, 129 deletions(-)
 delete mode 100644 .github/workflows/codeql.yml

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
deleted file mode 100644
index d1cf83f1..00000000
--- a/.github/workflows/codeql.yml
+++ /dev/null
@@ -1,129 +0,0 @@
-name: CodeQL Security Analysis
-
-on:
-  push:
-    branches: ['main']
-  pull_request:
-    branches: ['main']
-  schedule:
-    - cron: '0 0 * * 0'  # Weekly on Sunday
-
-permissions:
-  security-events: write
-  contents: read
-  actions: read
-
-jobs:
-  analyze-rust:
-    name: Analyze Rust
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup Rust toolchain
-        uses: actions-rust-lang/setup-rust-toolchain@v1
-        with:
-          toolchain: stable
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: rust
-          queries: security-extended
-
-      - name: Build Rust code
-        run: cargo build --release
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
-        with:
-          category: "/language:rust"
-
-  analyze-swift:
-    name: Analyze Swift
-    runs-on: macos-15
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Setup Rust toolchain
-        uses: actions-rust-lang/setup-rust-toolchain@v1
-        with:
-          toolchain: stable
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: swift
-          queries: security-extended
-
-      - name: Generate Swift bindings
-        run: bash scripts/package-swift.sh
-
-      - name: Build Swift package
-        working-directory: swift
-        run: swift build
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
-        with:
-          category: "/language:swift"
-
-  analyze-javascript:
-    name: Analyze JavaScript
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Check if WASM build script exists
-        id: check_script
-        run: |
-          if [ -f "scripts/build-wasm.sh" ]; then
-            echo "script_exists=true" >> "$GITHUB_OUTPUT"
-          else
-            echo "script_exists=false" >> "$GITHUB_OUTPUT"
-          fi
-
-      - name: Setup Node.js
-        if: steps.check_script.outputs.script_exists == 'true'
-        uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-
-      - name: Setup Rust toolchain
-        if: steps.check_script.outputs.script_exists == 'true'
-        uses: actions-rust-lang/setup-rust-toolchain@v1
-        with:
-          toolchain: stable
-
-      - name: Install wasm-pack
-        if: steps.check_script.outputs.script_exists == 'true'
-        run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh
-
-      - name: Initialize CodeQL
-        if: steps.check_script.outputs.script_exists == 'true'
-        uses: github/codeql-action/init@v3
-        with:
-          languages: javascript-typescript
-          queries: security-extended
-
-      - name: Build WASM bindings
-        if: steps.check_script.outputs.script_exists == 'true'
-        run: bash scripts/build-wasm.sh
-
-      - name: Install dependencies
-        if: steps.check_script.outputs.script_exists == 'true'
-        run: |
-          cd js/packages/core
-          npm install
-
-      - name: Build TypeScript
-        if: steps.check_script.outputs.script_exists == 'true'
-        run: |
-          cd js/packages/core
-          npm run build
-
-      - name: Perform CodeQL Analysis
-        if: steps.check_script.outputs.script_exists == 'true'
-        uses: github/codeql-action/analyze@v3
-        with:
-          category: "/language:javascript-typescript"