Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
6c533e7
fix(upgrade): compare prerelease versions per SemVer
riglar Jun 24, 2026
d543981
fix: suppress refresh countdown in quiet mode
riglar Jun 24, 2026
f77841f
Merge pull request #34 from devicecloud-dev/fix/upgrade-prerelease-co…
riglar Jun 24, 2026
10eade4
Merge pull request #35 from devicecloud-dev/fix/quiet-suppress-refres…
riglar Jun 24, 2026
ea62f72
feat(cloud): warn on deprecated iOS 16 (removal 2026-08-23)
finalerock44 Jun 24, 2026
d794695
Merge pull request #37 from devicecloud-dev/chore/deprecate-ios-16
finalerock44 Jun 24, 2026
62c7672
feat(cloud): drop legacy Maestro removed-versions block; soft-warn on…
finalerock44 Jun 24, 2026
ee995e7
Merge pull request #38 from devicecloud-dev/chore/maestro-deprecation
finalerock44 Jun 24, 2026
ec16bcc
fix(installer): make beta opt-in, add stable/beta channels
riglar Jun 24, 2026
77cf138
chore: add open-source contribution governance
finalerock44 Jun 24, 2026
88c3532
Merge pull request #39 from devicecloud-dev/fix/installer-beta-opt-in
riglar Jun 24, 2026
129f802
chore: drop CODEOWNERS
finalerock44 Jun 24, 2026
ebac7e2
Merge pull request #40 from devicecloud-dev/chore/oss-governance
finalerock44 Jun 24, 2026
dc87257
fix(ci): keep dependabot and fork PRs green (#46)
finalerock44 Jun 24, 2026
07074d3
ci: power CLA via the shared automation GitHub App (#49)
finalerock44 Jun 24, 2026
d3b0acc
docs: set legal entity to Moropo Ltd t/a DeviceCloud (#50)
finalerock44 Jun 24, 2026
3fe1f21
ci: bump the actions group across 1 directory with 6 updates (#47)
dependabot[bot] Jun 24, 2026
d780e55
fix: v5 release blockers — installer, binary version, repeated flags,…
finalerock44 Jun 24, 2026
7fd253a
chore(dev): release 5.0.0-beta.2 (#36)
github-actions[bot] Jun 24, 2026
bd60298
fix: stop CLA locking release PRs (breaks release pipeline) (#52)
finalerock44 Jun 24, 2026
a02584f
feat(live): add a beta warning to `dcd live start` (#54)
finalerock44 Jun 25, 2026
3eedde3
chore(dev): release 5.0.0-beta.3 (#53)
dcd-cli-release-please[bot] Jun 25, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .editorconfig
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# EditorConfig — https://editorconfig.org
# Keep editors aligned with the Prettier config (.prettierrc).
root = true

[*]
charset = utf-8
end_of_line = lf
indent_style = space
indent_size = 2
insert_final_newline = true
trim_trailing_whitespace = true

# Markdown uses two trailing spaces for hard line breaks — don't strip them.
[*.md]
trim_trailing_whitespace = false
63 changes: 63 additions & 0 deletions .github/ISSUE_TEMPLATE/bug_report.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
name: Bug report
description: Report a problem with the dcd CLI or dcd-mcp server
labels: ["bug"]
body:
- type: markdown
attributes:
value: |
Thanks for taking the time to file a bug! Please fill in the details below.

⚠️ **Do not report security vulnerabilities here** — see our
[Security Policy](https://github.com/devicecloud-dev/dcd-cli/blob/dev/SECURITY.md).
- type: textarea
id: what-happened
attributes:
label: What happened?
description: A clear description of the bug, including what you expected to happen instead.
validations:
required: true
- type: textarea
id: repro
attributes:
label: Steps to reproduce
description: The exact `dcd` command(s) you ran and what followed. Redact any API keys.
placeholder: |
1. Run `dcd cloud --apiKey *** app.apk flows/`
2. ...
3. See error
validations:
required: true
- type: input
id: version
attributes:
label: CLI version
description: Output of `dcd --version`.
placeholder: "e.g. 5.0.0"
validations:
required: true
- type: dropdown
id: os
attributes:
label: Operating system
options:
- macOS
- Linux
- Windows
- Other (note in description)
validations:
required: true
- type: input
id: install
attributes:
label: How did you install dcd?
placeholder: "binary (curl/irm), npm global, npx, …"
validations:
required: false
- type: textarea
id: logs
attributes:
label: Logs / output
description: Relevant output. Re-run with more detail if you can. This is automatically formatted as code.
render: shell
validations:
required: false
11 changes: 11 additions & 0 deletions .github/ISSUE_TEMPLATE/config.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
blank_issues_enabled: false
contact_links:
- name: Questions & help
url: https://discord.gg/gm3mJwcNw8
about: For usage questions and general help, ask in our Discord rather than opening an issue.
- name: Documentation
url: https://docs.devicecloud.dev
about: Check the docs for installation, usage, and command reference.
- name: Report a security vulnerability
url: https://github.com/devicecloud-dev/dcd-cli/blob/dev/SECURITY.md
about: Do not file security issues publicly — email security@devicecloud.dev (see our Security Policy).
35 changes: 35 additions & 0 deletions .github/ISSUE_TEMPLATE/feature_request.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: Feature request
description: Suggest an idea or improvement for the dcd CLI or dcd-mcp server
labels: ["enhancement"]
body:
- type: markdown
attributes:
value: Thanks for the suggestion! Please describe the problem before the solution.
- type: textarea
id: problem
attributes:
label: What problem are you trying to solve?
description: What are you trying to do, and where does the CLI get in the way today?
validations:
required: true
- type: textarea
id: solution
attributes:
label: Proposed solution
description: What would you like to happen? A concrete command/flag/output sketch helps.
validations:
required: true
- type: textarea
id: alternatives
attributes:
label: Alternatives considered
description: Other approaches or workarounds you've thought about.
validations:
required: false
- type: textarea
id: context
attributes:
label: Additional context
description: Anything else — links, screenshots, related issues.
validations:
required: false
36 changes: 36 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
<!--
PR TITLE: must follow Conventional Commits — it becomes the squash-merge
commit and feeds release-please. e.g. feat(cloud): add --json output
Allowed types: feat, fix, perf, deps, revert, refactor, docs, chore, test, ci, build, style
See CONTRIBUTING.md for details.
-->

## What & why

<!-- What does this change do, and why? Link any related issue: Closes #123 -->

## Type of change

<!-- Match this to your PR title's type. -->

- [ ] `fix` — bug fix
- [ ] `feat` — new feature
- [ ] `perf` — performance improvement
- [ ] `refactor` — code change that's neither a fix nor a feature
- [ ] `docs` — documentation only
- [ ] `chore` / `ci` / `build` / `test` — tooling, no user-facing change
- [ ] Breaking change (title has `!` or PR notes a `BREAKING CHANGE:`)

## Checklist

- [ ] PR title follows the Conventional Commits format (see comment above)
- [ ] `pnpm lint` passes
- [ ] `pnpm typecheck` passes
- [ ] `pnpm build` passes
- [ ] I have **not** bumped the version or edited `CHANGELOG.md` (release-please handles this)
- [ ] I have signed the CLA (the bot will prompt on first contribution)
- [ ] Docs / `README.md` / `STYLE_GUIDE.md` updated if behaviour or output changed

## How to test

<!-- Steps a reviewer can follow to verify the change. -->
35 changes: 35 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
version: 2
updates:
# npm / pnpm dependencies.
- package-ecosystem: npm
directory: "/"
schedule:
interval: weekly
target-branch: dev
open-pull-requests-limit: 10
commit-message:
# Conventional Commit prefix so the squashed PR title matches our PR-title
# lint and release-please picks dependency bumps into the changelog.
prefix: deps
prefix-development: chore
groups:
# Collapse the noise: one PR for all non-major updates.
minor-and-patch:
update-types:
- minor
- patch

# GitHub Actions used by our workflows.
- package-ecosystem: github-actions
directory: "/"
schedule:
interval: weekly
target-branch: dev
commit-message:
prefix: ci
groups:
# One PR per week for ALL action bumps (including majors). Actions are
# low-risk and quick to eyeball together; no need for a PR each.
actions:
patterns:
- "*"
72 changes: 72 additions & 0 deletions .github/workflows/cla.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
name: CLA Assistant

# Gates merges on a signed Contributor License Agreement.
#
# Uses CLA Assistant Lite (contributor-assistant/github-action): signatures are
# stored as a JSON file committed to a branch of THIS repo (no third-party
# service holds the data). Contributors sign by commenting the configured phrase
# on their PR; the action records it and flips the check green.
#
# AUTH: mints a token from the shared automation GitHub App (the same App
# release-please uses), so signature commits show as the bot and there's no
# personal token to expire.
#
# SETUP REQUIRED before this enforces anything:
# 1. Create/install the automation GitHub App (Contents R/W, Pull requests R/W,
# Issues R/W) and add BOT_APP_ID + BOT_APP_PRIVATE_KEY repo secrets — the
# same secrets release-please uses.
# 2. Create the `cla-signatures` branch (empty orphan) so the action has
# somewhere to write `signatures/version1/cla.json`.
# 3. Finalise CLA.md (legal review) — it's the document contributors agree to.
#
# Until the App secrets exist the CLA step self-skips, so the check is green
# (not failing) on every PR and auto-activates once they're set.
on:
issue_comment:
types: [created]
pull_request_target:
types: [opened, closed, synchronize]

permissions:
actions: write
contents: write
pull-requests: write
statuses: write

jobs:
cla:
runs-on: ubuntu-latest
# Empty until the automation App secrets are configured (see SETUP above).
# While empty, the steps below self-skip so this check passes (green) instead
# of failing on every PR with "Branch cla-signatures not found".
env:
HAS_APP: ${{ secrets.BOT_APP_ID != '' }}
# Only act on the signature comment or on PR events (not every comment).
if: (github.event.issue.pull_request && contains(github.event.comment.body, 'I have read the CLA Document and I hereby sign the CLA')) || github.event_name == 'pull_request_target'
steps:
- uses: actions/create-github-app-token@v3
id: app-token
if: env.HAS_APP == 'true'
with:
app-id: ${{ secrets.BOT_APP_ID }}
private-key: ${{ secrets.BOT_APP_PRIVATE_KEY }}
- uses: contributor-assistant/github-action@v2.6.1
if: env.HAS_APP == 'true'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PERSONAL_ACCESS_TOKEN: ${{ steps.app-token.outputs.token }}
with:
path-to-signatures: "signatures/version1/cla.json"
path-to-document: "https://github.com/devicecloud-dev/dcd-cli/blob/dev/CLA.md"
branch: "cla-signatures"
# Do NOT lock the PR on merge (the action's default is true). release-please
# comments on its release PR *after* merge; a locked conversation makes that
# comment fail and takes down the whole Release job (npm publish + binaries
# never run). Keeping this false is load-bearing for the release pipeline.
lock-pullrequest-aftermerge: false
# Internal maintainers (covered by employment/CCLA) + bots skip the prompt.
allowlist: riglar,finalerock44,dependabot[bot],renovate[bot],*[bot]
# Customise the bot's prompts if desired:
custom-notsigned-prcomment: "Thanks for your contribution! Please sign our Contributor License Agreement before we can merge. Comment the line below to sign:"
custom-pr-sign-comment: "I have read the CLA Document and I hereby sign the CLA"
custom-allsigned-prcomment: "All contributors have signed the CLA. ✍️ ✅"
13 changes: 6 additions & 7 deletions .github/workflows/claude-code-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -12,12 +12,11 @@ on:

jobs:
claude-review:
# Optional: Filter by PR author
# if: |
# github.event.pull_request.user.login == 'external-contributor' ||
# github.event.pull_request.user.login == 'new-developer' ||
# github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR'

# Skip PRs we shouldn't (or can't) review:
# - Dependabot / forks: no CLAUDE_CODE_OAUTH_TOKEN, so the action would fail.
# - release-please release PRs: just version bumps + changelog — nothing to
# review, and it must never block a release.
if: ${{ github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]' && !startsWith(github.head_ref, 'release-please--') }}
runs-on: ubuntu-latest
permissions:
contents: read
Expand All @@ -30,7 +29,7 @@ jobs:

steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@v7
with:
fetch-depth: 1

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/claude.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ jobs:
actions: read # Required for Claude to read CI results on PRs
steps:
- name: Checkout repository
uses: actions/checkout@v4
uses: actions/checkout@v7
with:
fetch-depth: 1

Expand Down
22 changes: 14 additions & 8 deletions .github/workflows/cli-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,11 @@ name: CLI CI

on:
push:
branches: [ dev ]
branches: [ dev, production ]
pull_request:
branches: [ dev ]
# `production` is included so the dev→production promotion PR is also gated
# by lint/typecheck/build (and is required by the production ruleset).
branches: [ dev, production ]
workflow_dispatch:

permissions:
Expand All @@ -15,7 +17,7 @@ jobs:
runs-on: ubuntu-latest
steps:
- name: Checkout (full history)
uses: actions/checkout@v5
uses: actions/checkout@v7
with:
# Full history so gitleaks scans every commit, not just the tip.
fetch-depth: 0
Expand All @@ -38,18 +40,22 @@ jobs:
# SSH deploy key. GitHub does NOT expose secrets to pull_request workflows
# triggered from forks, so that checkout (and the integration tests that need
# it) can only run for same-repo events. Fork PRs still run lint/typecheck/build.
#
# Dependabot PRs branch from this repo (so the fork check passes) but ALSO run
# without secrets — treat them like forks and skip the private checkout, or
# the mock-api clone fails with an empty DCD_SSH_DEPLOY_KEY.
env:
HAS_PRIVATE_ACCESS: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
HAS_PRIVATE_ACCESS: ${{ (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]' }}

steps:
- name: Checkout CLI
uses: actions/checkout@v5
uses: actions/checkout@v7
with:
path: cli

- name: Checkout dcd (mock-api)
if: env.HAS_PRIVATE_ACCESS == 'true'
uses: actions/checkout@v5
uses: actions/checkout@v7
with:
repository: moropo-com/dcd
path: dcd
Expand All @@ -62,13 +68,13 @@ jobs:
/api/swagger.json

- name: Setup pnpm
uses: pnpm/action-setup@v4
uses: pnpm/action-setup@v6
with:
version: 10
run_install: false

- name: Setup Node.js
uses: actions/setup-node@v5
uses: actions/setup-node@v6
with:
node-version: '22'
cache: 'pnpm'
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/npm-publish.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,14 +24,14 @@ jobs:
permissions:
contents: read
steps:
- uses: actions/checkout@v5
- uses: actions/checkout@v7
# Setup .npmrc file to publish to npm
- name: Setup pnpm
uses: pnpm/action-setup@v4
uses: pnpm/action-setup@v6
with:
run_install: false

- uses: actions/setup-node@v5
- uses: actions/setup-node@v6
with:
node-version: '22.x'
registry-url: 'https://registry.npmjs.org'
Expand Down
Loading
Loading