chore: sync alpha branch updates to dev

[mkdir700]

Summary

Sync latest updates from alpha branch to dev branch, including development workflow improvements, documentation updates, and version bumps.

Changes

• ✅ Add development release workflow (dev-release.yml)
• ✅ Support for cross-platform development builds (macOS, Linux, Windows)
• ✅ Update README.md with project acknowledgments and improved formatting
• ✅ Version bump to 1.0.0-alpha.9
• ✅ Update CHANGELOG.md with latest release notes
• ✅ Optimize CI/CD pipeline configuration

Files Changed

• .github/workflows/dev-release.yml - New development release workflow
• README.md - Enhanced documentation with acknowledgments table
• CHANGELOG.md - Updated release notes
• package.json - Version bump to 1.0.0-alpha.9

Commit History

• cc718db - Revert "ci(sync): add workflow to sync main to beta (ci(sync): add main-to-beta sync workflow #132)"
• 657927c - ci: Update dev-release.yml
• 71b4efc - ci: add dev release workflow (ci: add dev release workflow #131)
• 3eb0d79 - ci(sync): add workflow to sync main to beta (ci(sync): add main-to-beta sync workflow #132)
• 82923ad - Update README.md
• f820601 - chore(release): 1.0.0-alpha.9
• 0685205 - Merge pull request feat: merge dev branch #129 from mkdir700/dev

Test Plan

• Verify development workflow configuration
• Confirm all build targets are properly configured
• Validate documentation formatting and links
• Check version consistency across files

Impact

This sync brings dev branch up to date with alpha, providing the latest development tools, documentation improvements, and version alignment for continued development work.

Summary by CodeRabbit

• New Features

  • Faster video import with parallel processing and warmup.
  • Fullscreen toggle with keyboard shortcuts.
  • Smoother FFmpeg download progress display.

• Bug Fixes

  • Fixed homepage desync after deleting videos.
  • Resolved subtitle navigation edge case.
  • Improved subtitle overlay dragging and prevented unintended play/pause.
  • Removed dark mode button border glow in modals.

• Documentation

  • Added 1.0.0-alpha.9 changelog entry.
  • Updated acknowledgements with a project table.

• Chores

  • Bumped version to 1.0.0-alpha.9.
  • Added manual dev release build workflow with platform-specific artifacts.

[coderabbitai]

Walkthrough

Introduces a manual “Dev Release Build” GitHub Actions workflow for platform-specific Electron builds; updates version to 1.0.0-alpha.9; adds corresponding CHANGELOG entry; updates README acknowledgements formatting to a table.

Changes

Cohort / File(s)	Summary
CI: Dev release workflow .github/workflows/dev-release.yml	Adds a workflow_dispatch-driven Electron build workflow with platform input (macos/linux/windows). Sets up Node 20 and pnpm, installs deps, optional version bump, runs build and electron-builder with publish=never, uploads platform-specific artifacts, 30-day retention.
Versioning and release notes package.json, CHANGELOG.md	Bumps version from 1.0.0-alpha.8 to 1.0.0-alpha.9. Adds CHANGELOG section for 1.0.0-alpha.9 with listed bug fixes and features.
Docs: Acknowledgements formatting README.md	Replaces single bullet under acknowledgements with a two-column table including Cherry Studio and DashPlayer entries.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant U as User
  participant GH as GitHub Actions
  participant J as Job (macOS/Linux/Windows)
  participant N as Node+pnpm
  participant B as Build (pnpm build)
  participant EB as electron-builder
  participant A as Artifacts

  U->>GH: Trigger "Dev Release Build" (workflow_dispatch)<br/>inputs: platform, version?
  GH->>J: Start job matching selected platform
  J->>N: Checkout, setup Node 20, pnpm, pnpm store cache
  N->>N: pnpm install
  alt version provided
    J->>J: Update package.json version
  end
  J->>B: Run pnpm build
  B->>EB: Run electron-builder (--mac/--linux/--win)<br/>env: GH_TOKEN, ELECTRON_BUILDER_CHANNEL=dev, publish=never
  EB-->>J: Build artifacts in dist/
  J->>A: Upload artifacts (platform-specific globs)
  A-->>U: Artifacts retained 30 days

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• fix(ci): sync package.json version with manual trigger input #116 — Similar workflow change updating package.json version before electron-builder so artifacts reflect manual version input.
• fix(ci): resolve GitHub Release creation issue with always publish strategy #85 — Related CI adjustments around electron-builder publish behavior for workflow_dispatch runs.
• fix(build): correct alpha channel update file naming #79 — Sets ELECTRON_BUILDER_CHANNEL and standardizes artifact globs, aligning with this workflow’s patterns.

Pre-merge checks (3 passed)

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "chore: sync alpha branch updates to dev" accurately and succinctly communicates the PR's primary purpose—synchronizing changes from the alpha branch into dev. It uses an appropriate "chore" prefix, is concise, and avoids noisy details or irrelevant information. The title aligns with the changed files (workflow, docs, version bump) and will be clear to reviewers scanning project history.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

Poem

A bunny taps “Dispatch” with glee,
Three platforms line up: win, nix, and macOS tea.
pnpm hums, electrons spin,
Dev builds hop into “dist” with a grin.
Alpha dot nine, a carrot-shine,
Artifacts stacked—what a fine vine! 🥕🐇

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/sync-alpha-to-dev

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 8

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between bfabb44 and cc718db.

📒 Files selected for processing (4)

• .github/workflows/dev-release.yml (1 hunks)
• CHANGELOG.md (1 hunks)
• README.md (1 hunks)
• package.json (1 hunks)

🧰 Additional context used

🪛 markdownlint-cli2 (0.17.2)

CHANGELOG.md

3-3: Heading levels should only increment by one level at a time
Expected: h2; Actual: h3

(MD001, heading-increment)

🪛 actionlint (1.7.7)

.github/workflows/dev-release.yml

44-44: the runner of "actions/cache@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

117-117: the runner of "actions/cache@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

190-190: the runner of "actions/cache@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: test (macos-latest, 20)
• GitHub Check: test (ubuntu-latest, 20)
• GitHub Check: test (windows-latest, 20)

🔇 Additional comments (5)

package.json (1)

3-3: Approve — package.json bumped to 1.0.0-alpha.9; verify lockfile

• package.json and CHANGELOG.md show 1.0.0-alpha.9 — OK.
• pnpm-lock.yaml contains postject@1.0.0-alpha.6; regenerate/update the lockfile if you expect all references to move to alpha.9.

README.md (1)

159-162: Acknowledgments table renders correctly.

Good formatting and links; nothing else to change here.

CHANGELOG.md (1)

1-16: Changelog entry is well-formed and matches the version/date.

Links, sections, and date (2025-09-12) are coherent.

.github/workflows/dev-release.yml (2)

217-219: Apply the same no-sign setting for Windows.

       env:
         GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        ELECTRON_BUILDER_CHANNEL: dev
+        ELECTRON_BUILDER_CHANNEL: dev
+        CSC_IDENTITY_AUTO_DISCOVERY: false

Likely an incorrect or invalid review comment.

---

66-90: Verify update-channel expectations for generated YAML.

File: .github/workflows/dev-release.yml (lines 66-90). ELECTRON_BUILDER_CHANNEL=dev will emit latest-dev.yml; unable to verify — repo contains no dist/ artifacts and searches found no latest-*.yml, ELECTRON_BUILDER_CHANNEL, or auto-update usage. Confirm CI produces latest-dev.yml and that the app's auto-update config reads the same 'dev' channel (not latest-alpha.yml).

[coderabbitai]

🛠️ Refactor suggestion

Add minimal permissions and concurrency to reduce risk and duplicate builds.

Tighten token scope and auto-cancel overlapping runs per platform.

 on:
   workflow_dispatch:
     inputs:
       platform:
         description: 'Target platform'
         required: true
         type: choice
         options:
           - macos
           - linux
           - windows
       version:
         description: 'Version to set (optional)'
         required: false
         type: string
+
+permissions:
+  contents: read
+
+concurrency:
+  group: dev-release-${{ github.workflow }}-${{ inputs.platform || 'all' }}
+  cancel-in-progress: true

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	on:
	workflow_dispatch:
	inputs:
	platform:
	description: 'Target platform'
	required: true
	type: choice
	options:
	- macos
	- linux
	- windows
	version:
	description: 'Version to set (optional)'
	required: false
	type: string
	on:
	workflow_dispatch:
	inputs:
	platform:
	description: 'Target platform'
	required: true
	type: choice
	options:
	- macos
	- linux
	- windows
	version:
	description: 'Version to set (optional)'
	required: false
	type: string
	permissions:
	contents: read
	concurrency:
	group: dev-release-${{ github.workflow }}-${{ github.event.inputs.platform || 'all' }}
	cancel-in-progress: true

🤖 Prompt for AI Agents

In .github/workflows/dev-release.yml around lines 3 to 18, add minimal
permissions and a concurrency key: set a minimal permissions block (for example
"permissions: contents: read" or the smallest permission set required by the
jobs that follow) directly under the workflow header, and add a concurrency
section to cancel overlapping runs per platform (e.g., concurrency: group: "${{
github.workflow }}-${{ github.event.inputs.platform || 'default' }}" and
cancel-in-progress: true) so token scope is tightened and duplicate builds for
the same platform are auto-cancelled.

[coderabbitai]

🧹 Nitpick (assertive)

Set a job timeout to prevent hung builds.

   build-macos:
     runs-on: macos-latest
+    timeout-minutes: 60
     if: ${{ inputs.platform == 'macos' }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	runs-on: macos-latest
	if: ${{ inputs.platform == 'macos' }}
	runs-on: macos-latest
	timeout-minutes: 60
	if: ${{ inputs.platform == 'macos' }}

🤖 Prompt for AI Agents

In .github/workflows/dev-release.yml around lines 21 to 23, the job lacks a
timeout setting which can allow hung builds to run indefinitely; add a
timeout-minutes field to the job definition (e.g., timeout-minutes: 30 or
another team-approved value) directly under the runs-on line so the job will be
automatically cancelled after the specified time.

[coderabbitai]

⚠️ Potential issue

Upgrade actions/cache to v4 to avoid runner warnings.

actionlint flags v3 as too old on current runners.

Apply across all jobs:

-      - name: Setup pnpm cache
-        uses: actions/cache@v3
+      - name: Setup pnpm cache
+        uses: actions/cache@v4

Also applies to: 117-118, 190-191

🧰 Tools

🪛 actionlint (1.7.7)

44-44: the runner of "actions/cache@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents

.github/workflows/dev-release.yml lines 44-45 (and also update occurrences at
117-118 and 190-191): the workflow is using actions/cache@v3 which triggers
runner warnings; update the uses entries to actions/cache@v4 for each
occurrence, ensure the with: block parameters remain compatible with v4, and run
a quick lint or dry-run of the workflow to confirm no additional changes are
required.

[coderabbitai]

🧹 Nitpick (assertive)

Optional: reduce duplication with a strategy matrix.

You can parameterize platform, build flags, and artifact globs to one job. This will simplify maintenance as patterns evolve.

I can provide a matrix-based rewrite if you'd like to adopt it.

Also applies to: 139-165, 212-236

[coderabbitai]

🛠️ Refactor suggestion

Prevent accidental macOS code signing lookups in dev builds.

Avoids delays/failures if a signing identity is present on hosted runners.

       env:
         GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        ELECTRON_BUILDER_CHANNEL: dev
+        ELECTRON_BUILDER_CHANNEL: dev
+        CSC_IDENTITY_AUTO_DISCOVERY: false

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	ELECTRON_BUILDER_CHANNEL: dev
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	ELECTRON_BUILDER_CHANNEL: dev
	CSC_IDENTITY_AUTO_DISCOVERY: false

🤖 Prompt for AI Agents

In .github/workflows/dev-release.yml around lines 71 to 73, prevent accidental
macOS code signing lookups by adding the environment variable
CSC_IDENTITY_AUTO_DISCOVERY: 'false' to the workflow env (next to GH_TOKEN and
ELECTRON_BUILDER_CHANNEL) so electron-builder won’t attempt to discover signing
identities on hosted macOS runners; ensure the value is the literal string
'false'.

[coderabbitai]

🧹 Nitpick (assertive)

Mirror the timeout on Linux.

   build-linux:
     runs-on: ubuntu-latest
+    timeout-minutes: 60
     if: ${{ inputs.platform == 'linux' }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	runs-on: ubuntu-latest
	if: ${{ inputs.platform == 'linux' }}
	runs-on: ubuntu-latest
	timeout-minutes: 60
	if: ${{ inputs.platform == 'linux' }}

🤖 Prompt for AI Agents

.github/workflows/dev-release.yml around lines 94-96: the Linux job lacks the
timeout setting present for other platforms; add a timeout-minutes entry to this
job (directly under runs-on) using the same numeric value used for the other
platform job in this workflow so the Linux run mirrors the same timeout
behavior.

[coderabbitai]

🧹 Nitpick (assertive)

Apply the same no-sign setting for Linux (harmless, keeps parity).

       env:
         GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        ELECTRON_BUILDER_CHANNEL: dev
+        ELECTRON_BUILDER_CHANNEL: dev
+        CSC_IDENTITY_AUTO_DISCOVERY: false

🤖 Prompt for AI Agents

In .github/workflows/dev-release.yml around lines 144-146, the Linux job is
missing the no-sign environment flag; add the same no-sign env var used for
other platforms (e.g., NO_SIGN: "true" or the repository's existing no-sign
variable) under the job's env section so the Linux build runs without signing
and stays consistent with the other platforms.

[coderabbitai]

🧹 Nitpick (assertive)

Mirror the timeout on Windows.

   build-windows:
     runs-on: windows-latest
+    timeout-minutes: 60
     if: ${{ inputs.platform == 'windows' }}

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	runs-on: windows-latest
	if: ${{ inputs.platform == 'windows' }}
	runs-on: windows-latest
	timeout-minutes: 60
	if: ${{ inputs.platform == 'windows' }}

🤖 Prompt for AI Agents

.github/workflows/dev-release.yml around lines 167 to 169: the Windows job block
lacks the timeout-minutes setting that other platform jobs use, so add the same
timeout-minutes value under this job (matching the timeout used for Linux/macOS
jobs) with correct YAML indentation so the Windows job is subject to the same
workflow timeout.