diff --git a/.codex-plugin/plugin.json b/.codex-plugin/plugin.json index a3f05ff0..a06a473a 100644 --- a/.codex-plugin/plugin.json +++ b/.codex-plugin/plugin.json @@ -1,6 +1,6 @@ { "name": "codex-multi-auth", - "version": "1.2.1", + "version": "1.2.2", "description": "Install and operate codex-multi-auth for the official @openai/codex CLI with multi-account OAuth rotation, switching, health checks, and recovery tools.", "skills": "./skills/" } diff --git a/.github/plugin-scanner-fixtures/bad/.codex-plugin/plugin.json b/.github/plugin-scanner-fixtures/bad/.codex-plugin/plugin.json new file mode 100644 index 00000000..af50df94 --- /dev/null +++ b/.github/plugin-scanner-fixtures/bad/.codex-plugin/plugin.json @@ -0,0 +1,4 @@ +{ + "name": "Fixture Bad Plugin", + "description": "Fixture plugin used to validate failing scanner behavior." +} diff --git a/.github/plugin-scanner-fixtures/bad/README.md b/.github/plugin-scanner-fixtures/bad/README.md new file mode 100644 index 00000000..d0c8f765 --- /dev/null +++ b/.github/plugin-scanner-fixtures/bad/README.md @@ -0,0 +1,3 @@ +# Fixture Bad Plugin + +This fixture is expected to fail the plugin scanner quality gate. diff --git a/.github/plugin-scanner-fixtures/good/.codex-plugin/plugin.json b/.github/plugin-scanner-fixtures/good/.codex-plugin/plugin.json new file mode 100644 index 00000000..23acf6b7 --- /dev/null +++ b/.github/plugin-scanner-fixtures/good/.codex-plugin/plugin.json @@ -0,0 +1,11 @@ +{ + "name": "fixture-good-plugin", + "version": "1.0.0", + "description": "Fixture plugin used to validate the Codex plugin scanner workflow.", + "author": "ndycode", + "homepage": "https://example.com/fixture-good-plugin", + "repository": "https://example.com/fixture-good-plugin.git", + "license": "MIT", + "keywords": ["fixture", "codex", "plugin"], + "skills": "./skills/" +} diff --git a/.github/plugin-scanner-fixtures/good/.codexignore b/.github/plugin-scanner-fixtures/good/.codexignore new file mode 100644 index 00000000..282781a5 --- /dev/null +++ b/.github/plugin-scanner-fixtures/good/.codexignore @@ -0,0 +1 @@ +# Fixture file for scanner regression coverage. diff --git a/.github/plugin-scanner-fixtures/good/LICENSE b/.github/plugin-scanner-fixtures/good/LICENSE new file mode 100644 index 00000000..e2f53bec --- /dev/null +++ b/.github/plugin-scanner-fixtures/good/LICENSE @@ -0,0 +1,3 @@ +MIT License + +Copyright (c) 2026 ndycode diff --git a/.github/plugin-scanner-fixtures/good/README.md b/.github/plugin-scanner-fixtures/good/README.md new file mode 100644 index 00000000..4fc091a4 --- /dev/null +++ b/.github/plugin-scanner-fixtures/good/README.md @@ -0,0 +1,3 @@ +# Fixture Good Plugin + +This fixture is expected to pass the plugin scanner quality gate. diff --git a/.github/plugin-scanner-fixtures/good/SECURITY.md b/.github/plugin-scanner-fixtures/good/SECURITY.md new file mode 100644 index 00000000..5773cb4a --- /dev/null +++ b/.github/plugin-scanner-fixtures/good/SECURITY.md @@ -0,0 +1,3 @@ +# Security Policy + +Report security issues to fixture@example.com. diff --git a/.github/plugin-scanner-fixtures/good/skills/example/SKILL.md b/.github/plugin-scanner-fixtures/good/skills/example/SKILL.md new file mode 100644 index 00000000..4504a261 --- /dev/null +++ b/.github/plugin-scanner-fixtures/good/skills/example/SKILL.md @@ -0,0 +1,8 @@ +--- +name: example +description: Example fixture skill for scanner regression coverage. +--- + +# Example + +This fixture skill exists to satisfy the plugin scanner regression test. diff --git a/.github/workflows/codex-plugin-scanner.yml b/.github/workflows/codex-plugin-scanner.yml new file mode 100644 index 00000000..52b96e25 --- /dev/null +++ b/.github/workflows/codex-plugin-scanner.yml @@ -0,0 +1,73 @@ +name: Codex Plugin Quality Gate + +on: + push: + branches: [main] + pull_request: + branches: [main] + workflow_dispatch: + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + scan: + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest, windows-latest] + runs-on: ${{ matrix.os }} + timeout-minutes: 10 + permissions: + contents: read + steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - name: Codex plugin scanner + uses: hashgraph-online/hol-codex-plugin-scanner-action@b45d6b583afe05819b24edc8e6418c9ad2e1f1d0 # v1 + with: + # The pinned action resolves .codex-plugin/plugin.json from the repo root. + plugin_dir: "." + min_score: "70" + + scan-regression: + strategy: + fail-fast: false + matrix: + include: + - os: ubuntu-latest + fixture: good + plugin_dir: ".github/plugin-scanner-fixtures/good" + expect_outcome: success + - os: ubuntu-latest + fixture: bad + plugin_dir: ".github/plugin-scanner-fixtures/bad" + expect_outcome: failure + - os: windows-latest + fixture: good + plugin_dir: ".github/plugin-scanner-fixtures/good" + expect_outcome: success + - os: windows-latest + fixture: bad + plugin_dir: ".github/plugin-scanner-fixtures/bad" + expect_outcome: failure + runs-on: ${{ matrix.os }} + timeout-minutes: 10 + permissions: + contents: read + steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + - name: Codex plugin scanner regression + id: scan + continue-on-error: true + uses: hashgraph-online/hol-codex-plugin-scanner-action@b45d6b583afe05819b24edc8e6418c9ad2e1f1d0 # v1 + with: + plugin_dir: ${{ matrix.plugin_dir }} + min_score: "70" + - name: Assert fixture outcome + shell: bash + run: | + if [ "${{ steps.scan.outcome }}" != "${{ matrix.expect_outcome }}" ]; then + echo "Expected fixture '${{ matrix.fixture }}' to '${{ matrix.expect_outcome }}', got '${{ steps.scan.outcome }}'." + exit 1 + fi