[codex] show devtools only in dev and move trigger bottom-left

.github/workflows/ghcr-images.yml

@@ -0,0 +1,129 @@
+name: Publish GHCR Images
+
+on:
+  push:
+    branches: [main, dev]
+    tags:
+      - "v*"
+    paths-ignore:
+      - "docs/**"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build-assets:
+    name: Build Frontend Assets
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set build version
+        run: echo "PPANEL_WEB_VERSION=sha-${GITHUB_SHA::7}" >> "$GITHUB_ENV"
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v1
+        with:
+          bun-version: latest
+
+      - name: Cache Bun dependencies
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.bun/install/cache
+            node_modules
+          key: ${{ runner.os }}-bun-${{ hashFiles('bun.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-bun-
+
+      - name: Install deps
+        run: bun install
+
+      - name: Build admin and user apps
+        run: bun run build
+
+      - name: Archive admin dist
+        run: tar -czf ppanel-admin-web-dist.tar.gz -C apps/admin dist
+
+      - name: Archive user dist
+        run: tar -czf ppanel-user-web-dist.tar.gz -C apps/user dist
+
+      - name: Upload admin dist
+        uses: actions/upload-artifact@v4
+        with:
+          name: ppanel-admin-web-dist
+          path: ppanel-admin-web-dist.tar.gz
+          if-no-files-found: error
+
+      - name: Upload user dist
+        uses: actions/upload-artifact@v4
+        with:
+          name: ppanel-user-web-dist
+          path: ppanel-user-web-dist.tar.gz
+          if-no-files-found: error
+
+  publish:
+    name: Publish ${{ matrix.image }}
+    runs-on: ubuntu-latest
+    needs: build-assets
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - image: ppanel-admin-web
+            artifact: ppanel-admin-web-dist
+            tarball: ppanel-admin-web-dist.tar.gz
+            extract_path: apps/admin
+            dockerfile: docker/ppanel-admin-web/Dockerfile
+          - image: ppanel-user-web
+            artifact: ppanel-user-web-dist
+            tarball: ppanel-user-web-dist.tar.gz
+            extract_path: apps/user
+            dockerfile: docker/ppanel-user-web/Dockerfile
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Download build artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ matrix.artifact }}
+          path: .
+
+      - name: Extract build artifact
+        run: tar -xzf ${{ matrix.tarball }} -C ${{ matrix.extract_path }}
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Log in to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository_owner }}/${{ matrix.image }}
+          tags: |
+            type=raw,value=latest,enable={{is_default_branch}}
+            type=ref,event=branch
+            type=ref,event=tag
+            type=sha,prefix=sha-
+
+      - name: Build and push image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ${{ matrix.dockerfile }}
+          platforms: linux/amd64,linux/arm64
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

.github/workflows/promote-release-branch.yml

@@ -0,0 +1,114 @@
+name: Promote Release Branch
+
+on:
+  workflow_dispatch:
+    inputs:
+      head_branch:
+        description: Source branch to promote
+        required: true
+        default: dev
+      base_branch:
+        description: Target branch for the release PR
+        required: true
+        default: main
+      pr_title:
+        description: Optional PR title override
+        required: false
+      pr_body:
+        description: Optional PR body override
+        required: false
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  open-pr:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+
+      - name: Ensure auto-merge is enabled
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          allow_auto_merge="$(gh api "repos/${GITHUB_REPOSITORY}" --jq '.allow_auto_merge')"
+          if [ "${allow_auto_merge}" != "true" ]; then
+            echo "GitHub repository setting 'Allow auto-merge' must be enabled before running this workflow." >&2
+            exit 1
+          fi
+
+      - name: Validate branches
+        env:
+          HEAD_BRANCH: ${{ inputs.head_branch }}
+          BASE_BRANCH: ${{ inputs.base_branch }}
+        run: |
+          git fetch origin "${HEAD_BRANCH}" "${BASE_BRANCH}"
+
+          if ! git show-ref --verify --quiet "refs/remotes/origin/${HEAD_BRANCH}"; then
+            echo "Missing source branch: ${HEAD_BRANCH}" >&2
+            exit 1
+          fi
+
+          if ! git show-ref --verify --quiet "refs/remotes/origin/${BASE_BRANCH}"; then
+            echo "Missing target branch: ${BASE_BRANCH}" >&2
+            exit 1
+          fi
+
+      - name: Create or reuse release PR
+        id: pr
+        env:
+          GH_TOKEN: ${{ github.token }}
+          HEAD_BRANCH: ${{ inputs.head_branch }}
+          BASE_BRANCH: ${{ inputs.base_branch }}
+          PR_TITLE: ${{ inputs.pr_title }}
+          PR_BODY: ${{ inputs.pr_body }}
+        run: |
+          existing_pr="$(gh pr list \
+            --base "${BASE_BRANCH}" \
+            --head "${HEAD_BRANCH}" \
+            --state open \
+            --json number \
+            --jq '.[0].number // empty')"
+
+          if [ -n "${existing_pr}" ]; then
+            echo "number=${existing_pr}" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          title="${PR_TITLE}"
+          if [ -z "${title}" ]; then
+            title="release: ${HEAD_BRANCH} -> ${BASE_BRANCH}"
+          fi
+
+          body="${PR_BODY}"
+          if [ -z "${body}" ]; then
+            body="$(printf '%s\n' \
+              '## Summary' \
+              '' \
+              "- promote \`${HEAD_BRANCH}\` into \`${BASE_BRANCH}\`" \
+              '- auto-merge this PR after all required checks pass' \
+              '- let semantic-release publish the frontend release after the merge lands on the target branch')"
+          fi
+
+          pr_url="$(gh pr create \
+            --base "${BASE_BRANCH}" \
+            --head "${HEAD_BRANCH}" \
+            --title "${title}" \
+            --body "${body}")"
+
+          pr_number="$(gh pr view "${pr_url}" --json number --jq '.number')"
+
+          echo "number=${pr_number}" >> "$GITHUB_OUTPUT"
+
+      - name: Enable PR auto-merge
+        env:
+          GH_TOKEN: ${{ github.token }}
+          PR_NUMBER: ${{ steps.pr.outputs.number }}
+          BASE_BRANCH: ${{ inputs.base_branch }}
+        run: |
+          gh pr merge "${PR_NUMBER}" --auto --squash --delete-branch=false
+          echo "Auto-merge enabled for PR #${PR_NUMBER} into ${BASE_BRANCH}"

.github/workflows/release.yml

@@ -2,7 +2,7 @@ name: Build and Release
 
 on:
   push:
-    branches: [main, next, beta, develop]
+    branches: [main, dev]
     paths-ignore:
       - 'docs/**'
 
@@ -14,15 +14,15 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Setup Bun
         uses: oven-sh/setup-bun@v1
         with:
           bun-version: 'latest'
 
       - name: Cache Bun dependencies
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: |
             ~/.bun

.gitignore

@@ -34,3 +34,8 @@ npm-debug.log*
 # Misc
 .DS_Store
 *.pem
+telepresence-kubeconfig-docker.json
+AGENT.md
+AGENTS.md
+BRANCH_STRATEGY.md
+CLAUDE.md

.releaserc.json

@@ -3,20 +3,8 @@
   "branches": [
     "main",
     {
-      "name": "beta",
-      "prerelease": true
-    },
-    {
-      "name": "alpha",
-      "prerelease": true
-    },
-    {
-      "name": "develop",
+      "name": "dev",
       "prerelease": "dev"
-    },
-    {
-      "name": "next",
-      "prerelease": true
     }
   ],
   "plugins": [