mirror of
https://github.com/github/awesome-copilot.git
synced 2026-07-14 01:51:02 +00:00
bb4766e22666d271e11dcd26c61173b9829f576a
5 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
|
|
e986f49695 |
Migrate extension metadata to plugin.json and enforce conventions (#2177)
* Remove pluginRoots property from marketplace.json The pluginRoots property is not used by install tooling and was only informational about the extension/plugin source directories. Removing it simplifies the marketplace.json structure while maintaining all functionality. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> * Migrate java-modernization-studio to plugin.json and update validation workflow - Create .github/plugin/plugin.json for java-modernization-studio extension - Remove legacy canvas.json from java-modernization-studio - Update validate-canvas-extensions.yml workflow to check for plugin.json instead of canvas.json - Update workflow to trigger on .schemas/plugin.schema.json changes (instead of canvas.schema.json) - Remove schema validation logic that relied on canvas.schema.json - All 12 extensions now use plugin.json for metadata Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> * Add extensions field to all extension plugin.json files Per https://github.com/github/copilot-agent-runtime/pull/9929, plugins that ship extensions need to include an extensions field specifying where the extension code is located. All 12 extensions now have extensions set to '.' to reference the current directory where extension.mjs is located. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> * Enforce convention-based extension metadata and remove x-awesome-copilot - Remove x-awesome-copilot.screenshots from all extension plugin.json files - Enforce logo=assets/preview.png convention for all extensions - Enforce extensions=. per copilot-agent-runtime#9929 - Update validate-plugins.mjs to enforce conventions - Update validate-canvas-extensions.yml workflow with convention checks - Update AGENTS.md and CONTRIBUTING.md documentation All 12 extensions validated successfully. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Use standard plugin validation for extensions Remove the custom extension schema and schema validation helper, and validate extension plugin.json files through the existing plugin validator instead. Update workflows to stop depending on the removed schema. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> |
||
|
|
79cda6bb19 |
Add canvas schema validation to extension submission workflow (#2161)
* Add canvas schema and extension submission checks Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> * fix: use namespace import for js-yaml Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com> * Fix contributors page build markup Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com> * Address PR feedback on canvas schema validation - Add ajv-cli@5 as a pinned devDependency; install via npm ci in CI instead of npx --yes - Fix screenshot path regex to prevent .. traversal segments - Validate canvas.schema.json is parseable JSON even on schema-only PRs Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> * Harden canvas extension workflow against injection attacks Switch from newline to null-terminated git diff output (git diff -z) so filenames containing newlines are read atomically, matching the existing skill-check.yml pattern. Add an allowlist regex guard on the extracted extension directory name immediately after it is parsed from git diff output. Any name not matching ^[a-z0-9][a-z0-9-]*$ (e.g. names containing dollar signs, parentheses, spaces, or other shell metacharacters) is silently skipped before being used anywhere in the script. Add a matching allowlist guard on each screenshot path extracted from canvas.json before the file-existence check, so a crafted manifest cannot supply a path with shell metacharacters or traversal segments even after the schema check passes. Follows the same defence-in-depth pattern introduced after the injection PoCs in #1236 and #1240. Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Replace ajv-cli with in-repo schema validator - Remove ajv-cli to avoid vulnerable/deprecated transitive dependencies - Add eng/validate-json-schema.mjs using ajv + ajv-formats - Update validate-canvas-extensions workflow to use local script - Use npm ci --ignore-scripts in PR validation job Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: aaronpowell <434140+aaronpowell@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> |
||
|
|
0eb6062f94 |
chore(phase2): retarget all automation and contributor guidance from staged to main (#2122)
* chore(phase2): retarget all automation from staged to main - publish.yml: trigger on main, publish only to marketplace - check-pr-target.yml: invert — now blocks PRs targeting staged, welcomes main - 10 PR validation workflows: branches [staged] → [main] - external-plugin-command-router.yml: --base staged → main (3×), message text - external-plugin-rereview-command.yml: --base staged → main (2×), message text - external-plugin-rereview.yml: staged reference in review comment text - external-plugin-intake.yml: ref: staged checkout → main - external-plugin-pr-quality-gates.yml: ref: staged checkout → main - external-plugin-quality-gates.yml: ref: staged checkout → main - check-plugin-structure.yml: error messages updated for new branch model - contributors.yml: ref and base target → main - setup-labels.yml: targets-main label description updated - cli-for-beginners-sync.md + .lock.yml: base-branch staged → main - codeowner-update.md + .lock.yml: base-branch staged → main - learning-hub-updater.md + .lock.yml: base-branch staged → main Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * docs(phase2): update contributor guidance from staged to main - CONTRIBUTING.md: branch from main, PR targets main; remove Phase 2 gate note - AGENTS.md: PR target + external plugin PR automation references - .github/pull_request_template.md: PR checklist targets main - website/src/content/docs/learning-hub/agentic-workflows.md: PR target Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * aw updates --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> |
||
|
|
17b174fb0a |
Canvas manifest implementation for extensions (#2029)
* Add keyword display to extension cards on website - Add .resource-keywords and .keyword-tag CSS styles for rendering keyword badges - Update renderExtensionsHtml() to display keywords below extension description - Keywords now visible on the website extensions page with styled badges - Regenerate website data to include keyword metadata Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Canvas manifest implementation for all extensions Add per-extension canvas manifests with: - Structured canvas metadata (name, description, version, keywords) - Screenshot definitions (icon and gallery with path/type) - Relative paths for images within each extension directory Enhance extension metadata: - Generate meaningful descriptions from source analysis - Extract and assign keywords for discoverability - Store metadata in package.json and extension source files Update website rendering and data generation: - Include keywords in extension cards and search index - Add per-extension canvas.json files for independent evolution - Support screenshot metadata in manifest structure - Generate extensions.json with full canonical paths for website All 9 local canvas extensions now have complete manifests with descriptions, keywords, and screenshot references. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Tweaking some descriptions * Fix description priority to prefer package.json over in-source metadata Reverse the priority in canvasDescription so that package.json descriptions (which contain the enhanced, manually-curated descriptions) take precedence over older in-source descriptions extracted from createCanvas(...) calls. This prevents regression when npm run website:data regenerates outputs, ensuring that committed canvas.json files maintain the current descriptions. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> * Fix canvas validation to skip external.json file The validation script was treating extensions/external.json as if it were a directory, causing false validation failures. Added check to skip files (identified by presence of dot in filename) and only validate actual canvas extension directories. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --------- Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> |
||
|
|
5fb37f6461 |
feat: add canvas extension validation and labeling (#2017)
- Update PR template to include canvas extension as a contribution type - Add 'canvas-extension' label (color: E4B9FF) to label-pr-intent workflow with auto-detection for PRs touching extensions/** - Add new validate-canvas-extensions.yml workflow that checks: - extension.mjs is present in each changed extension folder - assets/preview.png screenshot is present in each changed extension folder - Posts a REQUEST_CHANGES review with a fix guide on failure Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> |