v0.0.1

.github/environments.json

@@ -0,0 +1,23 @@
+{
+    "Develop": {
+        "deployment_branch_policy": {
+            "protected_branches": false,
+            "custom_branch_policies": true
+        },
+        "reviewers": [],
+        "wait_timer": 0
+    },
+    "Production": {
+        "deployment_branch_policy": {
+            "protected_branches": false,
+            "custom_branch_policies": true
+        },
+        "reviewers": [],
+        "wait_timer": 0
+    },
+    "github-pages": {
+        "deployment_branch_policy": null,
+        "reviewers": [],
+        "wait_timer": 0
+    }
+}

.github/protection.json

@@ -1,4 +1,19 @@
 {
+    "develop": {
+        "allow_deletions": false,
+        "allow_force_pushes": false,
+        "enforce_admins": false,
+        "required_pull_request_reviews": {
+            "dismiss_stale_reviews": false,
+            "require_code_owner_reviews": false,
+            "required_approving_review_count": 1
+        },
+        "required_status_checks": {
+            "contexts": [],
+            "strict": true
+        },
+        "restrictions": null
+    },
     "main": {
         "allow_deletions": false,
         "allow_force_pushes": false,

.github/workflows/approve.yml

@@ -5,13 +5,19 @@ on:
     types:
       - opened
 
+permissions:
+  pull-requests: write
+
 jobs:
   approve:
     runs-on: ubuntu-latest
 
     if: endsWith(github.actor, '[bot]')
 
     steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
       - name: Approve
         run: gh pr review ${{ github.event.number }} --approve
         env:

.github/workflows/gh-deploy.yml

@@ -20,6 +20,8 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
 
+    environment: github-pages
+
     steps:
       - name: Checkout
         uses: actions/checkout@v6

.github/workflows/pr-agent.yml

@@ -22,7 +22,7 @@ jobs:
 
     steps:
       - name: PR Agent Action Step
-        uses: qodo-ai/pr-agent@v0.31
+        uses: qodo-ai/pr-agent@v0.32
         env:
           CONFIG.CUSTOM_MODEL_MAX_TOKENS: 64000
           CONFIG.MODEL: "gemini/gemini-2.5-flash"

.github/workflows/publish-app.yml

@@ -3,7 +3,7 @@ name: Publish App to GHCR
 on:
   push:
     branches:
-      - main
+      - develop
     paths:
       - ".github/workflows/publish-app.yml"
       - ".python-version"

.github/workflows/publish-devcontainer.yml

@@ -3,7 +3,7 @@ name: Publish Devcontainer to GHCR
 on:
   push:
     branches:
-      - main
+      - develop
     paths:
       - ".devcontainer/Dockerfile"
       - ".github/workflows/publish-devcontainer.yml"

.github/workflows/release.yml

@@ -1,26 +1,55 @@
 name: Release
 
 on:
-  pull_request:
+  push:
     branches:
+      - develop
       - main
-    types:
-      - closed
 
 permissions:
   contents: write
   pull-requests: read
 
 jobs:
-  publish:
-    if: github.event.pull_request.merged == true && contains(github.head_ref, 'release/')
+  develop:
+    if: github.ref_name == 'develop'
 
     runs-on: ubuntu-latest
 
+    environment: Develop
+
     steps:
       - name: Checkout
         uses: actions/checkout@v6
 
+      - name: Update Draft Release
+        uses: release-drafter/release-drafter@v6
+        with:
+          config-name: release-drafter.yml
+          disable-autolabeler: true
+          publish: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  production:
+    if: github.ref_name == 'main'
+
+    runs-on: ubuntu-latest
+
+    environment: Production
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Get PR Title for Version
+        id: pr
+        run: |
+          PR_TITLE=$(gh pr list --search "${{ github.sha }}" --state merged --json title --jq '.[0].title')
+          echo "TITLE=$PR_TITLE" >> "$GITHUB_OUTPUT"
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
       - name: Publish Release
         uses: release-drafter/release-drafter@v6
         with:
@@ -31,5 +60,5 @@ jobs:
           tag: ${{ env.VERSION }}
           version: ${{ env.VERSION }}
         env:
+          VERSION: ${{ steps.pr.outputs.TITLE }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          VERSION: ${{ github.event.pull_request.title }}

.github/workflows/setting.yml

@@ -4,13 +4,14 @@ on:
   pull_request:
     paths:
       - .github/workflows/setting.yml
+      - .github/environments.json
       - .github/protection.json
   schedule:
     - cron: "0 0 * * *"
   workflow_dispatch:
 
 jobs:
-  delete-branch:
+  branch:
     runs-on: ubuntu-latest
 
     steps:
@@ -23,10 +24,65 @@ jobs:
 
       - name: Enable auto-delete head branches
         run: |
-          gh repo edit ${{ github.repository }} --delete-branch-on-merge
+          gh repo edit ${{ github.repository }} \
+            --default-branch develop \
+            --delete-branch-on-merge
         env:
           GH_TOKEN: ${{ steps.generate-token.outputs.token }}
 
+  environments:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        include:
+          - environment: Develop
+            branch: develop
+          - environment: Production
+            branch: main
+          - environment: github-pages
+            branch: gh-pages
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_KEY }}
+
+      - name: Configure Environment
+        run: |
+          if [ ! -f ${{ env.CONFIG_FILE }} ]; then
+            echo "Error: ${{ env.CONFIG_FILE }} not found!"
+            exit 1
+          fi
+
+          jq -c ".\"${{ env.ENVIRONMENT_NAME }}\"" ${{ env.CONFIG_FILE }} | gh api -X PUT "${{ env.ENDPOINT }}/${{ env.ENVIRONMENT_NAME }}" --input -
+
+          CUSTOM_BRANCH_POLICIES=$(jq -r ".\"${{ env.ENVIRONMENT_NAME }}\".deployment_branch_policy.custom_branch_policies" ${{ env.CONFIG_FILE }})
+
+          if [ "$CUSTOM_BRANCH_POLICIES" != true ]; then
+            IDS=$(gh api "${{ env.ENDPOINT }}/${{ env.ENVIRONMENT_NAME }}/deployment-branch-policies" --jq '.branch_policies[].id' || true)
+            for ID in $IDS; do
+              gh api -X DELETE "${{ env.ENDPOINT }}/${{ env.ENVIRONMENT_NAME }}/deployment-branch-policies/$ID" --silent || true
+            done
+            exit 0
+          fi
+
+          gh api -X POST "${{ env.ENDPOINT }}/${{ env.ENVIRONMENT_NAME }}/deployment-branch-policies" \
+            -f "name=${{ env.BRANCH_NAME }}" \
+            -f "type=branch"
+        env:
+          CONFIG_FILE: .github/environments.json
+          BRANCH_NAME: ${{ matrix.branch }}
+          ENDPOINT: repos/${{ github.repository }}/environments
+          ENVIRONMENT_NAME: ${{ matrix.environment }}
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+
   pages:
     runs-on: ubuntu-latest
 
@@ -40,18 +96,39 @@ jobs:
 
       - name: Set GitHub Pages Source
         run: |
-          gh api -X POST "repos/${{ github.repository }}/pages" \
+          gh api -X POST ${{ env.ENDPOINT }} \
             -f "source[branch]=${{ env.BRANCH }}" \
             -f "source[path]=${{ env.TARGET_PATH }}" --silent \
           || \
-          gh api -X PUT "repos/${{ github.repository }}/pages" \
+          gh api -X PUT ${{ env.ENDPOINT }} \
             -f "source[branch]=${{ env.BRANCH }}" \
             -f "source[path]=${{ env.TARGET_PATH }}"
         env:
+          ENDPOINT: repos/${{ github.repository }}/pages
           BRANCH: gh-pages
           TARGET_PATH: /
           GH_TOKEN: ${{ steps.generate-token.outputs.token }}
 
+  permission:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Generate a token
+        id: generate-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ vars.APP_ID }}
+          private-key: ${{ secrets.APP_KEY }}
+
+      - name: Configure Actions Workflow Permissions
+        run: |
+          gh api -X PUT "${{ env.ENDPOINT }}" \
+            -f "default_workflow_permissions=write" \
+            -F "can_approve_pull_request_reviews=true"
+        env:
+          ENDPOINT: repos/${{ github.repository }}/actions/permissions/workflow
+          GH_TOKEN: ${{ steps.generate-token.outputs.token }}
+
   protection:
     runs-on: ubuntu-latest
 
@@ -68,21 +145,22 @@ jobs:
 
       - name: Apply Branch Protection Rules
         run: |
-          if [ ! -f "$CONFIG_FILE" ]; then
-            echo "Error: $CONFIG_FILE not found!"
+          if [ ! -f ${{ env.CONFIG_FILE }} ]; then
+            echo "Error: ${{ env.CONFIG_FILE }} not found!"
             exit 1
           fi
 
-          BRANCHES=$(jq -r 'keys[]' "$CONFIG_FILE")
+          BRANCHES=$(jq -r 'keys[]' ${{ env.CONFIG_FILE }})
 
           for BRANCH in $BRANCHES; do
-            if ! gh api "repos/${{ github.repository }}/branches/$BRANCH" --silent >/dev/null 2>&1; then
-              echo "Warning: Branch '$BRANCH' does not exist in this repository. Skipping..."
+            if ! gh api "${{ env.ENDPOINT }}/$BRANCH" --silent >/dev/null 2>&1; then
+              echo "Warning: Branch $BRANCH does not exist in this repository. Skipping..."
               continue
             fi
 
-            jq -c ".\"$BRANCH\"" "$CONFIG_FILE" | gh api -X PUT "repos/${{ github.repository }}/branches/$BRANCH/protection" --input -
+            jq -c ".\"$BRANCH\"" ${{ env.CONFIG_FILE }} | gh api -X PUT "${{ env.ENDPOINT }}/$BRANCH/protection" --input -
           done
         env:
           CONFIG_FILE: .github/protection.json
+          ENDPOINT: repos/${{ github.repository }}/branches
           GH_TOKEN: ${{ steps.generate-token.outputs.token }}

.github/workflows/test.yml

@@ -16,6 +16,7 @@ on:
       - "uv.lock"
   push:
     branches:
+      - develop
       - main
     paths:
       - ".github/actions/setup-python-with-uv/action.yml"

.prettierrc.json

@@ -0,0 +1,11 @@
+{
+    "overrides": [
+        {
+            "files": ["*.json", "*.json5", "*.jsonc"],
+            "options": {
+                "parser": "json",
+                "trailingComma": "none"
+            }
+        }
+    ]
+}