Skip to content

chore: rename config files (minimal + reference)#127

Merged
VijitSingh97 merged 1 commit into
developfrom
chore/config-rename
Jul 1, 2026
Merged

chore: rename config files (minimal + reference)#127
VijitSingh97 merged 1 commit into
developfrom
chore/config-rename

Conversation

@VijitSingh97

Copy link
Copy Markdown
Contributor

What

Rename the two config files so the names say what they are — the same rename as Pithead #326, for cross-repo consistency.

Before After Role
config.json.template config.minimal.json Copy-me starter — just the pool URL.
config.advanced.example.json config.reference.json Full reference — every key with its default value.

Content

No content change needed:

  • config.reference.json is already complete — the #23 unit test enforces that it documents every key parse_config reads (and excludes the internal POOL_HOST/WORKER_NAME/WORKER_CONFIG_FILE keys). Still passes after the rename.
  • config.minimal.json is still minimal — one pools[0].url with the <YOUR_POOL_HOST> placeholder, and parse_config still rejects it unedited (no accidental deploy to a bogus host).

References updated

rigforge.sh, docs/configuration.md, RELEASING.md, .gitignore, the release workflow (.github/workflows/release.yml), the macOS e2e bundle (tests/e2e/macos.sh), and the config unit tests (tests/run.sh). CHANGELOG.md keeps the old names (historical).

Verification

  • jq — both files valid JSON
  • tests/run.sh — 614 pass (incl. the renamed config.reference.json / config.minimal.json unit tests)
  • shellcheck + shfmt, markdownlint, YAML parse of the release workflow — clean

NOTE: touches docs/configuration.md, which the open voice-consistency PR (#126) also edits — a small filename-line conflict on whichever merges second.

🤖 Generated with Claude Code

config.json.template -> config.minimal.json   (the copy-me starter: just the pool URL)
config.advanced.example.json -> config.reference.json   (the full reference: every key
  with its default, enforced complete by the #23 test)

Matches the same rename in Pithead for cross-repo consistency. Content unchanged — the
the starter is still just the pool URL. Updated all references (rigforge.sh, RELEASING,
docs/configuration, .gitignore, the release workflow + macOS e2e bundle, and the config
tests). CHANGELOG keeps the old names (historical).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@VijitSingh97 VijitSingh97 force-pushed the chore/config-rename branch from 61c0659 to 9f6f19c Compare July 1, 2026 00:33
@VijitSingh97 VijitSingh97 merged commit ee3fdfd into develop Jul 1, 2026
9 checks passed
@VijitSingh97 VijitSingh97 deleted the chore/config-rename branch July 1, 2026 00:58
VijitSingh97 added a commit that referenced this pull request Jul 2, 2026
* ci: supply-chain hardening (gitleaks, Dependabot, zizmor) + develop/main branch model (#120)

* ci: supply-chain & secrets hardening — gitleaks, Dependabot, zizmor (#117)

Adds the three cross-cutting gates from #117 on top of RigForge's existing
SHA-pinned actions and commit-verified XMRig build. Scope is only the gaps,
not a redo of that work.

- gitleaks: new Security workflow scans the full git history for committed
  secrets (pool creds, tokens, the #113 stratum access-password) on every push
  and PR, with a matching pre-commit hook. Binary is version+checksum pinned,
  mirroring the shellcheck/shfmt installs.
- Dependabot: .github/dependabot.yml for the github-actions ecosystem only
  (RigForge has no pip/npm/docker deps) — keeps the action pins current and
  surfaces advisories.
- zizmor: audits the workflows for template injection, over-broad GITHUB_TOKEN,
  and credential persistence. Hardened ci.yml/release.yml to a read-only default
  token and persist-credentials: false on checkout so the audit is clean.

The broader pre-commit hook set (shellcheck/shfmt/yamllint/markdownlint +
freebies) is left to #118, which extends .pre-commit-config.yaml.

Validated locally: gitleaks clean over full history, zizmor reports no findings.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* ci(security): enable zizmor online audits + weekly schedule

Run zizmor with online audits on (its default) so the known-vulnerable-actions
audit cross-references the actions we pin against the GitHub Advisory Database —
a CVE disclosed against a pinned action now fails the gate, not just structural
issues. GH_TOKEN is the built-in read-only token (advisory data is public; it's
only for API access).

Add a weekly schedule so a freshly-published advisory trips against main even
with no open PRs (the online audit is time-varying by design). gitleaks is
skipped on the scheduled tick — history doesn't change between pushes.

Complements Dependabot: zizmor blocks the merge, Dependabot opens the bump.
Validated: zizmor online reports no findings against the current pins.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* ci: adopt the develop/main branch model (mirrors Pithead)

Pithead uses develop as the default integration branch and main as the release
branch; mirror that here (develop is now the repo default).

- ci.yml + security.yml: run on push to [main, develop] (PRs already run on any
  base via the unfiltered pull_request trigger).
- coverage: diff-cover now compares against the PR's actual base branch
  (github.base_ref, falling back to the pushed branch) instead of a hardcoded
  origin/main — so patch coverage stays correct once develop diverges from main.
- CONTRIBUTING: document the two-branch model; PRs target develop.
- RELEASING: build the release commit on develop, fast-forward into main, tag
  from main. develop is merged to main at each release (1.1 onward).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* docs(contributing): state inbound contributions are MIT-licensed (closes #119) (#121)

* ci: DX glue + config/docs lint (.editorconfig, pre-commit, yamllint, markdownlint, lychee) (#118) (#122)

Rounds out the non-shell tooling around RigForge's existing shellcheck/shfmt +
kcov core, finishing the tooling epic (#116).

- .editorconfig: encodes the whitespace house style (shfmt -i 4, LF, final
  newline) so editors match CI.
- pre-commit: .pre-commit-config.yaml now orchestrates `make lint` (shellcheck +
  shfmt via the Makefile's SHELL_FILES — single source of truth, no duplicated
  list), the existing gitleaks hook, and freebie hygiene hooks (detect-private-key,
  check-added-large-files, end-of-file-fixer, trailing-whitespace).
- yamllint + markdownlint: new CI jobs in ci.yml (and `make lint-yaml` /
  `make lint-md`), each with a tuned config (.yamllint, .markdownlint-cli2.yaml)
  matching the repo's house style. Pinned via pipx / npx like diff-cover/zizmor.
- lychee: new scheduled workflow (links.yml) + `make lint-links`, kept off the PR
  path since external links are flaky-by-nature. Pinned + checksum-verified binary.
- docs: small fixes to satisfy the structural markdown rules (blank lines around
  headings/lists/fences via --fix; code-fence languages; fenced donation block;
  README hero subtitle as <h3> to keep the heading hierarchy clean).
- CONTRIBUTING: document the hooks + the config/docs lint targets.

Validated locally: yamllint --strict, markdownlint, zizmor (online), lychee
(198 links OK), and `pre-commit run --all-files` all green.

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* release: v1.1.0

Roll up the Unreleased changelog under 1.1.0 and bump VERSION. v1.1 is the
tooling/code-quality + repo-hardening release: supply-chain & secrets gates
(#117), DX glue + config/docs lint (#118), the develop/main branch model, and
the MIT-licensing contributing note (#119). Stratum auth/TLS (#113/#115) were
deferred to v1.6.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* docs: copy-edit for a more natural, less templated voice

Moderate style pass across the README, the docs/ guides, and the meta docs
(CONTRIBUTING, SECURITY, RELEASING, issue/PR templates): trim em-dash density,
drop gratuitous bold and italics-for-emphasis, soften marketing cadence and the
recurring "X, not Y" construction, and cut filler/virtue words.

Prose-only. Verified no code blocks, command tokens, flags, env vars, numbers,
link targets, or table rows changed; emoji section headers kept; markdownlint
clean across all 18 files. CHANGELOG left in the standard Keep-a-Changelog style.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* chore: defer release — keep v1.1 tooling/docs under [Unreleased]

The v1.1 work is dev tooling (gitleaks/zizmor/Dependabot, pre-commit, the lint
configs, the develop/main branch model) plus a docs copy-edit. None of the
tooling is in the release bundle (release.yml ships rigforge.sh/util/systemd/
config templates/README/docs/images/LICENSE/VERSION — not tests/, .github/, or
the dotfiles), and rigforge.sh is unchanged, so there's nothing user-facing to
release. Bumping to 1.1.0 (MINOR) would signal new functionality that isn't there.

Revert the premature VERSION bump (back to 1.0.1) and the changelog rollup; the
entries stay under [Unreleased] and will ship with the next release that actually
changes something for users. main stays at the last release (1.0.1).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

* feat: worker HTTP API open (read-only) by default (#125)

ACCESS_TOKEN no longer defaults to the rig name. Left unset, the rig's
:8080 xmrig API is served `restricted` (read-only) with NO token — which
matches Pithead's new default no-auth stats probe, so a stock rig needs
zero token coordination. Setting ACCESS_TOKEN re-enables Bearer auth (now
validated only when non-empty); match it dashboard-side with
workers.api_auth token|name.

Pairs with pithead#171/#172 (the dashboard's single config-driven worker
API probe).

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* ci(deps): bump actions/checkout in the github-actions group (#124)

Bumps the github-actions group with 1 update: [actions/checkout](https://github.com/actions/checkout).


Updates `actions/checkout` from 6.0.3 to 7.0.0
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@df4cb1c...9c091bb)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Vijit Singh <vijit.n.singh@gmail.com>

* docs: rewrite for voice consistency (#126)

* docs: rewrite CONTRIBUTING.md for voice consistency

Voice/style pass to match the cadence of the p2pool, xmrig, and monero READMEs.
No technical facts, commands, flags, addresses, ports, or numbers changed
(code fences and inline code verified byte-identical).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs: rewrite README.md for voice consistency

Voice/style pass to match the cadence of the p2pool, xmrig, and monero READMEs.
No technical facts, commands, flags, addresses, ports, or numbers changed
(code fences and inline code verified byte-identical).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs: rewrite RELEASING.md for voice consistency

Voice/style pass to match the cadence of the p2pool, xmrig, and monero READMEs.
No technical facts, commands, flags, addresses, ports, or numbers changed
(code fences and inline code verified byte-identical).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs: rewrite SECURITY.md for voice consistency

Voice/style pass to match the cadence of the p2pool, xmrig, and monero READMEs.
No technical facts, commands, flags, addresses, ports, or numbers changed
(code fences and inline code verified byte-identical).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs: rewrite docs/README.md for voice consistency

Voice/style pass to match the cadence of the p2pool, xmrig, and monero READMEs.
No technical facts, commands, flags, addresses, ports, or numbers changed
(code fences and inline code verified byte-identical).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs: rewrite docs/benchmarks.md for voice consistency

Voice/style pass to match the cadence of the p2pool, xmrig, and monero READMEs.
No technical facts, commands, flags, addresses, ports, or numbers changed
(code fences and inline code verified byte-identical).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs: rewrite docs/configuration.md for voice consistency

Voice/style pass to match the cadence of the p2pool, xmrig, and monero READMEs.
No technical facts, commands, flags, addresses, ports, or numbers changed
(code fences and inline code verified byte-identical).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs: rewrite docs/faq.md for voice consistency

Voice/style pass to match the cadence of the p2pool, xmrig, and monero READMEs.
No technical facts, commands, flags, addresses, ports, or numbers changed
(code fences and inline code verified byte-identical).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs: rewrite docs/getting-started.md for voice consistency

Voice/style pass to match the cadence of the p2pool, xmrig, and monero READMEs.
No technical facts, commands, flags, addresses, ports, or numbers changed
(code fences and inline code verified byte-identical).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs: rewrite docs/hardware.md for voice consistency

Voice/style pass to match the cadence of the p2pool, xmrig, and monero READMEs.
No technical facts, commands, flags, addresses, ports, or numbers changed
(code fences and inline code verified byte-identical).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs: rewrite docs/how-it-works.md for voice consistency

Voice/style pass to match the cadence of the p2pool, xmrig, and monero READMEs.
No technical facts, commands, flags, addresses, ports, or numbers changed
(code fences and inline code verified byte-identical).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs: rewrite docs/operations.md for voice consistency

Voice/style pass to match the cadence of the p2pool, xmrig, and monero READMEs.
No technical facts, commands, flags, addresses, ports, or numbers changed
(code fences and inline code verified byte-identical).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs: rewrite docs/pithead-integration.md for voice consistency

Voice/style pass to match the cadence of the p2pool, xmrig, and monero READMEs.
No technical facts, commands, flags, addresses, ports, or numbers changed
(code fences and inline code verified byte-identical).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs: rewrite tests/README.md for voice consistency

Voice/style pass to match the cadence of the p2pool, xmrig, and monero READMEs.
No technical facts, commands, flags, addresses, ports, or numbers changed
(code fences and inline code verified byte-identical).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* refactor: ponytail cleanup — drop dead duplicates + stdlib trims (#128)

Behaviour-preserving cleanups from a ponytail (over-engineering) audit. The audit's
headline finding is that rigforge is already lean; these are the few real cuts.

rigforge.sh:
- macOS tuning block re-set YIELD/PRIORITY/NUMA/HTTP_RESTRICTED to the exact values
  the shared defaults block already sets — dead no-ops (plus an orphaned priority
  comment duplicating the default's). Keep only the values that actually differ.
- link_cli: fold the `ok` flag into the `if` it guards.

util/proposed-grub.sh:
- L3-cache + socket parsing: `lscpu | grep ... | awk` -> single `awk`; strip via
  bash builtin (`${L3_RAW//[!0-9]/}`) instead of `echo | sed`.
- 1GB-pages read: `$(<file)` instead of `cat ... || echo 0` (the file is guarded
  by -f already, and the default is set to 0 above).

No behaviour change; 614-test suite green.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* chore: rename config files for clarity (minimal + reference) (#127)

config.json.template -> config.minimal.json   (the copy-me starter: just the pool URL)
config.advanced.example.json -> config.reference.json   (the full reference: every key
  with its default, enforced complete by the #23 test)

Matches the same rename in Pithead for cross-repo consistency. Content unchanged — the
the starter is still just the pool URL. Updated all references (rigforge.sh, RELEASING,
docs/configuration, .gitignore, the release workflow + macOS e2e bundle, and the config
tests). CHANGELOG keeps the old names (historical).

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* test: cover the edge cases the suite was missing (#129)

Adds ~58 assertions for previously-untested branches and degenerate
inputs, all at the run.sh layer (stub-driven, hardware-independent,
bash 3.2-safe) per tests/README.md — no new files, SHELL_FILES unchanged.

Behaviours now covered:
- check_prerequisites: the whole jq-bootstrap (apt/dnf/pacman/none/brew/
  no-brew/already-present) — was entirely untested
- install_dependencies: the dnf and pacman branches + the no-manager
  warn-not-abort path + the apt-cache-present linux-tools branch
- install_service reboot-gate (#audit A2): enable-but-NOT-start when a
  reboot is pending, restart on rebuild, start on steady state, plus
  CPUPOWER_PATH substitution in ExecStartPre
- compile_xmrig drops the clone (rm -rf) on a commit mismatch (#18)
- config-gen round-trips: bracketed IPv6 url, single-pool tls, empty
  ACCESS_TOKEN -> JSON null
- restore of a corrupt / config-less archive: fails AND leaves the
  existing config.json untouched (no silent clobber)
- uninstall without --yes aborts cleanly on 'n' and reverts nothing
- mac_start guard (no built worker -> "run setup first"); mac_stop
  launchd-owned delegation
- numeric degenerate inputs: _median/_stddev/_mean on empty/single
  sample; _watts_from_energy backwards counter w/ no wrap-max; the
  no-power efficiency fallbacks in _accept_better and _autotune_score
- compute_build_jobs sub-2GB floor; the 1G fstab line on a fresh write;
  the rest of the xmrig.service hardening block

Verified: make lint clean; make test 664/664; make coverage 91.34%
(floor 80); suite passes 687/687 on a real Ubuntu 24.04 / bash 5.2 rig.

Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>

* fix(e2e-real): don't send an API Bearer when ACCESS_TOKEN is unset

The worker HTTP API now defaults to open (read-only) with no token, so
XMRig 401s the stale "Bearer $(hostname)" the verify warmup still sent.
Under set -e + pipefail that surfaced as curl -f exit 22 aborting verify
silently before any output. Send the header only when ACCESS_TOKEN is set.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* fix(tune): don't send an API Bearer when ACCESS_TOKEN is unset

_read_api_hashrate always sent "Bearer ${ACCESS_TOKEN:-}", so with the
new open (no-token) API default it sent an empty Bearer, XMRig 401'd it,
and curl -f (exit 22) aborted the caller under set -e — breaking every
live-hashrate read: autotune (incl. the monthly timer), tune --live,
tune --confirm, and the upgrade re-tune. Send the header only when
ACCESS_TOKEN is set. The suites stub this via API_CMD, so only the
real-hardware e2e gate exercised the curl path that regressed.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* release: v1.1.0

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* docs(release): promote develop to main via a reviewable PR, not a direct push

The develop->main promotion goes through a PR (release gate + audit trail);
main is protected. Fast-forward/rebase-merge so the tag lands on develop's
release commit.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

* test(tune): cover _read_api_hashrate's auth-header logic; harden for bash 3.2

Adds a unit test driving the real _read_api_hashrate with a stubbed curl —
asserting no Authorization header when ACCESS_TOKEN is unset and a Bearer
when set. This is the branch the rest of the suite stubs via API_CMD, so it
was uncovered (diff-cover patch-coverage gate flagged the new lines) and is
exactly where the open-API regression hid. Also swaps the empty-array curl
arg for an if/else, since "${arr[@]}" on an empty array trips set -u on
bash 3.2 (the macOS CI job).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant