diff --git a/.github/workflows/beta.yml b/.github/workflows/beta.yml index da0f8dd..bfdae89 100644 --- a/.github/workflows/beta.yml +++ b/.github/workflows/beta.yml @@ -52,6 +52,7 @@ jobs: runs-on: ubuntu-latest permissions: contents: write + id-token: write steps: - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 with: @@ -66,6 +67,16 @@ jobs: - name: Generate checksums run: sha256sum hp-* > checksums.txt && cat checksums.txt + - name: Install cosign + uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3 + + - name: Sign binaries with cosign + run: | + for file in hp-*; do + cosign sign-blob --yes --output-signature "${file}.sig" --output-certificate "${file}.pem" "${file}" + done + cosign sign-blob --yes --output-signature checksums.txt.sig --output-certificate checksums.txt.pem checksums.txt + - name: Create/update beta release env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -79,7 +90,7 @@ jobs: --prerelease \ --title "Beta (dev branch)" \ --notes "Rolling beta build from \`${{ inputs.ref || 'dev' }}\` branch."$'\n\n'"Install: \`brew install colangelo/tap/hp-beta\`"$'\n'"Upgrade: \`brew update && brew upgrade hp-beta\`" \ - hp-* checksums.txt + hp-* checksums.txt checksums.txt.sig checksums.txt.pem update-homebrew: name: Update Homebrew Formula diff --git a/CHANGELOG.md b/CHANGELOG.md index 69bdc3f..4eeba0c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,16 @@ All notable changes to hp (hittyping) will be documented in this file. +## [0.8.3] - 2026-02-23 + +### Fixed + +- Proxy support: HTTP transport now respects `HTTPS_PROXY`/`HTTP_PROXY`/`ALL_PROXY` environment variables (SOCKS5, HTTP proxies) + +### Security + +- Beta releases are now cosign-signed (fixes OpenSSF Scorecard Signed-Releases warning) + ## [0.8.2] - 2026-02-22 ### Fixed diff --git a/CLAUDE.md b/CLAUDE.md index 437528d..805daa6 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -51,6 +51,7 @@ hp -3 -d example.com # HTTP/3 with auto-downgrade on failures hp -3 -D example.com # Auto-downgrade including plain HTTP hp -b cloudflare.com # Braille mode (2x density) hp -g 100 -y 200 8.8.8.8 # Custom thresholds (or --green, --yellow) +HTTPS_PROXY=socks5://host:port hp cloudflare.com # Via SOCKS5 proxy ``` ## Flags diff --git a/README.md b/README.md index db1b7df..82e9e9e 100644 --- a/README.md +++ b/README.md @@ -98,6 +98,8 @@ hp -3 -d example.com # HTTP/3 with auto-downgrade on failures hp -3 -D example.com # Auto-downgrade including plain HTTP hp -b cloudflare.com # Braille mode (2x density) hp -g 50 -y 100 cloudflare.com # Custom thresholds (ms) +HTTPS_PROXY=socks5://host:1080 hp site # Via SOCKS5 proxy +HTTP_PROXY=http://proxy:8080 hp -1 site # Via HTTP proxy ``` ## Flags diff --git a/ROADMAP.md b/ROADMAP.md index 33d7f6e..635979a 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -74,6 +74,11 @@ If hp evolves toward interactive features, consider migrating to [Bubble Tea](ht ## Completed +### v0.8.3 - Proxy Support & Signed Betas + +- [x] Proxy support via `HTTPS_PROXY`/`HTTP_PROXY` env vars (SOCKS5, HTTP) +- [x] Cosign-signed beta releases (OpenSSF Scorecard compliance) + ### v0.8.2 - Cursor Fix & Beta Channel - [x] Fix cursor positioning: replace saveCur/restCur with relative movement (immune to scroll) diff --git a/main.go b/main.go index bcc9fac..9764c6b 100644 --- a/main.go +++ b/main.go @@ -22,7 +22,7 @@ import ( // cleanly pause rendering before the process is actually stopped. var displayMu sync.Mutex -const version = "0.8.2" +const version = "0.8.3" const ( // ANSI colors @@ -412,6 +412,7 @@ func createClient(protoLevel int, timeout time.Duration, insecure bool) *http.Cl } transport := &http.Transport{ + Proxy: http.ProxyFromEnvironment, TLSClientConfig: &tls.Config{ InsecureSkipVerify: insecure, },