NOISSUE refactor to update copyright notices and improve workflow scripts

- Updated copyright notices in various files to reflect "Project Tick" instead of "Project Tick Contributors".
- Added a new GitHub Action for packaging source tarballs with multiple formats and GPG signing options.
- Introduced a dependabot configuration for automated dependency updates across various ecosystems.
- Enhanced CI workflows by improving command syntax for better readability and consistency.
- Added checks to skip commit message linting for automated bot PRs (e.g., Dependabot).
- Improved source tree preparation and packaging steps in the meshmc and neozip release workflows.
- Updated documentation to reflect changes in authorship and project information.

Signed-off-by: Mehmet Samet Duman <yongdohyun@projecttick.org>

30 files changed, 436 insertions, 107 deletions

diff --git a/.github/actions/change-analysis/action.yml b/.github/actions/change-analysis/action.yml
index eb1d7c3b75..308bda4526 100644
--- a/.github/actions/change-analysis/action.yml
+++ b/.github/actions/change-analysis/action.yml
@@ -1,4 +1,4 @@
-# Copyright (C) Project Tick Contributors
+# Copyright (C) Project Tick
 # SPDX-License-Identifier: MIT
 #
 # Composite action — analyzes changed directories and parses commit messages.
diff --git a/.github/actions/package-source/action.yml b/.github/actions/package-source/action.yml
new file mode 100644
index 0000000000..7255ee5200
--- /dev/null
+++ b/.github/actions/package-source/action.yml
@@ -0,0 +1,111 @@
+# Copyright (C) Project Tick
+# SPDX-License-Identifier: MIT
+name: Package Source Tarball
+description: >
+  Create source archives in multiple formats (.tar, .tar.xz, .tar.gz, .tar.zst, .zip, .7z),
+  generate SHA-256 checksums, and optionally GPG-sign each artifact.
+
+inputs:
+  project:
+    description: "Project directory name (e.g. meshmc, neozip)"
+    required: true
+  version:
+    description: "Release version string (e.g. 1.0.0)"
+    required: true
+  source-dir:
+    description: "Path to the prepared source tree to archive"
+    required: true
+  output-dir:
+    description: "Directory to write archives, checksums, and signatures"
+    required: false
+    default: "release-artifacts"
+  gpg-private-key:
+    description: "ASCII-armored GPG private key for signing"
+    required: false
+  gpg-private-key-id:
+    description: "GPG key ID to select the signing key"
+    required: false
+
+outputs:
+  artifact-dir:
+    description: "Path to the directory containing all release artifacts"
+    value: ${{ inputs.output-dir }}
+
+runs:
+  using: composite
+  steps:
+    - name: Install packaging tools
+      shell: bash
+      run: |
+        sudo apt-get update -qq
+        sudo apt-get install -y -qq p7zip-full zstd xz-utils zip
+
+    - name: Create archives
+      shell: bash
+      env:
+        PROJECT: ${{ inputs.project }}
+        VERSION: ${{ inputs.version }}
+        SRC_DIR: ${{ inputs.source-dir }}
+        OUT_DIR: ${{ inputs.output-dir }}
+      run: |
+        set -euo pipefail
+        mkdir -p "$OUT_DIR"
+
+        BASE="${PROJECT}-${VERSION}"
+
+        # Create a clean directory named project-version for the archive root
+        STAGING="$(mktemp -d)"
+        cp -a "$SRC_DIR" "$STAGING/$BASE"
+
+        # Remove .git directories from the staged copy
+        find "$STAGING/$BASE" -name '.git' -type d -exec rm -rf {} + 2>/dev/null || true
+        find "$STAGING/$BASE" -name '.gitmodules' -delete 2>/dev/null || true
+
+        tar -cf "$OUT_DIR/${BASE}.tar" -C "$STAGING" "$BASE"
+        gzip -9 -k "$OUT_DIR/${BASE}.tar"
+        xz -9 -k "$OUT_DIR/${BASE}.tar"
+        zstd -19 "$OUT_DIR/${BASE}.tar" -o "$OUT_DIR/${BASE}.tar.zst"
+        (cd "$STAGING" && zip -r -9 -q "$OLDPWD/$OUT_DIR/${BASE}.zip" "$BASE")
+        7z a -mx=9 "$OUT_DIR/${BASE}.7z" "$STAGING/$BASE" > /dev/null
+
+        rm -rf "$STAGING"
+
+        echo "### 📦 Archives created for ${BASE}" >> "$GITHUB_STEP_SUMMARY"
+        ls -lh "$OUT_DIR"/ >> "$GITHUB_STEP_SUMMARY"
+
+    - name: Generate SHA-256 checksums
+      shell: bash
+      env:
+        OUT_DIR: ${{ inputs.output-dir }}
+      run: |
+        set -euo pipefail
+        cd "$OUT_DIR"
+        for f in *.tar *.tar.gz *.tar.xz *.tar.zst *.zip *.7z; do
+          [ -f "$f" ] || continue
+          sha256sum "$f" > "${f}.sha256"
+        done
+
+    - name: Import GPG key
+      if: inputs.gpg-private-key != '' && inputs.gpg-private-key-id != ''
+      shell: bash
+      env:
+        GPG_PRIVATE_KEY: ${{ inputs.gpg-private-key }}
+      run: |
+        echo "$GPG_PRIVATE_KEY" | gpg --batch --import
+
+    - name: Sign archives with GPG
+      if: inputs.gpg-private-key != '' && inputs.gpg-private-key-id != ''
+      shell: bash
+      env:
+        OUT_DIR: ${{ inputs.output-dir }}
+        GPG_KEY_ID: ${{ inputs.gpg-private-key-id }}
+      run: |
+        set -euo pipefail
+        cd "$OUT_DIR"
+        for f in *.tar *.tar.gz *.tar.xz *.tar.zst *.zip *.7z; do
+          [ -f "$f" ] || continue
+          gpg --batch --yes --detach-sign --armor \
+            --local-user "$GPG_KEY_ID" \
+            "$f"
+        done
+        echo "### 🔏 GPG signatures created" >> "$GITHUB_STEP_SUMMARY"
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000000..8cc8504709
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,130 @@
+# Copyright (C) Project Tick
+# SPDX-License-Identifier: MIT
+
+version: 2
+
+updates:
+  # ── GitHub Actions ──────────────────────────────────────────────
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+    groups:
+      github-actions:
+        patterns:
+          - "*"
+    labels:
+      - "dependencies"
+      - "github-actions"
+
+  # ── npm (CI scripts) ───────────────────────────────────────────
+  - package-ecosystem: "npm"
+    directory: "/ci/github-script"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    groups:
+      npm_and_yarn:
+        patterns:
+          - "*"
+    labels:
+      - "dependencies"
+      - "javascript"
+
+  # ── Gradle (ForgeWrapper) ──────────────────────────────────────
+  - package-ecosystem: "gradle"
+    directory: "/forgewrapper"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    groups:
+      gradle:
+        patterns:
+          - "*"
+    labels:
+      - "dependencies"
+      - "java"
+
+  # ── Cargo (ofborg) ─────────────────────────────────────────────
+  - package-ecosystem: "cargo"
+    directory: "/ofborg"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    groups:
+      cargo:
+        patterns:
+          - "*"
+    labels:
+      - "dependencies"
+      - "rust"
+
+  # ── pip (meta) ─────────────────────────────────────────────────
+  - package-ecosystem: "pip"
+    directory: "/meta"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "python"
+
+  # ── pip (json4cpp docs) ────────────────────────────────────────
+  - package-ecosystem: "pip"
+    directory: "/json4cpp/docs/mkdocs"
+    schedule:
+      interval: "monthly"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "python"
+
+  # ── pip (tomlplusplus tools) ───────────────────────────────────
+  - package-ecosystem: "pip"
+    directory: "/tomlplusplus/tools"
+    schedule:
+      interval: "monthly"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "python"
+
+  # ── Docker (ofborg) ────────────────────────────────────────────
+  - package-ecosystem: "docker"
+    directory: "/ofborg"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "docker"
+
+  # ── Git submodules ─────────────────────────────────────────────
+  - package-ecosystem: "gitsubmodule"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "submodule"
diff --git a/.github/workflows/cgit-ci.yml b/.github/workflows/cgit-ci.yml
index 37241312ef..0f6dfe8b3b 100644
--- a/.github/workflows/cgit-ci.yml
+++ b/.github/workflows/cgit-ci.yml
@@ -44,10 +44,10 @@ jobs:
       - name: Build git
         run: |
           cd git
-          make -j$(nproc 2>/dev/null || sysctl -n hw.logicalcpu) prefix=/usr/local NO_GETTEXT=1
+          make -j"$(nproc 2>/dev/null || sysctl -n hw.logicalcpu)" prefix=/usr/local NO_GETTEXT=1
 
       - name: Build cgit
-        run: make -j$(nproc 2>/dev/null || sysctl -n hw.logicalcpu)
+        run: make -j"$(nproc 2>/dev/null || sysctl -n hw.logicalcpu)"
 
       - name: Run tests
         run: make test || true
diff --git a/.github/workflows/ci-lint.yml b/.github/workflows/ci-lint.yml
index 0e01b66811..011e0b8381 100644
--- a/.github/workflows/ci-lint.yml
+++ b/.github/workflows/ci-lint.yml
@@ -1,4 +1,4 @@
-# Copyright (C) Project Tick Contributors
+# Copyright (C) Project Tick
 # SPDX-License-Identifier: MIT
 #
 # Fast lint & commit checks — called from ci.yml before builds start.
diff --git a/.github/workflows/ci-schedule.yml b/.github/workflows/ci-schedule.yml
index 3c4ab1c603..5a3c4db607 100644
--- a/.github/workflows/ci-schedule.yml
+++ b/.github/workflows/ci-schedule.yml
@@ -1,4 +1,4 @@
-# Copyright (C) Project Tick Contributors
+# Copyright (C) Project Tick
 # SPDX-License-Identifier: MIT
 #
 # ╔══════════════════════════════════════════════════════════════════╗
@@ -224,10 +224,12 @@ jobs:
         run: |
           set -euo pipefail
 
-          echo "## Scheduled CI Report — ${{ needs.gate.outputs.group }}" >> "$GITHUB_STEP_SUMMARY"
-          echo "" >> "$GITHUB_STEP_SUMMARY"
-          echo "| Job | Result |" >> "$GITHUB_STEP_SUMMARY"
-          echo "|-----|--------|" >> "$GITHUB_STEP_SUMMARY"
+          {
+            echo "## Scheduled CI Report — ${{ needs.gate.outputs.group }}"
+            echo ""
+            echo "| Job | Result |"
+            echo "|-----|--------|"
+          } >> "$GITHUB_STEP_SUMMARY"
 
           FAILED=false
           report() {
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index ce43b6f744..444d8431e6 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,4 +1,4 @@
-# Copyright (C) Project Tick Contributors
+# Copyright (C) Project Tick
 # SPDX-License-Identifier: MIT
 #
 # ╔══════════════════════════════════════════════════════════════════╗
@@ -38,12 +38,12 @@ permissions:
 
 concurrency:
   group: >-
-    ci-${{
+    ci-${{ github.event_name }}-${{
       github.event_name == 'merge_group' && github.event.merge_group.head_ref ||
-      github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) ||
+      (github.event_name == 'pull_request' || github.event_name == 'pull_request_target') && format('pr-{0}', github.event.pull_request.number) ||
       github.ref
     }}
-  cancel-in-progress: ${{ github.event_name != 'merge_group' }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 # ════════════════════════════════════════════════════════════════════
 # Environment — shared across all jobs
@@ -118,25 +118,30 @@ jobs:
 
       - name: Classify event
         id: classify
+        env:
+          GH_HEAD_REF: ${{ github.head_ref }}
+          GH_BASE_REF: ${{ github.base_ref }}
         run: |
+          # shellcheck disable=SC2129
           set -euo pipefail
 
           REF="${GITHUB_REF:-}"
           EVENT="${{ github.event_name }}"
           ACTOR="${{ github.actor }}"
-          HEAD_REF="${{ github.head_ref || '' }}"
-          BASE_REF="${{ github.base_ref || '' }}"
+          HEAD_REF="${GH_HEAD_REF:-}"
 
           # ── Booleans ──────────────────────────────────────────
-          echo "is_push=$([[ "$EVENT" == "push" ]] && echo true || echo false)" >> "$GITHUB_OUTPUT"
-          echo "is_pr=$([[ "$EVENT" == "pull_request" || "$EVENT" == "pull_request_target" ]] && echo true || echo false)" >> "$GITHUB_OUTPUT"
-          echo "is_merge_queue=$([[ "$EVENT" == "merge_group" ]] && echo true || echo false)" >> "$GITHUB_OUTPUT"
-          echo "is_tag=$([[ "$REF" == refs/tags/* ]] && echo true || echo false)" >> "$GITHUB_OUTPUT"
-          echo "is_release_tag=$([[ "$REF" =~ ^refs/tags/(meshmc|neozip|mnv|cmark|forgewrapper)- ]] && echo true || echo false)" >> "$GITHUB_OUTPUT"
-          echo "is_backport=$([[ "$HEAD_REF" == backport-* || "$HEAD_REF" == backport/* ]] && echo true || echo false)" >> "$GITHUB_OUTPUT"
-          echo "is_dependabot=$([[ "$ACTOR" == "dependabot[bot]" ]] && echo true || echo false)" >> "$GITHUB_OUTPUT"
-          echo "is_master=$([[ "$REF" == "refs/heads/master" || "$REF" == "refs/heads/main" ]] && echo true || echo false)" >> "$GITHUB_OUTPUT"
-          echo "is_scheduled=false" >> "$GITHUB_OUTPUT"
+          {
+            echo "is_push=$([[ "$EVENT" == "push" ]] && echo true || echo false)"
+            echo "is_pr=$([[ "$EVENT" == "pull_request" || "$EVENT" == "pull_request_target" ]] && echo true || echo false)"
+            echo "is_merge_queue=$([[ "$EVENT" == "merge_group" ]] && echo true || echo false)"
+            echo "is_tag=$([[ "$REF" == refs/tags/* ]] && echo true || echo false)"
+            echo "is_release_tag=$([[ "$REF" =~ ^refs/tags/(meshmc|neozip|mnv|cmark|forgewrapper)- ]] && echo true || echo false)"
+            echo "is_backport=$([[ "$HEAD_REF" == backport-* || "$HEAD_REF" == backport/* ]] && echo true || echo false)"
+            echo "is_dependabot=$([[ "$ACTOR" == "dependabot[bot]" ]] && echo true || echo false)"
+            echo "is_master=$([[ "$REF" == "refs/heads/master" || "$REF" == "refs/heads/main" ]] && echo true || echo false)"
+            echo "is_scheduled=false"
+          } >> "$GITHUB_OUTPUT"
 
           # ── Run level ─────────────────────────────────────────
           # full    = merge queue, tags, master push, manual force-all
@@ -595,24 +600,6 @@ jobs:
   # ║  STAGE 7 — Release (tag pushes only)                          ║
   # ╚════════════════════════════════════════════════════════════════╝
 
-  meshmc-release:
-    name: "MeshMC Release"
-    needs: [gate, meshmc]
-    if: >-
-      always() &&
-      !cancelled() &&
-      needs.gate.outputs.is_tag == 'true' &&
-      startsWith(github.ref, 'refs/tags/meshmc-')
-    uses: ./.github/workflows/meshmc-build.yml
-    with:
-      build-type: Release
-      environment: Release
-    permissions:
-      contents: read
-      id-token: write
-      packages: write
-    secrets: inherit
-
   neozip-release:
     name: "NeoZip Release"
     needs: gate
@@ -663,12 +650,15 @@ jobs:
     steps:
       - name: Evaluate results
         run: |
+          # shellcheck disable=SC2129
           set -euo pipefail
 
-          echo "## CI Verdict" >> "$GITHUB_STEP_SUMMARY"
-          echo "" >> "$GITHUB_STEP_SUMMARY"
-          echo "| Job | Result |" >> "$GITHUB_STEP_SUMMARY"
-          echo "|-----|--------|" >> "$GITHUB_STEP_SUMMARY"
+          {
+            echo "## CI Verdict"
+            echo ""
+            echo "| Job | Result |"
+            echo "|-----|--------|"
+          } >> "$GITHUB_STEP_SUMMARY"
 
           FAILED=false
 
diff --git a/.github/workflows/corebinutils-ci.yml b/.github/workflows/corebinutils-ci.yml
index 67f5550f46..dd83e27ac4 100644
--- a/.github/workflows/corebinutils-ci.yml
+++ b/.github/workflows/corebinutils-ci.yml
@@ -38,9 +38,9 @@ jobs:
       - name: Build
         run: |
           if [ -f GNUmakefile ]; then
-            make -f GNUmakefile -j$(nproc) || true
+            make -f GNUmakefile -j"$(nproc)" || true
           else
-            make -j$(nproc) || true
+            make -j"$(nproc)" || true
           fi
 
   build-freebsd:
diff --git a/.github/workflows/genqrcode-ci.yml b/.github/workflows/genqrcode-ci.yml
index f5e007746b..95630e72e7 100644
--- a/.github/workflows/genqrcode-ci.yml
+++ b/.github/workflows/genqrcode-ci.yml
@@ -34,14 +34,14 @@ jobs:
         run: brew install pkg-config libpng
       - name: Configure CMake
         if: matrix.os != 'windows-latest'
-        run: cmake -DCMAKE_BUILD_TYPE=$BUILD_TYPE -DWITH_TESTS=yes -DBUILD_SHARED_LIBS=on -S . -B build
+        run: cmake -DCMAKE_BUILD_TYPE="$BUILD_TYPE" -DWITH_TESTS=yes -DBUILD_SHARED_LIBS=on -S . -B build
       - name: Configure CMake (Windows)
         if: matrix.os == 'windows-latest'
-        run: cmake -DCMAKE_BUILD_TYPE=$BUILD_TYPE -DCMAKE_TOOLCHAIN_FILE=$VCPKG_ROOT/scripts/buildsystems/vcpkg.cmake -DWITH_TESTS=yes -S . -B build
+        run: cmake -DCMAKE_BUILD_TYPE="$BUILD_TYPE" -DCMAKE_TOOLCHAIN_FILE="$VCPKG_ROOT/scripts/buildsystems/vcpkg.cmake" -DWITH_TESTS=yes -S . -B build
       - name: Build
-        run: cmake --build build --config $BUILD_TYPE -j 2
+        run: cmake --build build --config "$BUILD_TYPE" -j 2
       - name: Test
-        run: ctest --test-dir build -C $BUILD_TYPE
+        run: ctest --test-dir build -C "$BUILD_TYPE"
 
   autotools:
     runs-on: ${{ matrix.os }}
diff --git a/.github/workflows/json4cpp-amalgam.yml b/.github/workflows/json4cpp-amalgam.yml
index 036532b2d0..a83dee345c 100644
--- a/.github/workflows/json4cpp-amalgam.yml
+++ b/.github/workflows/json4cpp-amalgam.yml
@@ -53,18 +53,19 @@ jobs:
       - name: Check amalgamation
         working-directory: json4cpp
         run: |
-          rm -fr $INCLUDE_DIR/json.hpp~ $INCLUDE_DIR/json_fwd.hpp~
-          cp $INCLUDE_DIR/json.hpp $INCLUDE_DIR/json.hpp~
-          cp $INCLUDE_DIR/json_fwd.hpp $INCLUDE_DIR/json_fwd.hpp~
+          rm -fr "$INCLUDE_DIR/json.hpp~" "$INCLUDE_DIR/json_fwd.hpp~"
+          cp "$INCLUDE_DIR/json.hpp" "$INCLUDE_DIR/json.hpp~"
+          cp "$INCLUDE_DIR/json_fwd.hpp" "$INCLUDE_DIR/json_fwd.hpp~"
 
-          python3 $TOOL_DIR/amalgamate.py -c $TOOL_DIR/config_json.json -s .
-          python3 $TOOL_DIR/amalgamate.py -c $TOOL_DIR/config_json_fwd.json -s .
+          python3 "$TOOL_DIR/amalgamate.py" -c "$TOOL_DIR/config_json.json" -s .
+          python3 "$TOOL_DIR/amalgamate.py" -c "$TOOL_DIR/config_json_fwd.json" -s .
           echo "Format (1)"
-          ${{ github.workspace }}/json4cpp/venv/bin/astyle --project=tools/astyle/.astylerc --suffix=none --quiet $INCLUDE_DIR/json.hpp $INCLUDE_DIR/json_fwd.hpp
+          "${{ github.workspace }}/json4cpp/venv/bin/astyle" --project=tools/astyle/.astylerc --suffix=none --quiet "$INCLUDE_DIR/json.hpp" "$INCLUDE_DIR/json_fwd.hpp"
 
-          diff $INCLUDE_DIR/json.hpp~ $INCLUDE_DIR/json.hpp
-          diff $INCLUDE_DIR/json_fwd.hpp~ $INCLUDE_DIR/json_fwd.hpp
+          diff "$INCLUDE_DIR/json.hpp~" "$INCLUDE_DIR/json.hpp"
+          diff "$INCLUDE_DIR/json_fwd.hpp~" "$INCLUDE_DIR/json_fwd.hpp"
 
-          ${{ github.workspace }}/json4cpp/venv/bin/astyle --project=tools/astyle/.astylerc --suffix=orig $(find docs/examples include tests -type f \( -name '*.hpp' -o -name '*.cpp' -o -name '*.cu' \) -not -path 'tests/thirdparty/*' -not -path 'tests/abi/include/nlohmann/*' | sort)
+          # shellcheck disable=SC2046
+          "${{ github.workspace }}/json4cpp/venv/bin/astyle" --project=tools/astyle/.astylerc --suffix=orig $(find docs/examples include tests -type f \( -name '*.hpp' -o -name '*.cpp' -o -name '*.cu' \) -not -path 'tests/thirdparty/*' -not -path 'tests/abi/include/nlohmann/*' | sort)
           echo Check
           find . -name '*.orig' -exec false {} \+
diff --git a/.github/workflows/json4cpp-ci.yml b/.github/workflows/json4cpp-ci.yml
index cb5fa951be..006a433bd7 100644
--- a/.github/workflows/json4cpp-ci.yml
+++ b/.github/workflows/json4cpp-ci.yml
@@ -118,7 +118,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [macos-13, macos-14, macos-15]
+        os: [macos-14, macos-15]
     steps:
       - uses: actions/checkout@v6
       - name: Initialize json4cpp as git repo
diff --git a/.github/workflows/meshmc-codeql.yml b/.github/workflows/meshmc-codeql.yml
index 4aff63060b..6e01f3328c 100644
--- a/.github/workflows/meshmc-codeql.yml
+++ b/.github/workflows/meshmc-codeql.yml
@@ -38,6 +38,7 @@ jobs:
       - name: Setup dependencies
         uses: ./.github/actions/meshmc/setup-dependencies
         with:
+          artifact-name: meshmc-codeql-deps
           build-type: Debug
           qt-version: 6.9.3
 
diff --git a/.github/workflows/meshmc-container.yml b/.github/workflows/meshmc-container.yml
index dc9d3520db..03b88fb0e5 100644
--- a/.github/workflows/meshmc-container.yml
+++ b/.github/workflows/meshmc-container.yml
@@ -153,6 +153,7 @@ jobs:
         env:
           IMAGE_NAME: ${{ needs.build.outputs.image-name }}
         run: |
+          # shellcheck disable=SC2046
           while read -r tag; do
             podman manifest create "$tag" \
               $(printf "$IMAGE_NAME@sha256:%s " *)
diff --git a/.github/workflows/meshmc-release.yml b/.github/workflows/meshmc-release.yml
index 9a50e9ca73..c6f06ae2a8 100644
--- a/.github/workflows/meshmc-release.yml
+++ b/.github/workflows/meshmc-release.yml
@@ -31,17 +31,54 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v6
         with:
-          submodules: "true"
-          path: "MeshMC-source"
-      - name: Download artifacts
+          submodules: recursive
+
+      - name: Download build artifacts
         uses: actions/download-artifact@v8
+
       - name: Grab and store version
         run: |
-          tag_name=$(echo ${{ github.ref }} | grep -oE "[^/]+$")
-          echo "VERSION=$tag_name" >> $GITHUB_ENV
-      - name: Package artifacts properly
+          tag_name=$(echo "${{ github.ref }}" | grep -oE "[^/]+$")
+          echo "VERSION=$tag_name" >> "$GITHUB_ENV"
+
+      # ── Source tarball preparation ──────────────────────────────
+      - name: Prepare source tree
+        id: prepare
+        run: |
+          set -euo pipefail
+
+          SRC_STAGE="source-stage"
+          mkdir -p "$SRC_STAGE"
+          cp -a meshmc "$SRC_STAGE/meshmc"
+
+          # Bundle handbook docs
+          if [ -d "docs/handbook/meshmc" ]; then
+            mkdir -p "$SRC_STAGE/meshmc/docs/handbook"
+            cp -a docs/handbook/meshmc/. "$SRC_STAGE/meshmc/docs/handbook/"
+          fi
+
+          # Bundle libnbtplusplus and patch CMakeLists.txt
+          mkdir -p "$SRC_STAGE/meshmc/libraries/libnbtplusplus"
+          cp -a libnbtplusplus/. "$SRC_STAGE/meshmc/libraries/libnbtplusplus/"
+          sed -i "s|add_subdirectory(\${CMAKE_SOURCE_DIR}/../libnbtplusplus libnbtplusplus)|add_subdirectory(libraries/libnbtplusplus)|g" \
+            "$SRC_STAGE/meshmc/CMakeLists.txt"
+
+          echo "source-dir=$SRC_STAGE/meshmc" >> "$GITHUB_OUTPUT"
+
+      - name: Package source archives
+        uses: ./.github/actions/package-source
+        with:
+          project: meshmc
+          version: ${{ env.VERSION }}
+          source-dir: ${{ steps.prepare.outputs.source-dir }}
+          output-dir: release-artifacts
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg-private-key-id: ${{ secrets.GPG_PRIVATE_KEY_ID }}
+
+      # ── Binary artifact packaging ──────────────────────────────
+      - name: Package binary artifacts
         run: |
-          mv ${{ github.workspace }}/MeshMC-source MeshMC-${{ env.VERSION }}
+          # shellcheck disable=SC2086,SC2035
           mv MeshMC-Linux-Qt6-Portable*/MeshMC-portable.tar.gz MeshMC-Linux-Qt6-Portable-${{ env.VERSION }}.tar.gz
           mv MeshMC-Linux-aarch64-Qt6-Portable*/MeshMC-portable.tar.gz MeshMC-Linux-aarch64-Qt6-Portable-${{ env.VERSION }}.tar.gz
           mv MeshMC-*.AppImage/MeshMC-*-x86_64.AppImage MeshMC-Linux-x86_64.AppImage
@@ -51,45 +88,44 @@ jobs:
           mv MeshMC-macOS*/MeshMC.zip MeshMC-macOS-${{ env.VERSION }}.zip
           mv MeshMC-macOS*/MeshMC.dmg MeshMC-macOS-${{ env.VERSION }}.dmg
 
-          tar --exclude='.git' -czf MeshMC-${{ env.VERSION }}.tar.gz MeshMC-${{ env.VERSION }}
-
           for d in MeshMC-Windows-MSVC*; do
             cd "${d}" || continue
-            LEGACY="$(echo -n ${d} | grep -o Legacy || true)"
-            ARM64="$(echo -n ${d} | grep -o arm64 || true)"
-            INST="$(echo -n ${d} | grep -o Setup || true)"
-            PORT="$(echo -n ${d} | grep -o Portable || true)"
+            LEGACY="$(echo -n "${d}" | grep -o Legacy || true)"
+            ARM64="$(echo -n "${d}" | grep -o arm64 || true)"
+            INST="$(echo -n "${d}" | grep -o Setup || true)"
+            PORT="$(echo -n "${d}" | grep -o Portable || true)"
             NAME="MeshMC-Windows-MSVC"
             test -z "${LEGACY}" || NAME="${NAME}-Legacy"
             test -z "${ARM64}" || NAME="${NAME}-arm64"
             test -z "${PORT}" || NAME="${NAME}-Portable"
-            test -z "${INST}" || mv MeshMC-*.exe ../${NAME}-Setup-${{ env.VERSION }}.exe
-            test -n "${INST}" || zip -r -9 "../${NAME}-${{ env.VERSION }}.zip" *
+            test -z "${INST}" || mv MeshMC-*.exe "../${NAME}-Setup-${{ env.VERSION }}.exe"
+            test -n "${INST}" || zip -r -9 "../${NAME}-${{ env.VERSION }}.zip" -- *
             cd ..
           done
 
           for d in MeshMC-Windows-MinGW-w64*; do
             cd "${d}" || continue
-            INST="$(echo -n ${d} | grep -o Setup || true)"
-            PORT="$(echo -n ${d} | grep -o Portable || true)"
+            INST="$(echo -n "${d}" | grep -o Setup || true)"
+            PORT="$(echo -n "${d}" | grep -o Portable || true)"
             NAME="MeshMC-Windows-MinGW-w64"
             test -z "${PORT}" || NAME="${NAME}-Portable"
-            test -z "${INST}" || mv MeshMC-*.exe ../${NAME}-Setup-${{ env.VERSION }}.exe
-            test -n "${INST}" || zip -r -9 "../${NAME}-${{ env.VERSION }}.zip" *
+            test -z "${INST}" || mv MeshMC-*.exe "../${NAME}-Setup-${{ env.VERSION }}.exe"
+            test -n "${INST}" || zip -r -9 "../${NAME}-${{ env.VERSION }}.zip" -- *
             cd ..
           done
 
           for d in MeshMC-Windows-MinGW-arm64*; do
             cd "${d}" || continue
-            INST="$(echo -n ${d} | grep -o Setup || true)"
-            PORT="$(echo -n ${d} | grep -o Portable || true)"
+            INST="$(echo -n "${d}" | grep -o Setup || true)"
+            PORT="$(echo -n "${d}" | grep -o Portable || true)"
             NAME="MeshMC-Windows-MinGW-arm64"
             test -z "${PORT}" || NAME="${NAME}-Portable"
-            test -z "${INST}" || mv MeshMC-*.exe ../${NAME}-Setup-${{ env.VERSION }}.exe
-            test -n "${INST}" || zip -r -9 "../${NAME}-${{ env.VERSION }}.zip" *
+            test -z "${INST}" || mv MeshMC-*.exe "../${NAME}-Setup-${{ env.VERSION }}.exe"
+            test -n "${INST}" || zip -r -9 "../${NAME}-${{ env.VERSION }}.zip" -- *
             cd ..
           done
 
+      # ── Single release creation ────────────────────────────────
       - name: Create release
         id: create_release
         uses: softprops/action-gh-release@v2
@@ -121,4 +157,4 @@ jobs:
             MeshMC-Windows-MSVC-Setup-${{ env.VERSION }}.exe
             MeshMC-macOS-${{ env.VERSION }}.zip
             MeshMC-macOS-${{ env.VERSION }}.dmg
-            MeshMC-${{ env.VERSION }}.tar.gz
+            release-artifacts/*
diff --git a/.github/workflows/mnv-ci.yml b/.github/workflows/mnv-ci.yml
index 89d592eec3..eb2bf593eb 100644
--- a/.github/workflows/mnv-ci.yml
+++ b/.github/workflows/mnv-ci.yml
@@ -112,12 +112,12 @@ jobs:
               --enable-tclinterp \
               --enable-gui=gtk3
           fi
-          make -j$(nproc)
+          make -j"$(nproc)"
 
       - name: Test
         timeout-minutes: 25
         run: |
-          make $TEST
+          make "$TEST"
 
       - name: Upload test artifacts
         if: failure()
@@ -163,9 +163,9 @@ jobs:
               --enable-luainterp \
               --enable-tclinterp
           fi
-          make -j$(sysctl -n hw.logicalcpu)
+          make -j"$(sysctl -n hw.logicalcpu)"
 
       - name: Test
         timeout-minutes: 25
         run: |
-          make $TEST
+          make "$TEST"
diff --git a/.github/workflows/mnv-coverity.yml b/.github/workflows/mnv-coverity.yml
index b0de61694c..77862c1bd8 100644
--- a/.github/workflows/mnv-coverity.yml
+++ b/.github/workflows/mnv-coverity.yml
@@ -55,31 +55,32 @@ jobs:
         if: env.TOKEN
         working-directory: ${{ github.workspace }}
         run: |
-          echo "$(pwd)/cov-scan/bin" >> $GITHUB_PATH
-          (
+          echo "$(pwd)/cov-scan/bin" >> "$GITHUB_PATH"
+          {
           echo "NPROC=$(getconf _NPROCESSORS_ONLN)"
           echo "CONFOPT=--enable-perlinterp --enable-python3interp --enable-rubyinterp --enable-luainterp --enable-tclinterp"
-          ) >> $GITHUB_ENV
+          } >> "$GITHUB_ENV"
 
       - name: Configure
         if: env.TOKEN
         run: |
+          # shellcheck disable=SC2086
           ./configure --with-features=huge ${CONFOPT} --enable-fail-if-missing
           sed -i -f ci/config.mk.sed src/auto/config.mk
-          sed -i -f ci/config.mk.${CC}.sed src/auto/config.mk
+          sed -i -f "ci/config.mk.${CC}.sed" src/auto/config.mk
           sed -i 's/-O2 \?//' src/auto/config.mk
 
       - name: Build/scan vim
         if: env.TOKEN
         run: |
-          cov-build --dir cov-int make -j${NPROC}
+          cov-build --dir cov-int make -j"${NPROC}"
 
       - name: Submit results
         if: env.TOKEN
         run: |
           tar zcf cov-scan.tgz cov-int
-          curl --form token=$TOKEN \
-            --form email=$EMAIL \
+          curl --form "token=$TOKEN" \
+            --form "email=$EMAIL" \
             --form file=@cov-scan.tgz \
             --form version="$(git rev-parse HEAD)" \
             --form description="Automatic GHA scan" \
diff --git a/.github/workflows/neozip-cmake.yml b/.github/workflows/neozip-cmake.yml
index 6cf5bd1b16..aff7d7fffe 100644
--- a/.github/workflows/neozip-cmake.yml
+++ b/.github/workflows/neozip-cmake.yml
@@ -21,7 +21,9 @@ jobs:
             os: ubuntu-latest
             compiler: gcc
             cxx-compiler: g++
+            cflags: ""
             cxxflags: -Wno-maybe-uninitialized
+            ldflags: ""
             cmake-args: -DWITH_SANITIZER=Address -DWITH_BENCHMARKS=ON
 
           - name: Ubuntu GCC Native Instructions
diff --git a/.github/workflows/neozip-configure.yml b/.github/workflows/neozip-configure.yml
index 263587160b..49c3576c02 100644
--- a/.github/workflows/neozip-configure.yml
+++ b/.github/workflows/neozip-configure.yml
@@ -15,6 +15,8 @@ jobs:
           - name: Ubuntu GCC
             os: ubuntu-latest
             compiler: gcc
+            cflags: ""
+            ldflags: ""
             configure-args: --warn
 
           - name: Ubuntu Clang
diff --git a/.github/workflows/neozip-pigz.yml b/.github/workflows/neozip-pigz.yml
index 2b5c6077cd..e95a25d76b 100644
--- a/.github/workflows/neozip-pigz.yml
+++ b/.github/workflows/neozip-pigz.yml
@@ -15,6 +15,7 @@ jobs:
           - name: Ubuntu GCC
             os: ubuntu-latest
             compiler: gcc
+            cmake-args: ""
 
           - name: Ubuntu Clang
             os: ubuntu-latest
diff --git a/.github/workflows/neozip-release.yml b/.github/workflows/neozip-release.yml
index 77f23d4150..3d11553080 100644
--- a/.github/workflows/neozip-release.yml
+++ b/.github/workflows/neozip-release.yml
@@ -84,7 +84,7 @@ jobs:
 
     - name: Set environment variables
       shell: bash
-      run: echo "tag=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV
+      run: echo "tag=${GITHUB_REF/refs\/tags\//}" >> "$GITHUB_ENV"
 
     - name: Install Windows 11 SDK (ARM)
       if: matrix.name == 'Windows MSVC ARM' || matrix.name == 'Windows MSVC ARM Compat'
@@ -126,3 +126,45 @@ jobs:
         overwrite: true
       env:
         GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+  source_and_upload:
+    name: Source Archives
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+
+      - name: Set version
+        run: echo "VERSION=${{ github.ref_name }}" >> "$GITHUB_ENV"
+        working-directory: .
+
+      - name: Prepare source tree
+        id: prepare
+        working-directory: .
+        run: |
+          set -euo pipefail
+          SRC_STAGE="source-stage"
+          mkdir -p "$SRC_STAGE"
+          cp -a neozip "$SRC_STAGE/neozip"
+          echo "source-dir=$SRC_STAGE/neozip" >> "$GITHUB_OUTPUT"
+
+      - name: Package source archives
+        uses: ./.github/actions/package-source
+        with:
+          project: neozip
+          version: ${{ env.VERSION }}
+          source-dir: ${{ steps.prepare.outputs.source-dir }}
+          output-dir: release-artifacts
+          gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }}
+          gpg-private-key-id: ${{ secrets.GPG_PRIVATE_KEY_ID }}
+
+      - name: Upload source archives to release
+        uses: softprops/action-gh-release@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          tag_name: ${{ github.ref }}
+          draft: false
+          fail_on_unmatched_files: false
+          files: release-artifacts/*
diff --git a/.github/workflows/tomlplusplus-gh-pages.yml b/.github/workflows/tomlplusplus-gh-pages.yml
index 33161dbf2d..27a34d766b 100644
--- a/.github/workflows/tomlplusplus-gh-pages.yml
+++ b/.github/workflows/tomlplusplus-gh-pages.yml
@@ -34,7 +34,7 @@ jobs:
           poxy --verbose --git-tags
 
       - name: Deploy
-        uses: peaceiris/actions-gh-pages@v3
+        uses: peaceiris/actions-gh-pages@v4
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           publish_dir: ./tomlplusplus/docs/html
diff --git a/archived/projt-launcher/docs/handbook/README.md b/archived/projt-launcher/docs/handbook/README.md
index 785215e6ac..2b95e23e79 100644
--- a/archived/projt-launcher/docs/handbook/README.md
+++ b/archived/projt-launcher/docs/handbook/README.md
@@ -1,6 +1,6 @@
 # Handbook
 
-Documentation for Project Tick contributors and players.
+Documentation for Project Tick and players.
 Latest Version: 0.0.5-1
 
 ## For Players
diff --git a/archived/projt-launcher/docs/handbook/zlib.md b/archived/projt-launcher/docs/handbook/zlib.md
index f98183e21d..cd3ec809a8 100644
--- a/archived/projt-launcher/docs/handbook/zlib.md
+++ b/archived/projt-launcher/docs/handbook/zlib.md
@@ -112,7 +112,7 @@ Jean-loup Gailly, Mark Adler
 **Modifications:**
 ```
 Copyright © 2026
-Project Tick contributors
+Project Tick
 ```
 
 ---
diff --git a/archived/projt-launcher/program_info/org.projecttick.ProjTLauncher.metainfo.xml.in b/archived/projt-launcher/program_info/org.projecttick.ProjTLauncher.metainfo.xml.in
index 911a032bef..2eb0b980b4 100644
--- a/archived/projt-launcher/program_info/org.projecttick.ProjTLauncher.metainfo.xml.in
+++ b/archived/projt-launcher/program_info/org.projecttick.ProjTLauncher.metainfo.xml.in
@@ -4,7 +4,7 @@
   <name>ProjT Launcher</name>
   <summary>Custom Minecraft Launcher to easily manage multiple Minecraft installations at once</summary>
   <developer id="org.projecttick">
-    <name>Project Tick Contributors</name>
+    <name>Project Tick</name>
   </developer>
   <metadata_license>CC0-1.0</metadata_license>
   <project_license>GPL-3.0-only</project_license>
diff --git a/ci/github-script/lint-commits.js b/ci/github-script/lint-commits.js
index ad8f1c63ac..6f2dc540a2 100644
--- a/ci/github-script/lint-commits.js
+++ b/ci/github-script/lint-commits.js
@@ -86,6 +86,15 @@ async function checkCommitMessages({ github, context, core, repoPath }) {
     return
   }
 
+  // Skip commit lint for automated bot PRs (e.g. Dependabot)
+  const prAuthor = pr.user?.login || ''
+  if (prAuthor === 'dependabot[bot]') {
+    core.info(
+      `PR author is "${prAuthor}". Skipping commit message checks for bot PRs.`,
+    )
+    return
+  }
+
   const commits = await getCommitDetailsForPR({ core, pr, repoPath })
 
   const failures = new Set()
diff --git a/docs/handbook/ofborg/building.md b/docs/handbook/ofborg/building.md
index 622be96356..a90936c96f 100644
--- a/docs/handbook/ofborg/building.md
+++ b/docs/handbook/ofborg/building.md
@@ -80,7 +80,7 @@ Available binaries:
 [package]
 name = "tickborg"
 version = "0.1.0"
-authors = ["Project Tick Contributors"]
+authors = ["Project Tick"]
 build = "build.rs"
 edition = "2024"
 description = "Distributed CI bot for Project Tick monorepo"
diff --git a/ofborg/ofborg-simple-build/Cargo.toml b/ofborg/ofborg-simple-build/Cargo.toml
index 65d55f6e1a..5809b2bdbb 100644
--- a/ofborg/ofborg-simple-build/Cargo.toml
+++ b/ofborg/ofborg-simple-build/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "tickborg-simple-build"
 version = "0.1.0"
-authors = ["Project Tick Contributors"]
+authors = ["Project Tick"]
 edition = "2024"
 
 [dependencies]
diff --git a/ofborg/ofborg/Cargo.toml b/ofborg/ofborg/Cargo.toml
index 459c06459e..9f38f01945 100644
--- a/ofborg/ofborg/Cargo.toml
+++ b/ofborg/ofborg/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "tickborg"
 version = "0.1.0"
-authors = ["Project Tick Contributors"]
+authors = ["Project Tick"]
 build = "build.rs"
 edition = "2024"
 description = "Distributed CI bot for Project Tick monorepo"
diff --git a/ofborg/tickborg-simple-build/Cargo.toml b/ofborg/tickborg-simple-build/Cargo.toml
index 65d55f6e1a..5809b2bdbb 100644
--- a/ofborg/tickborg-simple-build/Cargo.toml
+++ b/ofborg/tickborg-simple-build/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "tickborg-simple-build"
 version = "0.1.0"
-authors = ["Project Tick Contributors"]
+authors = ["Project Tick"]
 edition = "2024"
 
 [dependencies]
diff --git a/ofborg/tickborg/Cargo.toml b/ofborg/tickborg/Cargo.toml
index 459c06459e..9f38f01945 100644
--- a/ofborg/tickborg/Cargo.toml
+++ b/ofborg/tickborg/Cargo.toml
@@ -1,7 +1,7 @@
 [package]
 name = "tickborg"
 version = "0.1.0"
-authors = ["Project Tick Contributors"]
+authors = ["Project Tick"]
 build = "build.rs"
 edition = "2024"
 description = "Distributed CI bot for Project Tick monorepo"