Merge 0347ab360f into 9df4ea095f

Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.14.0 to 2.14.1.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](20cf305ff2...e3f713f2d8)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-version: 2.14.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.github/workflows/dependencies.yml

@@ -13,12 +13,12 @@ jobs:
       contents: write # this is needed to push commits and branches
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
           egress-policy: audit
 
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           fetch-depth: 0
       - name: Authenticate as @ohmyzsh
@@ -28,7 +28,7 @@ jobs:
           app-id: ${{ secrets.OHMYZSH_APP_ID }}
           private-key: ${{ secrets.OHMYZSH_APP_PRIVATE_KEY }}
       - name: Setup Python
-        uses: actions/setup-python@83679a892e2d95755f2dac6acb0bfd1e9ac5d548 # v6.1.0
+        uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
         with:
           python-version: "3.12"
           cache: "pip"

.github/workflows/installer.yml

@@ -26,12 +26,12 @@ jobs:
           - macos-latest
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
           egress-policy: audit
 
       - name: Set up git repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Install zsh
         if: runner.os == 'Linux'
         run: sudo apt-get update; sudo apt-get install zsh
@@ -47,12 +47,12 @@ jobs:
       - test
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
           egress-policy: audit
 
       - name: Checkout
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Install Vercel CLI
         run: npm install -g vercel
       - name: Setup project and deploy

.github/workflows/main.yml

@@ -24,12 +24,12 @@ jobs:
     if: github.repository == 'ohmyzsh/ohmyzsh'
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
           egress-policy: audit
 
       - name: Set up git repository
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
       - name: Install zsh
         run: sudo apt-get update; sudo apt-get install zsh
       - name: Check syntax

.github/workflows/project.yml

@@ -17,7 +17,7 @@ jobs:
     if: github.repository == 'ohmyzsh/ohmyzsh'
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
           egress-policy: audit
       - name: Authenticate as @ohmyzsh

.github/workflows/scorecard.yml

@@ -36,12 +36,12 @@ jobs:
 
     steps:
       - name: Harden the runner (Audit all outbound calls)
-        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
+        uses: step-security/harden-runner@e3f713f2d8f53843e71c69a996d56f51aa9adfb9 # v2.14.1
         with:
           egress-policy: audit
 
       - name: "Checkout code"
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
         with:
           persist-credentials: false
 
@@ -60,6 +60,6 @@ jobs:
           retention-days: 5
 
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@cdefb33c0f6224e58673d9004f47f7cb3e328b89 # v4.31.10
+        uses: github/codeql-action/upload-sarif@b20883b0cd1f46c72ae0ba6d1090936928f9fa30 # v4.32.0
         with:
           sarif_file: results.sarif

plugins/ghostty-copypaste/README.md

@@ -0,0 +1,17 @@
+# zsh-ghostty-copypaste
+
+[ghostty](https://ghostty.org/) users, this `zsh` plugin allows you to copy / paste a text selected with the keyboard with `ctrl+shift+c` / `ctrl+shift+v`.
+
+This is a complement to [zsh-shift-select](https://github.com/jirutka/zsh-shift-select), allowing to copy with `{ctrl+}shift+{left,right,up,down,home,end}`.
+
+To use it, add `ghostty-copypaste` to the plugins array of your `.zshrc` file:
+
+```
+plugins=(... ghostty-copypaste)
+```
+
+## Principle
+
+- `ghossty` allows to copy / paste a text selected with the mouse, but not with the keyboard, because this is an action devoted to a terminal (`zsh`) and not to a terminal emulator (`ghostty`).
+- When no mouse selection is started, `ghostty` passes a Control Sequence Introducer `^[[99;6u` / `^[[118;6u` to `zsh`. The plugin binds these CSI to the correct copy / paste functions for X11 or Wayland.
+- Be careful, `ghostty` can lose focus when copying and pasting because of `xclip` or `wl-copy`/`wl-paste` in the plugin. If you use it as a context terminal ("quake"), it is best not to close it when it loses focus.

plugins/ghostty-copypaste/ghostty-copypaste.plugin.zsh

@@ -0,0 +1,42 @@
+function zle-copy-to-clipboard {
+    local selected_text start_pos end_pos
+
+    (( $MARK < $CURSOR )) \
+        && { start_pos=$MARK; end_pos=$CURSOR; } \
+        || { start_pos=$CURSOR; end_pos=$MARK; }
+
+    (( start_pos < 0 || end_pos < 0 )) \
+        && zle -R && return
+
+    selected_text="${BUFFER[$start_pos+1, $end_pos]}"
+
+    command -v xclip &> /dev/null \
+        && ( echo -n "$selected_text" | xclip -selection clipboard ) \
+        && zle -R && return
+
+    command -v wl-copy &> /dev/null \
+        && ( echo -n "$selected_text" | wl-copy ) && zle -R && return
+
+    zle -R
+}
+
+function zle-paste-from-clipboard {
+    local clipboard_content
+
+    command -v xclip &> /dev/null \
+        && clipboard_content=$(xclip -selection clipboard -o 2>/dev/null)
+    command -v wl-paste &> /dev/null \
+        && clipboard_content=$(wl-paste --no-newline 2>/dev/null)
+
+    [[ -z "$clipboard_content" ]] && return
+
+    LBUFFER+="$clipboard_content"
+    zle -R
+}
+
+zle -N zle-copy-to-clipboard
+zle -N zle-paste-from-clipboard
+
+# these 2 CSI from ghostty are sent for Ctrl+Shift+C and Ctrl+Shift+V
+bindkey '^[[99;6u' zle-copy-to-clipboard
+bindkey '^[[118;6u' zle-paste-from-clipboard