From 6cfb1599f2a6375d4bb0161ac2fcba09e9d3ec63 Mon Sep 17 00:00:00 2001
From: CoderDeltaLan <coderdeltalan@gmail.com>
Date: Tue, 16 Sep 2025 10:47:14 +0100
Subject: [PATCH 1/2] docs: English SECURITY and CONTRIBUTING

---
 CONTRIBUTING.md | 6 +++---
 SECURITY.md     | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index f591f77..28ee800 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,4 +1,4 @@
 # Contributing
-- Mantén licencia **MIT** y el archivo `NOTICE`.
-- Atribución requerida en forks y publicaciones.
-- Commits con Conventional Commits. PRs requieren CI verde.
+- Keep the **MIT** license and the `NOTICE` file.
+- Attribution is required in forks and publications.
+- Use **Conventional Commits**. PRs must have green CI.
diff --git a/SECURITY.md b/SECURITY.md
index bc61a3d..e0cf5ee 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,4 +1,4 @@
 # Security Policy
-- Reporta vulnerabilidades por **GitHub → Security → Private reporting**.
-- No abras issues públicos con PoCs explotables.
-- SLA objetivo de primera respuesta: 72h.
+- Report vulnerabilities via **GitHub → Security → Private reporting**.
+- Do not open public issues with exploitable PoCs.
+- Target first response SLA: 72h.

From 2adc624c51e6fd0c1b969866516007a232b36dbf Mon Sep 17 00:00:00 2001
From: CoderDeltaLan <coderdeltalan@gmail.com>
Date: Tue, 16 Sep 2025 10:47:33 +0100
Subject: [PATCH 2/2] ci(release): GHCR-only on tags (no PyPI)

---
 .github/workflows/release.yml | 32 ++++++++------------------------
 1 file changed, 8 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e250a92..8fb79cd 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -1,7 +1,7 @@
 name: release
 on:
   push:
-    tags: ['v*']
+    tags: ['v*']   # only version tags
 
 permissions:
   contents: read
@@ -13,13 +13,15 @@ concurrency:
 
 jobs:
   ghcr:
-    name: Publish GHCR
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Compute image name (lowercase)
+
+      # always lowercase image name
+      - name: Set image name
         shell: bash
-        run: echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY@L}" >> "$GITHUB_ENV"
+        run: echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> "$GITHUB_ENV"
+
       - uses: docker/setup-qemu-action@v3
       - uses: docker/setup-buildx-action@v3
       - uses: docker/login-action@v3
@@ -27,30 +29,12 @@ jobs:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
+
       - uses: docker/build-push-action@v6
         with:
           context: .
+          file: ./Dockerfile
           platforms: linux/amd64
           push: true
           provenance: false
           tags: ${{ env.IMAGE }}:latest,${{ env.IMAGE }}:${{ github.ref_name }}
-
-  pypi:
-    name: Publish PyPI (guarded)
-    if: ${{ secrets.PYPI_API_TOKEN != '' }}
-    needs: ghcr
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v5
-        with: { python-version: '3.12' }
-      - name: Build sdist/wheel
-        run: |
-          python -m pip install -U pip build
-          python -m build
-      - uses: pypa/gh-action-pypi-publish@release/v1
-        with:
-          user: __token__
-          password: ${{ secrets.PYPI_API_TOKEN }}