docs: add widget screenshots

[riderx]

Summary\n- Add README screenshots for iOS Home Screen / SpringBoard widgets\n- Add README screenshots for Lock Screen / Live Activity and Dynamic Island surfaces\n- Add README screenshot for Android AppWidget\n\n## Validation\n- bun run build\n- bun run lint\n- xmllint --noout docs/screenshots/*.svg

Summary by CodeRabbit

• Documentation

  • Added a "Widget Screenshots" section to the README with visual examples for iOS Home Screen, iOS Lock Screen/Live Activity, iOS Dynamic Island, and Android AppWidget.

• Bug Fixes

  • Removed an unintended green overlay from workout display visuals so only the base layout, text, and controls are shown.

• Chores

  • Updated CI workflow action versions and checkout configuration (internal tooling updates).

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR adds a new "Widget Screenshots" section to the README, updates several GitHub Action versions in two workflows, and removes green rest-progress overlay rectangles from workout SVG templates.

Changes

Repository updates

Layer / File(s)	Summary
Widget Screenshots section README.md	New Widget Screenshots section with a table displaying iOS and Android widget surfaces including home screen, lock screen/live activity, dynamic island, and app widget examples.
pr_beta_prompt workflow action bumps .github/workflows/pr_beta_prompt.yml	Bumps actions/setup-node to v6.4.0 and actions/github-script to v9.0.0 in the beta prompt workflow.
pr_beta_publish workflow action bumps .github/workflows/pr_beta_publish.yml	Upgrades multiple actions: actions/github-script to v9.0.0 (several steps), actions/checkout to v6.0.2 (with persist-credentials: false), oven-sh/setup-bun to v2.2.0, and actions/setup-node to v6.4.0.
Remove rest-progress SVG overlays src/helpers/workout.ts	Deletes the green <rect> overlays that rendered timers.rest progress on homeScreen and lockScreen SVG templates, leaving only base background rectangles and existing content.

🎯 3 (Moderate) | ⏱️ ~20 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'docs: add widget screenshots' accurately reflects the primary change: adding a new widget screenshots section to the README with links/images for multiple surfaces (iOS Home Screen, Lock Screen, Dynamic Island, Android AppWidget).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Beta npm build

Maintainers can publish this PR to npm for fast testing.

Comment /publish-beta after the PR checks are green.

The workflow will:

• publish a prerelease package on the beta tag
• add a pinned pr-6 dist-tag for this exact PR build
• update this comment with the install command

Security note: beta publish is only enabled for branches inside this repository.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/pr_beta_prompt.yml:
- Line 21: The workflow uses mutable action tags; replace the two occurrences
"actions/setup-node@v6.4.0" and "actions/github-script@v9.0.0" with their
corresponding full 40-character commit SHAs (pin to the specific commit) so the
workflow no longer uses mutable tags; locate the strings
"actions/setup-node@v6.4.0" and "actions/github-script@v9.0.0" in the file and
update each `uses:` entry to the exact commit SHA for that action release.

In @.github/workflows/pr_beta_publish.yml:
- Line 32: Replace all mutable GitHub Action tag refs with immutable SHA-pinned
refs: locate each uses: entry such as uses: actions/github-script@v9.0.0 (and
the other occurrences flagged) and change the tag to the corresponding full
commit SHA for that action (e.g., actions/github-script@<full-commit-sha>);
obtain the correct commit SHAs from the action's repository (GitHub UI or git
ls-remote) and update each uses: line so every third-party action is pinned to a
40-character commit SHA.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 1c588799-1521-4c50-abca-5061618cae43

📥 Commits

Reviewing files that changed from the base of the PR and between 87fda50 and dba084e.

📒 Files selected for processing (3)

• .github/workflows/pr_beta_prompt.yml
• .github/workflows/pr_beta_publish.yml
• src/helpers/workout.ts

💤 Files with no reviewable changes (1)

• src/helpers/workout.ts

[coderabbitai]

⚠️ Potential issue | 🔴 Critical | ⚡ Quick win

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Verify all workflow `uses:` refs are SHA-pinned.
# Expected result: no matches.
rg -nP '^\s*uses:\s*[^@\s]+@(?![0-9a-f]{40}\b).+$' .github/workflows/*.yml

Repository: Cap-go/capacitor-widget-kit

Length of output: 2087

---

Pin actions/* workflow uses to commit SHAs (still mutable in this workflow).

.github/workflows/pr_beta_prompt.yml uses mutable tags:

• actions/setup-node@v6.4.0
• actions/github-script@v9.0.0

Pin both to full 40-char commit SHAs to satisfy the unpinned-uses policy.

🧰 Tools

🪛 zizmor (1.25.2)

[error] 21-21: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/pr_beta_prompt.yml at line 21, The workflow uses mutable
action tags; replace the two occurrences "actions/setup-node@v6.4.0" and
"actions/github-script@v9.0.0" with their corresponding full 40-character commit
SHAs (pin to the specific commit) so the workflow no longer uses mutable tags;
locate the strings "actions/setup-node@v6.4.0" and
"actions/github-script@v9.0.0" in the file and update each `uses:` entry to the
exact commit SHA for that action release.

[coderabbitai]

⚠️ Potential issue | 🟠 Major | ⚡ Quick win

All updated third-party actions must be SHA-pinned.

Lines 32, 110, 157, 164, 198, 215, and 276 use mutable tag refs. This violates the enforced unpinned-uses policy and weakens supply-chain integrity for a publish-capable workflow.

🔧 Example patch pattern

-        uses: actions/github-script@v9.0.0
+        uses: actions/github-script@<40-char-commit-sha> # v9.0.0

-        uses: actions/checkout@v6.0.2
+        uses: actions/checkout@<40-char-commit-sha> # v6.0.2

-      - uses: oven-sh/setup-bun@v2.2.0
+      - uses: oven-sh/setup-bun@<40-char-commit-sha> # v2.2.0

-        uses: actions/setup-node@v6.4.0
+        uses: actions/setup-node@<40-char-commit-sha> # v6.4.0

#!/bin/bash
set -euo pipefail

# Verify all workflow `uses:` refs are SHA-pinned.
# Expected result: no matches.
rg -nP '^\s*uses:\s*[^@\s]+@(?![0-9a-f]{40}\b).+$' .github/workflows/*.yml

Also applies to: 110-110, 157-157, 164-164, 198-198, 215-215, 276-276

🧰 Tools

🪛 zizmor (1.25.2)

[error] 32-32: unpinned action reference (unpinned-uses): action is not pinned to a hash (required by blanket policy)

(unpinned-uses)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/pr_beta_publish.yml at line 32, Replace all mutable GitHub
Action tag refs with immutable SHA-pinned refs: locate each uses: entry such as
uses: actions/github-script@v9.0.0 (and the other occurrences flagged) and
change the tag to the corresponding full commit SHA for that action (e.g.,
actions/github-script@<full-commit-sha>); obtain the correct commit SHAs from
the action's repository (GitHub UI or git ls-remote) and update each uses: line
so every third-party action is pinned to a 40-character commit SHA.