Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/actionlint.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,4 @@ jobs:
name: actionlint
permissions:
contents: read
uses: NDDev-it-com/nddev-ci-workflows/.github/workflows/actionlint.yml@ac4d1f469f5974741c7449305ffcbd5f05a5a47f # 0.5.1
uses: NDDev-it-com/nddev-ci-workflows/.github/workflows/actionlint.yml@eda8ff7eb970c05a219238b6e5fb7faad8f67c40 # 0.7.0
2 changes: 1 addition & 1 deletion .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
contents: read
security-events: write # Publish CodeQL analysis to code scanning.
actions: read # Read workflow metadata for the actions language.
uses: NDDev-it-com/nddev-ci-workflows/.github/workflows/public-codeql.yml@ac4d1f469f5974741c7449305ffcbd5f05a5a47f # 0.5.1
uses: NDDev-it-com/nddev-ci-workflows/.github/workflows/public-codeql.yml@eda8ff7eb970c05a219238b6e5fb7faad8f67c40 # 0.7.0
with:
languages: '["actions"]'
queries: security-and-quality
2 changes: 1 addition & 1 deletion .github/workflows/dependency-review.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,4 @@ jobs:
permissions:
contents: read
pull-requests: write # Comment when dependency policy rejects a change.
uses: NDDev-it-com/nddev-ci-workflows/.github/workflows/public-dependency-review.yml@ac4d1f469f5974741c7449305ffcbd5f05a5a47f # 0.5.1
uses: NDDev-it-com/nddev-ci-workflows/.github/workflows/public-dependency-review.yml@eda8ff7eb970c05a219238b6e5fb7faad8f67c40 # 0.7.0
5 changes: 4 additions & 1 deletion .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -179,11 +179,14 @@ jobs:
contents: write # Create the immutable release and its exact assets.
id-token: write # Exchange workflow identity for attestations.
attestations: write # Publish provenance and SBOM attestations.
uses: NDDev-it-com/nddev-ci-workflows/.github/workflows/release-supply-chain.yml@ac4d1f469f5974741c7449305ffcbd5f05a5a47f # 0.5.1
uses: NDDev-it-com/nddev-ci-workflows/.github/workflows/release-supply-chain.yml@eda8ff7eb970c05a219238b6e5fb7faad8f67c40 # 0.7.0
with:
version: ${{ github.ref_name }}
package_name: nddev-zcode-app
archive_paths: >-
README.md LICENSE NOTICE VERSION CHANGELOG.md SECURITY.md SUPPORT.md
CODE_OF_CONDUCT.md CONTRIBUTING.md .gitignore .github build cli-tools
config docs references zcode_tools
runtime_paths: >-
VERSION LICENSE NOTICE README.md build cli-tools config references
zcode_tools
2 changes: 1 addition & 1 deletion .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -19,4 +19,4 @@ jobs:
contents: read
actions: read # Inspect workflow metadata for Scorecard checks.
id-token: write # Obtain OIDC identity for the Scorecard artifact.
uses: NDDev-it-com/nddev-ci-workflows/.github/workflows/public-scorecard-json.yml@ac4d1f469f5974741c7449305ffcbd5f05a5a47f # 0.5.1
uses: NDDev-it-com/nddev-ci-workflows/.github/workflows/public-scorecard-json.yml@eda8ff7eb970c05a219238b6e5fb7faad8f67c40 # 0.7.0
2 changes: 1 addition & 1 deletion .github/workflows/secret-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,4 +16,4 @@ concurrency:
jobs:
secret-scan:
name: Secret scan
uses: NDDev-it-com/nddev-ci-workflows/.github/workflows/secret-scan.yml@ac4d1f469f5974741c7449305ffcbd5f05a5a47f # 0.5.1
uses: NDDev-it-com/nddev-ci-workflows/.github/workflows/secret-scan.yml@eda8ff7eb970c05a219238b6e5fb7faad8f67c40 # 0.7.0
2 changes: 1 addition & 1 deletion .github/workflows/zizmor.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
permissions:
contents: read
security-events: write # Publish workflow-analysis results to code scanning.
uses: NDDev-it-com/nddev-ci-workflows/.github/workflows/zizmor-sarif.yml@ac4d1f469f5974741c7449305ffcbd5f05a5a47f # 0.5.1
uses: NDDev-it-com/nddev-ci-workflows/.github/workflows/zizmor-sarif.yml@eda8ff7eb970c05a219238b6e5fb7faad8f67c40 # 0.7.0
with:
persona: pedantic
min_severity: low
6 changes: 6 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,12 @@ adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
install-required tracked paths (installer, catalogs, build and runtime
metadata, license) excluding governance, CI, and source-level documentation.

### Changed

- The release workflow now publishes the minimal `runtime_bundle` as a second,
attested release asset (`runtime_paths`) alongside the full source archive,
and pins the shared supply-chain workflow to `0.7.0`.

## [2.1.2] - 2026-07-10

### Fixed
Expand Down
8 changes: 4 additions & 4 deletions build/release-evidence.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,11 +2,11 @@
"schema_version": 1,
"module": {
"repository": "NDDev-it-com/nddev-zcode-app",
"setup_digest": "sha256:a4338b65f702404e0e2e9b91314063a980f0c803d0d84961839f12c656a2778b"
"setup_digest": "sha256:024e07675c09c94849000f18275727a6e4a1624be663264021aa7025ba64f08b"
},
"harness": {
"repository": "NDDev-it-com/nddev-harnesses",
"commit": "26f540414bbe6d4e7d0f9776057cac9e4c9d699f"
"commit": "d432aae15a3a3fe48dab5cb447ccc03abe5c78f8"
},
"adapter": {
"id": "zcode",
Expand Down Expand Up @@ -37,8 +37,8 @@
"benchmark:macos",
"benchmark:ubuntu"
],
"generated_at_utc": "2026-07-11T18:32:54Z",
"expires_at_utc": "2027-01-07T18:32:54Z",
"generated_at_utc": "2026-07-11T19:33:20Z",
"expires_at_utc": "2027-01-07T19:33:20Z",
"promotion": {
"decision": "approved"
}
Expand Down
Loading