Skip to content

chore(release): 0.2.5#13

Merged
rhuanbarreto merged 1 commit into
mainfrom
release
Feb 23, 2026
Merged

chore(release): 0.2.5#13
rhuanbarreto merged 1 commit into
mainfrom
release

Conversation

@archgatebot

@archgatebot archgatebot Bot commented Feb 23, 2026

Copy link
Copy Markdown
Contributor

archgate

0.2.5 (2026-02-23)

Bug Fixes

  • upgrade: switch from GitHub API to npm registry for version checks and install (254a28b)

This PR was generated with simple-release.

📄 Cheatsheet

You can configure the bot's behavior through a pull request comment using the !simple-release/set-options command.

Command Format

!simple-release/set-options

```json
{
  "bump": {},
  "publish": {}
}
```

Useful Parameters

Bump

Parameter Type Description
version string Force set specific version
as 'major' | 'minor' | 'patch' | 'prerelease' Release type
prerelease string Pre-release identifier (e.g., "alpha", "beta")
firstRelease boolean Whether this is the first release
skip boolean Skip version bump
byProject Record<string, object> Per-project bump options for monorepos

Publish

Parameter Type Description
skip boolean Skip publishing
access 'public' | 'restricted' Package access level
tag string Tag for npm publication

Usage Examples

Force specific version

!simple-release/set-options

```json
{
  "bump": {
    "version": "2.0.0"
  }
}
```

Force major bump

!simple-release/set-options

```json
{
  "bump": {
    "as": "major"
  }
}
```

Create alpha pre-release

!simple-release/set-options

```json
{
  "bump": {
    "prerelease": "alpha"
  }
}
```

Publish with specific access and tag

!simple-release/set-options

```json
{
  "bump": {
    "prerelease": "beta"
  },
  "publish": {
    "access": "public",
    "tag": "beta"
  }
}
```

Access Restrictions

The command can only be used by users with permissions:

  • repository owner
  • organization member
  • collaborator

Notes

  • The last comment with !simple-release/set-options command takes priority
  • JSON must be valid, otherwise the command will be ignored
  • Parameters apply only to the current release execution
  • The command can be updated by editing the comment or adding a new one

@rhuanbarreto rhuanbarreto merged commit f6ff3a9 into main Feb 23, 2026
2 checks passed
rhuanbarreto pushed a commit that referenced this pull request Feb 28, 2026
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
rhuanbarreto pushed a commit that referenced this pull request Mar 3, 2026
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
rhuanbarreto pushed a commit that referenced this pull request Mar 4, 2026
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
rhuanbarreto added a commit that referenced this pull request Apr 27, 2026
Pin slsa-framework/slsa-github-generator in release-binaries.yml by
full commit SHA instead of tag reference, resolving OSSF Scorecard
code-scanning alert #13 (Pinned-Dependencies).

Add CI-001 ADR (Pin GitHub Actions by Commit SHA) with a companion
`no-unpinned-actions` rule that enforces SHA pinning on all third-party
`uses:` references in workflow files. Registers the new `ci` domain.

Signed-off-by: Rhuan Barreto <rhuan@barreto.work>
rhuanbarreto added a commit that referenced this pull request Apr 27, 2026
fix(ci): pin SLSA reusable workflow by SHA and add CI-001 ADR

Pin slsa-framework/slsa-github-generator in release-binaries.yml by
full commit SHA instead of tag reference, resolving OSSF Scorecard
code-scanning alert #13 (Pinned-Dependencies).

Add CI-001 ADR (Pin GitHub Actions by Commit SHA) with a companion
`no-unpinned-actions` rule that enforces SHA pinning on all third-party
`uses:` references in workflow files. Registers the new `ci` domain.

Signed-off-by: Rhuan Barreto <rhuan@barreto.work>
@github-actions github-actions Bot mentioned this pull request Apr 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant