Skip to content

Releases: bitwise-media-group/github-workflows

v4.0.3

Choose a tag to compare

@bitwise-fast-forward-merge bitwise-fast-forward-merge released this 29 Jun 23:09
Immutable release. Only release title and notes can be modified.
83b8372

4.0.3 (2026-06-29)

Bug Fixes

  • make Dependabot auto-merge match modern gh and indirect deps (1e7e5d8)

v4.0.2

Choose a tag to compare

@bitwise-fast-forward-merge bitwise-fast-forward-merge released this 29 Jun 21:50
Immutable release. Only release title and notes can be modified.
dd3767c

4.0.2 (2026-06-29)

Bug Fixes

  • merge: grant statuses:read for the legacy commit-status rollup (3bbf3b3)

v4.0.1

Choose a tag to compare

@bitwise-fast-forward-merge bitwise-fast-forward-merge released this 29 Jun 21:25
Immutable release. Only release title and notes can be modified.
73ff756

4.0.1 (2026-06-29)

Bug Fixes

  • merge: grant checks:read so ff-merge can read the check-run rollup (5a651ab)

v4.0.0

Choose a tag to compare

@bitwise-fast-forward-merge bitwise-fast-forward-merge released this 29 Jun 10:15
Immutable release. Only release title and notes can be modified.
4a154ff

4.0.0 (2026-06-29)

⚠ BREAKING CHANGES

  • callers must now grant pages: write. GitHub resolves a reusable workflow's permissions as the union of every job and ignores if:, so the docs job's pages:write is required even on repos without a zensical.toml or the run fails at startup. Add pages: write to the caller's permissions block (see examples/release.yaml). Consuming repos should also delete their inline docs job and set Settings -> Pages -> Source -> GitHub Actions.

Features

  • build and publish Zensical docs to Pages on release (c619e32)

v3.2.1

Choose a tag to compare

@bitwise-fast-forward-merge bitwise-fast-forward-merge released this 29 Jun 08:36
Immutable release. Only release title and notes can be modified.
5a07255

3.2.1 (2026-06-29)

Bug Fixes

  • ci: verify committed dist/ after build; drop redundant npm ci (aaa75ed)
  • release: verify dist/ in CI, not after the release is cut (f68fb68)

v3.2.0

Choose a tag to compare

@bitwise-fast-forward-merge bitwise-fast-forward-merge released this 28 Jun 23:06
Immutable release. Only release title and notes can be modified.
c74cdc3

3.2.0 (2026-06-28)

Features

  • ci: set up uv when a pyproject.toml exists (53a25ac)
  • release: expose release-please outputs to callers (e0317e4)

Bug Fixes

  • release: drop ${{ }} braces from a workflow_call output description (e148d2c)

v3.1.0

Choose a tag to compare

@bitwise-fast-forward-merge bitwise-fast-forward-merge released this 28 Jun 21:27
Immutable release. Only release title and notes can be modified.
33beb0b

3.1.0 (2026-06-28)

Features

  • ci: add coverage input to make Codecov upload optional (0c184d2)
  • close linked issues on fast-forward merge (554c035)

v3.0.0

Choose a tag to compare

@bitwise-fast-forward-merge bitwise-fast-forward-merge released this 24 Jun 17:34
Immutable release. Only release title and notes can be modified.
ef97ca5

3.0.0 (2026-06-24)

⚠ BREAKING CHANGES

  • consuming repos must update their callers. merge.yaml callers drop the pull_request(labeled) and pull_request_review triggers and add the new required merge-review-ack.yaml companion (kept in the workflow_run list) — without it, approvals no longer trigger auto-merge (only /merge or the scheduled sweep do). dependabot-merge.yaml callers drop the pull_request_target trigger. Hand-adding the auto-merge label no longer attempts a merge immediately; it arms and the merge happens on the next workflow_run or scheduled sweep.

Features

  • release: author the release as a GitHub App via optional app-client-id (19e0245)
  • route auto-merge through events that add no PR checks (76308d7)

v2.0.0

Choose a tag to compare

@github-actions github-actions released this 21 Jun 00:13
Immutable release. Only release title and notes can be modified.
e37b7f6

2.0.0 (2026-06-21)

⚠ BREAKING CHANGES

  • the reusable workflow moved from .github/workflows/codeql.yaml to .github/workflows/security.yaml. Consumers must update their caller's uses: from bitwise-media-group/github-workflows/.github/workflows/codeql.yaml@ to .../security.yaml@.
  • auto-merge.yaml is removed; its behaviour now lives in merge.yaml (wire the four auto-merge triggers on the caller). merge.yaml no longer accepts a pr-number input (it resolves the PR from the event), and the auto-merge arming comment input is now 'arm-command' (was 'command'). Consumers pinned @v1 are unaffected until they move to @v2.
  • the per-language workflow files are removed. Consumers must repoint uses: to ci.yaml/codeql.yaml/release.yaml@v2, provide the canonical Makefile targets (stubbing N/A ones as no-ops), and set vanity-tags: true to keep the floating major tag.

Features

  • add a languages override and opt-in zizmor scan to the CodeQL workflow (ba40cbc)
  • fold auto-merge into the merge workflow (6497957)
  • generalize ci/codeql/release into language-agnostic workflows (bf13819)
  • rename reusable codeql workflow to security, standardise names (75ae004)

Bug Fixes

  • harden reusable workflow security posture (7f4724a)
  • merge: do not cancel pending ff-merge events (048f8c2)
  • merge: request workflows scope so ff-merge can push workflow-file changes (7ac5ca8)
  • release-go: re-pin release-please-action to its current v5.0.0 commit (dfa6330)

v1.1.0

Choose a tag to compare

@github-actions github-actions released this 16 Jun 11:09
Immutable release. Only release title and notes can be modified.
077a003

1.1.0 (2026-06-16)

Features

  • dependabot: add reusable auto-approve + fast-forward merge workflow (34378a4)
  • merge: add reusable auto-merge workflow (a090028)

Bug Fixes

  • auto-merge: gate merge-on-review to same-repo PRs (forks lack pull_request_review secrets) (00e5e3f)
  • auto-merge: mint app token in arm job so callers keep permissions: {} (94f22f4)