All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Switch from gitleaks to betterleaks for secret scanning in CI.
- Add
dependency-review-actionfor license and vulnerability vetting of dependencies introduced in PRs.
- Integrate poutine into CI guardrail: violations are reported as code scanning alerts. Trusted actions from 'unverified' creators are excluded from poutine checks.
- Include poutine in the pinned-tool-versions update check.
- Rename
reviewdogworkflow toprs-review. - Extend allowed network endpoints in CI workflows to include
raw.githubusercontent.comandapi.deps.dev. - Update pinned tool versions and CI/build dependencies (python-workflow-tools, setup-uv, kotlin-stdlib, prek).
- Fix hook-coverage script and documentation following the rename of the reviewdog workflow to prs-review.
- Fix fetch of
ci/update-pinned-tool-versionsscript in workflow. - Fix README lint issue.
- Update build and ci dependencies
- Fit shellcheck calls in reviewdog workflow
- Grant
issues:writepermission for JReleaser release labeling
- Use here-strings instead of echo piping for GPG key import in release workflow to avoid exposing secrets in process listings.
- Fix Nexus2 snapshot deployer
closeRepositoryandreleaseRepositorysettings (should befalsefor snapshot deployments).
- Add explicit JReleaser
release.githubconfiguration with conventional-commits changelog preset, contributor listing, and issue linking. - Add
jreleaser:catalogstep to create GitHub attestations for distribution artifacts (native binaries and fat JAR). - Consolidate duplicate build steps in release workflow (publish and dry-run used identical commands).
- Upgrade
upload-artifactto v7.0.0 in release workflow for consistency with native build workflow.
- Initial relase
- All previous releases were for testing and automating the release workflow.