Skip to content

chore(main): release 0.6.1#8

Merged
jorisjonkers-dev-agents[bot] merged 1 commit into
mainfrom
release-please--branches--main
Jun 28, 2026
Merged

chore(main): release 0.6.1#8
jorisjonkers-dev-agents[bot] merged 1 commit into
mainfrom
release-please--branches--main

Conversation

@jorisjonkers-dev-agents

Copy link
Copy Markdown
Contributor

🤖 I have created a release beep boop

0.6.1 (2026-06-28)

Bug Fixes

  • reusable: check out github-workflows at github.job_workflow_sha (#7) (78a598a)

This PR was generated with Release Please. See documentation.

@jorisjonkers-dev-agents jorisjonkers-dev-agents Bot force-pushed the release-please--branches--main branch from 340fc87 to 47df37a Compare June 28, 2026 13:14
@jorisjonkers-dev-agents jorisjonkers-dev-agents Bot added the autorelease: pending Release Please has pending release work. label Jun 28, 2026
@jorisjonkers-dev-agents jorisjonkers-dev-agents Bot merged commit a6cd2dd into main Jun 28, 2026
4 checks passed
@jorisjonkers-dev-agents

Copy link
Copy Markdown
Contributor Author

🤖 Created releases:

🌻

@jorisjonkers-dev-agents jorisjonkers-dev-agents Bot added autorelease: tagged Release Please has tagged a release. and removed autorelease: pending Release Please has pending release work. labels Jun 28, 2026
jorisjonkers-dev-agents Bot added a commit that referenced this pull request Jul 8, 2026
…ws (#31)

* feat: add deploy-artifact, leak-scan, deploy-validate reusable workflows

Implements Chunk D of the deploy platform build-out:

- .github/workflows/deploy-artifact.yml: reusable workflow for OCI artifact
  publish with idempotent push, race detection, keyless cosign signing, and
  SC-4 gate-summary emission on every failure path (finalize job, if: always())
- .github/workflows/leak-scan.yml: reusable workflow wrapping the leak-scan
  composite action; exposes gate-summary-artifact output
- .github/workflows/deploy-validate.yml: reusable workflow for PR deploy
  preview with sticky comment and SC-4 gate-summary; pull-requests:write
- actions/deploy-artifact/{action.yml,run.sh,publish.sh,install-tooling.sh}:
  composite action for rendering 5 fragments, kubeconform/kustomize validation,
  reject kind:Secret, emit-contract; render-hash declared in outputs block
  (correction #8); npm-signatures gate emitted before exit 1 (correction #9)
- actions/leak-scan/{action.yml,run.sh}: SC-8 path deny-list plus gitleaks/
  trufflehog wrappers; three scan modes (all-refs, pr-diff, path); redacted
  gate-summary.json (never exposes raw match content)
- actions/deploy-preview/{action.yml,run.sh}: SC-11 readiness scorecard,
  deploy-preview-summary.md rendering, sticky PR comment (post/update),
  escape-hatch detection, SC-4 gate-summary
- data/leak-patterns.json: SC-8 canonical source in {modes, extra_paths}
  shape (correction #5); deployment-artifact extra_paths = deploy/raw-manifests/**
- docs/action-pinning.md: action pinning policy
- renovate.json: add pinDigests:true globally; github-actions pinned digests
  group (weekly Monday); JorisJonkers-dev/github-workflows exempt (semver)
- tests/test_deploy_platform_d.py: 51 tests covering T-D1..T-D6
- tests/test_crac_train_workflow.py: update renovate.json contract test to
  accommodate the new pinDigests/packageRules fields
- .github/workflows/ci.yml: add PyYAML to python-tests venv for test_deploy_platform_d

VERIFICATION fix applied: image-lock-artifact is the only lock input on the
workflow_call interface (no image-lock-path alternative).

* fix: pin real SHA256 digests for deploy-artifact tooling

install-tooling.sh shipped with placeholder digests that would fail
checksum verification on first CI run; digests now computed from the
actual v2.4.3/1.28.0/1.2.3/0.7.0/5.6.0/4.45.3 release artifacts.

---------

Co-authored-by: JorisJonkers Agent <agents@jorisjonkers.dev>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

autorelease: tagged Release Please has tagged a release.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants