release: v0.7.0 — GitLab CI integration + adoption polish#18
Merged
Conversation
Adds a Platform enum (GitHub default, GitLab) and a --platform flag, `.bomdrift.toml` [diff] platform key, and CI auto-detection from GITLAB_CI=true (with CI_PROJECT_URL falling through to repo_url). GitHub footer is unchanged. GitLab footer uses the project's /-/issues/new?issuable_template=false-positive URL and points reviewers at `bomdrift baseline add <ID>` rather than the v0.5 `/bomdrift suppress` comment-driven flow (deferred to v0.8). Coverage: - 2 new unit tests (GitLab footer shape + GitHub default preservation) - 3 new tests/cli.rs e2e tests (BOMDRIFT_REPO_URL plumbing, GITLAB_CI auto-detection, --platform overriding env) Closes part of #10. Lays groundwork for v0.7 GitLab CI integration. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Theme A (GitLab CI integration): - examples/gitlab-ci/.gitlab-ci.yml — MR-note diff job (curl + jq upsert) - examples/gitlab-ci/suppress.gitlab-ci.yml — manual suppression job - examples/gitlab-ci/README.md — setup, two-token model, troubleshooting - docs/src/gitlab-ci.md — new chapter mirroring github-action.md - docs/src/SUMMARY.md — link the new chapter - docs/src/cli-reference.md — document --platform, --debug-calibration, BOMDRIFT_REPO_URL / GITLAB_CI / CI_PROJECT_URL env vars Theme B (adoption polish + light calibration): - docs/src/baseline.md — worked false-positive triage example (#12) - docs/src/github-action.md — monorepo setup section (#9), action-broke troubleshooting checklist (#13) - entrypoint.sh — better "scan path not found" error with directory listing + monorepo doc link (#11) - tests/cli.rs — BOMDRIFT_REPO_URL footer regression test (#10), GITLAB_CI auto-detection, --platform override, --debug-calibration smoke test - src/cli.rs / src/lib.rs — --debug-calibration flag, write_calibration _lines() emits kind|key|score|threshold to stderr - data/{go,composer,gem}-top200.txt — +35 / +43 / +44 entries from CNCF / HashiCorp / Symfony / Laravel / Doctrine / Rails / dry-rb / testing communities (#6, #7, #8) - docs/src/enrichers/typosquat.md — refreshed list-size table All 294 tests pass; clippy --all-targets --all-features -D warnings clean. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Bump Cargo.toml + Cargo.lock from 0.6.1 → 0.7.0. - CHANGELOG.md: detailed v0.7.0 entry covering Theme A (GitLab CI integration) and Theme B (adoption polish + calibration instrumentation). - STATUS.md: GitLab CI moved from "Not supported" to supported via the v0.7 examples template. - docs/src/roadmap.md: GitLab CI integration removed from "future candidates" (now shipped); v0.8 candidates added (GitLab in-comment suppression, calibration tuning from --debug-calibration data). - README.md, docs/src/quickstart.md, .github/ISSUE_TEMPLATE/action -broke.md: bump example version pins from v0.6.1 → v0.7.0. Tests still 294 passing; clippy strict still clean. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
SBOM diff
Version changed (1)Show details
False positive? Report it · Suppress a finding? Comment |
Single-expression chain fits on one line — rustfmt prefers compact form. Caught by `cargo fmt --check` in CI on PR #18. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
v0.7.0 — broaden the platform, polish the edges
This is the GitLab milestone. v0.7 takes the v0.6 policy-config foundation
and ships GitLab CI as a first-class target, alongside a coordinated
sweep of the open issue backlog and a calibration-data instrument.
Highlights
--platform <github|gitlab>flag, CIauto-detection from
GITLAB_CI/CI_PROJECT_URL, and acopy-paste-ready
.gitlab-ci.ymltemplate underexamples/gitlab-ci/with a manual suppression job. Backward compatible: GitHub footer
shape unchanged for existing callers.
--debug-calibrationflag (off by default) emits onepipe-delimited stderr line per finding (
kind|key|score|threshold)so adopters can dump calibration samples and feed back tuning data
for
SIMILARITY_THRESHOLD,YOUNG_MAINTAINER_DAYS, etc.(Add a false-positive triage example to the baseline docs #12), action-broke troubleshooting checklist (Add an action-broke troubleshooting checklist to the docs #13), monorepo setup
docs (Document monorepo setup with the action path input #9), better "scan path not found" error (Improve the error message for missing action scan paths #11),
BOMDRIFT_REPO_URLregression test (Add a CLI regression for BOMDRIFT_REPO_URL footer rendering #10), typosquat data top-up forGo / Composer / Gem (Add more high-signal Go modules to the typosquat reference list #6, Add more Composer packages to the typosquat reference list #7, Add more RubyGems packages to the typosquat reference list #8).
Scope notes
GitLab in-comment suppression (
/bomdrift suppress <ID>posted as anMR note) is deferred to v0.8. Webhook semantics differ enough from
GitHub PR comments that the safe wiring deserves its own pass. v0.7
ships the manual-job path in
examples/gitlab-ci/suppress.gitlab-ci.yml,which covers the same user need without the webhook handler.
Test status
cargo clippy --all-targets --all-features --release -- -D warningsclean.
Commits
feat(render): platform-aware footer (GitHub + GitLab)— Wave 1+2:Platformenum + footer renderer +--platformflag + CI detection.feat(v0.7): GitLab CI template, --debug-calibration, polish docs + data— Wave 3+4: examples folder, calibration instrument, all docs work,
data top-ups.
chore(release): prepare v0.7.0— version bump, CHANGELOG, STATUS,roadmap.
Post-merge checklist (maintainer)
v0.7.0on the merge commit.v1tag tov0.7.0.release/v0.7.0branch (per project pruning policy).Co-authored-by: Copilot 223556219+Copilot@users.noreply.github.com