Releases: coroboros/ci
Releases · coroboros/ci
Release list
0.2.10
Fixes
rust-packages— pin thepreflightmacOS runner tomacos-14.macos-latestrolled to an Xcode whose clang runtime path breaks the compiler-rt link (ld: library 'clang_rt.osx' not found), flaking every consumer's macOS preflight.macos-14matches the runner thedist-buildaarch64 leg already uses.
0.2.9
Fixes
rust-packages— run Homebrew formula hardening from a versionedrust/harden-homebrew-formulacomposite instead of a.github/scripts/...path in the consumer checkout. Binary release repos now resolve the script throughcoroboros/ci@v0and no longer faildist-hostafter the crate publish has succeeded.
0.2.8
Summary
- Harden cargo-dist Homebrew formulae before release upload and tap publish.
- Add a macOS
verify-homebrew-formulagate beforedist-publish. - Document the new binary-distribution step and bump the CI package to
0.2.8.
Verification
actionlint -shellcheck=shellcheckyamllint -c .yamllint .python3 -m py_compile .github/scripts/harden-homebrew-formula.py- Generated
skillwardformula from the original cargo-dist output passesbrew audit --strict --onlineandbrew fetch. - Generated
scrybeformula from the original cargo-dist output passesbrew audit --strict --onlineandbrew fetch. gitleaks git --no-banner --redact
0.2.7
Fixes
security—review-dependenciesno longer blocks the release: the advisory layer's never-blocks contract now covers it, not onlycheck-licenses. A high-severity CVE, or a repo without Dependency graph enabled, reports instead of failing the check.
0.2.6
Fixes
generate-changelog— fail loud when the newestCHANGELOG.mdsection's version was never tagged and ≠ the release tag, instead of auto-generating a degraded one-liner over a mis-bumped hand-curated section and committing it back. Gated on the release tag resolving locally, so a shallow checkout can't false-positive.
Refactor
- All workflows — align every remaining job id to the
verb-nounconvention:self-lint→check-actions/check-yaml/check-shell;self-security→scan-secrets/scan-deps;self-release→move-rolling-tag;self-test→test-<composite>;security-gate→scan-supply-chain/scan-secrets;security→review-dependencies/check-licenses. Job ids only — consumersuses:the workflows, so@v0references are unaffected.
0.2.5
Refactor
javascript-npm-packages/rust-packages— align job ids to GitLab CI'sverb-nounnaming:publish→publish-packagein both pipelines, and the Rustpackagejob →verify-package(it verify-builds the crate rather than producing an artifact). Reusable-workflow job ids only — filenames, inputs, secrets, and composite-action paths are untouched, so consumer@v0references are unaffected.
0.2.4
Fixes
rust-packages—dist-publishpasses the npm shim tarball as./${pkg}sonpm publishreads it as a file path. A baredist-global/…tar.gzmatches npm'sowner/repoGitHub shorthand, so npm tried to clone it over SSH (git ls-remote ssh://git@github.com/dist-global/…, exit 128) instead of publishing the tarball.
0.2.3
Fixes
rust-packages—dist-hostseedstarget/distrib/dist-manifest.jsonfrom the plan manifest and redirects the global build's own manifest to$RUNNER_TEMP.dist build --artifacts=globalreadsdist-manifest.jsonto assemble the installers, Homebrew formula, and npm shim; the previous> target/distrib/dist-manifest.jsontruncated that file before dist read it (EOF while parsing JSON), so the first native-CLI binary release never produced the formula or shim.
0.2.2
0.2.1
Refactor
self.yml→self-lint,self-actions→self-test— align the self-CI workflow names (self-lint·self-test·self-security·self-release).
Tests
self-test— self-testrust/baseend-to-end on a Rust fixture crate (test/fixtures/rust-crate): stage it at the workspace root, run the composite, assertfmt/clippy/testpass.self-security— self-test thesecurity-gate.ymlandsecurity.ymlreusable workflows via local./refs, now thatv0carries the security composites.
Documentation
README— add a Self-CI section documenting how the repo tests its own workflows and composites.
Configuration
.gitignore— addtarget/for Rust build artifacts.