Skip to content

v2.0.0

Latest

Choose a tag to compare

@github-actions github-actions released this 04 Jul 20:07
Immutable release. Only release title and notes can be modified.
f99e576

[2.0.0] - 2026-07-04

️ Security

  • f99e576 — 🔒️ [fix] Add Pipfile lock file

🔒️ [fix] Commit Pipfile.lock for the empty Pipfile so dependency resolution is explicit and the Sonar security-rating finding is addressed.

Testing

  • 5867979 — 🧪 [test] Stabilize pytest temp directory

🧪 [test] Use a repo-root pytest basetemp so CI and non-interactive Windows runs avoid temp directory cleanup/setup failures.

🙈 [chore] Ignore the generated pytest temp directory.

Build System

  • 5ae0bfb — 📦️ [build] Move skill payload under skills directory

📦️ [build] Relocate SKILL.md, helper scripts, references, assets, OpenAI metadata, license copy, and skillcheck history under skills/sonar-manage-findings for npx skills discovery.

🔧 [chore] Update package metadata, validation, pytest paths, release zip contents, and documentation to point at the nested skill payload.

[1.1.1] - 2026-06-29

Chores

  • 47a4651 — 🧹 [chore] Update codecov configuration for report age

CI/CD

  • 3818325 — 🔧 [ci] Raise Codecov report age limit

🔧 [ci] Set codecov.max_report_age to 24h so Python coverage uploads with older embedded report timestamps are not rejected by the default 12h cutoff.

[1.1.0] - 2026-06-29

✨ Features

  • e752335 — ✨ [feat] Add strict Python validation and Codecov coverage

✨ [feat] Add strict pytest, Ruff, mypy, Pyright, coverage, and Skillcheck configuration for the Python skill helper.

👷 [ci] Add Python CI with Codecov OIDC uploads for pytest JUnit results and Cobertura coverage reports.

📝 [docs] Move the full command catalog into references/command-guide.md and keep SKILL.md focused on operational guidance.

🧪 [test] Expand pytest coverage across the CLI dispatcher, Sonar API wrappers, diagnostics, issue/project operations, and rendering behavior.

📦️ [build] Include references in npm packaging validation and the GitHub release bundle.

️ Bug Fixes

  • 364f46f — 🐛 [fix] Install Python tools in release workflow

🐛 [fix] Set up Python 3.14 and install requirements-dev.txt before release:verify so pytest coverage validation can run during publishing.

  • c2c2f53 — 🐛 [fix] Align Python lint checks across shells

🐛 [fix] Make Ruff package scripts use directory paths so Windows and Bash check the same tracked files.

🧪 [test] Keep pytest-only lint exceptions targeted to docstrings, fake token fixtures, and literal expectations.

👷 [ci] Mark the shebang Python CLI as executable for Linux Ruff EXE001 validation.

Documentation

  • ab5c83d — 📝 [docs] Clarify Sonar project mutation workflows

📝 [docs] Spell out that agents may change quality profiles, quality gates, settings, and tags when the user asks and the token has permission.

📝 [docs] Document the inspect, dry-run, apply, and verify sequence for project configuration changes.

[1.0.4] - 2026-06-27

️ Bug Fixes

  • b97dbb2 — 🔒️ [fix] Restrict Sonar API fallback trust boundaries

[1.0.3] - 2026-06-27

️ Bug Fixes

  • 910f4c0 — 🔒️ [fix] Mark Sonar API text as untrusted

Dependencies

[dependabot]actions: [dependency] Update actions/dependency-review-action 4.9.0

  • 6220c9c(deps) [dependency] Update actions/dependency-review-action

️ Security

  • 1712b24 — 👷 [ci] Use shared workflow callers

👷 [ci] Switches the Dependabot auto-merge caller to workflow-templates@main and replaces local security and maintenance workflows with shared reusable callers.

⬆️ [build] Updates eslint-config-nick2bad4u to the published caller override version and records any peer dependency needed for the shared ESLint config to load.

Chores

  • b506801 — Update github agent instruction paths

CI/CD

  • fe178b7 — Update Dependabot auto-merge workflow pin

  • 512e0f6 — Add Dependabot auto-merge workflow

[1.0.2] - 2026-05-29

Documentation

  • 7799937 — Document universal skill installs

[1.0.1] - 2026-05-29

️ Other Changes

  • db44662 — Use git-cliff release notes and npm publish

  • 50a599a — Add SonarLint project binding

  • d3ca3e3 — Reduce Sonar hotspot query complexity

  • 28eb079 — Fix SonarCloud findings

  • 8e1d42c — Rename npm package for skill publishing

  • 1846d4e — Move skill package to repository root

  • f4d95d4 — Allow npm package publishing

  • 2a38a4c — Use staged npm publishing for skill releases

  • 4467b39 — Add npm trusted publishing release setup

  • 72bc397 — Clean up repository automation guidance

  • 597b49c — Add Codex skill metadata

  • 7a106a6 — Remove label creation instructions from README

Removed instructions for creating labels with colors and descriptions.

  • 96d2fc4 — Fix broken links in README badges

  • 1f14f3d — Add GitHub badges to README

Added badges for GitHub release, stars, forks, open issues, open PRs, license, and Dependabot updates.

Documentation

  • 4a8daf2 — 📝 [docs] Update SKILL.md to correct typo in instructions for modifying sonar-project.properties

  • 54aa9e0 — 📝 [docs] Update SKILL.md with guidance on modifying sonar-project.properties

  • Added note on making changes to sonar-project.properties or source code to address root causes, exclude false positives, or adjust analysis surface.

Chores

  • 28019e0 — 🔥 [chore] Remove obsolete hook scripts and configuration files

  • Deleted unused hook configuration from hooks.json

  • Removed log-prompt scripts in both PowerShell and Bash

  • Eliminated temporary directory cleanup scripts in PowerShell and Bash

[1.0.0] - 2026-03-23

✨ Features

  • fb1710c — ✨ [feat] (config) Add initial Jekyll configuration for SonarCloud Skill

Dependencies

  • 2259048(deps) [dependency] Update actions/ai-inference

️ Security

  • ab27a1c — ✨ [feat] (workflow) Add GitHub workflows for issue management and automation

  • Introduced stale.yml to mark stale issues and pull requests with scheduled runs and event triggers.

  • Added summary.yml for summarizing new issues and pull requests using AI inference.

  • Implemented trufflehog.yml for secret scanning on push and pull request events.
    📝 [docs] (changelog) Create CHANGELOG.md for project documentation

  • Documented notable changes and added sections for unreleased features.
    📝 [docs] (contributing) Add CONTRIBUTING.md for contribution guidelines

  • Provided setup instructions, local checks, security requirements, and a pull request checklist.
    📝 [docs] (readme) Update README.md with detailed project overview and usage instructions

  • Expanded project description, quick start guide, common commands, and security notes.
    🔒 [security] (policy) Establish SECURITY.md for security policy and reporting

  • Outlined supported scope, secret handling rules, and operational safety measures.
    🧹 [chore] (gitignore) Update .gitignore with additional patterns for various environments

  • Included patterns for Python, Node, React, and other frameworks to prevent unnecessary files from being tracked.

️ Other Changes

⭐ Contributors

Thanks to all the contributors for their hard work!

License

This project is licensed under the Unlicense.
This changelog was automatically generated with git-cliff.