[2.0.0] - 2026-07-04
- Commit Range: ➡️
5ae0bfb...f99e576
️ Security
f99e576— 🔒️ [fix] Add Pipfile lock file
🔒️ [fix] Commit Pipfile.lock for the empty Pipfile so dependency resolution is explicit and the Sonar security-rating finding is addressed.
Testing
5867979— 🧪 [test] Stabilize pytest temp directory
🧪 [test] Use a repo-root pytest basetemp so CI and non-interactive Windows runs avoid temp directory cleanup/setup failures.
🙈 [chore] Ignore the generated pytest temp directory.
Build System
5ae0bfb— 📦️ [build] Move skill payload under skills directory
📦️ [build] Relocate SKILL.md, helper scripts, references, assets, OpenAI metadata, license copy, and skillcheck history under skills/sonar-manage-findings for npx skills discovery.
🔧 [chore] Update package metadata, validation, pytest paths, release zip contents, and documentation to point at the nested skill payload.
[1.1.1] - 2026-06-29
- Commit Range: ➡️
47a4651...3818325
Chores
47a4651— 🧹 [chore] Update codecov configuration for report age
CI/CD
3818325— 🔧 [ci] Raise Codecov report age limit
🔧 [ci] Set codecov.max_report_age to 24h so Python coverage uploads with older embedded report timestamps are not rejected by the default 12h cutoff.
[1.1.0] - 2026-06-29
- Commit Range: ➡️
e752335...ab5c83d
✨ Features
e752335— ✨ [feat] Add strict Python validation and Codecov coverage
✨ [feat] Add strict pytest, Ruff, mypy, Pyright, coverage, and Skillcheck configuration for the Python skill helper.
👷 [ci] Add Python CI with Codecov OIDC uploads for pytest JUnit results and Cobertura coverage reports.
📝 [docs] Move the full command catalog into references/command-guide.md and keep SKILL.md focused on operational guidance.
🧪 [test] Expand pytest coverage across the CLI dispatcher, Sonar API wrappers, diagnostics, issue/project operations, and rendering behavior.
📦️ [build] Include references in npm packaging validation and the GitHub release bundle.
️ Bug Fixes
364f46f— 🐛 [fix] Install Python tools in release workflow
🐛 [fix] Set up Python 3.14 and install requirements-dev.txt before release:verify so pytest coverage validation can run during publishing.
c2c2f53— 🐛 [fix] Align Python lint checks across shells
🐛 [fix] Make Ruff package scripts use directory paths so Windows and Bash check the same tracked files.
🧪 [test] Keep pytest-only lint exceptions targeted to docstrings, fake token fixtures, and literal expectations.
👷 [ci] Mark the shebang Python CLI as executable for Linux Ruff EXE001 validation.
Documentation
ab5c83d— 📝 [docs] Clarify Sonar project mutation workflows
📝 [docs] Spell out that agents may change quality profiles, quality gates, settings, and tags when the user asks and the token has permission.
📝 [docs] Document the inspect, dry-run, apply, and verify sequence for project configuration changes.
[1.0.4] - 2026-06-27
- Commit Range: ➡️
b97dbb2...b97dbb2
️ Bug Fixes
b97dbb2— 🔒️ [fix] Restrict Sonar API fallback trust boundaries
[1.0.3] - 2026-06-27
- Commit Range: ➡️
6220c9c...910f4c0
️ Bug Fixes
910f4c0— 🔒️ [fix] Mark Sonar API text as untrusted
Dependencies
[dependabot]actions: [dependency] Update actions/dependency-review-action 4.9.0
6220c9c— (deps) [dependency] Update actions/dependency-review-action
️ Security
1712b24— 👷 [ci] Use shared workflow callers
👷 [ci] Switches the Dependabot auto-merge caller to workflow-templates@main and replaces local security and maintenance workflows with shared reusable callers.
⬆️ [build] Updates eslint-config-nick2bad4u to the published caller override version and records any peer dependency needed for the shared ESLint config to load.
Chores
b506801— Update github agent instruction paths
CI/CD
[1.0.2] - 2026-05-29
- Commit Range: ➡️
7799937...7799937
Documentation
7799937— Document universal skill installs
[1.0.1] - 2026-05-29
- Commit Range: ➡️
1f14f3d...db44662
️ Other Changes
-
db44662— Use git-cliff release notes and npm publish -
50a599a— Add SonarLint project binding -
d3ca3e3— Reduce Sonar hotspot query complexity -
28eb079— Fix SonarCloud findings -
8e1d42c— Rename npm package for skill publishing -
1846d4e— Move skill package to repository root -
f4d95d4— Allow npm package publishing -
2a38a4c— Use staged npm publishing for skill releases -
4467b39— Add npm trusted publishing release setup -
72bc397— Clean up repository automation guidance -
597b49c— Add Codex skill metadata -
7a106a6— Remove label creation instructions from README
Removed instructions for creating labels with colors and descriptions.
Added badges for GitHub release, stars, forks, open issues, open PRs, license, and Dependabot updates.
Documentation
-
4a8daf2— 📝 [docs] Update SKILL.md to correct typo in instructions for modifying sonar-project.properties -
54aa9e0— 📝 [docs] Update SKILL.md with guidance on modifying sonar-project.properties -
Added note on making changes to
sonar-project.propertiesor source code to address root causes, exclude false positives, or adjust analysis surface.
Chores
-
28019e0— 🔥 [chore] Remove obsolete hook scripts and configuration files -
Deleted unused hook configuration from hooks.json
-
Removed log-prompt scripts in both PowerShell and Bash
-
Eliminated temporary directory cleanup scripts in PowerShell and Bash
[1.0.0] - 2026-03-23
- Commit Range: ➡️
c3ed029...3219a63
✨ Features
fb1710c— ✨ [feat] (config) Add initial Jekyll configuration for SonarCloud Skill
Dependencies
2259048— (deps) [dependency] Update actions/ai-inference
️ Security
-
ab27a1c— ✨ [feat] (workflow) Add GitHub workflows for issue management and automation -
Introduced
stale.ymlto mark stale issues and pull requests with scheduled runs and event triggers. -
Added
summary.ymlfor summarizing new issues and pull requests using AI inference. -
Implemented
trufflehog.ymlfor secret scanning on push and pull request events.
📝 [docs] (changelog) Create CHANGELOG.md for project documentation -
Documented notable changes and added sections for unreleased features.
📝 [docs] (contributing) Add CONTRIBUTING.md for contribution guidelines -
Provided setup instructions, local checks, security requirements, and a pull request checklist.
📝 [docs] (readme) Update README.md with detailed project overview and usage instructions -
Expanded project description, quick start guide, common commands, and security notes.
🔒 [security] (policy) Establish SECURITY.md for security policy and reporting -
Outlined supported scope, secret handling rules, and operational safety measures.
🧹 [chore] (gitignore) Update .gitignore with additional patterns for various environments -
Included patterns for Python, Node, React, and other frameworks to prevent unnecessary files from being tracked.
️ Other Changes
c3ed029— Initial commit
⭐ Contributors
Thanks to all the contributors for their hard work!
License
This project is licensed under the Unlicense.
This changelog was automatically generated with git-cliff.