Releases: Pheoxy/themis
Release list
Themis v1.0.2
Summary
Themis v1.0.2 is a patch release for GitHub Marketplace publication metadata.
Changed
- GitHub Action Marketplace display name changed from
ThemistoThemis PR Gateso it satisfies GitHub Marketplace's global action-name uniqueness requirement. - Stable GitHub Action examples now reference
Pheoxy/themis@v1.0.2. - Documentation now explains why the Marketplace display name differs from the project name.
Verification
Completed before tagging:
nix flake check
nix run . -- release check
nix run . -- release audit --history --format markdown
nix run . -- self-check --repo . --base HEAD~1 --body-file examples/pr-body.md --evidence "nix flake check passed" --human --run-checks
git tag -v v1.0.2Results:
nix flake check: passrelease check: passrelease audit --history: passself-check: pass- signed tag verification: pass
GitHub Action Smoke Test
- Workflow:
Themis Smoke - Run: https://github.com/Pheoxy/themis/actions/runs/28502185507
- Result: success
- Commit tested:
a338cab9ca7afc7c450db79ca82e391c86f30655
Tag Release Workflow
- Workflow:
Release - Run: https://github.com/Pheoxy/themis/actions/runs/28502309852
- Result: success
- Tag:
v1.0.2
Upgrade Notes
Use Pheoxy/themis@v1.0.2 in GitHub workflows for stable action pinning.
Marketplace Notes
Publish this release to the GitHub Marketplace using the display name Themis PR Gate.
Non-Guarantees
Themis is a pre-upstream readiness gate. Passing Themis or this release's checks does not certify code correctness, security, licensing, legal compliance, or upstream acceptance.
Links
- Changelog: https://github.com/Pheoxy/themis/blob/v1.0.2/CHANGELOG.md
- Documentation: https://github.com/Pheoxy/themis#readme
- Release tag: https://github.com/Pheoxy/themis/releases/tag/v1.0.2
Themis v1.0.1
Summary
Themis v1.0.1 is a patch release focused on public repository operations, dependency maintenance, protected PR validation, GitHub Action Marketplace metadata, and release-gate automation after the initial v1.0.0 release.
Highlights
- Repo-specific issue and pull request templates for Themis policy, release, and validation workflows.
- Structured issue forms for bug reports, feature requests, and policy false positives.
- GitHub Sponsors metadata and CODEOWNERS metadata.
- Renovate configuration for Nix flake inputs and GitHub Actions.
- Explicit Renovate Nix manager opt-in and weekly lock-file maintenance for
flake.lock. - PR validation now checks the PR head commit instead of GitHub's synthetic merge commit, avoiding false DCO failures for signed-off bot commits.
- Renovate PR bodies include a checked automation acknowledgement compatible with Themis' PR-template gate.
- GitHub Action branding metadata and Marketplace publication guidance.
- Tag-triggered release workflow that runs release gates on
v*tags.
Verification
Completed before tagging:
nix flake check
nix run . -- release check
nix run . -- release audit --history --format markdown
nix run . -- self-check --repo . --base HEAD~1 --body-file examples/pr-body.md --evidence "nix flake check passed" --human --run-checks
git tag -v v1.0.1Results:
nix flake check: passrelease check: passrelease audit --history: passself-check: pass- signed tag verification: pass
GitHub Action Smoke Test
- Workflow:
Themis Smoke - Run: https://github.com/Pheoxy/themis/actions/runs/28500554924
- Result: success
- Commit tested:
9c5328033146de6f091198f21d0336343c8c2fe8
Tag Release Workflow
- Workflow:
Release - Run: https://github.com/Pheoxy/themis/actions/runs/28500699420
- Result: success
- Tag:
v1.0.1
Upgrade Notes
Use Pheoxy/themis@v1.0.1 in GitHub workflows for stable action pinning.
Non-Guarantees
Themis is a pre-upstream readiness gate. Passing Themis or this release's checks does not certify code correctness, security, licensing, legal compliance, or upstream acceptance.
Links
- Changelog: https://github.com/Pheoxy/themis/blob/v1.0.1/CHANGELOG.md
- Documentation: https://github.com/Pheoxy/themis#readme
- Release tag: https://github.com/Pheoxy/themis/releases/tag/v1.0.1
Themis v1.0.0
Summary
Themis v1.0.0 is the initial stable release of a Nix-first, fail-closed pre-upstream PR validation gate for contributors, maintainers, CI users, and GitHub Action users.
Highlights
- Deterministic CLI gate with Markdown, JSON, comment, and SARIF output.
- GitHub composite action with step summaries, artifacts, annotations, workflow selection, config checks, and optional PR comments.
- Strict policy checks for AI disclosure, human accountability, test evidence, DCO/signoff, upstream rules, generated/vendor/binary/secret-like content, placeholders, and oversized changes.
- Dynamic upstream rule inference from contribution docs, PR templates, and monorepo policy files.
- Disabled-by-default AI provider diagnostics and preview workflows that cannot affect gate pass/fail status.
- Nix flake packaging and
nix flake checkrelease gates. - Apache-2.0 license, documented asset provenance, threat model, stability policy, and release audit workflow.
- Release-ready README with Themis banner artwork, neutral project description, and grouped quick-start steps.
Verification
Completed before tagging:
nix run . -- release check
nix flake check
nix run . -- release audit --history --format markdown
nix run . -- self-check --repo . --base HEAD~1 --body-file examples/pr-body.md --evidence "nix flake check passed" --human --run-checks
git grep -n -i anubis $(git rev-list --all) -- . || true
git tag -v v1.0.0Results:
release check: passnix flake check: passrelease audit --history: passself-check: pass- removed-name history scan: clean
- signed tag verification: pass
GitHub Action Smoke Test
- Repository:
https://github.com/Pheoxy/themis - Workflow:
Themis Smoke - Run: https://github.com/Pheoxy/themis/actions/runs/28492194173
- Result: success
- Commit tested:
972f68442dcfbbc7eab7792dabc0f5a82fd52d4d - Outputs verified:
status=pass,exit-code=0,report=smoke-report.md - Step summary, annotations, and report artifact path were exercised by the composite action.
Security And Provenance
- License: Apache-2.0.
- GitHub license detection recognizes the repository as Apache-2.0.
- Generated asset provenance is documented in
docs/assets/PROVENANCE.md. - Synthetic secret-like fixtures are documented in
docs/security-fixtures.mdand approved by the release audit. - Release audit reports locations only and does not print matched secret-like values.
Non-Guarantees
Themis is a pre-upstream readiness gate. Passing Themis or this release's checks does not certify code correctness, security, licensing, legal compliance, or upstream acceptance.
Upgrade Notes
This is the initial stable release. Use Pheoxy/themis@v1.0.0 in GitHub workflows for stable action pinning.
Links
- Changelog: https://github.com/Pheoxy/themis/blob/v1.0.0/CHANGELOG.md
- Documentation: https://github.com/Pheoxy/themis#readme
- Release tag: https://github.com/Pheoxy/themis/releases/tag/v1.0.0