Skip to content

Releases: Pheoxy/themis

Themis v1.0.2

Choose a tag to compare

@Pheoxy Pheoxy released this 01 Jul 07:53
v1.0.2
a338cab

Summary

Themis v1.0.2 is a patch release for GitHub Marketplace publication metadata.

Changed

  • GitHub Action Marketplace display name changed from Themis to Themis PR Gate so it satisfies GitHub Marketplace's global action-name uniqueness requirement.
  • Stable GitHub Action examples now reference Pheoxy/themis@v1.0.2.
  • Documentation now explains why the Marketplace display name differs from the project name.

Verification

Completed before tagging:

nix flake check
nix run . -- release check
nix run . -- release audit --history --format markdown
nix run . -- self-check --repo . --base HEAD~1 --body-file examples/pr-body.md --evidence "nix flake check passed" --human --run-checks
git tag -v v1.0.2

Results:

  • nix flake check: pass
  • release check: pass
  • release audit --history: pass
  • self-check: pass
  • signed tag verification: pass

GitHub Action Smoke Test

Tag Release Workflow

Upgrade Notes

Use Pheoxy/themis@v1.0.2 in GitHub workflows for stable action pinning.

Marketplace Notes

Publish this release to the GitHub Marketplace using the display name Themis PR Gate.

Non-Guarantees

Themis is a pre-upstream readiness gate. Passing Themis or this release's checks does not certify code correctness, security, licensing, legal compliance, or upstream acceptance.

Links

Themis v1.0.1

Choose a tag to compare

@Pheoxy Pheoxy released this 01 Jul 07:23
v1.0.1
9c53280

Summary

Themis v1.0.1 is a patch release focused on public repository operations, dependency maintenance, protected PR validation, GitHub Action Marketplace metadata, and release-gate automation after the initial v1.0.0 release.

Highlights

  • Repo-specific issue and pull request templates for Themis policy, release, and validation workflows.
  • Structured issue forms for bug reports, feature requests, and policy false positives.
  • GitHub Sponsors metadata and CODEOWNERS metadata.
  • Renovate configuration for Nix flake inputs and GitHub Actions.
  • Explicit Renovate Nix manager opt-in and weekly lock-file maintenance for flake.lock.
  • PR validation now checks the PR head commit instead of GitHub's synthetic merge commit, avoiding false DCO failures for signed-off bot commits.
  • Renovate PR bodies include a checked automation acknowledgement compatible with Themis' PR-template gate.
  • GitHub Action branding metadata and Marketplace publication guidance.
  • Tag-triggered release workflow that runs release gates on v* tags.

Verification

Completed before tagging:

nix flake check
nix run . -- release check
nix run . -- release audit --history --format markdown
nix run . -- self-check --repo . --base HEAD~1 --body-file examples/pr-body.md --evidence "nix flake check passed" --human --run-checks
git tag -v v1.0.1

Results:

  • nix flake check: pass
  • release check: pass
  • release audit --history: pass
  • self-check: pass
  • signed tag verification: pass

GitHub Action Smoke Test

Tag Release Workflow

Upgrade Notes

Use Pheoxy/themis@v1.0.1 in GitHub workflows for stable action pinning.

Non-Guarantees

Themis is a pre-upstream readiness gate. Passing Themis or this release's checks does not certify code correctness, security, licensing, legal compliance, or upstream acceptance.

Links

Themis v1.0.0

Choose a tag to compare

@Pheoxy Pheoxy released this 01 Jul 02:02
v1.0.0
972f684

Summary

Themis v1.0.0 is the initial stable release of a Nix-first, fail-closed pre-upstream PR validation gate for contributors, maintainers, CI users, and GitHub Action users.

Highlights

  • Deterministic CLI gate with Markdown, JSON, comment, and SARIF output.
  • GitHub composite action with step summaries, artifacts, annotations, workflow selection, config checks, and optional PR comments.
  • Strict policy checks for AI disclosure, human accountability, test evidence, DCO/signoff, upstream rules, generated/vendor/binary/secret-like content, placeholders, and oversized changes.
  • Dynamic upstream rule inference from contribution docs, PR templates, and monorepo policy files.
  • Disabled-by-default AI provider diagnostics and preview workflows that cannot affect gate pass/fail status.
  • Nix flake packaging and nix flake check release gates.
  • Apache-2.0 license, documented asset provenance, threat model, stability policy, and release audit workflow.
  • Release-ready README with Themis banner artwork, neutral project description, and grouped quick-start steps.

Verification

Completed before tagging:

nix run . -- release check
nix flake check
nix run . -- release audit --history --format markdown
nix run . -- self-check --repo . --base HEAD~1 --body-file examples/pr-body.md --evidence "nix flake check passed" --human --run-checks
git grep -n -i anubis $(git rev-list --all) -- . || true
git tag -v v1.0.0

Results:

  • release check: pass
  • nix flake check: pass
  • release audit --history: pass
  • self-check: pass
  • removed-name history scan: clean
  • signed tag verification: pass

GitHub Action Smoke Test

  • Repository: https://github.com/Pheoxy/themis
  • Workflow: Themis Smoke
  • Run: https://github.com/Pheoxy/themis/actions/runs/28492194173
  • Result: success
  • Commit tested: 972f68442dcfbbc7eab7792dabc0f5a82fd52d4d
  • Outputs verified: status=pass, exit-code=0, report=smoke-report.md
  • Step summary, annotations, and report artifact path were exercised by the composite action.

Security And Provenance

  • License: Apache-2.0.
  • GitHub license detection recognizes the repository as Apache-2.0.
  • Generated asset provenance is documented in docs/assets/PROVENANCE.md.
  • Synthetic secret-like fixtures are documented in docs/security-fixtures.md and approved by the release audit.
  • Release audit reports locations only and does not print matched secret-like values.

Non-Guarantees

Themis is a pre-upstream readiness gate. Passing Themis or this release's checks does not certify code correctness, security, licensing, legal compliance, or upstream acceptance.

Upgrade Notes

This is the initial stable release. Use Pheoxy/themis@v1.0.0 in GitHub workflows for stable action pinning.

Links