Skip to content

v2.0.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 21 Jun 00:13
Immutable release. Only release title and notes can be modified.
v2.0.0
e37b7f6
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

2.0.0 (2026-06-21)

⚠ BREAKING CHANGES

  • the reusable workflow moved from .github/workflows/codeql.yaml to .github/workflows/security.yaml. Consumers must update their caller's uses: from bitwise-media-group/github-workflows/.github/workflows/codeql.yaml@ to .../security.yaml@.
  • auto-merge.yaml is removed; its behaviour now lives in merge.yaml (wire the four auto-merge triggers on the caller). merge.yaml no longer accepts a pr-number input (it resolves the PR from the event), and the auto-merge arming comment input is now 'arm-command' (was 'command'). Consumers pinned @v1 are unaffected until they move to @v2.
  • the per-language workflow files are removed. Consumers must repoint uses: to ci.yaml/codeql.yaml/release.yaml@v2, provide the canonical Makefile targets (stubbing N/A ones as no-ops), and set vanity-tags: true to keep the floating major tag.

Features

  • add a languages override and opt-in zizmor scan to the CodeQL workflow (ba40cbc)
  • fold auto-merge into the merge workflow (6497957)
  • generalize ci/codeql/release into language-agnostic workflows (bf13819)
  • rename reusable codeql workflow to security, standardise names (75ae004)

Bug Fixes

  • harden reusable workflow security posture (7f4724a)
  • merge: do not cancel pending ff-merge events (048f8c2)
  • merge: request workflows scope so ff-merge can push workflow-file changes (7ac5ca8)
  • release-go: re-pin release-please-action to its current v5.0.0 commit (dfa6330)
Assets 3
Loading