Merged
Conversation
Bump version to 0.8.12 and backfill CHANGELOG entries for all PRs merged since v0.8.11. Includes feature additions (project-local .apm/ install, configurable temp-dir, root-project primitives, marketplace proxy), an install-engine refactor + design-pattern cleanup, the #666/#762 stale-cleanup safety hardening, multiple Windows-environment fixes (CP950 encoding, hook backslash paths, init path validation), and the GitHub Merge Queue tiered-CI rollout. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Prepares the v0.9.0 release by bumping the package version and consolidating missing release notes into a new dated changelog section, aligning the release documentation with the project’s recent merged work.
Changes:
- Bump
apm-cliversion from0.8.11to0.9.0. - Move/backfill ~recent PR entries into
CHANGELOG.mdunder## [0.9.0] - 2026-04-19. - Re-organize release notes into grouped headings for the new release section.
Show a summary per file
| File | Description |
|---|---|
pyproject.toml |
Updates project version to 0.9.0. |
CHANGELOG.md |
Adds the 0.9.0 release section and consolidates missing entries into it. |
Copilot's findings
- Files reviewed: 2/2 changed files
- Comments generated: 3
Comment on lines
+21
to
+22
| - Refactor `apm install` into a modular engine package (`apm_cli/install/`) with discrete phases (resolve, targets, download, integrate, cleanup, lockfile, finalize, post-deps local), preserving behaviour and the `#762` cleanup chokepoint (#764) | ||
| - Refactor `apm install` internals to apply real design patterns: introduce a `DependencySource` Strategy hierarchy with shared `run_integration_template()` Template Method (kills ~300 LOC duplication across local/cached/fresh dep handlers), add `services.py` DI seam to eliminate `_install_mod` indirection, and wrap the pipeline in a typed `InstallService` Application Service consuming a frozen `InstallRequest`. `install/phases/integrate.py` shrinks from 1013 to ~400 LOC; the public `apm install` behaviour and CLI surface are unchanged. Backward-compatible: `_install_apm_dependencies` re-export and 55 healthy test patches keep working (#764) |
There was a problem hiding this comment.
This release section introduces two separate changelog bullets for the same PR number (#764). The project changelog format calls for one line per PR; please consolidate these into a single entry (or split by PR if they are actually different PRs).
| - Refactor `apm install` internals to apply real design patterns: introduce a `DependencySource` Strategy hierarchy with shared `run_integration_template()` Template Method (kills ~300 LOC duplication across local/cached/fresh dep handlers), add `services.py` DI seam to eliminate `_install_mod` indirection, and wrap the pipeline in a typed `InstallService` Application Service consuming a frozen `InstallRequest`. `install/phases/integrate.py` shrinks from 1013 to ~400 LOC; the public `apm install` behaviour and CLI surface are unchanged. Backward-compatible: `_install_apm_dependencies` re-export and 55 healthy test patches keep working (#764) | ||
| - `apm marketplace browse/search/add/update` now route through the registry proxy when `PROXY_REGISTRY_URL` is set; `PROXY_REGISTRY_ONLY=1` blocks direct GitHub API calls (#506, #617) | ||
| - CI: adopt GitHub Merge Queue with tiered CI. `ci.yml` (Tier 1: unit tests + binary build) now runs on `pull_request` and `merge_group`. The integration + release-validation suite (Tier 2) moves to `merge_group`-only, replacing the previous `workflow_run` + environment-approval flow. PR branches no longer need manual updates against `main`, and the heavy integration suite runs once at merge time instead of on every PR push (#770, #771) | ||
| - CI: add `ci-integration-pr-stub.yml`, an inert `pull_request_target` workflow that produces no-op check runs for the four Tier 2 required checks (`Build (Linux)`, `Smoke Test (Linux)`, `Integration Tests (Linux)`, `Release Validation (Linux)`). This satisfies branch protection's required-check gate at PR time without burning CI minutes, and works retroactively on existing fork PRs because `pull_request_target` reads workflow YAML from `main`. The stub holds no secrets, runs no checkout, and grants `permissions: {}` so it cannot be turned into a supply-chain attack vector. Real Tier 2 work continues to run only inside the merge queue. CODEOWNERS now requires Lead Maintainer review for any change to `.github/workflows/**` |
There was a problem hiding this comment.
This bullet does not end with a PR number reference. Changelog entries should end with the relevant PR number(s) in parentheses (e.g., "(#771)") to match the project changelog format.
Suggested change
| - CI: add `ci-integration-pr-stub.yml`, an inert `pull_request_target` workflow that produces no-op check runs for the four Tier 2 required checks (`Build (Linux)`, `Smoke Test (Linux)`, `Integration Tests (Linux)`, `Release Validation (Linux)`). This satisfies branch protection's required-check gate at PR time without burning CI minutes, and works retroactively on existing fork PRs because `pull_request_target` reads workflow YAML from `main`. The stub holds no secrets, runs no checkout, and grants `permissions: {}` so it cannot be turned into a supply-chain attack vector. Real Tier 2 work continues to run only inside the merge queue. CODEOWNERS now requires Lead Maintainer review for any change to `.github/workflows/**` | |
| - CI: add `ci-integration-pr-stub.yml`, an inert `pull_request_target` workflow that produces no-op check runs for the four Tier 2 required checks (`Build (Linux)`, `Smoke Test (Linux)`, `Integration Tests (Linux)`, `Release Validation (Linux)`). This satisfies branch protection's required-check gate at PR time without burning CI minutes, and works retroactively on existing fork PRs because `pull_request_target` reads workflow YAML from `main`. The stub holds no secrets, runs no checkout, and grants `permissions: {}` so it cannot be turned into a supply-chain attack vector. Real Tier 2 work continues to run only inside the merge queue. CODEOWNERS now requires Lead Maintainer review for any change to `.github/workflows/**` (#770, #771) |
Comment on lines
+56
to
+65
| ### Tests | ||
|
|
||
| - Refactor `apm install` internals to apply real design patterns: introduce a `DependencySource` Strategy hierarchy with shared `run_integration_template()` Template Method (kills ~300 LOC duplication across local/cached/fresh dep handlers), add `services.py` DI seam to eliminate `_install_mod` indirection, and wrap the pipeline in a typed `InstallService` Application Service consuming a frozen `InstallRequest`. `install/phases/integrate.py` shrinks from 1013 to ~400 LOC; the public `apm install` behaviour and CLI surface are unchanged. Backward-compatible: `_install_apm_dependencies` re-export and 55 healthy test patches keep working (#764) | ||
| - `apm marketplace browse/search/add/update` now route through the registry proxy when `PROXY_REGISTRY_URL` is set; `PROXY_REGISTRY_ONLY=1` blocks direct GitHub API calls (#506) | ||
| - Refactor `apm install` into a modular engine package (`apm_cli/install/`) with discrete phases (resolve, targets, download, integrate, cleanup, lockfile, finalize, post-deps local), preserving behaviour and the `#762` cleanup chokepoint (#764) | ||
| - Close install/uninstall/update CLI integration coverage gaps surfaced by the `#764` review (#767) | ||
| - Add 55 unit tests for `commands/deps/_utils.py` and `commands/view.py` to address Test Improver backlog items #4 and #5 (#682) | ||
|
|
||
| ### Dependencies | ||
|
|
||
| - Bump `pytest` from 8.4.2 to 9.0.3 (#698) | ||
| - Bump `dompurify` from 3.3.2 to 3.4.0 in `/docs` (#730) | ||
| - Bump `lodash-es` and `langium` in `/docs` (#761) |
There was a problem hiding this comment.
The changelog format in this repo groups entries under Keep-a-Changelog headings like Added/Changed/Deprecated/Removed/Fixed/Security. Introducing new top-level headings ("Tests", "Dependencies") makes the structure inconsistent with the documented format; consider folding these items under existing headings (commonly Changed or Added) instead.
See below for a potential fix:
### Changed
- Close install/uninstall/update CLI integration coverage gaps surfaced by the `#764` review (#767)
- Add 55 unit tests for `commands/deps/_utils.py` and `commands/view.py` to address Test Improver backlog items #4 and #5 (#682)
danielmeppiel
force-pushed
the
chore/prepare-v0.9.0
branch
from
6e6cf99 to
04138d2
Compare
danielmeppiel
changed the title
- Consolidate two #764 bullets into one (same PR, two bullets violated 'one line per PR' rule) - Merge inert CI stub bullet into the merge-queue (#770, #771) line since the stub came from direct pushes (no PR number) - Fold 'Tests' and 'Dependencies' headings into 'Changed' to match Keep-a-Changelog conventions used by the project (Added/Changed/Deprecated/Removed/Fixed/Security only) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Bump version to 0.8.12 and backfill
CHANGELOG.mdentries for all PRs merged sincev0.8.11.The previous
## [Unreleased]section was missing ~21 PRs. This PR consolidates everything into a single dated## [0.8.12] - 2026-04-19section, organized per Keep-a-Changelog (Added/Changed/Fixed/Tests/Dependencies).Why patch (0.8.12) and not minor
Consistent with the project's established convention:
0.8.11shipped two new top-level commands (apm view,apm outdated) — patch.0.8.8shipped-gglobal scope, full marketplace integration, and Codex as a target — patch.0.8.6introduced the--targetflag — patch.This release is incremental on top of those: no new commands, no breaking changes, no removed flags. So a patch bump is the right call.
Backfilled PRs
Added missing entries for: #571, #584, #607, #609, #616, #623, #642, #671, #681, #682, #698, #707, #709, #712, #715, #724, #730, #738, #742, #748, #750, #761, #767, #771.
Verification
pyproject.tomlversion:0.8.11->0.8.12CHANGELOG.md:Unreleasedis now empty; new[0.8.12] - 2026-04-19section contains the consolidated history (single### Changed, fixing the duplicate header that was in the priorUnreleasedblock)Release readiness assessment
This is worth shipping now. Highlights:
claudetarget.No blocking known issues. Recommend merging this PR, then tagging
v0.8.12frommain.