Skip to content

v1.9.0

Latest

Choose a tag to compare

@github-actions github-actions released this 11 Jun 15:14
v1.9.0
36407e4

Highlights

This release hardens the skill's assessment coverage around two failure modes seen in real Concourse fleets. Mirror-push jobs (git push --mirror) now get a dedicated gotcha plus checkpoints: when the target repository's default branch does not exist upstream, the pre-receive hook rejects the entire push with "pre-receive hook declined" — the skill now warns about this before the first mirror push instead of letting it fail in CI. In addition, a new LLM review flags environment-specific credentials placed in shared YAML anchors (e.g. a generic vault-vars anchor carrying prod-only tokens), which silently leaks wrong or missing credentials into environments that should never see them.

Added

  • Gotcha 4 in SKILL.md: git push --mirror requires the target repo's default branch to exist upstream before the first push (PR #25)
  • CC-18 mechanical checkpoint: warns when pipelines or scripts use git push --mirror (PR #25)
  • CC-23 LLM review: verifies mirror-push targets document default-branch bootstrap before first push (PR #25)
  • CC-22 LLM review: flags environment-specific credentials in shared YAML anchors that should live in per-environment anchors (PR #24)

New Contributors

Full Changelog: v1.8.0...v1.9.0