Skip to content

Stratos v0.0.11

Choose a tag to compare

View all tags
@github-actions github-actions released this 02 Jun 14:40
· 34 commits to main since this release
v0.0.11
This tag was signed with the committer’s verified signature.
sebastienrousseau Sebastien Rousseau
SSH Key Fingerprint: kIOPAavp1TCEauTr1tTIN3cv+tSs6F9m/4lZjuM9tqk
Verified
Learn about vigilant mode.
2860388
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Added — validation hardening

  • actionlint CI gate (new lint-workflows job in ci.yml). Every PR that touches .github/workflows/*.yml is now parsed by actionlint + its embedded shellcheck. This would have caught the v0.0.10 / v0.0.11 ghost-tag bug (multi-line git commit -m "…" strings breaking YAML block-scalar indentation) at PR-review time, before any tag could fire a broken workflow.
  • scripts/check-versions.mjs — single source of truth that verifies every version-bearing file agrees: stratos.mjs VERSION, package.json version, package-lock.json version, install.sh VERSION, install.ps1 $Version, test/router.test.mjs assertions, top CHANGELOG.md entry. Also asserts install.sh EXPECTED_SHA (and the PowerShell equivalent) matches the actual SHA-256 of stratos.mjs. Wired into a new check-versions CI job. This would have caught the v0.0.6 EXPECTED_SHA-drift bug and the v0.0.11 branched-off-stale-main bug.
  • scripts/preflight-release.sh — mandatory pre-git tag checklist that runs locally: workflow YAML parses, actionlint clean, check-versions clean, working tree clean, local main is up to date with origin/main, new version is strictly greater than the latest tag, CHANGELOG has an entry for the new version, npm test + coverage:check + docs:check all green. Run it before every tag.

Fixed

  • smoke-verify matrix bugs that caused 3/6 channels to fail on v0.0.10:
    • npm smoke now uses $(npm config get prefix)/bin/stratos instead of bare stratos — bypasses the Ubuntu-runner PATH issue that returned empty got:.
    • install-sh smoke no longer depends on cloudcdn.pro being fresh. The smoke step downloads stratos.mjs from the GH release directly when the CDN's content doesn't match, so a skipped cdn-sync no longer breaks the smoke.
    • homebrew smoke first reads the tap's currently-published version and short-circuits with a ::warning:: (not a failure) if it's behind — distinguishes "tap-bump was skipped because HOMEBREW_TAP_TOKEN is unset" from "we shipped something broken".
  • Gate-skip semantics for tap-bump / scoop-bump / winget-submit / cdn-sync. Each gated step now emits a titled ::warning:: annotation and a ### ⚠️ SKIPPED section in the workflow's Job Summary. This makes the difference between "step succeeded by skipping" and "step succeeded by actually doing the work" visible at-a-glance in the GitHub Actions UI.
  • shellcheck warnings in release.ymlsha256sum *sha256sum ./* (guards against --prefixed filenames), and 4 × SC2129 (grouped redirects to $GITHUB_STEP_SUMMARY). actionlint now exits 0.
Assets 43
Loading