Skip to content

fix: release v0.1.10 - workflow security fixes and template formatting#15

Merged
ramonclaudio merged 3 commits intomainfrom
release/v0.1.10
Sep 7, 2025
Merged

fix: release v0.1.10 - workflow security fixes and template formatting#15
ramonclaudio merged 3 commits intomainfrom
release/v0.1.10

Conversation

@ramonclaudio
Copy link
Owner

@ramonclaudio ramonclaudio commented Sep 7, 2025

Summary

Complete the v0.1.10 release with critical workflow security fixes, OpenSSF compliance improvements, and template formatting corrections.

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • Security improvement
  • Documentation update

Related Issues

Fixes publish workflow failures that prevented security artifact generation for v0.1.7, v0.1.8, and v0.1.9 releases.

Changes Made

Workflow Security Fixes

  • Fixed minisign checksum verification format issue preventing security artifact generation
  • Corrected checksum file format from raw hash to proper "hash filename" format
  • Reorganized publish workflow to ensure all security artifacts are generated before NPM publish
  • Fixed duplicate jobs section in workflow configuration

OpenSSF Compliance

  • Set top-level permissions to read-only following OpenSSF Scorecard best practices
  • Configured job-level write permissions only where required (contents, id-token, attestations)
  • Aligned with Token-Permissions check requirements for maximum security score
  • Ensures proper generation of signed releases and SBOMs for Scorecard compliance

Template Formatting

  • Fixed missing newlines at end of debugger.md agent template
  • Added proper newlines to all command template files (commit, explain, fix, optimize, pr, review)
  • Corrected CLAUDE.md individual preferences section formatting

Testing

  • Tests added for new functionality
  • All existing tests pass
  • Manual testing completed
  • Integration tests pass

Checklist

  • Code follows project style guidelines
  • Self-review completed
  • Changes generate no new warnings
  • Documentation updated where necessary

Notes

This release ensures that all future releases will have proper security artifacts (minisign signatures, GPG signatures, SBOMs, SLSA attestations) attached to GitHub releases, meeting OpenSSF Scorecard requirements for signed releases and supply chain security.

@ramonclaudio
fix: fix minisign checksum verification in publish workflow
4970bb7 
- Add proper formatting for minisign checksum file
- Set read-only permissions at top level following OpenSSF best practices
- Move NPM publish after security artifact generation
- Fix duplicate jobs section in workflow
@ramonclaudio
fix: add missing newlines to template files
0547e3c 
- Fix missing newline at end of debugger.md
- Fix missing newlines in all command template files
- Add newline to end of CLAUDE.md individual preferences section
@ramonclaudio
chore: bump version to 0.1.10
8fd37d6 
- Update package.json version to 0.1.10
- Update package-lock.json version
- Add v0.1.10 changelog entry documenting all fixes
@ramonclaudio ramonclaudio merged commit 77ae8f8 into main Sep 7, 2025
6 checks passed
@ramonclaudio ramonclaudio deleted the release/v0.1.10 branch September 7, 2025 15:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ramonclaudio