Loading
Commits on Source 18
-
Jean Humann authored
This commit adds a GitLab pipeline coverage badge to the README, positioned between the commitizen badge and the npm version badge. This provides visibility into the current test coverage status of the main branch directly from the repository homepage. Signed-off-by:Jean Humann <jean.humann@cleyrop.com>
-
Jean Humann authored
The package was already published as ESM; only the Jest/ts-jest test runner remained CommonJS. Replace it with AVA (the runner used across the semantic-release ecosystem) so the project is ESM end to end, which also unblocks the ESM-only dependency majors Jest could not load. Fork-rename fixes (user facing): - verifyConditions matches the current @cleyrop-org package name as well as the legacy @saithodev name, and now resolves every Config option (it previously dropped allowSameBranchMerge/mergeMode/fastForwardMode/fetchDelay) - route leftover console.log debugging in the Git helper through debug() - point error documentation links at the GitLab repository Test suite: - Jest/ts-jest -> AVA + c8 + sinon + esmock + tsx (ts-mockito retained), with one shared src/test-utils.ts shim instead of divergent per-file copies - 83 tests, ~99% statement coverage, including a new index.test.ts - a `typecheck` script (tsc --noEmit) now gates the test sources in CI Dependencies and build: - execa 5 -> 9, aggregate-error 3 -> 5, @semantic-release/error 3 -> 4 (all ESM only), TypeScript 6, moduleResolution nodenext, rest of toolchain latest - drop @types/semantic-release in favour of semantic-release's bundled types - tsconfig.build.json so the build emits only src; publish a dist-only tarball via the files allowlist; add a LICENSE file Packaging and CI: - declare semantic-release as a peerDependency rather than a dependency, removing its vulnerable transitive tree from the published closure (npm audit --omit=dev reports 0 vulnerabilities) - engines mirror the semantic-release host (^22.14.0 || >=24.10.0); CI and the dev pin use Node 24 (current 22.x releases regressed tsx's .js->.ts resolution under AVA) BREAKING CHANGE: the package is ESM only, requires Node ^22.14.0 || >=24.10.0, and semantic-release must now be installed by the host project as a peer dependency. Co-Authored-By:
Claude Opus 4.8 <noreply@anthropic.com>
-
Jean Humann authored
feat!: migrate to full ESM with AVA and modernize the toolchain See merge request !8
-
Jean Humann authored
The post-merge release failed with EINVALIDNPMTOKEN: the pipeline never provided an OIDC id token, so @semantic-release/npm fell back to an expired NPM_TOKEN and got a 401. The npm package already has a GitLab Trusted Publisher configured (.gitlab-ci.yml, "npm publish" permission); wire it up by minting the NPM_ID_TOKEN id token (aud https://registry.npmjs.org ) in the release job. Also drop the separate `publish` job and its stage: @semantic-release/npm already publishes to npm during the release step, so the tag-triggered `npm publish` was a redundant double-publish that also relied on the dead NPM_TOKEN. Co-Authored-By:
Claude Opus 4.8 <noreply@anthropic.com>
-
Jean Humann authored
ci: publish to npm via OIDC trusted publishing See merge request !9
-
Jean Humann authored
The OIDC token exchange was rejected (401 "OIDC token exchange error - unauthorized") because the id token audience was wrong. npm requires aud "npm:registry.npmjs.org" (not the registry URL). Also add the SIGSTORE_ID_TOKEN (aud sigstore) since this public package/repo gets an automatic provenance attestation on publish. Co-Authored-By:Claude Opus 4.8 <noreply@anthropic.com>
-
Jean Humann authored
ci: correct npm OIDC audience for trusted publishing See merge request !10
-
🤖 Cleyrop Release authored
# [6.0.0](v5.2.4...v6.0.0) (2026-06-10) * feat!: migrate to full ESM with AVA and modernize the toolchain ([15fc9574](15fc9574) ) ### BREAKING CHANGES * the package is ESM only, requires Node ^22.14.0 || >=24.10.0, and semantic-release must now be installed by the host project as a peer dependency. Co-Authored-By:
Claude Opus 4.8 <noreply@anthropic.com>
-
Jean Humann authored
OIDC trusted publishing now authenticates, but the publish was rejected with 422 "Error verifying sigstore provenance bundle: Unsupported GitLab CI runner environment: self-hosted. Only gitlab-hosted runners are supported when publishing with provenance." Trusted publishing enables provenance by default; this project runs on self-hosted runners, so set NPM_CONFIG_PROVENANCE=false and drop the SIGSTORE_ID_TOKEN. OIDC publishing itself is unaffected. Co-Authored-By:Claude Opus 4.8 <noreply@anthropic.com>
-
Jean Humann authored
ci: disable npm provenance on self-hosted runners See merge request !11
-
Jean Humann authored
A prior pipeline pushed the v6.0.0 tag and the "chore(release): 6.0.0" commit (bumping package.json + CHANGELOG) before the npm publish step ran, then died on the provenance error. npm never got 6.0.0 and no GitLab release was created, but the orphan tag made semantic-release report "no release" on subsequent runs. The orphan tag has been deleted; this reverts package.json and CHANGELOG.md to their pre-release (5.2.4) state so semantic-release can republish 6.0.0 cleanly now that OIDC publishing (provenance disabled) works. Co-Authored-By:Claude Opus 4.8 <noreply@anthropic.com>
-
Jean Humann authored
chore: reset premature 6.0.0 artifacts for clean re-release See merge request !12
-
Jean Humann authored
semantic-release kept reporting "Found git tag v6.0.0 ... no release" even after the orphan tag was deleted from the remote. Cause: self-hosted runners reuse the build directory with GIT_STRATEGY=fetch, and `git fetch` does not prune deleted tags, so the runner's local clone retained a phantom v6.0.0 tag. Set GIT_STRATEGY=clone and GIT_DEPTH=0 on the release job so it always starts from a fresh, full clone with the real remote tags. Co-Authored-By:Claude Opus 4.8 <noreply@anthropic.com>
-
Jean Humann authored
ci: fresh full clone for release job (fix phantom tag) See merge request !13
-
🤖 Cleyrop Release authored
# [6.0.0](v5.2.4...v6.0.0) (2026-06-10) * feat!: migrate to full ESM with AVA and modernize the toolchain ([15fc9574](15fc9574) ) ### BREAKING CHANGES * the package is ESM only, requires Node ^22.14.0 || >=24.10.0, and semantic-release must now be installed by the host project as a peer dependency. Co-Authored-By:
Claude Opus 4.8 <noreply@anthropic.com>
-
Jean Humann authored
Adds an `ignorePaths` config option (string[], default []). After the merge/rebase, each listed path spec is restored to the target branch's pre-back-merge state, so changes to it on the release branch are never carried over. Works with both `merge` and `rebase` strategies. Use case: files that must diverge per branch (e.g. a version-pin matrix that holds betas on staging and alphas on develop) which a back-merge would otherwise clobber. - config: ignorePaths in Config + resolveConfig default [] - git: revParse() + restorePaths() helpers. restorePaths resolves matched files via ls-tree/ls-files: checks out those present in the target ref and removes those absent from it, so the result matches the ref exactly; non-matching path specs (incl. globs) are skipped, never aborting. - perform-backmerge: capture target tip pre-merge, restore ignorePaths after - verify: validate ignorePaths is an array (EINVALIDIGNOREPATHS) - docs + tests (perform-backmerge restore/no-op; git restorePaths + revParse) Co-Authored-By:Claude Opus 4.8 <noreply@anthropic.com>
-
Jean Humann authored
feat(backmerge): add `ignorePaths` option to exclude files from back-merge See merge request !15
-
🤖 Cleyrop Release authored
# [6.1.0](v6.0.0...v6.1.0) (2026-06-24) ### Features * **backmerge:** add `ignorePaths` option to exclude files from back-merge ([3e86d133](3e86d133))