Commits on Source 18

  • Jean Humann's avatar
    docs(readme): add GitLab code coverage badge · 3f1de977
    Jean Humann authored
    
    
    This commit adds a GitLab pipeline coverage badge to the README,
    positioned between the commitizen badge and the npm version badge.
    This provides visibility into the current test coverage status of
    the main branch directly from the repository homepage.
    
    Signed-off-by: default avatarJean Humann <jean.humann@cleyrop.com>
    3f1de977
  • Jean Humann's avatar
    feat!: migrate to full ESM with AVA and modernize the toolchain · 15fc9574
    Jean Humann authored
    
    
    The package was already published as ESM; only the Jest/ts-jest test
    runner remained CommonJS. Replace it with AVA (the runner used across the
    semantic-release ecosystem) so the project is ESM end to end, which also
    unblocks the ESM-only dependency majors Jest could not load.
    
    Fork-rename fixes (user facing):
    - verifyConditions matches the current @cleyrop-org package name as well as
      the legacy @saithodev name, and now resolves every Config option (it
      previously dropped allowSameBranchMerge/mergeMode/fastForwardMode/fetchDelay)
    - route leftover console.log debugging in the Git helper through debug()
    - point error documentation links at the GitLab repository
    
    Test suite:
    - Jest/ts-jest -> AVA + c8 + sinon + esmock + tsx (ts-mockito retained), with
      one shared src/test-utils.ts shim instead of divergent per-file copies
    - 83 tests, ~99% statement coverage, including a new index.test.ts
    - a `typecheck` script (tsc --noEmit) now gates the test sources in CI
    
    Dependencies and build:
    - execa 5 -> 9, aggregate-error 3 -> 5, @semantic-release/error 3 -> 4 (all
      ESM only), TypeScript 6, moduleResolution nodenext, rest of toolchain latest
    - drop @types/semantic-release in favour of semantic-release's bundled types
    - tsconfig.build.json so the build emits only src; publish a dist-only tarball
      via the files allowlist; add a LICENSE file
    
    Packaging and CI:
    - declare semantic-release as a peerDependency rather than a dependency,
      removing its vulnerable transitive tree from the published closure
      (npm audit --omit=dev reports 0 vulnerabilities)
    - engines mirror the semantic-release host (^22.14.0 || >=24.10.0); CI and the
      dev pin use Node 24 (current 22.x releases regressed tsx's .js->.ts
      resolution under AVA)
    
    BREAKING CHANGE: the package is ESM only, requires Node ^22.14.0 || >=24.10.0,
    and semantic-release must now be installed by the host project as a peer
    dependency.
    
    Co-Authored-By: default avatarClaude Opus 4.8 <noreply@anthropic.com>
    15fc9574
  • Jean Humann's avatar
    Merge branch 'feat/esm-ava-migration' into 'main' · bda898ae
    Jean Humann authored
    feat!: migrate to full ESM with AVA and modernize the toolchain
    
    See merge request !8
    bda898ae
  • Jean Humann's avatar
    ci: publish to npm via OIDC trusted publishing · 133d5913
    Jean Humann authored
    The post-merge release failed with EINVALIDNPMTOKEN: the pipeline never
    provided an OIDC id token, so @semantic-release/npm fell back to an expired
    NPM_TOKEN and got a 401. The npm package already has a GitLab Trusted Publisher
    configured (.gitlab-ci.yml, "npm publish" permission); wire it up by minting the
    NPM_ID_TOKEN id token (aud https://registry.npmjs.org
    
    ) in the release job.
    
    Also drop the separate `publish` job and its stage: @semantic-release/npm
    already publishes to npm during the release step, so the tag-triggered
    `npm publish` was a redundant double-publish that also relied on the dead
    NPM_TOKEN.
    
    Co-Authored-By: default avatarClaude Opus 4.8 <noreply@anthropic.com>
    133d5913
  • Jean Humann's avatar
    Merge branch 'fix/npm-oidc-publishing' into 'main' · 7561457a
    Jean Humann authored
    ci: publish to npm via OIDC trusted publishing
    
    See merge request !9
    7561457a
  • Jean Humann's avatar
    ci: use correct npm OIDC audience (npm:registry.npmjs.org) · 448445de
    Jean Humann authored
    
    
    The OIDC token exchange was rejected (401 "OIDC token exchange error -
    unauthorized") because the id token audience was wrong. npm requires
    aud "npm:registry.npmjs.org" (not the registry URL). Also add the
    SIGSTORE_ID_TOKEN (aud sigstore) since this public package/repo gets an
    automatic provenance attestation on publish.
    
    Co-Authored-By: default avatarClaude Opus 4.8 <noreply@anthropic.com>
    448445de
  • Jean Humann's avatar
    Merge branch 'fix/npm-oidc-aud' into 'main' · a14b3234
    Jean Humann authored
    ci: correct npm OIDC audience for trusted publishing
    
    See merge request !10
    a14b3234
  • 🤖 Cleyrop Release's avatar
    chore(release): 6.0.0 [skip ci] · 668f865d
    🤖 Cleyrop Release authored
    # [6.0.0](v5.2.4...v6.0.0) (2026-06-10)
    
    * feat!: migrate to full ESM with AVA and modernize the toolchain ([15fc9574](15fc9574)
    
    )
    
    ### BREAKING CHANGES
    
    * the package is ESM only, requires Node ^22.14.0 || >=24.10.0,
    and semantic-release must now be installed by the host project as a peer
    dependency.
    
    Co-Authored-By: default avatarClaude Opus 4.8 <noreply@anthropic.com>
    668f865d
  • Jean Humann's avatar
    ci: disable npm provenance (unsupported on self-hosted runners) · e48b99f5
    Jean Humann authored
    
    
    OIDC trusted publishing now authenticates, but the publish was rejected with
    422 "Error verifying sigstore provenance bundle: Unsupported GitLab CI runner
    environment: self-hosted. Only gitlab-hosted runners are supported when
    publishing with provenance." Trusted publishing enables provenance by default;
    this project runs on self-hosted runners, so set NPM_CONFIG_PROVENANCE=false
    and drop the SIGSTORE_ID_TOKEN. OIDC publishing itself is unaffected.
    
    Co-Authored-By: default avatarClaude Opus 4.8 <noreply@anthropic.com>
    e48b99f5
  • Jean Humann's avatar
    Merge branch 'fix/npm-disable-provenance' into 'main' · aecacb72
    Jean Humann authored
    ci: disable npm provenance on self-hosted runners
    
    See merge request !11
    aecacb72
  • Jean Humann's avatar
    chore: reset premature 6.0.0 release artifacts · 135c547a
    Jean Humann authored
    
    
    A prior pipeline pushed the v6.0.0 tag and the "chore(release): 6.0.0" commit
    (bumping package.json + CHANGELOG) before the npm publish step ran, then died on
    the provenance error. npm never got 6.0.0 and no GitLab release was created, but
    the orphan tag made semantic-release report "no release" on subsequent runs.
    
    The orphan tag has been deleted; this reverts package.json and CHANGELOG.md to
    their pre-release (5.2.4) state so semantic-release can republish 6.0.0 cleanly
    now that OIDC publishing (provenance disabled) works.
    
    Co-Authored-By: default avatarClaude Opus 4.8 <noreply@anthropic.com>
    135c547a
  • Jean Humann's avatar
    Merge branch 'fix/reset-premature-6.0.0' into 'main' · 9c200073
    Jean Humann authored
    chore: reset premature 6.0.0 artifacts for clean re-release
    
    See merge request !12
    9c200073
  • Jean Humann's avatar
    ci: fresh full clone for release job to avoid stale tags · 092600fa
    Jean Humann authored
    
    
    semantic-release kept reporting "Found git tag v6.0.0 ... no release" even after
    the orphan tag was deleted from the remote. Cause: self-hosted runners reuse the
    build directory with GIT_STRATEGY=fetch, and `git fetch` does not prune deleted
    tags, so the runner's local clone retained a phantom v6.0.0 tag. Set
    GIT_STRATEGY=clone and GIT_DEPTH=0 on the release job so it always starts from a
    fresh, full clone with the real remote tags.
    
    Co-Authored-By: default avatarClaude Opus 4.8 <noreply@anthropic.com>
    092600fa
  • Jean Humann's avatar
    Merge branch 'fix/release-git-strategy' into 'main' · ab6bfa6e
    Jean Humann authored
    ci: fresh full clone for release job (fix phantom tag)
    
    See merge request !13
    ab6bfa6e
  • 🤖 Cleyrop Release's avatar
    chore(release): 6.0.0 [skip ci] · de7ea14c
    🤖 Cleyrop Release authored
    # [6.0.0](v5.2.4...v6.0.0) (2026-06-10)
    
    * feat!: migrate to full ESM with AVA and modernize the toolchain ([15fc9574](15fc9574)
    
    )
    
    ### BREAKING CHANGES
    
    * the package is ESM only, requires Node ^22.14.0 || >=24.10.0,
    and semantic-release must now be installed by the host project as a peer
    dependency.
    
    Co-Authored-By: default avatarClaude Opus 4.8 <noreply@anthropic.com>
    de7ea14c
  • Jean Humann's avatar
    feat(backmerge): add `ignorePaths` option to exclude files from back-merge · 3e86d133
    Jean Humann authored
    
    
    Adds an `ignorePaths` config option (string[], default []). After the
    merge/rebase, each listed path spec is restored to the target branch's
    pre-back-merge state, so changes to it on the release branch are never
    carried over. Works with both `merge` and `rebase` strategies.
    
    Use case: files that must diverge per branch (e.g. a version-pin matrix
    that holds betas on staging and alphas on develop) which a back-merge
    would otherwise clobber.
    
    - config: ignorePaths in Config + resolveConfig default []
    - git: revParse() + restorePaths() helpers. restorePaths resolves matched
      files via ls-tree/ls-files: checks out those present in the target ref
      and removes those absent from it, so the result matches the ref exactly;
      non-matching path specs (incl. globs) are skipped, never aborting.
    - perform-backmerge: capture target tip pre-merge, restore ignorePaths after
    - verify: validate ignorePaths is an array (EINVALIDIGNOREPATHS)
    - docs + tests (perform-backmerge restore/no-op; git restorePaths + revParse)
    
    Co-Authored-By: default avatarClaude Opus 4.8 <noreply@anthropic.com>
    3e86d133
  • Jean Humann's avatar
    Merge branch 'feat/ignore-paths-in-backmerge' into 'main' · 43685403
    Jean Humann authored
    feat(backmerge): add `ignorePaths` option to exclude files from back-merge
    
    See merge request !15
    43685403
  • 🤖 Cleyrop Release's avatar
    chore(release): 6.1.0 [skip ci] · eb4524bb
    🤖 Cleyrop Release authored
    # [6.1.0](v6.0.0...v6.1.0) (2026-06-24)
    
    ### Features
    
    * **backmerge:** add `ignorePaths` option to exclude files from back-merge ([3e86d133](3e86d133))
    eb4524bb
Loading
Loading