Skip to content

Releases: netresearch/github-project-skill

v2.15.5

Choose a tag to compare

@github-actions github-actions released this 01 Jul 16:10
v2.15.5
1579379

What's Changed

  • docs(skill): add no-editorializing rule for written output by @CybotTM in #98
  • chore(release): v2.15.5 by @CybotTM in #99

Full Changelog: v2.15.4...v2.15.5

v2.15.4

Choose a tag to compare

@github-actions github-actions released this 27 Jun 20:21
v2.15.4
5b8ddf0

What's Changed

  • docs: nameless package.json pollutes lockfile with worktree dir name by @CybotTM in #96
  • chore(release): v2.15.4 by @CybotTM in #97

Full Changelog: v2.15.3...v2.15.4

v2.15.3

Choose a tag to compare

@github-actions github-actions released this 24 Jun 16:02
v2.15.3
6923c1b

What's Changed

  • ci: re-sync labeler.yml with skill template (clears drift) by @CybotTM in #90
  • docs(skill): diagnose SonarCloud green-on-PR but red-on-main by @CybotTM in #91
  • docs(bootstrap): Actions-hardening interactions (startup_failure, auto-approve) by @CybotTM in #92
  • Add GHCR package management to gh-CLI reference by @CybotTM in #93
  • Add field-tested PR/CI/merge-gate gotchas by @CybotTM in #94
  • chore(release): v2.15.3 by @CybotTM in #95

Full Changelog: v2.15.2...v2.15.3

v2.15.2

Choose a tag to compare

@github-actions github-actions released this 18 Jun 08:50
v2.15.2
9b7b67a

Highlights

Documents the SonarCloud whole-file re-attribution gotcha: a wholesale refactor re-attributes pre-existing duplication/coverage to the touched lines and can trip the new-code gate.


What's Changed

  • ci: adopt canonical skill template by @CybotTM in #87
  • docs: SonarCloud whole-file re-attribution on wholesale refactors by @CybotTM in #88
  • chore(release): v2.15.2 by @CybotTM in #89

Full Changelog: v2.15.1...v2.15.2

v2.15.1

Choose a tag to compare

@github-actions github-actions released this 09 Jun 09:34
v2.15.1
feb0dc8

What's Changed

  • docs(reusable-workflows): fix CI gaps upstream in the shared workflow, not per-project by @CybotTM in #82
  • docs(github-project): repo-level Actions/security hardening + API gotchas by @CybotTM in #83
  • docs(github-project): verify a PR actually merged through the queue by @CybotTM in #84
  • docs(merge-strategy): renamed CI jobs orphan required checks; merge-queue stall by @CybotTM in #85
  • chore(release): v2.15.1 by @CybotTM in #86

Full Changelog: v2.15.0...v2.15.1

v2.15.0

Choose a tag to compare

@github-actions github-actions released this 28 May 20:21
v2.15.0
670d6bf

What's Changed

  • feat: add .pre-commit-config.yaml mirroring CI checks by @CybotTM in #78
  • feat: require branch protection at repo init (close enforcement gap) by @CybotTM in #77
  • docs(security-config): soften aspirational MUSTs to align with init template by @CybotTM in #79
  • docs(references): secrets-inherit ban, config_data pitfall, archived-repo handling by @CybotTM in #80
  • chore(release): v2.15.0 by @CybotTM in #81

Full Changelog: v2.14.0...v2.15.0

v2.14.0

Choose a tag to compare

@github-actions github-actions released this 15 May 11:42
v2.14.0
a68bcdb

Highlights

npm distribution — the skill now ships as an npm package via @netresearch/agent-skill-coordinator, joining the marketplace and Composer as a first-class install path (#74).

AI-reviewer pushback patterns (#73). A new section in the skill teaches the agent how to push back when Gemini/Copilot/CodeRabbit reviewers post incorrect or low-value feedback — when to defer to the bot, when to defend the design, and how to phrase the response so the bot moves on without spam. Built from observed pushback patterns across recent skill-repo reviews.

Agentic workflows reference (#75). New references/agentic-workflows.md documents gh-aw and awf for spawning agent runs inside CI from issues/PRs — covers permissions, secret scoping, and the safety boundaries that keep agent CI runs from leaking into the project's main pipeline.

PR merge / branch protection / CodeQL playbook (commits). Adds documented playbooks for: branch-protection setup, CodeQL gotchas (default-setup vs advanced-setup interplay, language-detection edge cases), and PR-merge state diagnosis. The --delete-branch snippet now auto-detects the allowed merge strategy via the GitHub API instead of assuming --merge. Mergeability detection uses the GraphQL Repository.mergeQueue field, which correctly reports merge-queue state where the REST API returns ambiguous values.

Checkpoint quality passGH-6, GH-23, GH-30, GH-31 rewritten to satisfy the assessment runner's command allowlist; GH-2 license check broadened to recognize split-license repos (MIT + CC-BY-SA-4.0 layout); new GH-34/35/36 checkpoints + a references/reusable-workflow-pitfalls.md companion; org_provides introduced for community-health files that live at the org level (CODE_OF_CONDUCT, SECURITY) rather than per-repo; follow_uses lets checkpoints delegate CodeQL/Scorecard verification to companion workflows rather than re-implementing them.

Maintenance

  • Release caller dropped the deprecated with: bump: block and workflow_dispatch.bump input — releases happen exclusively by pushing a locally-signed tag (commit).
  • Granted id-token: write / attestations: write on the release caller so the reusable workflow can emit SLSA build-provenance and cosign-signed checksums; over-privileged pull-requests: write removed (#65).
  • Trailing newline added to release.yml to satisfy yamllint.
  • SKILL.md trimmed to the 500-word cap; plugin.json sync'd to SKILL.md metadata.version.

Documentation

  • npm documented as a distribution channel; composer version assertion + LICENSE allowlist corrected per review.
  • Org-security-settings and tag-validation references cited where applied.

Verification

gh attestation verify github-project-skill-v2.14.0.zip --repo netresearch/github-project-skill

cosign verify-blob \
  --bundle SHA256SUMS.txt.bundle \
  --certificate-identity-regexp '^https://github\.com/netresearch/skill-repo-skill/\.github/workflows/release\.yml@' \
  --certificate-oidc-issuer 'https://token.actions.githubusercontent.com' \
  SHA256SUMS.txt
sha256sum --check SHA256SUMS.txt

Install

/plugin install github-project@netresearch
composer require netresearch/github-project-skill
npm i -D @netresearch/agent-skill-coordinator github:netresearch/github-project-skill

Full changelog: v2.13.1...v2.14.0

v2.13.1

Choose a tag to compare

@github-actions github-actions released this 25 Apr 11:40
fdb101d

What's Changed

  • ci: forward bump input to reusable release workflow by @CybotTM in #61
  • fix(checkpoints): GH-24..27 accept reusable-workflow delegation by @CybotTM in #62
  • fix(checkpoints): GH-8/09 .yml form templates + GH-19/20 reusable workflow by @CybotTM in #63
  • chore: release v2.13.1 by @github-actions[bot] in #64

New Contributors

  • @github-actions[bot] made their first contribution in #64

Full Changelog: v2.13.0...v2.13.1

v2.13.0

Choose a tag to compare

@github-actions github-actions released this 22 Apr 10:04
ef86b16

Highlights

  • New multi-repo-operations reference for batch and fleet-wide GitHub operations, with parity and loop-safety guidance
  • New fleet operational hygiene reference covering patterns for maintaining many repos at once
  • New workflow-bash-patterns reference — safe bash inside workflow run: steps, plus GHA expression gotchas for multi-trigger workflows
  • New dependency-management reference — Dependabot ecosystem hygiene and failure modes
  • Auto-merge guide gains a post-merge review-sweep process and expanded Copilot auto-approve race-condition guide (wait for Copilot before merging; validate suggestions)
  • multi-repo-operations picks up a template-drift resolution pattern

CI / infrastructure

  • Added the eval-validate workflow
  • Fixed the auto-merge-deps reusable workflow reference
  • Multiple Copilot review sweeps folded into the references (followups from #53/#54/#55, plus second-sweep fixes)

Full Changelog: v2.12.0...v2.13.0

v2.12.0

Choose a tag to compare

@CybotTM CybotTM released this 01 Apr 09:11
v2.12.0
8f35a32

Release v2.12.0

What's Changed

  • feat: add auto-merge workflow quality checkpoints and troubleshooting guide by @CybotTM in #48
  • feat: branch protection audit checkpoints (enforce_admins + conversation resolution) by @CybotTM in #49
  • Expand evals to 20 and improve SKILL.md diagnostic coverage by @CybotTM in #50

Full Changelog: v2.10.2...v2.12.0