329 lines
14 KiB
Markdown
329 lines
14 KiB
Markdown
# Changelog
|
|
|
|
All notable changes to this project will be documented in this file.
|
|
|
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
|
|
A `### Breaking` section is used in addition to Keep a Changelog's standard sections to explicitly document changes that are backwards-incompatible but would otherwise appear under `### Changed`. Entries under `### Breaking` trigger a major version bump in the automated release tooling.
|
|
|
|
## [Unreleased]
|
|
|
|
### Breaking
|
|
|
|
### Added
|
|
|
|
- `internal/homesick/version`: added `version_test.go` covering the `String` constant and semver format validation.
|
|
- `internal/homesick/cli`: added targeted tests for `list`, `generate`, `clone`, `status`, and `diff` CLI commands; coverage raised from 62.5% to 71.2%.
|
|
- `internal/homesick/core`: added `helpers_test.go` covering `runGit` pretend mode, `actionVerb`, `sayStatus`, `unlinkPath`, `linkPath`, `readSubdirs`, `matchesIgnoredDir`, `confirmDestroy` responses and read errors, `ExecAll` empty-command and no-repos-dir edge cases, and `Link`/`Unlink` default-castle wrappers; existing suites extended with `New` constructor and `PullAll` quiet-mode tests; coverage raised from 75.6% to 80.2%.
|
|
- PR validation now uses `vociferate/coverage-badge@v1.1.0` for coverage artefact upload and `vociferate/decorate-pr@v1.1.0` for PR comment decoration and changelog gate enforcement.
|
|
|
|
### Changed
|
|
|
|
- `gosec` security scanning in CI now invoked directly via `go install + gosec ./...` instead of the `securego/gosec` action, resolving compatibility issues with Go 1.26.1.
|
|
- `golang/govulncheck-action` pinned from `@v1` to `@v1.0.4` in push and PR validation; major-version tags do not resolve reliably in Gitea API.
|
|
- `GOTOOLCHAIN=auto` moved from per-step env to job-level env in push and PR validation workflows.
|
|
- Push validation `vociferate/coverage-badge` bumped from `v1.0.1` to `v1.1.0` for version consistency with PR validation.
|
|
- `vociferate/prepare` and `vociferate/publish` in `prepare-release.yml` and `tag-build-artifacts.yml` bumped from `v1.0.1` to `v1.1.0` for cross-workflow version consistency.
|
|
- `golang/govulncheck-action` in push and PR validation now passes explicit `go-package`, cache enablement, and `cache-dependency-path` inputs to match the required workflow pattern.
|
|
- CLI/core wiring now injects `stdin` through `core.NewApp`, `main` owns the `GIT_TERMINAL_PROMPT=0` side effect, and `Rc` force handling is passed per call instead of mutating shared app state.
|
|
- Core filesystem and git error paths now wrap underlying failures with command-specific context across listing, generation, tracking, linking, rc hook execution, and destroy confirmation flows.
|
|
- Gosec compliance updated for intentional command execution paths: `Open()` now documents both `G702` and `G204` suppression rationale, and fixed-`git` helper invocations include explicit `G204` justifications.
|
|
- PR validation badge upload now runs only when `coverage.out` exists, preventing downstream badge artefact failures while still allowing PR decoration to run on failed jobs.
|
|
- PR validation now keys coverage badge upload off the coverage step outcome and performs changelog gate validation in a native workflow step; decorate-pr changelog gating is disabled to bypass the broken internal extractor action.
|
|
- Push validation now triggers on all branches, not only `main`.
|
|
- Push and PR validation workflows now share a `concurrency` group keyed on the branch name (`github.ref_name` / `github.head_ref`) with `cancel-in-progress: true`; when a push to a PR branch fires both workflows, the second run cancels the first so only one validation executes per commit.
|
|
- Push validation now performs an open-PR branch check via the Gitea API and skips the heavy validation job when the branch already has an open PR, preventing duplicate full pipeline runs.
|
|
- Push validation open-PR detection is now POSIX-shell compatible (no bash-only `pipefail`/array/`[[ ... ]]` usage), fixing failures on runners that execute `run` scripts with `/bin/sh`.
|
|
- PR validation now checks that `coverage.out` exists before invoking `coverage-badge`; when missing, badge upload is skipped with a summary note instead of failing the workflow.
|
|
- PR decoration is now `continue-on-error` to avoid hard-failing validation when the external `decorate-pr` action's internal extractor step is unavailable.
|
|
- README badge link target updated to `actions/runs/latest?workflow=...` format per workflow standards.
|
|
- CI security scanning now uses GitHub Marketplace actions (`securego/gosec` and `golang/govulncheck-action`) instead of manual tool installation, improving reliability and caching.
|
|
- CI setup compatibility fix: gosec scanner now references the correct public action source (`securego/gosec`), resolving action clone failures in Gitea runners.
|
|
- CI security scanner compatibility: gosec and govulncheck action steps now set `GOTOOLCHAIN=auto` so repositories requiring newer Go versions are analyzed successfully.
|
|
- Code formatting validation added to CI pipelines: pushes and pull requests with code not matching `go fmt ./...` output will be rejected.
|
|
- Applied `go fmt` normalization to core tests (`list_test.go` and `track_test.go`) to satisfy the new formatting gate.
|
|
- Dependencies updated to resolve security vulnerabilities: `cloudflare/circl` to v1.6.3, `go-git/v5` to v5.17.0, `golang.org/x/crypto` to v0.49.0, and `golang.org/x/net` to v0.52.0.
|
|
- CI workflows now include explicit caching for Go modules and build artifacts to reduce pipeline execution time.
|
|
- Security hardening: file and directory creation now uses restrictive permissions (`0o750` for directories, `0o600` for files) instead of world-accessible defaults. Executable wrapper scripts are created with restricted permissions and then explicitly made executable via `chmod`.
|
|
- Security: `Open()` now executes the editor directly without shell intermediary to prevent injection through the `$EDITOR` environment variable.
|
|
|
|
- CI validation now runs `gosec` and `govulncheck` security scanning on push and pull request workflows.
|
|
- `cmd/homesick` now includes entrypoint-focused tests that exercise both the CLI run path and `main` process path.
|
|
- `rc` command: executes all executable scripts inside a castle's `.homesick.d/` directory in sorted order, with the castle root as the working directory. stdout/stderr from each script is forwarded to the caller.
|
|
- `rc` command: when a `.homesickrc` file exists and no `parity.rb` wrapper is present in `.homesick.d/`, a Ruby wrapper script (`parity.rb`) is generated automatically to preserve backwards compatibility. An existing `parity.rb` is never overwritten.
|
|
- `exec` command: runs a shell command inside the target castle root directory.
|
|
- `exec_all` command: runs a shell command inside each cloned castle root directory in sorted order.
|
|
- `pull --all` support: pulls updates for every cloned castle in sorted order.
|
|
- `rc --force` support: legacy `.homesickrc` compatibility hooks now require explicit force mode before execution.
|
|
- Global command flags restored: `--pretend` (with `--dry-run` alias) and `--quiet`.
|
|
- Native Go implementations for `clone`, `link`, `unlink`, `track`, `pull`, `push`, `commit`, `destroy`, `cd`, `open`, and `generate`.
|
|
- Containerized behavior test suite for command parity validation.
|
|
- Dedicated test suites for `list`, `show_path`, `status`, `diff`, and `version`.
|
|
- Just workflow support for building and running the Linux behavior binary.
|
|
- Coverage reports and badges published to shared object storage for branches and pull requests.
|
|
- Pull requests now receive coverage report links in CI comments.
|
|
- Automated release orchestration now runs through vociferate prepare and publish workflows.
|
|
- `symlink` command alias compatibility for `link`.
|
|
|
|
### Changed
|
|
|
|
- Release automation now uses `aether/vociferate` `prepare` and `publish` actions (pinned to `v1.0.1`) instead of repository-local releaseprep wrappers.
|
|
- Push and pull request validation now enforce per-package coverage gates (fail below 50%) and publish package-level coverage status tables in workflow summaries.
|
|
- Push and pull request validation now verify module hygiene (`go mod tidy`, `go mod verify`) and use a dedicated summary-file pattern with a final always-run summary step.
|
|
- CLI argument parsing migrated to Kong.
|
|
- Git operations for clone and track migrated to `go-git`.
|
|
- Build and behavior workflows now produce and run the `gosick` binary name.
|
|
- CI validation is unified into push events, running behavior tests only on `main` pushes.
|
|
- Gitea CI workflows now cache Go modules and build artifacts using a shared runner tool cache.
|
|
- Gitea workflow and README badge updated from `push-unit-tests` to `push-validation`.
|
|
- CLI help now uses the invoked binary name (defaulting to `gosick`) in usage output.
|
|
- CLI help description now reflects Homesick's purpose for managing precious dotfiles.
|
|
- Release notes standardized to Keep a Changelog format.
|
|
- `commit` command now accepts legacy positional form `commit <castle> <message>` in addition to `-m`.
|
|
- `destroy` now prompts for confirmation by default and preserves the castle when declined.
|
|
|
|
### Fixed
|
|
|
|
- `status` and `diff` now consistently write through configured app output writers.
|
|
- `pull --all` output now includes per-castle prefixes to match behavior expectations.
|
|
- Behavior-suite container now includes Ruby so `.homesickrc` parity wrapper execution works under `rc --force`.
|
|
|
|
### Removed
|
|
|
|
- Legacy `script/prepare-release.sh` releaseprep wrapper and its dedicated script test.
|
|
- Legacy Ruby implementation and Ruby toolchain.
|
|
- Legacy in-repository `releaseprep` package and command implementation, now superseded by the standalone `vociferate` tool.
|
|
|
|
## [1.1.6] - 2017-12-20
|
|
|
|
### Fixed
|
|
|
|
- Ensure `FileUtils` is imported correctly to avoid a potential error.
|
|
- Fix an issue where comparing a diff did not use the content of the new file.
|
|
|
|
### Changed
|
|
|
|
- Small documentation fixes.
|
|
|
|
## [1.1.5] - 2017-03-23
|
|
|
|
### Fixed
|
|
|
|
- Problem with version number being incorrect.
|
|
|
|
## [1.1.4] - 2017-03-22
|
|
|
|
### Fixed
|
|
|
|
- Ensure symlink conflicts are explicitly communicated to users and symlinks are not silently overwritten.
|
|
- Fix a problem in diff when asking a user to resolve a conflict.
|
|
|
|
### Changed
|
|
|
|
- Use real paths of symlinks when linking a castle into home.
|
|
- Code refactoring and fixes.
|
|
|
|
## [1.1.3] - 2015-10-31
|
|
|
|
### Added
|
|
|
|
- Allow a destination to be passed when cloning a castle.
|
|
|
|
### Fixed
|
|
|
|
- Make sure `homesick edit` opens the default editor in the root of the given castle.
|
|
- Bug when diffing edited files.
|
|
- Crashing bug when attempting to diff directories.
|
|
- Ensure that messages are escaped correctly on `git commit all`.
|
|
|
|
## [1.1.2] - 2015-01-02
|
|
|
|
### Added
|
|
|
|
- `--force` option to the rc command to bypass confirmation checks when running a `.homesickrc` file.
|
|
- Check to ensure that at least Git 1.8.0 is installed.
|
|
|
|
### Fixed
|
|
|
|
- Stop Homesick failing silently when Git is not installed.
|
|
|
|
### Changed
|
|
|
|
- Code refactoring and fixes.
|
|
|
|
## [1.1.0] - 2014-04-28
|
|
|
|
### Added
|
|
|
|
- `exec` and `exec_all` commands to run commands inside one or all cloned castles.
|
|
|
|
### Changed
|
|
|
|
- Code refactoring.
|
|
|
|
## [1.0.0] - 2014-01-15
|
|
|
|
### Added
|
|
|
|
- `version` command.
|
|
|
|
### Removed
|
|
|
|
- Support for Ruby 1.8.7.
|
|
|
|
## [0.9.8] - 2014-01-02
|
|
|
|
### Added
|
|
|
|
- `homesick cd` command.
|
|
- `homesick open` command.
|
|
|
|
## [0.9.4] - 2013-07-31
|
|
|
|
### Added
|
|
|
|
- `homesick unlink` command.
|
|
- `homesick rc` command.
|
|
|
|
### Changed
|
|
|
|
- Use HTTPS protocol instead of git protocol.
|
|
|
|
## [0.9.3] - 2013-07-07
|
|
|
|
### Added
|
|
|
|
- Recursive option to `homesick clone`.
|
|
|
|
## [0.9.2] - 2013-06-27
|
|
|
|
### Added
|
|
|
|
- `homesick show_path` command.
|
|
- `homesick status` command.
|
|
- `homesick diff` command.
|
|
|
|
### Changed
|
|
|
|
- Set `dotfiles` as default castle name.
|
|
|
|
## [0.9.1] - 2013-06-17
|
|
|
|
### Fixed
|
|
|
|
- Small bugs: #35, #40.
|
|
|
|
## [0.9.0] - 2013-06-06
|
|
|
|
### Added
|
|
|
|
- `.homesick_subdir` (#39).
|
|
|
|
## [0.8.1] - 2013-05-19
|
|
|
|
### Fixed
|
|
|
|
- `homesick list` bug on Ruby 2.0 (#37).
|
|
|
|
## [0.8.0] - 2013-04-06
|
|
|
|
### Added
|
|
|
|
- `commit` and `push` command.
|
|
- Commit changes in a castle and push to remote.
|
|
- Enable recursive submodule update.
|
|
- Git add when using track.
|
|
|
|
## [0.7.0] - 2012-05-28
|
|
|
|
### Added
|
|
|
|
- New option for pull command: `--all`.
|
|
- Pull each castle instead of just one.
|
|
|
|
### Fixed
|
|
|
|
- Double-cloning (#14).
|
|
|
|
## [0.6.1] - 2010-11-13
|
|
|
|
### Added
|
|
|
|
- License.
|
|
|
|
## [0.6.0] - 2010-10-27
|
|
|
|
### Added
|
|
|
|
- `.homesickrc` support.
|
|
- Castles can now have a `.homesickrc` inside them.
|
|
- On clone, this is eval'd inside the destination directory.
|
|
- `track` command.
|
|
- Allows easily moving an existing file into a castle and symlinking it back.
|
|
|
|
## [0.5.0] - 2010-05-18
|
|
|
|
### Added
|
|
|
|
- `homesick pull <CASTLE>` for updating castles (thanks Jorge Dias).
|
|
- A very basic `homesick generate <CASTLE>`.
|
|
|
|
### Fixed
|
|
|
|
- Listing of castles cloned using `homesick clone <github-user>/<github-repo>` (issue 3).
|
|
|
|
## [0.4.1] - 2010-04-02
|
|
|
|
### Fixed
|
|
|
|
- Improve error message when a castle's home dir does not exist.
|
|
|
|
## [0.4.0] - 2010-04-01
|
|
|
|
### Added
|
|
|
|
- `homesick clone` can take a path to a directory on the filesystem, which is symlinked into place.
|
|
- `homesick clone` tries to run `git submodule init` and `git submodule update` if git submodules are defined for a cloned repo.
|
|
|
|
### Changed
|
|
|
|
- Use `HOME` environment variable for where to store files, instead of assuming `~`.
|
|
|
|
### Fixed
|
|
|
|
- Missing dependency on thor and others.
|
|
|
|
## [0.3.0] - 2010-04-01
|
|
|
|
### Changed
|
|
|
|
- Rename `link` to `symlink`.
|
|
|
|
### Fixed
|
|
|
|
- Conflict resolution when symlink destination exists and is a normal file.
|
|
|
|
## [0.2.0] - 2010-03-19
|
|
|
|
### Added
|
|
|
|
- Better support for recognizing git URLs (thanks jacobat).
|
|
- If it looks like a GitHub user/repo, use that.
|
|
- Otherwise hand off to git clone.
|
|
- Listing now displays in color and shows git remote.
|
|
- Support pretend, force, and quiet modes.
|
|
|
|
## [0.1.1] - 2010-03-17
|
|
|
|
### Fixed
|
|
|
|
- Trying to link against castles that do not exist.
|
|
- Linking now excludes `.` and `..` from the list of files to link (thanks Martinos).
|
|
|
|
## [0.1.0] - 2010-03-10
|
|
|
|
### Added
|
|
|
|
- Initial release.
|