vociferate/CHANGELOG.md

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

A ### Breaking section is used in addition to Keep a Changelog's standard sections to explicitly document changes that are backwards-incompatible but would otherwise appear under ### Changed. Entries under ### Breaking trigger a major version bump in automated release recommendation logic.

Unreleased

Breaking

Added

Changed

Removed

Fixed

1.1.0 - 2026-03-21

Breaking

Added

• Added changelog gate validation to decorate-pr action for enforcing changelog updates on qualifying code changes.
• Changelog gate modes: strict (fails job on violation) and soft (warns via PR comment).
• Docs-only PR exemption with customizable glob patterns for documentation files.
• PR label-based exemptions for changelog gate (example: skip-changelog).
• Precise diff parsing: validates only added lines within the Unreleased section.
• Gate decision outputs: gate-passed, docs-only, unreleased-additions-count, gate-failure-reason for reuse downstream.
• Integrated remediation guidance in PR comments showing how to add changelog entries.

Changed

• Refactored internal/vociferate to use a constructor-backed service with injected filesystem, environment, and git dependencies while preserving the existing package-level API.
• Hardened prepare-release validation to enforce formatting checks, module hygiene, gosec, and govulncheck before preparing a release.
• Added matching local validation targets in justfile for formatting, module hygiene, tests, and security checks.
• decorate-pr now reads Unreleased changelog content through the vociferate Go CLI instead of maintaining separate shell parsing logic in the composite action.
• publish now extracts tagged release notes through the vociferate Go CLI instead of duplicating changelog section parsing in shell.
• Composite actions now share a centralized run-vociferate orchestration flow, with binary-versus-source execution delegated through shared composite actions and single-use runtime/download logic folded back into run-vociferate.binary.
• run-vociferate now contains both binary and source execution flows directly in a single action implementation, removing nested local action wrappers for better runner compatibility.
• Release automation now requires secrets.RELEASE_PAT for prepare/publish/do-release operations instead of defaulting to GITHUB_TOKEN/GITEA_TOKEN.
• Renamed the reusable Gitea workflows to release.yml and update-release.yml, and inlined release publication into the main release workflow for clearer per-step job output.
• Release binary builds now compress published linux artifacts with UPX before checksum generation and upload.

Removed

Fixed

• Prevented govulncheck-action from defaulting to setup-go version stable by explicitly setting go-version-file and disabling check-latest, avoiding unauthenticated GitHub API rate-limit failures on self-hosted/act-style runners.
• Made do-release version resolution resilient to workflow_call input passing issues by adding a separate tag detection step that fetches and discovers the latest tag from origin as a fallback when inputs.tag is empty, enabling proper operation even when Gitea's workflow_call doesn't pass inputs through correctly.
• Fixed version resolution in do-release workflow by moving version calculation before checkout, resolving from inputs/git tags, and always passing explicit version to publish action.
• Fixed tag detection in do-release to prioritize the tag at current HEAD (created by prepare-release) over the globally latest tag, ensuring correct version is detected when called from prepare-release workflow.
• Fixed do-release workflow_call resolution on Teacup runners by explicitly falling back to needs.prepare.outputs.tag and normalizing %!t(string=...) wrapped values before choosing a release tag.
• Fixed release-chain triggering by using a PAT for release commit/tag pushes so downstream release workflows are triggered reliably.
• Made publish action version resolution more robust with clearer error messages when version input is missing and workflow is not running from a tag push.
• Fixed do-release workflow to always checkout the resolved release tag, eliminating conditional checkout logic that could skip the checkout when called from prepare-release workflow.
• Pinned securego/gosec and golang/govulncheck-action to concrete version tags (v2.22.4 and v1.0.4) so self-hosted Gitea runners can resolve them via direct git clone without relying on the GitHub Actions floating-tag API.
• Restored explicit gosec caching by storing a pinned v2.22.4 binary under ${{ runner.temp }}/gosec-bin with actions/cache@v4, so CI keeps fast security scans while still using the Go 1.26 toolchain from setup-go.
• Replaced securego/gosec composite action with a direct go install github.com/securego/gosec/v2/cmd/gosec@v2.22.4 && gosec ./... run step so gosec uses the Go 1.26 toolchain installed by setup-go rather than the action's bundled Go 1.24 binary which ignores GOTOOLCHAIN=auto.
• Fixed nested local composite-action references to use repository-local ./run-vociferate paths so strict runners do not misparse parent-directory (../) action references as malformed remote coordinates.
• Consolidated run-vociferate binary and source execution flows directly into the main run-vociferate action to avoid nested local-action path resolution issues on strict runners.
• Hardened workflow module hygiene by retrying go mod verify after a module-cache refresh (go clean -modcache + go mod download) when runners report modified cached dependency directories.
• Synced update-release.yml with the active release pipeline fixes for Teacup-wrapped outputs, release-id normalization, upload endpoint validation, and accurate success or failure summaries.

1.0.2 - 2026-03-21

Breaking

Added

Changed

• Documented release/PR-decoration preflight token and API-access checks, including GITHUB_TOKEN/GITEA_TOKEN behavior for self-hosted Gitea.

Removed

Fixed

1.0.1 - 2026-03-21

Breaking

Added

Changed

Removed

Fixed

• Enforced explicit https:// changelog reference links in prepare output for browser-safe markdown links.

1.0.0 - 2026-03-21

Breaking

Added

Changed

• Canonical changelog filename is now CHANGELOG.md, and action/code defaults were updated to match.
• README now uses Æther stylization in prose and corrects released-tag guidance wording.

Removed

Fixed

0.2.0 - 2026-03-21

Breaking

Added

• Added a project LICENSE file.
• Root and prepare actions now read ${{ vars.VOCIFERATE_REPOSITORY_URL }} and forward it to VOCIFERATE_REPOSITORY_URL for repository URL override.
• Added a published coverage-badge composite action for generating and uploading coverage report/badge artefacts for reuse across repositories.
• Added AGENTS.md, an explicit integration guide for agentic coding partners using vociferate composite actions.

Changed

• Push validation now handles coverage artefact and badge generation in a dedicated coverage-badge job, with release recommendation isolated in a separate dependent job.
• Push validation now calls the reusable ./coverage-badge composite action for coverage badge generation and publication.

Removed

Fixed

• Browser-facing URLs emitted in generated changelog links, workflow summaries, and markdown now use explicit https:// forms.
• Release workflows now collect summary markdown into portable temp files and print it in explicit Summary steps instead of relying on unsupported GITHUB_STEP_SUMMARY output.
• Prepare now recreates the standard Unreleased section headers after promoting notes into a tagged release entry.
• First-release recommendation remains v1.0.0 when no prior releases exist in the changelog.
• Do Release smoke validation now expects --recommend to fail on tagged release checkouts where Unreleased is intentionally empty.
• Changelog reference links now use compare URLs (previous...current for releases and latest...main for Unreleased), with first release links comparing from the repository's first commit short hash.
• Repository URL derivation now supports VOCIFERATE_REPOSITORY_URL as the highest-priority base-URL override for changelog link generation.

0.1.0 - 2026-03-20

Changed

• README workflow badges now link to the latest workflow run pages instead of the workflow definition pages.

Fixed

• Publish action falls back to git describe when inputs.version is empty and GITHUB_REF is not a tag ref, resolving workflow_call input propagation failures in act runner v0.3.0.

Added

• Coverage badge in README linked to S3-hosted main-branch report.
• S3 coverage artefact publishing (HTML report, badge, JSON summary) in push validation pipeline.
• CLI tests and internal helper tests raising total coverage to 84%.
• Test suite isolation against ambient CI environment variables for changelog link generation tests.
• Go CLI for changelog-driven release preparation and semantic version recommendation.
• Version recommendation from changelog release headings, including first-release support (0.0.0 base -> v1.0.0).
• Automatic release-version creation/update during release preparation.
• Configurable version source/parsing via --version-file and --version-pattern.
• Configurable changelog path via --changelog.
• Recommended-version fallback when version is omitted in CLI and action flows.
• Major-version recommendation trigger from Unreleased ### Breaking.
• Root composite action (action.yml) for recommend/prepare flows.
• Subdirectory composite actions: prepare/action.yml (prepare/commit/tag/push) and publish/action.yml (extract notes/create-or-update release).
• publish outputs for downstream automation: release-id, tag, and version.
• Dual execution mode for actions: go run from source on @main, prebuilt binaries on tagged refs.
• Repository-scoped binary cache keys with workflow-defined fixed token support via VOCIFERATE_CACHE_TOKEN.
• Tag-driven release publication with idempotent release updates and asset replacement on reruns.
• Release artifacts for linux/amd64, linux/arm64, and checksums.txt.
• Reusable Gitea workflows (prepare-release.yml, do-release.yml) with workflow_call support.
• Project/automation rename from releaseprep to vociferate (entrypoint, package paths, outputs).
• README guidance focused on primary cross-repository reuse workflows.