Skip to content

Release new version #291

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
github-actions wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Release new version #291

github-actions wants to merge 1 commit into from

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Sep 29, 2025
edited
Loading

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

scopes@0.0.5

Patch Changes

  • #292 6c03179 Thanks @kamiazya! - fix: resolve GitHub Actions release failure by adding redundant trigger mechanisms

    • Add push trigger to release.yml for automatic releases on tag push
    • Update tag resolution logic to handle both workflow_dispatch and push triggers
    • Remove failing manual release trigger job that was causing HTTP 422 errors
    • Ensures reliable releases by providing multiple trigger mechanisms

  • #292 6c03179 Thanks @kamiazya! - fix: Resolved a release workflow failure by correcting heredoc syntax in release.yml to prevent improper variable expansion.

  • #309 5cff8d5 Thanks @kamiazya! - Migrate from GraalVM Native Image to JAR distribution

    Breaking Change: Distribution format changed from platform-specific native binaries to universal JAR bundle.

    Migration Details

    • Distribution Format: Changed from 6 platform-specific native binaries (~260MB total) to single universal JAR bundle (~20MB)
    • Runtime Requirement: Now requires Java 21+ to be installed on the target system
    • Installation Method: JAR bundle includes wrapper scripts (bash, batch, PowerShell) for platform-agnostic execution
    • SBOM Structure: Dual SBOM approach - source-level (sbom/scopes-sbom.json) and binary-level (sbom/scopes-binary-sbom.json)

    Technical Changes

    • Removed GraalVM Native Image build configuration and related plugins
    • Implemented Shadow JAR plugin for creating fat JARs with all dependencies
    • Updated CI/CD workflows to build universal JAR instead of platform-specific binaries
    • Removed platform-specific build jobs (linux-x64, darwin-x64, darwin-arm64, win32-x64, etc.)
    • Cleaned up GraalVM-specific configuration files (native-image.properties, reflect-config.json, etc.)

    Documentation Updates

    • Renamed install-jar.ps1 to install.ps1 for consistency with install.sh
    • Removed obsolete native binary documentation (install/README.md, install/verify-README.md, install/offline/)
    • Updated all security verification guides to reflect JAR bundle structure
    • Updated getting started guide with Java 21 requirement
    • Created ADR-0017 documenting the migration decision and rationale

    User Impact

    Benefits:

    • Smaller download size (~20MB vs ~260MB for all platforms)
    • Faster startup time and lower memory footprint
    • No platform-specific build issues
    • Easier to debug and profile with standard JVM tools

    Migration Required:

    • Users must have Java 21+ installed (see docs/explanation/setup/java-setup.md)
    • Update installation scripts to use new JAR bundle format
    • Replace platform-specific binaries with universal JAR + wrapper scripts

  • #292 6c03179 Thanks @kamiazya! - feat: replace individual assets with bundled packages for easier downloads

    Replace the previous 28 individual release assets with organized bundle packages to eliminate download confusion. Users now choose from:

    • 6 platform-specific bundles (~20MB each) containing binary, installer, SBOM, and verification files
    • 1 unified offline package (~260MB) for enterprise/multi-platform deployments
    • SLSA provenance for supply chain security

    This provides 92% reduction in download size for most users while maintaining all existing security features (SLSA Level 3, SHA256 verification) and preparing for future daemon binary distribution.

  • #289 33f06cf Thanks @dependabot! - deps(deps): bump org.graalvm.buildtools.native from 0.11.0 to 0.11.1

  • #301 2da8ec3 Thanks @joonseolee! - feat: add pre-commit hooks for shellcheck, yamlint and shfmt

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Sep 29, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@github-actions github-actions bot force-pushed the changeset-release/main branch from cc0dfc9 to be458f5 Compare September 29, 2025 12:18
@github-actions github-actions bot force-pushed the changeset-release/main branch 2 times, most recently from 978b173 to e3f0120 Compare October 25, 2025 17:49
@github-actions github-actions bot force-pushed the changeset-release/main branch from e3f0120 to 1dd749e Compare October 25, 2025 17:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants