@blamejs/core 0.11.45 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/CHANGELOG.md +4 -0
  2. package/package.json +1 -1
  3. package/sbom.cdx.json +6 -6
package/CHANGELOG.md CHANGED
@@ -6,6 +6,10 @@ Pre-1.0 the surface is intentionally evolving — every release may
6
6
  change something operators depend on. Read each entry before
7
7
  upgrading across more than a few patches at a time.
8
8
 
9
+ ## v0.12.x
10
+
11
+ - v0.12.0 (2026-05-22) — **`scripts/release.js` — orchestrated release flow with idempotent subcommands.** A single script automates the framework's release-flow mechanics. Eight subcommands run in sequence (`prepare` → `smoke` → `commit` → `push` → `watch` → `merge` → `tag` → `publish`), each idempotent so an operator can stop and resume at any phase. The script reads `release-notes/v<next>.json` to drive the commit body + PR body so the same operator-facing content lands in CHANGELOG + commit + PR. The judgment-requiring parts (writing release-notes content, reviewing Codex P1/P2 findings, choosing minor vs patch) stay manual — the script flags + stops on those, never silently chooses for the operator. Minor bump because this is an additive operator-facing surface (a new top-level script + workflow). **Added:** *`node scripts/release.js prepare [--minor]`* — Bumps `package.json` (patch by default, `--minor` for a minor bump), regenerates `CHANGELOG.md` from `release-notes/v<next>.json`, refreshes `api-snapshot.json`, runs `eslint` + `codebase-patterns` + `validate-source-comment-blocks` + `check-api-snapshot` + `check-changelog-extract`. Refuses if the release-notes JSON is missing — prints a stub template to stdout so the operator fills in headline + summary + sections before re-running. · *`node scripts/release.js smoke`* — Runs `SMOKE_PARALLEL=64 node test/smoke.js`. Auto-detects wiki changes via `git diff --name-only` and runs the wiki e2e suite when `examples/wiki/**` was touched; skips otherwise. · *`node scripts/release.js commit`* — Creates the `release/v<next>` branch, composes the commit body from the release-notes JSON (headline + summary + sections summarised as bullets), and creates a signed commit. Verifies the signature shows `G` (Good + trusted); refuses with a pointer to the SSH-signing setup section of the deploy docs when it shows `U` (Untrusted) or `N` (Unsigned). · *`node scripts/release.js push`* — Runs gitleaks against the whole git history. Pushes the release branch. Opens the PR with title `<version> — <headline>` and a body that includes the release-notes summary + a Test plan checklist. Mounts the working directory via the platform-appropriate Docker bind path (handles Windows Git Bash's `/$(pwd)` quirk). · *`node scripts/release.js watch`* — Runs `gh pr checks --watch` then enumerates open review threads via GraphQL. When any Codex (or human) thread is unresolved, prints the per-thread author + first line + exits non-zero so the operator addresses them in a new commit + re-runs watch. When all threads are resolved + CI is clean, the next step (`merge`) becomes the obvious continuation. · *`node scripts/release.js merge`* — Refuses unless the PR is `mergeStateStatus=CLEAN` + `mergeable=MERGEABLE` + zero unresolved review threads. Squash-merges + deletes the release branch. Pulls main. · *`node scripts/release.js tag`* — Creates the signed annotated tag `v<version>` + pushes it. Verifies the tag signature reports `Good`. Refuses if the tag already exists locally. · *`node scripts/release.js publish`* — Watches the npm-publish + release-container workflows triggered by the tag push. Cross-checks `npm view @blamejs/core version` against the expected version; warns if they don't match (workflow may still be in flight or have failed). · *`node scripts/release.js all [--minor]`* — Runs all eight subcommands in sequence. Pauses on the watch phase if any review thread is unresolved (operator addresses + re-runs `all` from `watch` onward). · *`node scripts/release.js status` + `help`* — `status` reports the current branch, working-tree cleanliness, package version, presence of `release-notes/v<version>.json`, and any open PR for the current release branch. `help` prints the subcommand banner. Both are read-only — safe to run anytime. **Changed:** *Minor bump (additive surface)* — First minor bump since v0.11.0. The release script is a new top-level operator surface — additive, no existing API breaks. Operators following the previous multi-step release flow keep working unchanged; the script is opt-in.
12
+
9
13
  ## v0.11.x
10
14
 
11
15
  - v0.11.45 (2026-05-22) — **Wiki compose pins track framework version.** The dev and prod compose pins for `ghcr.io/blamejs/blamejs-wiki` move from the legacy `0.3.x` wiki-only versioning (`0.3.24` prod, `0.3.8` dev) to the framework version (`0.11.45`). The wiki container's build tag has matched the framework version since the v0.11.44 release-container workflow fix; the compose pins now follow suit so a fresh clone + `docker compose up` works against the most recent published image without manual edits. **Changed:** *`examples/wiki/docker-compose.prod.yml` pin: `0.3.24` → `0.11.45`* — The prod compose now pulls `ghcr.io/blamejs/blamejs-wiki:0.11.45`. Operators deploying to a host running an older pin keep working unchanged — their `.env` / image override takes precedence. To upgrade, the operator runs `docker compose -f docker-compose.yml -f docker-compose.prod.yml pull && docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d` on the host. · *`examples/wiki/docker-compose.yml` pin: `0.3.8` → `0.11.45`* — The dev compose (local-build path) also tracks the framework version. Aligns the locally-built dev image tag with the published image tag so the two paths don't drift over time.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@blamejs/core",
3
- "version": "0.11.45",
3
+ "version": "0.12.0",
4
4
  "description": "The Node framework that owns its stack.",
5
5
  "license": "Apache-2.0",
6
6
  "author": "blamejs contributors",
package/sbom.cdx.json CHANGED
@@ -2,10 +2,10 @@
2
2
  "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
3
3
  "bomFormat": "CycloneDX",
4
4
  "specVersion": "1.5",
5
- "serialNumber": "urn:uuid:1f7e4ae2-9fa2-441e-8e88-61029516e59e",
5
+ "serialNumber": "urn:uuid:8c4e3f98-d5b0-4b97-a108-7ea2093527b5",
6
6
  "version": 1,
7
7
  "metadata": {
8
- "timestamp": "2026-05-22T16:03:39.365Z",
8
+ "timestamp": "2026-05-22T16:44:43.720Z",
9
9
  "lifecycles": [
10
10
  {
11
11
  "phase": "build"
@@ -19,14 +19,14 @@
19
19
  }
20
20
  ],
21
21
  "component": {
22
- "bom-ref": "@blamejs/core@0.11.45",
22
+ "bom-ref": "@blamejs/core@0.12.0",
23
23
  "type": "application",
24
24
  "name": "blamejs",
25
- "version": "0.11.45",
25
+ "version": "0.12.0",
26
26
  "scope": "required",
27
27
  "author": "blamejs contributors",
28
28
  "description": "The Node framework that owns its stack.",
29
- "purl": "pkg:npm/%40blamejs/core@0.11.45",
29
+ "purl": "pkg:npm/%40blamejs/core@0.12.0",
30
30
  "properties": [],
31
31
  "externalReferences": [
32
32
  {
@@ -54,7 +54,7 @@
54
54
  "components": [],
55
55
  "dependencies": [
56
56
  {
57
- "ref": "@blamejs/core@0.11.45",
57
+ "ref": "@blamejs/core@0.12.0",
58
58
  "dependsOn": []
59
59
  }
60
60
  ]