obsidian-dev-skills 1.2.1 → 1.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/obsidian-ops/references/scorecard-compliance.md +6 -3
  2. package/obsidian-ops/references/versioning-releases.md +14 -5
  3. package/package.json +1 -1
package/obsidian-ops/references/scorecard-compliance.md CHANGED
@@ -92,6 +92,7 @@ on:
92
92
  push:
93
93
  tags:
94
94
  - "*"
95
+ workflow_dispatch:
95
96
 
96
97
  permissions:
97
98
  contents: write
@@ -110,6 +111,8 @@ jobs:
110
111
  cache: "pnpm"
111
112
  - run: pnpm install --frozen-lockfile
112
113
  - run: pnpm build
114
+ - id: version
115
+ run: echo "version=$(jq -r .version manifest.json)" >> "$GITHUB_OUTPUT"
113
116
  - uses: actions/attest-build-provenance@v2
114
117
  with:
115
118
  subject-path: |
@@ -118,10 +121,10 @@ jobs:
118
121
  manifest.json
119
122
  - env:
120
123
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
121
- TAG: ${{ github.ref_name }}
124
+ VERSION: ${{ steps.version.outputs.version }}
122
125
  run: |
123
- gh release create "$TAG" \
124
- --title="$TAG" \
126
+ gh release create "$VERSION" \
127
+ --title="$VERSION" \
125
128
  --generate-notes \
126
129
  main.js styles.css manifest.json
127
130
  ```
package/obsidian-ops/references/versioning-releases.md CHANGED
@@ -31,6 +31,7 @@ on:
31
31
  push:
32
32
  tags:
33
33
  - "*"
34
+ workflow_dispatch:
34
35
 
35
36
  permissions:
36
37
  contents: write
@@ -49,6 +50,8 @@ jobs:
49
50
  cache: "pnpm"
50
51
  - run: pnpm install --frozen-lockfile
51
52
  - run: pnpm build
53
+ - id: version
54
+ run: echo "version=$(jq -r .version manifest.json)" >> "$GITHUB_OUTPUT"
52
55
  - uses: actions/attest-build-provenance@v2
53
56
  with:
54
57
  subject-path: |
@@ -57,14 +60,20 @@ jobs:
57
60
  manifest.json
58
61
  - env:
59
62
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
60
- TAG: ${{ github.ref_name }}
63
+ VERSION: ${{ steps.version.outputs.version }}
61
64
  run: |
62
- gh release create "$TAG" \
63
- --title="$TAG" \
64
- --generate-notes \
65
- main.js styles.css manifest.json
65
+ if gh release view "$VERSION" >/dev/null 2>&1; then
66
+ gh release upload "$VERSION" main.js styles.css manifest.json --clobber
67
+ else
68
+ gh release create "$VERSION" \
69
+ --title="$VERSION" \
70
+ --generate-notes \
71
+ main.js styles.css manifest.json
72
+ fi
66
73
  ```
67
74
 
75
+ **Why read the version from `manifest.json`**: the workflow runs from either a tag push (where `github.ref_name` is the tag) or a `workflow_dispatch` from a branch (where `github.ref_name` is the branch name, e.g. `master`). Using `github.ref_name` directly would title a manually-triggered release after the branch. Reading from `manifest.json` is consistent across both triggers and matches what Obsidian's plugin loader actually reads.
76
+
68
77
  Cut releases by pushing a tag (`git tag 0.1.0 && git push origin 0.1.0`). The workflow attaches the three required assets and registers the attestation. The scorecard's "Build verified" signal also fires once the workflow has run, because the attested artifacts can be reproduced byte-for-byte from source.
69
78
 
70
79
  For the full set of scorecard signals and their fixes, see [scorecard-compliance.md](scorecard-compliance.md).
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "obsidian-dev-skills",
3
- "version": "1.2.1",
3
+ "version": "1.2.2",
4
4
  "description": "Agent skills for Obsidian plugin and theme development, including community scorecard compliance, release workflow attestation, and dependency vulnerability hygiene.",
5
5
  "keywords": [
6
6
  "obsidian",