From 7fc17c3b3867b33f8f2314d30f62c4ea496b614f Mon Sep 17 00:00:00 2001 From: Noah Santschi-Cooney Date: Mon, 8 Sep 2025 17:24:34 +0100 Subject: [PATCH 1/5] chore: force merge version bump PR on release --- .github/workflows/release.yml | 3 ++- package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index d46d6ef7..b056a84e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -146,7 +146,7 @@ jobs: run: | git push origin release/${{ steps.bump.outputs.version }} - - name: Create Pull Request + - name: Create & Merge Pull Request run: | gh label create "${{ steps.bump.outputs.version }}" --force gh pr create \ @@ -155,6 +155,7 @@ jobs: --body "$PR_BODY" \ --head release/${{ steps.bump.outputs.version }} \ --label "release" --label "${{ steps.bump.outputs.version }}" + gh pr merge release/${{ steps.bump.outputs.version }} --admin --squash env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} PR_BODY: | diff --git a/package-lock.json b/package-lock.json index 226c030f..c95cd6c6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "fabric8-analytics", - "version": "0.9.6", + "version": "0.10.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "fabric8-analytics", - "version": "0.9.6", + "version": "0.10.0", "license": "Apache-2.0", "dependencies": { "@redhat-developer/vscode-redhat-telemetry": "^0.8.0", diff --git a/package.json b/package.json index 3dc8682b..67527ee8 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "name": "fabric8-analytics", "displayName": "Red Hat Dependency Analytics", "description": "Provides insights on security vulnerabilities in your application dependencies.", - "version": "0.9.6", + "version": "0.10.0", "author": "Red Hat", "publisher": "redhat", "preview": true, From a051f459442247ad1001c49f441b910cee10933c Mon Sep 17 00:00:00 2001 From: Noah Santschi-Cooney Date: Tue, 9 Sep 2025 11:31:18 +0100 Subject: [PATCH 2/5] fix: use png for vsmarketplacebadges.dev badges --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 8049aa97..a52ebca4 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # Red Hat Dependency Analytics -[![Visual Studio Marketplace](https://vsmarketplacebadges.dev/version/redhat.fabric8-analytics.svg)](https://marketplace.visualstudio.com/items?itemName=redhat.fabric8-analytics) +[![Visual Studio Marketplace](https://vsmarketplacebadges.dev/version/redhat.fabric8-analytics.png)](https://marketplace.visualstudio.com/items?itemName=redhat.fabric8-analytics) ![CI](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/workflows/CI/badge.svg?branch=main) [![Codecov](https://codecov.io/gh/fabric8-analytics/fabric8-analytics-vscode-extension/branch/main/graph/badge.svg?token=rHIO4KNlJ0)](https://codecov.io/gh/fabric8-analytics/fabric8-analytics-vscode-extension) From cf92c09619ed60ef8460d9b0dd053ca2b807013f Mon Sep 17 00:00:00 2001 From: Noah Santschi-Cooney Date: Wed, 10 Sep 2025 13:59:16 +0100 Subject: [PATCH 3/5] chore: split release pipeline into prep & release --- .../{release.yml => prep-release.yml} | 45 ++-------- .github/workflows/release.yaml | 88 +++++++++++++++++++ 2 files changed, 93 insertions(+), 40 deletions(-) rename .github/workflows/{release.yml => prep-release.yml} (72%) create mode 100644 .github/workflows/release.yaml diff --git a/.github/workflows/release.yml b/.github/workflows/prep-release.yml similarity index 72% rename from .github/workflows/release.yml rename to .github/workflows/prep-release.yml index b056a84e..a9ce949d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/prep-release.yml @@ -1,5 +1,6 @@ +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json --- -name: Release +name: Prepare Release on: workflow_dispatch: @@ -33,7 +34,7 @@ jobs: permissions: write-all runs-on: ubuntu-latest if: github.repository_owner == 'fabric8-analytics' - name: Create a release + name: Prepare a release environment: production steps: @@ -151,7 +152,7 @@ jobs: gh label create "${{ steps.bump.outputs.version }}" --force gh pr create \ --base main \ - --title "Release ${{ steps.bump.outputs.version }}" \ + --title "[release] ${{ steps.bump.outputs.version }}" \ --body "$PR_BODY" \ --head release/${{ steps.bump.outputs.version }} \ --label "release" --label "${{ steps.bump.outputs.version }}" @@ -165,40 +166,4 @@ jobs: - Updated version in package.json - Updated changelog - - name: Create a release - id: new_release - uses: actions/github-script@v7 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const repo_name = context.payload.repository.full_name - const response = await github.request('POST /repos/' + repo_name + '/releases', { - tag_name: '${{ steps.bump.outputs.version }}', - name: '${{ steps.bump.outputs.version }}', - body: '${{ steps.release-notes.outputs.notes }}', - prerelease: false, - generate_release_notes: true - }) - core.setOutput('upload_url', response.data.upload_url) - - - name: Upload packages and checksums as release assets - run: | - for file in fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix* - do - asset_name=$(basename "$file") - upload_url=$(echo "${{ steps.new_release.outputs.upload_url }}" | sed "s/{?name,label}/?name=$asset_name/g") - curl --data-binary @"$file" \ - -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ - -H "Content-Type: application/octet-stream" \ - "$upload_url" - done - - - name: Publish to VSCode Marketplace - if: ${{ github.event.inputs.publishToMarketplace == 'true' }} - run: | - vsce publish --pat ${{ secrets.VSCODE_MARKETPLACE_TOKEN }} --packagePath fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix ${{ github.event.inputs.publishPreRelease == 'true' && '--pre-release' || '' }} - - - name: Publish to Open VSX Registry - if: ${{ github.event.inputs.publishToOVSX == 'true' }} - run: | - npx ovsx publish --pat ${{ secrets.OVSX_MARKETPLACE_TOKEN }} --packagePath fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix ${{ github.event.inputs.publishPreRelease == 'true' && '--pre-release' || '' }} + \ No newline at end of file diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 00000000..c667cf0f --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,88 @@ +# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json +--- +name: Release + +on: + workflow_dispatch: + push: + branches: + - main + +jobs: + release: + permissions: write-all + runs-on: ubuntu-latest + if: "github.repository_owner == 'fabric8-analytics' && startsWith(github.event.head_commit.message, '[release]')" + name: Create & publish a release + environment: production + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + ssh-key: ${{ secrets.DEPLOY_KEY }} + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: 20 + registry-url: 'https://npm.pkg.github.com' + env: + NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Create .npmrc + run: | + echo "@trustification:registry=https://npm.pkg.github.com" > ~/.npmrc + echo "@fabric8-analytics:registry=https://npm.pkg.github.com" >> ~/.npmrc + + - name: Install @vscode/vsce + run: npm i -g @vscode/vsce + + - name: Install Dependencies + run: npm ci + + - name: VSCE package + run: vsce package --out fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix + + - name: Create SHA256 checksum + run: | + sha256sum fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix > fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix.sha256 + + - name: Create a release + id: new_release + uses: actions/github-script@v7 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const repo_name = context.payload.repository.full_name + const response = await github.request('POST /repos/' + repo_name + '/releases', { + tag_name: '${{ steps.bump.outputs.version }}', + name: '${{ steps.bump.outputs.version }}', + body: '${{ steps.release-notes.outputs.notes }}', + prerelease: false, + generate_release_notes: true + }) + core.setOutput('upload_url', response.data.upload_url) + + - name: Upload packages and checksums as release assets + run: | + for file in fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix* + do + asset_name=$(basename "$file") + upload_url=$(echo "${{ steps.new_release.outputs.upload_url }}" | sed "s/{?name,label}/?name=$asset_name/g") + curl --data-binary @"$file" \ + -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \ + -H "Content-Type: application/octet-stream" \ + "$upload_url" + done + + - name: Publish to VSCode Marketplace + if: ${{ github.event.inputs.publishToMarketplace == 'true' }} + run: | + vsce publish --pat ${{ secrets.VSCODE_MARKETPLACE_TOKEN }} --packagePath fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix ${{ github.event.inputs.publishPreRelease == 'true' && '--pre-release' || '' }} + + - name: Publish to Open VSX Registry + if: ${{ github.event.inputs.publishToOVSX == 'true' }} + run: | + npx ovsx publish --pat ${{ secrets.OVSX_MARKETPLACE_TOKEN }} --packagePath fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix ${{ github.event.inputs.publishPreRelease == 'true' && '--pre-release' || '' }} + From 017af14f4cb3ef26d748feec27c5c730003a3d58 Mon Sep 17 00:00:00 2001 From: Noah Santschi-Cooney Date: Wed, 10 Sep 2025 15:38:15 +0100 Subject: [PATCH 4/5] fix: get new version from package.json --- .github/workflows/release.yaml | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index c667cf0f..e0f36b3f 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -41,12 +41,18 @@ jobs: - name: Install Dependencies run: npm ci + - name: Read new version from package.json + id: new_version + run: | + new_version=$(node -p "require('./package.json').version") + echo "version=$new_version" >> "$GITHUB_OUTPUT"" + - name: VSCE package - run: vsce package --out fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix + run: vsce package --out fabric8-analytics-${{ steps.new_version.outputs.version }}-${{ github.run_number }}.vsix - name: Create SHA256 checksum run: | - sha256sum fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix > fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix.sha256 + sha256sum fabric8-analytics-${{ steps.new_version.outputs.version }}-${{ github.run_number }}.vsix > fabric8-analytics-${{ steps.new_version.outputs.version }}-${{ github.run_number }}.vsix.sha256 - name: Create a release id: new_release @@ -56,8 +62,8 @@ jobs: script: | const repo_name = context.payload.repository.full_name const response = await github.request('POST /repos/' + repo_name + '/releases', { - tag_name: '${{ steps.bump.outputs.version }}', - name: '${{ steps.bump.outputs.version }}', + tag_name: '${{ steps.new_version.outputs.version }}', + name: '${{ steps.new_version.outputs.version }}', body: '${{ steps.release-notes.outputs.notes }}', prerelease: false, generate_release_notes: true @@ -66,7 +72,7 @@ jobs: - name: Upload packages and checksums as release assets run: | - for file in fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix* + for file in fabric8-analytics-${{ steps.new_version.outputs.version }}-${{ github.run_number }}.vsix* do asset_name=$(basename "$file") upload_url=$(echo "${{ steps.new_release.outputs.upload_url }}" | sed "s/{?name,label}/?name=$asset_name/g") @@ -79,10 +85,10 @@ jobs: - name: Publish to VSCode Marketplace if: ${{ github.event.inputs.publishToMarketplace == 'true' }} run: | - vsce publish --pat ${{ secrets.VSCODE_MARKETPLACE_TOKEN }} --packagePath fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix ${{ github.event.inputs.publishPreRelease == 'true' && '--pre-release' || '' }} + vsce publish --pat ${{ secrets.VSCODE_MARKETPLACE_TOKEN }} --packagePath fabric8-analytics-${{ steps.new_version.outputs.version }}-${{ github.run_number }}.vsix ${{ github.event.inputs.publishPreRelease == 'true' && '--pre-release' || '' }} - name: Publish to Open VSX Registry if: ${{ github.event.inputs.publishToOVSX == 'true' }} run: | - npx ovsx publish --pat ${{ secrets.OVSX_MARKETPLACE_TOKEN }} --packagePath fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix ${{ github.event.inputs.publishPreRelease == 'true' && '--pre-release' || '' }} + npx ovsx publish --pat ${{ secrets.OVSX_MARKETPLACE_TOKEN }} --packagePath fabric8-analytics-${{ steps.new_version.outputs.version }}-${{ github.run_number }}.vsix ${{ github.event.inputs.publishPreRelease == 'true' && '--pre-release' || '' }} From a33293ef7b11cf73855151018288f44581275f25 Mon Sep 17 00:00:00 2001 From: Noah Santschi-Cooney Date: Wed, 10 Sep 2025 17:06:45 +0100 Subject: [PATCH 5/5] chore: update changelog for 0.10.0 --- .github/workflows/release.yaml | 16 ++++++++-------- CHANGELOG.md | 22 ++++++++++++++++++++++ 2 files changed, 30 insertions(+), 8 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index e0f36b3f..2a770136 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -42,17 +42,17 @@ jobs: run: npm ci - name: Read new version from package.json - id: new_version + id: release_version run: | new_version=$(node -p "require('./package.json').version") echo "version=$new_version" >> "$GITHUB_OUTPUT"" - name: VSCE package - run: vsce package --out fabric8-analytics-${{ steps.new_version.outputs.version }}-${{ github.run_number }}.vsix + run: vsce package --out fabric8-analytics-${{ steps.release_version.outputs.version }}-${{ github.run_number }}.vsix - name: Create SHA256 checksum run: | - sha256sum fabric8-analytics-${{ steps.new_version.outputs.version }}-${{ github.run_number }}.vsix > fabric8-analytics-${{ steps.new_version.outputs.version }}-${{ github.run_number }}.vsix.sha256 + sha256sum fabric8-analytics-${{ steps.release_version.outputs.version }}-${{ github.run_number }}.vsix > fabric8-analytics-${{ steps.release_version.outputs.version }}-${{ github.run_number }}.vsix.sha256 - name: Create a release id: new_release @@ -62,8 +62,8 @@ jobs: script: | const repo_name = context.payload.repository.full_name const response = await github.request('POST /repos/' + repo_name + '/releases', { - tag_name: '${{ steps.new_version.outputs.version }}', - name: '${{ steps.new_version.outputs.version }}', + tag_name: '${{ steps.release_version.outputs.version }}', + name: '${{ steps.release_version.outputs.version }}', body: '${{ steps.release-notes.outputs.notes }}', prerelease: false, generate_release_notes: true @@ -72,7 +72,7 @@ jobs: - name: Upload packages and checksums as release assets run: | - for file in fabric8-analytics-${{ steps.new_version.outputs.version }}-${{ github.run_number }}.vsix* + for file in fabric8-analytics-${{ steps.release_version.outputs.version }}-${{ github.run_number }}.vsix* do asset_name=$(basename "$file") upload_url=$(echo "${{ steps.new_release.outputs.upload_url }}" | sed "s/{?name,label}/?name=$asset_name/g") @@ -85,10 +85,10 @@ jobs: - name: Publish to VSCode Marketplace if: ${{ github.event.inputs.publishToMarketplace == 'true' }} run: | - vsce publish --pat ${{ secrets.VSCODE_MARKETPLACE_TOKEN }} --packagePath fabric8-analytics-${{ steps.new_version.outputs.version }}-${{ github.run_number }}.vsix ${{ github.event.inputs.publishPreRelease == 'true' && '--pre-release' || '' }} + vsce publish --pat ${{ secrets.VSCODE_MARKETPLACE_TOKEN }} --packagePath fabric8-analytics-${{ steps.release_version.outputs.version }}-${{ github.run_number }}.vsix ${{ github.event.inputs.publishPreRelease == 'true' && '--pre-release' || '' }} - name: Publish to Open VSX Registry if: ${{ github.event.inputs.publishToOVSX == 'true' }} run: | - npx ovsx publish --pat ${{ secrets.OVSX_MARKETPLACE_TOKEN }} --packagePath fabric8-analytics-${{ steps.new_version.outputs.version }}-${{ github.run_number }}.vsix ${{ github.event.inputs.publishPreRelease == 'true' && '--pre-release' || '' }} + npx ovsx publish --pat ${{ secrets.OVSX_MARKETPLACE_TOKEN }} --packagePath fabric8-analytics-${{ steps.release_version.outputs.version }}-${{ github.run_number }}.vsix ${{ github.event.inputs.publishPreRelease == 'true' && '--pre-release' || '' }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 89e431dd..64cbb8f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,26 @@ # Change Log + +## 0.10.0 (September 8th 2025) + +### Enhancements + +- Introduced LM Model Cards functionality that detects the usage of Large Language Models (LLMs) within a project and provides concise safety and security insights (Developer Preview). See [PR#800](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/800) for details. +- Added support for exclude patterns to ignore paths. See [PR#803](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/803) for details. +- Added option for additional Maven CLI arguments. See [PR#802](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/802) for details. +- Improved UX for error messages in logs & notifications. See [PR#801](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/801) and [PR#799](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/799) for details. +- Added support for toggling of recommendations. See [PR#795](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/795) for details. + +### Fixes + +- Fixed component analysis status bar error tooltip not showing. See [PR#798](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/798) for details. + +### Chores + +- Bumped JavaScript API for various fixes. See [PR#825](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/825), [PR#824](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/824), [PR#823](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/823) for details. +- Updated README to better explain Maven/Gradle wrapper settings. See [PR#818](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/818) for details. +- Enabled 'strict' type-checking in tsconfig. See [PR#796](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/796) for details. +- Removed LSP and integrated features directly. See [PR#794](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/794) for details. + ## 0.9.6 (May 30th 2025) ### Fixes