chore: split release pipeline from version bump pipeline

.github/workflows/release.yml → .github/workflows/prep-release.yml

@@ -1,5 +1,6 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 ---
-name: Release
+name: Prepare Release
 
 on:
   workflow_dispatch:
@@ -33,7 +34,7 @@ jobs:
     permissions: write-all
     runs-on: ubuntu-latest
     if: github.repository_owner == 'fabric8-analytics'
-    name: Create a release
+    name: Prepare a release
     environment: production
 
     steps:
@@ -146,15 +147,16 @@ jobs:
         run: |
           git push origin release/${{ steps.bump.outputs.version }}
 
-      - name: Create Pull Request
+      - name: Create & Merge Pull Request
         run: |
           gh label create "${{ steps.bump.outputs.version }}" --force
           gh pr create \
             --base main \
-            --title "Release ${{ steps.bump.outputs.version }}" \
+            --title "[release] ${{ steps.bump.outputs.version }}" \
             --body "$PR_BODY" \
             --head release/${{ steps.bump.outputs.version }} \
             --label "release" --label "${{ steps.bump.outputs.version }}"
+          gh pr merge release/${{ steps.bump.outputs.version }} --admin --squash
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           PR_BODY: |
@@ -164,40 +166,4 @@ jobs:
             - Updated version in package.json
             - Updated changelog
 
-      - name: Create a release
-        id: new_release
-        uses: actions/github-script@v7
-        with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          script: |
-            const repo_name = context.payload.repository.full_name
-            const response = await github.request('POST /repos/' + repo_name + '/releases', {
-              tag_name: '${{ steps.bump.outputs.version }}',
-              name: '${{ steps.bump.outputs.version }}',
-              body: '${{ steps.release-notes.outputs.notes }}',
-              prerelease: false,
-              generate_release_notes: true
-            })
-            core.setOutput('upload_url', response.data.upload_url)
-
-      - name: Upload packages and checksums as release assets
-        run: |
-          for file in fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix*
-          do
-            asset_name=$(basename "$file")
-            upload_url=$(echo "${{ steps.new_release.outputs.upload_url }}" | sed "s/{?name,label}/?name=$asset_name/g")
-            curl --data-binary @"$file" \
-              -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-              -H "Content-Type: application/octet-stream" \
-              "$upload_url"
-          done
-
-      - name: Publish to VSCode Marketplace
-        if: ${{ github.event.inputs.publishToMarketplace == 'true' }}
-        run: |
-          vsce publish --pat ${{ secrets.VSCODE_MARKETPLACE_TOKEN }} --packagePath fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix ${{ github.event.inputs.publishPreRelease == 'true' && '--pre-release' || '' }}
-
-      - name: Publish to Open VSX Registry
-        if: ${{ github.event.inputs.publishToOVSX == 'true' }}
-        run: |
-          npx ovsx publish --pat ${{ secrets.OVSX_MARKETPLACE_TOKEN }} --packagePath fabric8-analytics-${{ steps.bump.outputs.version }}-${{ github.run_number }}.vsix ${{ github.event.inputs.publishPreRelease == 'true' && '--pre-release' || '' }}
+

.github/workflows/release.yaml

@@ -0,0 +1,94 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+---
+name: Release
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  release:
+    permissions: write-all
+    runs-on: ubuntu-latest
+    if: "github.repository_owner == 'fabric8-analytics' && startsWith(github.event.head_commit.message, '[release]')"
+    name: Create & publish a release
+    environment: production
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          ssh-key: ${{ secrets.DEPLOY_KEY }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          registry-url: 'https://npm.pkg.github.com'
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create .npmrc
+        run: |
+          echo "@trustification:registry=https://npm.pkg.github.com" > ~/.npmrc
+          echo "@fabric8-analytics:registry=https://npm.pkg.github.com" >> ~/.npmrc
+
+      - name: Install @vscode/vsce
+        run: npm i -g @vscode/vsce
+
+      - name: Install Dependencies
+        run: npm ci
+
+      - name: Read new version from package.json
+        id: release_version
+        run: |
+          new_version=$(node -p "require('./package.json').version")
+          echo "version=$new_version" >> "$GITHUB_OUTPUT""
+
+      - name: VSCE package
+        run: vsce package --out fabric8-analytics-${{ steps.release_version.outputs.version }}-${{ github.run_number }}.vsix
+
+      - name: Create SHA256 checksum
+        run: |
+          sha256sum fabric8-analytics-${{ steps.release_version.outputs.version }}-${{ github.run_number }}.vsix > fabric8-analytics-${{ steps.release_version.outputs.version }}-${{ github.run_number }}.vsix.sha256
+
+      - name: Create a release
+        id: new_release
+        uses: actions/github-script@v7
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+            const repo_name = context.payload.repository.full_name
+            const response = await github.request('POST /repos/' + repo_name + '/releases', {
+              tag_name: '${{ steps.release_version.outputs.version }}',
+              name: '${{ steps.release_version.outputs.version }}',
+              body: '${{ steps.release-notes.outputs.notes }}',
+              prerelease: false,
+              generate_release_notes: true
+            })
+            core.setOutput('upload_url', response.data.upload_url)
+
+      - name: Upload packages and checksums as release assets
+        run: |
+          for file in fabric8-analytics-${{ steps.release_version.outputs.version }}-${{ github.run_number }}.vsix*
+          do
+            asset_name=$(basename "$file")
+            upload_url=$(echo "${{ steps.new_release.outputs.upload_url }}" | sed "s/{?name,label}/?name=$asset_name/g")
+            curl --data-binary @"$file" \
+              -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+              -H "Content-Type: application/octet-stream" \
+              "$upload_url"
+          done
+
+      - name: Publish to VSCode Marketplace
+        if: ${{ github.event.inputs.publishToMarketplace == 'true' }}
+        run: |
+          vsce publish --pat ${{ secrets.VSCODE_MARKETPLACE_TOKEN }} --packagePath fabric8-analytics-${{ steps.release_version.outputs.version }}-${{ github.run_number }}.vsix ${{ github.event.inputs.publishPreRelease == 'true' && '--pre-release' || '' }}
+
+      - name: Publish to Open VSX Registry
+        if: ${{ github.event.inputs.publishToOVSX == 'true' }}
+        run: |
+          npx ovsx publish --pat ${{ secrets.OVSX_MARKETPLACE_TOKEN }} --packagePath fabric8-analytics-${{ steps.release_version.outputs.version }}-${{ github.run_number }}.vsix ${{ github.event.inputs.publishPreRelease == 'true' && '--pre-release' || '' }}
+

CHANGELOG.md

@@ -1,4 +1,26 @@
 # Change Log
+
+## 0.10.0 (September 8th 2025)
+
+### Enhancements
+
+- Introduced LM Model Cards functionality that detects the usage of Large Language Models (LLMs) within a project and provides concise safety and security insights (Developer Preview). See [PR#800](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/800) for details.
+- Added support for exclude patterns to ignore paths. See [PR#803](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/803) for details.
+- Added option for additional Maven CLI arguments. See [PR#802](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/802) for details.
+- Improved UX for error messages in logs & notifications. See [PR#801](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/801) and [PR#799](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/799) for details.
+- Added support for toggling of recommendations. See [PR#795](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/795) for details.
+
+### Fixes
+
+- Fixed component analysis status bar error tooltip not showing. See [PR#798](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/798) for details.
+
+### Chores
+
+- Bumped JavaScript API for various fixes. See [PR#825](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/825), [PR#824](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/824), [PR#823](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/823) for details.
+- Updated README to better explain Maven/Gradle wrapper settings. See [PR#818](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/818) for details.
+- Enabled 'strict' type-checking in tsconfig. See [PR#796](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/796) for details.
+- Removed LSP and integrated features directly. See [PR#794](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/pull/794) for details.
+
 ## 0.9.6 (May 30th 2025)
 
 ### Fixes

README.md

@@ -1,6 +1,6 @@
 # Red Hat Dependency Analytics
 
-[![Visual Studio Marketplace](https://vsmarketplacebadges.dev/version/redhat.fabric8-analytics.svg)](https://marketplace.visualstudio.com/items?itemName=redhat.fabric8-analytics)
+[![Visual Studio Marketplace](https://vsmarketplacebadges.dev/version/redhat.fabric8-analytics.png)](https://marketplace.visualstudio.com/items?itemName=redhat.fabric8-analytics)
 ![CI](https://github.com/fabric8-analytics/fabric8-analytics-vscode-extension/workflows/CI/badge.svg?branch=main)
 [![Codecov](https://codecov.io/gh/fabric8-analytics/fabric8-analytics-vscode-extension/branch/main/graph/badge.svg?token=rHIO4KNlJ0)](https://codecov.io/gh/fabric8-analytics/fabric8-analytics-vscode-extension)
 

package.json

@@ -2,7 +2,7 @@
   "name": "fabric8-analytics",
   "displayName": "Red Hat Dependency Analytics",
   "description": "Provides insights on security vulnerabilities in your application dependencies.",
-  "version": "0.9.6",
+  "version": "0.10.0",
   "author": "Red Hat",
   "publisher": "redhat",
   "preview": true,