diff --git a/.github/workflows/skill-release.yml b/.github/workflows/skill-release.yml index 496996f..1141122 100644 --- a/.github/workflows/skill-release.yml +++ b/.github/workflows/skill-release.yml @@ -74,6 +74,10 @@ jobs: rm -f "$tmp_file" } + escape_regex() { + printf '%s' "$1" | sed -e 's/[][(){}.^$*+?|\\]/\\&/g' + } + touched_skills_file="$(mktemp)" git diff --name-only "${BASE_SHA}...${HEAD_SHA}" -- 'skills/*/skill.json' 'skills/*/SKILL.md' \ | awk -F/ 'NF >= 3 {print $1 "/" $2}' \ @@ -175,6 +179,36 @@ jobs: fi echo "Version parity OK for ${skill_dir}: ${head_json_version}" + + changelog_path="${skill_dir}/CHANGELOG.md" + if [ ! -f "${changelog_path}" ]; then + echo "::error file=${changelog_path}::Missing CHANGELOG.md for bumped skill version ${head_json_version}." + failures=$((failures + 1)) + continue + fi + + escaped_version="$(escape_regex "${head_json_version}")" + if ! grep -Eq "^## \\[${escaped_version}\\] - [0-9]{4}-[0-9]{2}-[0-9]{2}$" "${changelog_path}"; then + echo "::error file=${changelog_path}::Missing required release-notes heading: ## [${head_json_version}] - YYYY-MM-DD" + failures=$((failures + 1)) + continue + fi + + changelog_entry="$(awk -v version="${head_json_version}" ' + BEGIN { in_section = 0; found = 0 } + $0 ~ ("^## \\[" version "\\] - [0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]$") { in_section = 1; found = 1; next } + in_section && found && /^---/ { exit } + in_section && found && /^## / { exit } + in_section { print } + ' "${changelog_path}" | sed -e :a -e '/^\n*$/{$d;N;ba' -e '}')" + + if [ -z "${changelog_entry}" ]; then + echo "::error file=${changelog_path}::Changelog entry for ${head_json_version} is empty. Add release notes under the version heading." + failures=$((failures + 1)) + continue + fi + + echo "Release notes check OK for ${skill_dir}: ${head_json_version}" done < "${touched_skills_file}" rm -f "${touched_skills_file}" @@ -185,11 +219,11 @@ jobs: fi if [ "${failures}" -gt 0 ]; then - echo "::error::Found ${failures} version parity issue(s) across ${checked_skills} bumped skill(s)." + echo "::error::Found ${failures} skill metadata/release-notes issue(s) across ${checked_skills} bumped skill(s)." exit 1 fi - echo "Validated ${checked_skills} bumped skill(s): skill.json and SKILL.md versions are present and equal." + echo "Validated ${checked_skills} bumped skill(s): version parity and changelog release notes are present." release: if: github.event_name == 'pull_request' diff --git a/skills/clawsec-suite/CHANGELOG.md b/skills/clawsec-suite/CHANGELOG.md index dd1c72d..8d6ee10 100644 --- a/skills/clawsec-suite/CHANGELOG.md +++ b/skills/clawsec-suite/CHANGELOG.md @@ -5,6 +5,13 @@ All notable changes to the ClawSec Suite will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). +## [0.1.5] - 2026-04-08 + +### Fixed + +- Fixed heartbeat update detection to rely on GitHub release metadata for latest-version resolution, addressing false update status results reported in [#168](https://github.com/prompt-security/clawsec/issues/168). +- Hardened fallback behavior when release API auth/config is unavailable so version checks still resolve the correct latest release. + ## [0.1.4] - 2026-02-28 ### Added