Skip to content

chore: release 0.3.3#131

Merged
vig-os-release-app[bot] merged 6 commits intomainfrom
release/0.3.3
Apr 10, 2026
Merged

chore: release 0.3.3#131
vig-os-release-app[bot] merged 6 commits intomainfrom
release/0.3.3

Conversation

@vig-os-release-app
Copy link
Copy Markdown
Contributor

@vig-os-release-app vig-os-release-app Bot commented Apr 10, 2026

Release 0.3.3

This PR prepares release 0.3.3 for merge to main.

[0.3.3] - TBD

Added

  • Renovate changelog automation (#506)
    • renovate-changelog-pr CLI tool parses Renovate PR metadata and inserts Keep-a-Changelog entries under ## Unreleased
    • renovate-changelog workflow runs on pull_request_target for renovate[bot] PRs in both upstream and workspace template
  • Devcontainer image version pinning (#509)
    • .vig-os file at repo root declares DEVCONTAINER_VERSION as the single source of truth for CI container image tags
    • resolve-image composite action resolves the image tag and validates it exists in GHCR
  • GITHUB_REPOSITORY resolution for workspace init (#509)
    • parse-github-remote-lib.sh extracts owner/repo from HTTPS, SSH, and git@ GitHub URLs
    • install.sh gains --repo flag; init-workspace.sh replaces {{GITHUB_REPOSITORY}} in workspace template files

Changed

  • Switch from Dependabot to Renovate (#509)
    • Replace .github/dependabot.yml with renovate.json and shared renovate-default.json preset
    • Renovate covers all ecosystems previously tracked (github-actions, pip, npm, docker) plus template directories not reachable by Dependabot
  • Sync workflows run in devcontainer image (#509)
    • sync-issues and sync-main-to-dev use resolve-image and run inside the pinned devcontainer, removing the setup-env composite action dependency and the inlined retry helper
    • sync-main-to-dev creates sync branches via git push instead of the GitHub refs API
  • Smoke-test dispatch triggers promote-release for final releases (#511)
    • Final releases dispatch downstream promote-release.yml instead of merging the release PR directly, publishing the draft GitHub Release and satisfying the upstream promote-time downstream gate
    • RC releases wait for release PR required checks but no longer merge the PR to main

Removed

  • Dependabot configuration (#509)
    • Delete .github/dependabot.yml and assets/workspace/.github/dependabot.yml

Fixed

  • Promote-release draft release validation (#507)
    • Use the paginated releases list API with jq instead of GET /releases/tags/{tag}, which returns 404 for draft releases
    • Apply the same release lookup for RC git tag cleanup in upstream and workspace promote-release.yml

Security

  • Nightly Trivy gate remediation (OpenSSL, gh, typos) (#512)
    • Pin python:3.12-slim-bookworm to current digest and add targeted libssl3/openssl upgrade to 3.0.19-1~deb12u2 (CVE-2026-28390, CVE-2026-31790)
    • Refresh .trivyignore: drop resolved gh/docker-cli and gRPC entries; add Go stdlib and typos-related suppressions plus jwt-token false positive
    • Suppress unfixable base-image CVEs: ncurses (CVE-2025-69720), SQLite (CVE-2025-7458), systemd (CVE-2026-29111), zlib/minizip (CVE-2023-45853)

vig-os-release-app Bot and others added 6 commits April 8, 2026 10:19
@vig-os-release-app
chore: sync dev with main (#129)
d21cf38 
Syncs `dev` with `main` (sync-main-to-dev workflow).
@commit-action-bot
chore: sync issues and PRs
4b566c4
@commit-action-bot
chore: deploy 0.3.3-rc1
281e39b
@vig-os-release-app
chore: deploy 0.3.3-rc1 (#130)
4351f58 
Automated smoke-test deployment commit created by repository_dispatch.

- Dispatch tag: 0.3.3-rc1
- Branch: chore/deploy-0.3.3-rc1
- Target: dev
@commit-action-bot
chore: freeze changelog for release 0.3.3
0cfc499 
Move Unreleased content to [0.3.3] - TBD
and create fresh empty Unreleased section for continued development.
@commit-action-bot
chore: prepare release 0.3.3
bde7a18 
Strip empty Unreleased section from release branch.
Release date TBD (set during finalization).
@vig-os-release-app vig-os-release-app Bot marked this pull request as ready for review April 10, 2026 13:48
@vig-os-release-app vig-os-release-app Bot added the release-kind:candidate Automated release kind label for dispatch orchestration label Apr 10, 2026
github-actions[bot]
github-actions Bot approved these changes Apr 10, 2026
View reviewed changes
Copy link
Copy Markdown

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated approval by smoke-test dispatch orchestration.

@vig-os-release-app vig-os-release-app Bot merged commit 5cbbf48 into main Apr 10, 2026
6 checks passed
@vig-os-release-app vig-os-release-app Bot deleted the release/0.3.3 branch April 10, 2026 13:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] approved these changes

Assignees

No one assigned

Labels

release-kind:candidate Automated release kind label for dispatch orchestration

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants