Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Use git-cliff to generate release changelog #1210

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bjoernricks merged 1 commit into from
Mar 13, 2025
Merged

Use git-cliff to generate release changelog #1210

bjoernricks merged 1 commit into from
Mar 13, 2025
+197 −8

Conversation

@bjoernricks
Copy link
Contributor

@bjoernricks bjoernricks commented Mar 13, 2025

What

Use git-cliff to generate release changelog

Why

git-cliff allows for more flexible release changelog generation.

Add another workflow to show the changelog for all unreleased changes. This allows for checking the changes before making a new release and to decide which release type needs to be applied.

References

https://jira.greenbone.net/browse/GEA-984

@bjoernricks
misc: Use git-cliff to generate release changelog
63f315d 
git-cliff allows for more flexible release changelog generation.

Add another workflow to show the changelog for all unreleased changes.
This allows for checking the changes before making a new release and to
decide which release type needs to be applied.
@bjoernricks bjoernricks requested review from a team as code owners March 13, 2025 10:50
@bjoernricks bjoernricks enabled auto-merge (rebase) March 13, 2025 10:50
@github-actions
Copy link

github-actions bot commented Mar 13, 2025

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 3 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 63f315d.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

.github/workflows/changelog.yml

PackageVersionLicenseIssue Type
greenbone/actions/uv3.*.*NullUnknown License

.github/workflows/release.yml

PackageVersionLicenseIssue Type
greenbone/actions/release-version3.*.*NullUnknown License
greenbone/actions/uv3.*.*NullUnknown License
Allowed Licenses: 0BSD, AGPL-3.0-or-later, Apache-2.0, BlueOak-1.0.0, BSD-2-Clause, BSD-3-Clause-Clear, BSD-3-Clause, BSL-1.0, CAL-1.0, CC-BY-3.0, CC-BY-4.0, CC-BY-SA-4.0, CC0-1.0, EPL-2.0, GPL-2.0-only, GPL-2.0-or-later, GPL-2.0, GPL-3.0-or-later, ISC, LGPL-2.0-only, LGPL-2.0-or-later, LGPL-2.1-only, LGPL-2.1-or-later, LGPL-2.1, LGPL-3.0-only, LGPL-3.0, LGPL-3.0-or-later, MIT, MIT-CMU, MPL-1.1, MPL-2.0, OFL-1.1, PSF-2.0, Python-2.0, Python-2.0.1, Unicode-DFS-2016, Unlicense, Zlib, ZPL-2.1

OpenSSF Scorecard

PackageVersionScoreDetails
actions/actions/checkout 4.*.* 🟢 6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Maintained⚠️ 22 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 37 existing vulnerabilities detected
actions/greenbone/actions/uv 3.*.* UnknownUnknown
actions/actions/checkout 4.*.* 🟢 6
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Maintained⚠️ 22 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration
Security-Policy🟢 9security policy file detected
Packaging🟢 10packaging workflow detected
SAST🟢 9SAST tool detected but not run on all commits
Vulnerabilities🟢 37 existing vulnerabilities detected
actions/greenbone/actions/release 3.*.* UnknownUnknown
actions/greenbone/actions/release-type 3.*.* UnknownUnknown
actions/greenbone/actions/release-version 3.*.* UnknownUnknown
actions/greenbone/actions/uv 3.*.* UnknownUnknown
pip/git-cliff 2.8.0 🟢 4.9
Details
CheckScoreReason
Code-Review⚠️ 2Found 7/24 approved changesets -- score normalized to 2
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Maintained🟢 1030 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Packaging🟢 10packaging workflow detected
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases🟢 85 out of the last 5 releases have a total of 5 signed artifacts.
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities⚠️ 022 existing vulnerabilities detected

Scanned Files

  • .github/workflows/changelog.yml
  • .github/workflows/release.yml
  • poetry.lock

@github-actions
Copy link

github-actions bot commented Mar 13, 2025

Conventional Commits Report

😢 No conventional commits found.

👉 Learn more about the conventional commits usage at Greenbone.

@bjoernricks bjoernricks merged commit 83f5979 into main Mar 13, 2025
25 checks passed
@bjoernricks bjoernricks deleted the release-workflow branch March 13, 2025 10:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@y0urself y0urself y0urself approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bjoernricks @y0urself