Skip to content

fix(skill-release): report SkillSpector scans on PRs#267

Merged
davida-ps merged 5 commits into
mainfrom
davida-ps/fix-skillspector-release-report
Jun 14, 2026
Merged

fix(skill-release): report SkillSpector scans on PRs#267
davida-ps merged 5 commits into
mainfrom
davida-ps/fix-skillspector-release-report

Conversation

@davida-ps

@davida-ps davida-ps commented Jun 11, 2026
edited by baz-reviewer Bot
Loading

Copy link
Copy Markdown
Collaborator

User description

Summary

  • Remove the extra ### SkillSpector Security Report wrapper heading from generated release notes so future releases only show the report's own title.
  • Run the PR release dry-run for any release-relevant skills/*/** change, not only skill.json / SKILL.md changes.
  • Upload report-only SkillSpector artifacts and add a separate PR comment job that creates or updates one report comment per changed skill.
  • Add workflow assertions for the release-body heading behavior and PR comment automation.

Testing

  • node scripts/test-skill-release-workflow.mjs
  • for test_file in scripts/test-skill-*.mjs; do node "$test_file"; done
  • YAML parse check
  • git diff --check

Generated description

Below is a concise technical summary of the changes proposed in this PR:
Update validate-pr-version-sync, the release dry-run job, and comment-skillspector-report so SkillSpector scans fire on any skills/*/** change, upload sanitized artifacts, and let release notes reuse the scanner’s own heading. Document the refreshed SkillSpector release evidence flow in wiki/modules/automation-release.md and related workflow docs while keeping the vite/@vitejs/plugin-react tooling dependencies current.

TopicDetails
Skill release flow Handle release validation, dry-run builds, and PR comment automation by broadening file change detection, staging per-skill SkillSpector artifacts, and sanitizing release comments while letting release notes use the scanner’s title.
Modified files (2)
  • .github/workflows/skill-release.yml
  • scripts/test-skill-release-workflow.mjs
Latest Contributors(0)
UserCommitDate
Docs & tooling Document the SkillSpector evidence and release behavior in workflow/docs and refresh vite/@vitejs/plugin-react dependencies to keep the tooling current.
Modified files (8)
  • package-lock.json
  • package.json
  • wiki/dependencies.md
  • wiki/glossary.md
  • wiki/i18n/translation-tracker.md
  • wiki/modules/automation-release.md
  • wiki/security-signing-runbook.md
  • wiki/workflow.md
Latest Contributors(0)
UserCommitDate
 Review this PR on Baz | Customize your next review

@davida-ps davida-ps force-pushed the davida-ps/fix-skillspector-release-report branch from 12cff60 to 0702364 Compare June 11, 2026 11:24
baz-reviewer[bot]
baz-reviewer Bot reviewed Jun 11, 2026
View reviewed changes
Comment thread .github/workflows/skill-release.yml
@davida-ps davida-ps force-pushed the davida-ps/fix-skillspector-release-report branch from 0702364 to 356f8e2 Compare June 14, 2026 10:27
baz-reviewer[bot]
baz-reviewer Bot reviewed Jun 14, 2026
View reviewed changes
Comment thread .github/workflows/skill-release.yml
Comment thread .github/workflows/skill-release.yml
baz-reviewer[bot]
baz-reviewer Bot reviewed Jun 14, 2026
View reviewed changes
Comment thread wiki/workflow.md Outdated
@davida-ps davida-ps merged commit 6f51e53 into main Jun 14, 2026
22 checks passed
@davida-ps davida-ps deleted the davida-ps/fix-skillspector-release-report branch June 14, 2026 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@baz-reviewer baz-reviewer[bot] baz-reviewer[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@davida-ps