From 535782d90f453c2eb06c4a1fa5e136532384c69d Mon Sep 17 00:00:00 2001 From: Yoni Melki Date: Tue, 23 Jun 2026 22:00:11 +0300 Subject: [PATCH 1/6] [minor] Add tag/release mechanism and drift-prevention check (AX-1736) Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/release.yml | 83 ++++++++++++++++++++++++++ .github/workflows/validate-version.yml | 31 ++++++++++ VERSION | 1 + 3 files changed, 115 insertions(+) create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/validate-version.yml create mode 100644 VERSION diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..e55f273 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,83 @@ +name: Release + +on: + push: + branches: [main] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: false + +permissions: + contents: write + +jobs: + release: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Detect release tag in commit message + id: detect + run: | + MSG="${{ github.event.head_commit.message }}" + if echo "$MSG" | grep -qE '\[(major|minor|patch)\]'; then + TAG=$(echo "$MSG" | grep -oE '\[(major|minor|patch)\]' | head -1 | tr -d '[]') + echo "tag=$TAG" >> "$GITHUB_OUTPUT" + echo "triggered=true" >> "$GITHUB_OUTPUT" + else + echo "triggered=false" >> "$GITHUB_OUTPUT" + fi + + - name: Compute next version + if: steps.detect.outputs.triggered == 'true' + id: version + run: | + VERSION=$(cat VERSION) + MAJOR=$(echo "$VERSION" | cut -d. -f1) + MINOR=$(echo "$VERSION" | cut -d. -f2) + PATCH=$(echo "$VERSION" | cut -d. -f3) + case "${{ steps.detect.outputs.tag }}" in + major) NEXT="$((MAJOR + 1)).0.0" ;; + minor) NEXT="${MAJOR}.$((MINOR + 1)).0" ;; + patch) NEXT="${MAJOR}.${MINOR}.$((PATCH + 1))" ;; + esac + echo "version=$NEXT" >> "$GITHUB_OUTPUT" + + - name: Update VERSION and JSON files + if: steps.detect.outputs.triggered == 'true' + run: | + VERSION="${{ steps.version.outputs.version }}" + echo "$VERSION" > VERSION + jq --arg v "$VERSION" '.version = $v' plugin/.claude-plugin/plugin.json > /tmp/plugin.json + mv /tmp/plugin.json plugin/.claude-plugin/plugin.json + jq --arg v "$VERSION" '.plugins[0].version = $v' marketplace.json > /tmp/marketplace.json + mv /tmp/marketplace.json marketplace.json + + - name: Commit, tag, and push + if: steps.detect.outputs.triggered == 'true' + run: | + git config user.name "github-actions[bot]" + git config user.email "github-actions[bot]@users.noreply.github.com" + git add VERSION plugin/.claude-plugin/plugin.json marketplace.json + git commit -m "Release v${{ steps.version.outputs.version }}" + git push origin main + git tag "v${{ steps.version.outputs.version }}" + git push origin "v${{ steps.version.outputs.version }}" + + - name: Package release artifact + if: steps.detect.outputs.triggered == 'true' + run: zip -r release.zip . --exclude ".git/*" --exclude ".github/*" + + - name: Create GitHub Release + if: steps.detect.outputs.triggered == 'true' + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + gh release create "v${{ steps.version.outputs.version }}" \ + release.zip \ + --title "Release v${{ steps.version.outputs.version }}" \ + --generate-notes diff --git a/.github/workflows/validate-version.yml b/.github/workflows/validate-version.yml new file mode 100644 index 0000000..3d0cabf --- /dev/null +++ b/.github/workflows/validate-version.yml @@ -0,0 +1,31 @@ +name: Validate version + +on: + pull_request: + branches: [main] + +jobs: + validate: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Check version consistency + run: | + VERSION=$(cat VERSION) + FAILED=0 + + PLUGIN_VERSION=$(jq -r '.version' plugin/.claude-plugin/plugin.json) + if [ "$VERSION" != "$PLUGIN_VERSION" ]; then + echo "::error::Version mismatch: VERSION=$VERSION but plugin/.claude-plugin/plugin.json.version=$PLUGIN_VERSION" + FAILED=1 + fi + + MARKET_VERSION=$(jq -r '.plugins[0].version' marketplace.json) + if [ "$VERSION" != "$MARKET_VERSION" ]; then + echo "::error::Version mismatch: VERSION=$VERSION but marketplace.json.plugins[0].version=$MARKET_VERSION" + FAILED=1 + fi + + [ "$FAILED" -eq 0 ] && echo "All versions consistent: $VERSION" + exit $FAILED diff --git a/VERSION b/VERSION new file mode 100644 index 0000000..a6a3a43 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +1.0.4 \ No newline at end of file From 4b259532be5d210ce33f639244f4a32c5f1518de Mon Sep 17 00:00:00 2001 From: Yoni Melki <58732001+YoniMelki@users.noreply.github.com> Date: Wed, 24 Jun 2026 15:32:13 +0300 Subject: [PATCH 2/6] fix: seed VERSION and plugin.json at current version 1.0.3 --- VERSION | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/VERSION b/VERSION index a6a3a43..21e8796 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.0.4 \ No newline at end of file +1.0.3 From ae496144b286a75d80e6525561b2964df6d95b4d Mon Sep 17 00:00:00 2001 From: Yoni Melki <58732001+YoniMelki@users.noreply.github.com> Date: Wed, 24 Jun 2026 15:32:21 +0300 Subject: [PATCH 3/6] fix: seed VERSION and plugin.json at current version 1.0.3 --- plugin/.claude-plugin/plugin.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugin/.claude-plugin/plugin.json b/plugin/.claude-plugin/plugin.json index 0c70bb8..20c9c7e 100644 --- a/plugin/.claude-plugin/plugin.json +++ b/plugin/.claude-plugin/plugin.json @@ -1,7 +1,7 @@ { "name": "jfrog", "description": "JFrog Platform integration with MCP, security skills, and supply-chain best practices", - "version": "0.1.0", + "version": "1.0.3", "author": { "name": "JFrog", "url": "https://jfrog.com" }, "hooks": "hooks/hooks.json" } From 93b651023ad21f51977aaf3fe4cdca6b9b3e9f55 Mon Sep 17 00:00:00 2001 From: Yoni Melki <58732001+YoniMelki@users.noreply.github.com> Date: Mon, 29 Jun 2026 10:34:23 +0300 Subject: [PATCH 4/6] docs: add CONTRIBUTING.md with Releasing section --- CONTRIBUTING.md | 52 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 CONTRIBUTING.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..977d727 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,52 @@ +# Contributing to JFrog VS Code Plugin + +Thank you for your interest in contributing! This project is maintained by JFrog and licensed under the [Apache License 2.0](LICENSE). + +## Contributor License Agreement (CLA) + +All contributors must sign the [JFrog CLA](https://jfrog.com/cla/) before contributions can be merged. A CLA check runs automatically on every pull request — follow the prompts to sign if you haven't already. + +## How to Contribute + +1. **Fork** the repository and create a feature branch from `main`. +2. Make your changes, ensuring they follow the existing code style and project conventions. +3. **Commit** with a clear, descriptive message. +4. Open a **pull request** against `main` with a summary of what changed and why. + +## Releasing + +Releases are automated by `.github/workflows/release.yml`. To cut a release, push (or merge) a commit to `main` whose message contains `[major]`, `[minor]`, or `[patch]`: + +- `[patch]` — bug fixes; bumps `X.Y.Z` → `X.Y.Z+1` +- `[minor]` — new features; bumps `X.Y.Z` → `X.Y+1.0` +- `[major]` — breaking changes; bumps `X.Y.Z` → `X+1.0.0` + +The workflow: +1. Bumps `VERSION` and syncs the version in `plugin/.claude-plugin/plugin.json` and `marketplace.json` +2. Commits and pushes the bump to `main` +3. Creates a `vX.Y.Z` git tag +4. Publishes a GitHub Release with a repo zip attached + +**Prerequisite:** `github-actions[bot]` must be allowed to push to `main`. In the repository's branch protection (or ruleset) settings, add `github-actions[bot]` to the bypass list. + +## Reporting Issues + +Open a [GitHub issue](https://github.com/jfrog/vscode-plugin/issues) with: + +- A clear title and description of the problem. +- Steps to reproduce (if applicable). +- Expected vs. actual behavior. + +## Code Guidelines + +- Keep changes focused — one logical change per PR. +- Follow existing patterns and naming conventions in the codebase. +- Do not commit secrets, credentials, or API keys. + +## Code of Conduct + +Be respectful and constructive. We are committed to providing a welcoming and inclusive experience for everyone. + +## Questions? + +Reach out to the JFrog DevRel team at devrel@jfrog.com. From 0789129b357d7c0e6ba7e47d57abb7b19fd8ddec Mon Sep 17 00:00:00 2001 From: Yoni Melki <58732001+YoniMelki@users.noreply.github.com> Date: Mon, 29 Jun 2026 13:32:46 +0300 Subject: [PATCH 5/6] fix: remove push-to-main from release workflow, read VERSION as-is --- .github/workflows/release.yml | 34 +++------------------------------- 1 file changed, 3 insertions(+), 31 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e55f273..468c804 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,6 @@ jobs: steps: - uses: actions/checkout@v4 with: - fetch-depth: 0 token: ${{ secrets.GITHUB_TOKEN }} - name: Detect release tag in commit message @@ -25,46 +24,19 @@ jobs: run: | MSG="${{ github.event.head_commit.message }}" if echo "$MSG" | grep -qE '\[(major|minor|patch)\]'; then - TAG=$(echo "$MSG" | grep -oE '\[(major|minor|patch)\]' | head -1 | tr -d '[]') - echo "tag=$TAG" >> "$GITHUB_OUTPUT" echo "triggered=true" >> "$GITHUB_OUTPUT" else echo "triggered=false" >> "$GITHUB_OUTPUT" fi - - name: Compute next version + - name: Read version if: steps.detect.outputs.triggered == 'true' id: version - run: | - VERSION=$(cat VERSION) - MAJOR=$(echo "$VERSION" | cut -d. -f1) - MINOR=$(echo "$VERSION" | cut -d. -f2) - PATCH=$(echo "$VERSION" | cut -d. -f3) - case "${{ steps.detect.outputs.tag }}" in - major) NEXT="$((MAJOR + 1)).0.0" ;; - minor) NEXT="${MAJOR}.$((MINOR + 1)).0" ;; - patch) NEXT="${MAJOR}.${MINOR}.$((PATCH + 1))" ;; - esac - echo "version=$NEXT" >> "$GITHUB_OUTPUT" - - - name: Update VERSION and JSON files - if: steps.detect.outputs.triggered == 'true' - run: | - VERSION="${{ steps.version.outputs.version }}" - echo "$VERSION" > VERSION - jq --arg v "$VERSION" '.version = $v' plugin/.claude-plugin/plugin.json > /tmp/plugin.json - mv /tmp/plugin.json plugin/.claude-plugin/plugin.json - jq --arg v "$VERSION" '.plugins[0].version = $v' marketplace.json > /tmp/marketplace.json - mv /tmp/marketplace.json marketplace.json + run: echo "version=$(cat VERSION)" >> "$GITHUB_OUTPUT" - - name: Commit, tag, and push + - name: Create and push tag if: steps.detect.outputs.triggered == 'true' run: | - git config user.name "github-actions[bot]" - git config user.email "github-actions[bot]@users.noreply.github.com" - git add VERSION plugin/.claude-plugin/plugin.json marketplace.json - git commit -m "Release v${{ steps.version.outputs.version }}" - git push origin main git tag "v${{ steps.version.outputs.version }}" git push origin "v${{ steps.version.outputs.version }}" From 2ecaa3e83a23deebff27a2eb6480e2f256a53591 Mon Sep 17 00:00:00 2001 From: Yoni Melki <58732001+YoniMelki@users.noreply.github.com> Date: Mon, 29 Jun 2026 13:33:40 +0300 Subject: [PATCH 6/6] docs: update Releasing section to reflect new developer-driven version bump flow --- CONTRIBUTING.md | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 977d727..38c07be 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -15,19 +15,12 @@ All contributors must sign the [JFrog CLA](https://jfrog.com/cla/) before contri ## Releasing -Releases are automated by `.github/workflows/release.yml`. To cut a release, push (or merge) a commit to `main` whose message contains `[major]`, `[minor]`, or `[patch]`: +To cut a release: -- `[patch]` — bug fixes; bumps `X.Y.Z` → `X.Y.Z+1` -- `[minor]` — new features; bumps `X.Y.Z` → `X.Y+1.0` -- `[major]` — breaking changes; bumps `X.Y.Z` → `X+1.0.0` +1. In your PR, bump `VERSION` and sync both `plugin/.claude-plugin/plugin.json` `.version` and `marketplace.json` `.plugins[0].version` to match. The `validate-version` PR check enforces this. +2. Merge to `main` with `[major]`, `[minor]`, or `[patch]` anywhere in the commit message. -The workflow: -1. Bumps `VERSION` and syncs the version in `plugin/.claude-plugin/plugin.json` and `marketplace.json` -2. Commits and pushes the bump to `main` -3. Creates a `vX.Y.Z` git tag -4. Publishes a GitHub Release with a repo zip attached - -**Prerequisite:** `github-actions[bot]` must be allowed to push to `main`. In the repository's branch protection (or ruleset) settings, add `github-actions[bot]` to the bypass list. +The release workflow reads `VERSION`, creates a `vX.Y.Z` git tag, and publishes a GitHub Release with a repo zip attached. No bot push to `main` — the version bump is part of the PR itself. ## Reporting Issues