Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
71d2b76
Cleaned up files and Added Files for OSS release
vinaayakh-aot Jun 26, 2026
0c5a364
fix: correct MCP auth flag, close HTTP SSRF gap, and resolve quality …
vinaayakh-aot Jun 26, 2026
11f3eab
Docs corrected and updated
vinaayakh-aot Jun 26, 2026
4577221
Prepare v0.1.0 open-source release readiness
vinaayakh-aot Jun 26, 2026
40c50d4
"Simplify CI/packaging for OSS: drop SonarQube for CodeQL, dedup test…
vinaayakh-aot Jun 26, 2026
9911a82
Increased Test coverage for google drive, salesforce, stripe connectors
vinaayakh-aot Jun 26, 2026
6c26cfd
Prepare 1.0.0 stable release with frozen public API and 80% coverage …
vinaayakh-aot Jun 28, 2026
ea04f86
Checklist gaps are implemented
vinaayakh-aot Jun 28, 2026
b53cac9
Removed debug logs
vinaayakh-aot Jun 29, 2026
e3ca10c
Fixed DCO for dependabot
vinaayakh-aot Jun 29, 2026
ddfee6d
src/node_wire_runtime/observability.py
vinaayakh-aot Jun 29, 2026
2000bc6
Merge remote-tracking branch 'upstream/main' into feature/release-che…
vinaayakh-aot Jun 29, 2026
ef9830e
Fix TRACELOOP_API_KEY test
vinaayakh-aot Jun 29, 2026
01f409b
Fix linting
vinaayakh-aot Jun 29, 2026
2a68d47
Move from gitleaks action to gitleaks CLI
vinaayakh-aot Jun 29, 2026
0d17d94
Merge remote-tracking branch 'upstream/main' into feature/release-che…
vinaayakh-aot Jun 29, 2026
39611a4
Ignore dependabot for internal packages
vinaayakh-aot Jun 29, 2026
d109660
Update packages to create a release version and package
vinaayakh-aot Jun 29, 2026
b54432f
Add addressed cases to gitleaks
vinaayakh-aot Jun 29, 2026
af8729b
Disable codeql until public release
vinaayakh-aot Jun 29, 2026
0cf9584
Fixed gitleaks
vinaayakh-aot Jun 29, 2026
9b8a8cd
Remove Auth from playground UI. Added better logging for errors
vinaayakh-aot Jun 29, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@ updates:
schedule:
interval: "weekly"
open-pull-requests-limit: 10
ignore:
# Internal monorepo dependency; connector packages are versioned together
# during releases, not independently by Dependabot.
- dependency-name: "node-wire-runtime"
groups:
python-dependencies:
patterns: ["*"]
Expand Down
7 changes: 1 addition & 6 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,7 @@
name: CodeQL

on:
push:
branches: [main, master]
pull_request:
branches: [main, master]
schedule:
- cron: "0 6 * * 1"
workflow_dispatch:

jobs:
analyze:
Expand Down
191 changes: 191 additions & 0 deletions .github/workflows/github-release.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,191 @@
##
## SPDX-FileCopyrightText: 2026 AOT Technologies
## SPDX-License-Identifier: Apache-2.0
##

name: GitHub Release

# Manual trigger after pushing a release tag.
# Go to Actions → "GitHub Release" → Run workflow with the target version.
on:
workflow_dispatch:
inputs:
version:
description: "Semver version to release, without leading v (for example, 1.0.0)"
required: true
type: string

permissions:
contents: write

env:
CYCLONEDX_BOM_VERSION: "4.6.1"

jobs:
github-release:
name: Create GitHub release
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
ref: refs/tags/v${{ inputs.version }}
fetch-depth: 0

- name: Resolve release version
shell: python
run: |
import os
import re
import sys

version = "${{ inputs.version }}".strip()
tag = f"v{version}"

if not re.fullmatch(r"\d+\.\d+\.\d+", version):
print(f"ERROR: {version!r} is not a MAJOR.MINOR.PATCH version", file=sys.stderr)
sys.exit(1)

with open(os.environ["GITHUB_ENV"], "a", encoding="utf-8") as env:
env.write(f"RELEASE_VERSION={version}\n")
env.write(f"RELEASE_TAG={tag}\n")

print(f"Preparing release {tag}")

- name: Verify tag exists
run: git rev-parse --verify "refs/tags/${RELEASE_TAG}"

- name: Set up Python
uses: actions/setup-python@v5.3.0
with:
python-version: "3.11"

- name: Install uv
uses: astral-sh/setup-uv@v5
with:
enable-cache: true
cache-dependency-glob: |
pyproject.toml
uv.lock

- name: Validate versions and changelog
shell: python
run: |
import os
import pathlib
import re
import sys
import tomllib

version = os.environ["RELEASE_VERSION"]
root = pathlib.Path(".")
pyprojects = [root / "pyproject.toml", *sorted(root.glob("packages/**/pyproject.toml"))]

mismatches = []
for path in pyprojects:
data = tomllib.loads(path.read_text(encoding="utf-8"))
actual = data.get("project", {}).get("version")
if actual != version:
mismatches.append(f"{path}: expected {version}, found {actual}")

if mismatches:
print("ERROR: package versions do not match release tag", file=sys.stderr)
for mismatch in mismatches:
print(f" {mismatch}", file=sys.stderr)
sys.exit(1)

changelog = pathlib.Path("CHANGELOG.md").read_text(encoding="utf-8")
heading = re.compile(
rf"^## \[{re.escape(version)}\] - \d{{4}}-\d{{2}}-\d{{2}}\s*$",
re.MULTILINE,
)
match = heading.search(changelog)
if not match:
print(f"ERROR: CHANGELOG.md is missing a dated [{version}] section", file=sys.stderr)
sys.exit(1)

next_heading = re.search(r"^## \[", changelog[match.end():], re.MULTILINE)
end = match.end() + next_heading.start() if next_heading else len(changelog)
release_body = changelog[match.start():end].strip()

link_pattern = rf"^\[{re.escape(version)}\]: .+/releases/tag/v{re.escape(version)}\s*$"
if not re.search(link_pattern, changelog, re.MULTILINE):
print(f"ERROR: CHANGELOG.md is missing the [{version}] release link", file=sys.stderr)
sys.exit(1)

pathlib.Path("release-notes.md").write_text(release_body + "\n", encoding="utf-8")
print(f"PASS: versions and changelog are ready for {version}")

- name: Install release dependencies
run: |
uv sync --frozen --all-extras --no-dev
uv pip install "cyclonedx-bom==${{ env.CYCLONEDX_BOM_VERSION }}"

- name: Generate SBOM
run: |
uv run cyclonedx-py environment -o sbom.json
echo "SBOM generated: sbom.json"

- name: Create release manifest
shell: python
run: |
import datetime
import hashlib
import os
import pathlib

version = os.environ["RELEASE_VERSION"]
tag = os.environ["RELEASE_TAG"]
sha = "${{ github.sha }}"
sbom_path = pathlib.Path("sbom.json")
sbom_sha = hashlib.sha256(sbom_path.read_bytes()).hexdigest()
created = datetime.datetime.now(datetime.UTC).replace(microsecond=0).isoformat()

package_paths = [
"packages/runtime",
"packages/connectors/http_generic",
"packages/connectors/stripe",
"packages/connectors/smtp",
"packages/connectors/google_drive",
"packages/connectors/fhir_cerner",
"packages/connectors/fhir_epic",
"packages/connectors/salesforce",
"packages/connectors/slack",
]

lines = [
f"Release: {tag}",
f"Version: {version}",
f"Commit: {sha}",
f"Created: {created}",
"Changelog: CHANGELOG.md",
"SBOM: sbom.json",
f"SBOM-SHA256: {sbom_sha}",
"",
"Publishable packages (dispatch publish.yml per package with this tag):",
]
lines.extend(f" - {path} @ {version}" for path in package_paths)
lines.append("")

pathlib.Path("release-manifest.txt").write_text("\n".join(lines), encoding="utf-8")

- name: Upload release artifacts to workflow run
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: github-release-artifacts
path: |
release-notes.md
release-manifest.txt
sbom.json
if-no-files-found: error

- name: Create GitHub Release
env:
GH_TOKEN: ${{ github.token }}
run: |
gh release create "${RELEASE_TAG}" \
--verify-tag \
--title "${RELEASE_TAG}" \
--notes-file release-notes.md \
sbom.json \
release-manifest.txt
Loading
Loading