Skip to content

docs(changelog): release v0.4.2#86

Merged
nayrosk merged 14 commits into
mainfrom
chore/changelog-v0.4.2
May 12, 2026
Merged

docs(changelog): release v0.4.2#86
nayrosk merged 14 commits into
mainfrom
chore/changelog-v0.4.2

Conversation

@nayrosk
Copy link
Copy Markdown
Member

@nayrosk nayrosk commented May 12, 2026

Summary

Type of change

  • docs
  • feat
  • fix
  • refactor

Testing

  • N/A — documentation-only change; no code, tests, or linter impact.

Related

  • N/A — release prep CHANGELOG entry; consolidates already-merged PRs.

nayrosk and others added 13 commits April 23, 2026 08:39
@nayrosk
fix(ci): promote all image tags after attestation for GHCR UI
97933e3 
GHCR sorts package versions by most-recent push timestamp. When
actions/attest@v4 pushes the attestation referrer manifest after the
image push, it becomes the most-recent artifact and displaces real
tags (latest, x.y.z, x.y) in the UI, showing only the sha256 digest
link instead.

Remediation: loop over all tags from steps.meta.outputs.tags (using
docker buildx imagetools create) after attestation completes. This
re-touches each real tag, bumping their timestamp above the
attestation referrer, so GHCR UI surfaces them first.

Refs: #74
@nayrosk
Merge pull request #75 from Dockermint/fix/ci-ghcr-install-hint-74
59cb161 
fix(ci): promote all image tags after attestation for GHCR UI
@nayrosk
chore(claude-md): add step 14 hypothesis check for CI/external-deps f…
94d5aec 
…ixes

Following @it-consultant retrocontrol on PR #75 (issue #74),
introduce a new workflow step requiring PR bodies to declare
root assumption, pre-merge validation, post-merge validation
plan, and rollback contingency for any CI or release-workflow
change that depends on undocumented third-party service
behavior (GHCR sort key, registry tag indexing, etc.).

Steps 14-20 renumbered to 15-21. Internal Step reference in
RELEASE VERIFICATION updated. Step 20 RETRO now audits step
14 clauses.

Refs: #74, #75
@nayrosk
Merge pull request #77 from Dockermint/chore/claude-md-hypothesis-check
6637e9f 
chore(claude-md): add step 14 hypothesis check for CI/external-deps fixes
@nayrosk
fix(docker): bump tzdata Alpine pin from 2026a-r0 to 2026b-r0
1dccf9a 
Alpine 3.22 main repo rotated tzdata to 2026b-r0, breaking apk add
for existing 2026a-r0 pin. Bump both builder and production stages
to restore CI Docker builds. Fixes blocked Dependabot PRs #79#83.

Refs #84
@nayrosk
Merge pull request #85 from Dockermint/fix/docker-tzdata-pin-84
920d6f1 
fix(docker): bump tzdata Alpine pin from 2026a-r0 to 2026b-r0
@dependabot
deps(deps): bump github.com/aws/aws-sdk-go-v2/service/s3
84cea72 
Bumps [github.com/aws/aws-sdk-go-v2/service/s3](https://github.com/aws/aws-sdk-go-v2) from 1.99.1 to 1.101.0.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@service/s3/v1.99.1...service/s3/v1.101.0)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/service/s3
  dependency-version: 1.100.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@nayrosk
Merge pull request #79 from Dockermint/dependabot/go_modules/develop/…
8139d52 
…github.com/aws/aws-sdk-go-v2/service/s3-1.100.1

deps(deps): bump github.com/aws/aws-sdk-go-v2/service/s3 from 1.99.1 to 1.101.0
@dependabot
deps(deps): bump github.com/aws/aws-sdk-go-v2/config
0c26c74 
Bumps [github.com/aws/aws-sdk-go-v2/config](https://github.com/aws/aws-sdk-go-v2) from 1.32.16 to 1.32.17.
- [Release notes](https://github.com/aws/aws-sdk-go-v2/releases)
- [Commits](aws/aws-sdk-go-v2@config/v1.32.16...config/v1.32.17)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go-v2/config
  dependency-version: 1.32.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@nayrosk
Merge pull request #83 from Dockermint/dependabot/go_modules/develop/…
c47c399 
…github.com/aws/aws-sdk-go-v2/config-1.32.17

deps(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.32.16 to 1.32.17
@dependabot
deps(deps): bump github.com/klauspost/compress from 1.18.5 to 1.18.6
d405016 
Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.18.5 to 1.18.6.
- [Release notes](https://github.com/klauspost/compress/releases)
- [Commits](klauspost/compress@v1.18.5...v1.18.6)

---
updated-dependencies:
- dependency-name: github.com/klauspost/compress
  dependency-version: 1.18.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@nayrosk
Merge pull request #81 from Dockermint/dependabot/go_modules/develop/…
b9d8263 
…github.com/klauspost/compress-1.18.6

deps(deps): bump github.com/klauspost/compress from 1.18.5 to 1.18.6
@nayrosk
docs(changelog): release v0.4.2
e3b440a 
Patch release consolidating bug fixes, dependency updates, and governance
documentation. Includes tzdata Alpine pin fix (#85), GHCR tag promotion
fix (#75), Go module bumps (#81, #79, #83), and CLAUDE.md Step 14
HYPOTHESIS CHECK addition (#77).

Consolidates PRs #75, #77, #79, #81, #83, #85.
@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai Bot commented May 12, 2026
edited
Loading

Warning

Rate limit exceeded

@nayrosk has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 29 minutes and 42 seconds before requesting another review.

You’ve run out of usage credits. Purchase more in the billing tab.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro

Run ID: 4d8712dc-bdd2-4f92-a084-1fe2294cfe95

📥 Commits

Reviewing files that changed from the base of the PR and between 2da1efb and cc5e86f.

⛔ Files ignored due to path filters (3)
  • CHANGELOG.md is excluded by !**/*.md
  • CLAUDE.md is excluded by !**/*.md
  • go.sum is excluded by !**/*.sum, !go.sum
📒 Files selected for processing (3)
  • .github/workflows/release.yml
  • Dockerfile
  • go.mod
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch chore/changelog-v0.4.2

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@nayrosk nayrosk merged commit 60b49a2 into main May 12, 2026
10 checks passed
@nayrosk nayrosk deleted the chore/changelog-v0.4.2 branch May 12, 2026 09:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nayrosk