bitwarden · withinfocus · Mar 3, 2026 · Mar 3, 2026
@@ -110,6 +110,20 @@ jobs:
           read -ra PLUGINS_ARRAY <<< "$CHANGED_PLUGINS"
           ./scripts/validate-marketplace.sh "${PLUGINS_ARRAY[@]}" 2>&1 | tee /tmp/marketplace-validation.log
 
+      - name: Validate version bump
+        id: version-bump
+        if: steps.changed-files.outputs.has_components == 'true'
+        continue-on-error: true
+        env:
+          BASE_REF: ${{ github.base_ref }}
+          CHANGED_PLUGINS: ${{ steps.changed-files.outputs.changed_plugins }}
+        run: |
+          set -o pipefail
+          git fetch origin "$BASE_REF"
+          echo "Checking version bumps for plugins with component changes: $CHANGED_PLUGINS"
+          read -ra PLUGINS_ARRAY <<< "$CHANGED_PLUGINS"
+          ./scripts/validate-version-bump.sh "origin/$BASE_REF" "${PLUGINS_ARRAY[@]}" 2>&1 | tee /tmp/version-bump-validation.log
+
       - name: Log in to Azure
         if: steps.changed-files.outputs.has_components == 'true'
         uses: bitwarden/gh-actions/azure-login@main
@@ -217,6 +231,7 @@ jobs:
           SHOULD_RUN: ${{ steps.relevance.outputs.should_run }}
           STRUCTURE_RESULT: ${{ steps.structure.outcome }}
           MARKETPLACE_RESULT: ${{ steps.marketplace.outcome }}
+          VERSION_BUMP_RESULT: ${{ steps.version-bump.outcome }}
           COMPONENTS_RESULT: ${{ steps.components.outcome }}
           HAS_COMPONENTS: ${{ steps.changed-files.outputs.has_components }}
           CHANGED_PLUGINS: ${{ steps.changed-files.outputs.changed_plugins }}
@@ -240,8 +255,10 @@ jobs:
             echo "Marketplace validation: skipped (no plugin files changed)"
           fi
           if [[ "$HAS_COMPONENTS" == "true" ]]; then
+            echo "Version bump validation: $VERSION_BUMP_RESULT"
             echo "Component & security validation (AI-driven): $COMPONENTS_RESULT"
           else
+            echo "Version bump validation: skipped (no component files changed)"
             echo "Component & security validation (AI-driven): skipped (no component files changed)"
           fi
           echo ""
@@ -263,6 +280,14 @@ jobs:
             echo ""
           fi
 
+          if [[ -f /tmp/version-bump-validation.log ]] && [[ "$VERSION_BUMP_RESULT" == "failure" ]]; then
+            echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+            echo "📋 Version Bump Validation Details:"
+            echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
+            cat /tmp/version-bump-validation.log
+            echo ""
+          fi
+
           if [[ "$COMPONENTS_RESULT" == "failure" ]]; then
             echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
             echo "📋 Component & Security Validation Details:"
@@ -283,9 +308,11 @@ jobs:
             fi
           fi
 
-          # Only fail on components if it actually ran and failed
-          if [[ "$HAS_COMPONENTS" == "true" ]] && [[ "$COMPONENTS_RESULT" == "failure" ]]; then
-            FAILED=true
+          # Only fail on version bump / components if they actually ran and failed
+          if [[ "$HAS_COMPONENTS" == "true" ]]; then
+            if [[ "$VERSION_BUMP_RESULT" == "failure" ]] || [[ "$COMPONENTS_RESULT" == "failure" ]]; then
+              FAILED=true
+            fi
           fi
 
           if [[ "$FAILED" == "true" ]]; then

@@ -7,6 +7,7 @@ Utility scripts for maintaining the Bitwarden AI Plugins Marketplace.
 - [bump-plugin-version.sh](#bump-plugin-versionsh) - Automate version bumping
 - [validate-plugin-structure.sh](#validate-plugin-structuresh) - Validate plugin structure
 - [validate-marketplace.sh](#validate-marketplacesh) - Validate marketplace.json
+- [validate-version-bump.sh](#validate-version-bumpsh) - Validate version bumps for changed plugins
 - [GitHub Actions Integration](#github-actions-integration)
 - [Local Development Workflow](#local-development-workflow)
 
@@ -216,6 +217,54 @@ Total errors found: 0
 
 ---
 
+## validate-version-bump.sh
+
+Validates that changed plugins include a version bump and changelog update.
+
+### Usage
+
+```bash
+# Compare against a base branch
+./scripts/validate-version-bump.sh origin/main plugin-name
+
+# Check multiple plugins
+./scripts/validate-version-bump.sh origin/main bitwarden-code-review bitwarden-software-engineer
+
+# Accept plugins/ path prefix
+./scripts/validate-version-bump.sh origin/main plugins/bitwarden-code-review
+```
+
+### Checks Performed
+
+- **Version bump** - Compares the version in `plugin.json` between the base ref and HEAD. The new version must be strictly greater than the base version (any of major, minor, or patch).
+- **Changelog update** - Verifies that `CHANGELOG.md` was modified in the diff between the base ref and HEAD.
+
+### Exit Codes
+
+- `0` - All plugins have proper version bumps
+- `1` - One or more plugins are missing a version bump or changelog update
+
+### Example Output
+
+```
+🔍 Validating version bumps for changed plugins...
+
+📦 Checking bitwarden-software-engineer...
+  ❌ bitwarden-software-engineer: Version not bumped (still 0.3.0). Plugin component files were changed — run ./scripts/bump-plugin-version.sh bitwarden-software-engineer <new-version>
+  ❌ bitwarden-software-engineer: CHANGELOG.md not updated. Add an entry describing what changed.
+
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+📊 Version Bump Validation Summary
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+Plugins checked: 1
+Total errors: 2
+
+❌ Version bump validation failed with 2 error(s)
+```
+
+---
+
 ## Plugin Requirements Reference
 
 ### Required Files
@@ -313,6 +362,13 @@ description: Skill description
   - `AGENT.md` files (if agents exist)
 - Use the version bump script: `./scripts/bump-plugin-version.sh plugin-name X.Y.Z`
 
+**"Version not bumped" / "CHANGELOG.md not updated"**
+
+- Plugin component files (agents, skills, hooks) were changed without a version bump
+- Run `./scripts/bump-plugin-version.sh <plugin-name> <new-version>` to bump all version files
+- Add a changelog entry under the appropriate category (Added, Changed, Fixed, etc.)
+- Commit the version bump alongside your code changes
+
 **"Missing YAML frontmatter"**
 
 - Ensure files start with `---` and end with `---`