All notable changes to this project will be documented in this file.
This is a rolling release - changes are deployed continuously to main.
- ai-claude-review.yml: Update
anthropics/claude-code-actionfromv1tov1.0.78- Model:
claude-opus-4-6 - Max turns:
100 - Allowed tools:
mcp__github_inline_comment__create_inline_comment,Task,Agent,Read,Glob,Grep,Bash(gh pr ...),Bash(gh issue ...),Bash(gh search:*),Bash(git log:*)
- Model:
- ai-claude.yml: Update
anthropics/claude-code-actionfromv1tov1.0.78
- ci-ansible-collection.yml: Pin
aquasecurity/trivy-actionto SHA instead of@master
- renovate-base.json: Aligned base configuration with
sbaerlocher/.github- Migrated deprecated
stabilityDays→minimumReleaseAge - Migrated deprecated
fileMatch→managerFilePatternsin all custom managers - Simplified non-major updates into one group (
all-non-major) instead of separate patch and minor groups - Changed schedule from
"before 6am on Monday"to"before 6am"(daily) - Removed
prCreation: "not-pending"— PRs are now created regardless of CI status - Removed
dependencyDashboardApprovalfrom major/pre-release rules — PRs are created automatically, automerge remains disabled for manual review - Added
configMigration: true— Renovate auto-migrates deprecated config in consumer repos - Added
npmDedupeandpnpmDedupetopostUpdateOptions - Removed
"group:allNonMajor"and"schedule:weekdays"fromextends(now configured explicitly) - Removed redundant
dependencyDashboard: true(set via:dependencyDashboardinextends)
- Migrated deprecated
- renovate-go.json: Aligned with base conventions
- Migrated deprecated
matchPackagePrefixes→matchPackageNameswith/**glob - Migrated deprecated
matchPackagePatterns→matchPackageNameswith regex - Migrated deprecated
excludePackagePrefixes→ negativematchPackageNames - Migrated
stabilityDays→minimumReleaseAge - Migrated
fileMatch→managerFilePatternsin all custom managers - Removed redundant
:semanticCommitTypeAll(chore)fromextends - Removed
dependencyDashboardApproval(consistent with base)
- Migrated deprecated
- renovate-actions.json: Removed conflicting
github-actionspackage rule (base already handles GitHub Actions grouping as"GitHub Actions"with digest pinning); removed redundantplatformAutomerge: truefrom package rule - renovate-ansible.json: Migrated
fileMatch→managerFilePatternsin custom manager andansible-galaxymanager config
- ci-go.yml: New dedicated Go CI workflow with
go testandgolangci-lint - actions/check-argument-specs: New composite action to validate Ansible
role variables in
defaults/main.ymlagainstmeta/argument_specs.ymlwith recursive suboptions checking and GitHub Actions annotations - ci-ansible-collection.yml: New
argument-specsjob using the composite action (enabled by default viaenable_argument_specs_checkinput) - Support for
# noqa: argument-specscomments to skip variables from checks
- ci-go-action.yml → ci-lint.yml: Renamed and reduced to pure linting tools
(actionlint, shellcheck, yamllint); Go-specific jobs moved to
ci-go.yml - templates/workflows/ci.yml: Updated to use
ci-go.yml+ci-lint.ymlinstead ofci-go-action.yml
- Skip default value comparison for Jinja2 template expressions
- Improved dict heuristic to avoid false warnings on lookup/mapping dicts (e.g. OS-family keys like Debian, RedHat)
- Skip suboptions warning for lookup/mapping dicts
- Recursive suboptions quality check now runs independent of default values
- Added Python cache files (
__pycache__/,*.pyc) to.gitignore
- ai-claude-review.yml: Switch from manual review prompt to official
Anthropic
code-reviewplugin viaclaude-code-plugins
- ai-claude-review.yml: Scope Claude review to PR diff only instead of reviewing the entire codebase
Initial repository setup:
- Community health files: CODE_OF_CONDUCT.md, CONTRIBUTING.md, GOVERNANCE.md, SECURITY.md, SUPPORT.md
- Templates: Issue templates (bug report, feature request, documentation), PR template
- Configuration templates: .editorconfig, .golangci.yml, .yamllint.yml, github-ruleset.json
- Organization profile: profile/README.md
- Standards: STANDARDS.md with repository structure and conventions
- Renovate presets: base, go, actions, ansible
- .github/renovate.json: Repository-specific Renovate configuration extending base preset
- AGENTS.md: AI agent documentation for workflow repository
- CLAUDE.md: Claude Code import reference
- CHANGELOG.md: Rolling release changelog (this file)
- .editorconfig: Root editor configuration (2-space indentation)
Reusable Workflows (in .github/workflows/):
- ci-ansible-collection.yml: CI for Ansible Collections (linting, security, sanity/unit/integration tests, build)
- ci-go-action.yml: CI for Go projects and GitHub Actions (golangci-lint, actionlint, shellcheck, yamllint)
- security-codeql.yml: CodeQL static code analysis
- security-trivy.yml: Trivy vulnerability scanning (filesystem and container images)
- security-deps.yml: Dependency vulnerability and license scanning (Go)
- security-secrets.yml: Secret detection with Gitleaks, TruffleHog, and pattern detection
- release-ansible-collection.yml: Publish Ansible Collections to Galaxy
- cleanup-container-registry.yml: Automated GHCR and Docker Hub cleanup
- ai-claude.yml: Interactive Claude Code assistant via @claude mentions
- ai-claude-review.yml: Automated AI code reviews on pull requests
- security-secrets.yml: Replace
gitleaks-action(requires paid license for orgs) with direct Gitleaks CLI installation viajaxxstorm/action-install-gh-release - ci-ansible-collection.yml: Update default Ansible versions from EOL
stable-2.16/stable-2.17/develto supportedstable-2.18/stable-2.19/stable-2.20 - ci-ansible-collection.yml: Auto-select Python 3.12 for ansible-core >= 2.20 which requires Python >= 3.12
- ci-go-action.yml: Replace abandoned
ibiqlik/action-yamllintwith nativepip install yamllint - cleanup-container-registry.yml: Replace abandoned
philiplehmann/docker-hub-retentionwith Docker Hub API script - templates/workflows/ci.yml: Simplified to use reusable
ci-go-action.ymlworkflow - templates/workflows/codeql.yml: Simplified to use reusable
security-codeql.ymlworkflow - templates/workflows/deploy.yml: Updated action SHAs, added standalone template note
- GitHub Actions: Updated SHA-pinned action references via Renovate
actions/upload-artifactv4 → v7artis3n/ansible_galaxy_collectionv2 → v3docker/build-push-actionv6 → v7docker/setup-buildx-actionv3 → v4github/codeql-actionupdated to latest SHAgolangci/golangci-lint-actionv6 → v9aquasecurity/trivy-actionupdated to latest SHA