From 2d6e67997b180194083fe18e673219118b08c972 Mon Sep 17 00:00:00 2001 From: danielmeppiel Date: Thu, 25 Jun 2026 20:51:43 +0200 Subject: [PATCH] release: v1.10.0 Minor release. Since v1.9.1 the default branch gained the `update` input (#46/#51, a backward-compatible additive feature) plus the .zip bundle-detection fix (#47) and routine dependency bumps (#48, #28, #50). - package.json / package-lock.json: 1.9.1 -> 1.10.0 - CHANGELOG: cut [1.10.0] from [Unreleased]; add the missing Fixed entry for .zip archive detection (#47), which was merged without a changelog line. The `update` input Added entry carries over. dist/ verified clean (no drift) after a fresh `npm run build`; the version bump is not embedded in the bundle. typecheck, lint, and the full 195-test suite pass. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- CHANGELOG.md | 8 ++++++++ package-lock.json | 4 ++-- package.json | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e343d9b..201cebb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,10 +10,16 @@ The floating `v1` tag tracks the latest `1.x` release. Consumers pinning ## [Unreleased] +## [1.10.0] - 2026-06-25 + ### Added - **`update` input to refresh branch/tag dependency refs** ([microsoft/apm-action#46]). When `update: 'true'`, the action runs `apm update --yes` in place of `apm install`: it re-resolves every branch/tag dependency to its latest matching commit, rewrites `apm.lock.yaml`, and then proceeds with the normal post-install steps (`audit-report`, `compile`, `script`, `pack`). The default (`false`) keeps the reproducible install-from-lockfile behaviour. Closes the gap where branch-tracked deps (e.g. `github/awesome-copilot#main`) stayed frozen at the lockfile commit with no first-class way to refresh them — the previous workaround was a hand-rolled `script: "apm update --yes"`. Mutually exclusive with `isolated`, `setup-only`, `bundle`, `bundles-file`, and `mode`. +### Fixed + +- **`.zip` bundles produced by `apm pack` are now detected in archive mode** ([microsoft/apm-action#47]). apm 0.20 changed `apm pack --archive` to emit a `.zip` by default ([microsoft/apm#1720]); the action's bundle-detection paths still assumed `.tar.gz`, so against apm 0.20+ they silently failed — `findBundleOrNull` matched zero `.zip` entries and the pack step errored "apm pack produced no bundle" (the GH-AW Compatibility job in microsoft/apm release runs). Fix: accept BOTH `.zip` and `.tar.gz` on the detection side (a format-aware `listArchiveEntries` helper using `unzip -Z1` for `.zip` and `tar tzf` for `.tar.gz`) rather than pinning `--archive-format` on the pack call, which would break older CLIs that do not know the flag. Directory mode, the `tar.gz` opt-out, and the `bundles-file` multibundle `.tar.gz` restore contract are unchanged. + ## [1.9.1] - 2026-05-19 ### Fixed @@ -93,7 +99,9 @@ APM v0.12.3 made harness detection strict (no more silent default-to-copilot). E [#34]: https://github.com/microsoft/apm-action/pull/34 [microsoft/apm-action#46]: https://github.com/microsoft/apm-action/issues/46 +[microsoft/apm-action#47]: https://github.com/microsoft/apm-action/pull/47 [microsoft/apm#1348]: https://github.com/microsoft/apm/issues/1348 +[microsoft/apm#1720]: https://github.com/microsoft/apm/issues/1720 ## [1.6.0] - 2026-05-02 diff --git a/package-lock.json b/package-lock.json index 629cdaa..182616d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "apm-action", - "version": "1.9.1", + "version": "1.10.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "apm-action", - "version": "1.9.1", + "version": "1.10.0", "license": "MIT", "dependencies": { "@actions/core": "^3.0.0", diff --git a/package.json b/package.json index edf2439..3a24367 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "apm-action", - "version": "1.9.1", + "version": "1.10.0", "description": "GitHub Action for APM - Agent Package Manager", "type": "module", "main": "dist/index.js",