zenzic-action 1.3.5 — Core pin 0.10.4, CI fix & branch protection policy

What's changed

Changed

• Zenzic core pinned to 0.10.4 (x-zenzic-core-pin marker updated in action.yml)

Fixed

• check-core-pin-local CI failure: added fetch-tags: true to the zenzic core checkout step so tag v0.10.4 is visible in shallow clones

Documentation

• Branch protection operational policy documented in CONTRIBUTING.md
• SSH commit signing setup instructions added to CONTRIBUTING.md
• Badge centering fixed in README.md / README.it.md

Full changelog

https://github.com/PythonWoods/zenzic-action/blob/main/CHANGELOG.md

v1

What's Changed

• ci(release): automate GitHub Release on tag push by @PythonWoods-Dev in #5
• Release v1.1.0: Native Telemetry Gate & Core v0.9.0 Alignment by @PythonWoods-Dev in #7
• docs(action): EN/IT readme policy sync by @PythonWoods-Dev in #8
• docs: audit contributing guidance by @PythonWoods-Dev in #9
• release: v1.2.0 by @PythonWoods-Dev in #10

Full Changelog: v1.0.1...v1

What's Changed

• docs(changelog): retroactively deprecate v1.3.0 and older due to config bug by @PythonWoods-Dev in #17

Full Changelog: v1.3.1...v1

What's Changed

• chore(release): bump to v1.3.4 and core 0.10.3) by @PythonWoods-Dev in #20

Full Changelog: v1.3.3...v1

What's Changed

• chore(release): bump version to 1.3.5 by @PythonWoods-Dev in #21

Full Changelog: v1.3.4...v1

v1.3.4: Enterprise Governance Alignment & Dependency Security

What's Changed

• chore(release): bump to v1.3.4 and core 0.10.3) by @PythonWoods-Dev in #20

Full Changelog: v1.3.3...v1.3.4

v1.3.3

What's Changed

• Release v1.3.3: Pin Zenzic Core to v0.10.2 by @PythonWoods-Dev in #19

Full Changelog: v1.3.2...v1.3.3

v1.3.2

What's New in v1.3.2

This patch release hardens the action's execution environment to remain completely silent and perfectly agnostic across non-Python technology stacks.

Bug Fixes

• Silent Setup-uv: Disabled internal dependency caching in the astral-sh/setup-uv step. Since Zenzic is frequently used as a documentation linter on non-Python projects (e.g., Node.js, Docusaurus), the setup-uv action was previously throwing noisy warnings looking for non-existent pyproject.toml or lock files. The execution is now stealthy and warning-free across all stacks.

Dependency Updates

• Bumped astral-sh/setup-uv from v8.1.0 to v8.2.0
• Bumped actions/checkout from v6.0.2 to v6.0.3

---

Full Changelog: v1.3.1...v1.3.2

v1.3.1: Monorepo Support & Sovereign Auto-Discovery

What's New in v1.3.1

This release brings first-class support for monorepos, hardens the action's execution sandbox, and implements rigorous local end-to-end testing for the wrapper itself.

Features

• Monorepo Support (working-directory): You can now pass a working-directory input to the action. Zenzic will execute directly inside the specified subdirectory, making it trivial to scan documentation in complex monorepo structures.

🛠️ Architecture & Refactoring

• Sovereign Auto-Discovery: Removed explicit --config flag injection from the Bash wrapper. The Action now relies 100% on Zenzic's native Auto-Discovery for configurations, identical to local CLI behavior.
• SARIF Path Alignment: Fortified the CodeQL upload process. The zenzic-results.sarif file path is now calculated as an absolute workspace path prior to any context switching, entirely eliminating "File not found" upload crashes when using working-directory.
• CI Flags Optimization: Replaced redundant --no-header arguments with the standard --ci flag internally.

Testing & CI

• Local E2E Fixtures: Introduced a tests/fixture testing ground to validate the Action's bash logic locally (uses: ./) prior to merge. The action now successfully dogfoods itself!
• Global Naming Standard: Unified all workflow names and step verbs to strictly match the organization's CI naming contract.

Dependencies

• Bumped Zenzic Core pin to 0.10.1

---

Full Changelog: v1.3.0...v1.3.1

Release v1.3.0

Added

• guard-scan input: run zenzic guard scan before the main quality gate.
• cap-exceeded output: exposes suppression-cap failures for downstream workflow logic.
• Sovereign Job Summary output for every critical non-zero exit code.

Changed

• Runtime governance parity: wrapper executes score governance checks after check all.
• ADR-037 alignment: release_name in .zenzic.toml set to semantic version form.
• ADR-089 alignment: GitHub Actions dependencies pinned to immutable SHA-40.
• Final Guard documentation aligned to the actual just verify recipe sequence.

Security

• Explicitly documented non-suppressible action boundary for exits 2 and 3.
• Forwarding contract for security-related runtime flags is enforced end-to-end.
• Inherited governance semantics from core: additive brand_obsolescence merge behavior.

v1.2.1

What's Changed

• Release v1.2.1 - Core engine bump to v0.9.2 by @PythonWoods-Dev in #12

Full Changelog: v1...v1.2.1

v1.2.0

Zenzic Action v1.2.0

This release aligns the Action with Zenzic Core v0.9.1, adds new pipeline integration inputs/outputs, and hardens the security and compliance gates.

What's Changed

Added

• guard-scan Input: Run zenzic guard scan before the main quality gate to intercept credentials early.
• cap-exceeded Output: Exposes suppression-cap failures for downstream workflow/CI logic.
• Sovereign Job Summary: Produces GitHub Action Job Summary outputs for every critical non-zero exit code.

Changed

• Zenzic Core Pin: Aligned and pinned the default Zenzic core engine version to 0.9.1.
• Runtime Governance Parity: The wrapper script now executes score governance checks directly after running the checks.
• ADR-089 Alignment: GitHub Actions dependencies pinned to immutable SHA-40 hashes.
• ADR-037 Alignment: Unified formatting of release names to a standardized semantic form.
• Final Guard documentation aligned with the exact sequence of the just verify recipe.

Security & Compliance

• Explicitly documented non-suppressible action boundaries for exit codes 2 and 3.
• Enforced end-to-end forwarding contracts for security-related runtime flags.
• Inherited core governance semantics, including additive brand_obsolescence merge behavior.
• Cleaned up contributing and release files for REUSE licensing compliance.

---

For more details, see the Changelog.

v1.1.0 — Native Telemetry Gate & Core v0.9.0 Alignment

What's new in v1.1.0

New inputs & outputs

• guard-scan input: opt-in pre-flight that runs zenzic guard scan before the main quality gate.
• cap-exceeded output: exposes suppression-cap failures as a structured output for downstream workflow conditions.
• Sovereign Job Summary output for every critical non-zero exit code (exits 2 and 3).

Runtime governance

• Wrapper now executes score governance checks (stamp + freshness) after check all.
• ADR-037 alignment: release_name in .zenzic.toml enforced as semantic version.
• ADR-089 alignment: all GitHub Actions dependencies pinned to immutable SHA-40.

Security

• Exits 2 and 3 are explicitly documented as non-suppressible at the action boundary.
• Forwarding contract for security-related runtime flags enforced end-to-end.
• Inherited additive brand_obsolescence merge semantics from core.

Core pin

• Pinned to zenzic core v0.9.0.

---

Full changelog: CHANGELOG.md