2026-03-15 11:23:09 +00:00
8 changed files with 39 additions and 14 deletions
--- a/.common-repo.yaml
+++ b/.common-repo.yaml
@@ -3,5 +3,11 @@
    - "src/**"
    - "src/.*"
    - "src/.*/**"
 - template:
    - "src/.github/workflows/release.yaml"
 - template-vars:
    GH_APP_ID_VAR: CHRISTMAS_ISLAND_APP_ID
    GH_APP_KEY_SECRET: CHRISTMAS_ISLAND_PRIVATE_KEY
    GH_APP_OWNER: christmas-island
 - rename:
    - "^src/(.*)$": "$1"
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -16,7 +16,7 @@ jobs:
        run: |
          # Verify distributed files in src/ match the repo's own copies
          status=0
-          for file in .releaserc.yaml commitlint.config.js; do
+          for file in .releaserc.yaml commitlint.config.cjs; do
            if ! diff -q "$file" "src/$file" > /dev/null 2>&1; then
              echo "❌ $file differs from src/$file"
              diff --color "$file" "src/$file" || true
@@ -25,7 +25,7 @@ jobs:
              echo "✅ $file matches src/$file"
            fi
          done
-          for file in .github/workflows/commitlint.yml .github/workflows/release.yaml; do
+          for file in .github/workflows/commitlint.yml; do
            if ! diff -q "$file" "src/$file" > /dev/null 2>&1; then
              echo "❌ $file differs from src/$file"
              diff --color "$file" "src/$file" || true
@@ -34,6 +34,8 @@ jobs:
              echo "✅ $file matches src/$file"
            fi
          done
          # release.yaml intentionally differs: src/ uses template vars, top-level uses hardcoded defaults
          echo "⏭️  .github/workflows/release.yaml skipped (template vars in src/)"
          if [ $status -ne 0 ]; then
            echo ""
            echo "Top-level files and src/ are out of sync."
--- a/.github/workflows/commitlint.yml
+++ b/.github/workflows/commitlint.yml
@@ -17,4 +17,4 @@ jobs:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
        with:
          fetch-depth: 0
-      - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548c61b7286b4ffe7cb3d # v6
+      - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ Files distributed from `src/`:
 ## Usage
-> **Requires common-repo ≥ 0.28.0** for source-declared filtering.
+> **Requires common-repo ≥ 0.28.4** for source-declared filtering and template variable overrides.
 ### Add to an existing `.common-repo.yaml`
@@ -56,19 +56,36 @@ cr-semantic-release/
    └── commitlint.config.js
 ```
-The top-level files and `src/` files are identical — the repo eats its own dog food. CI enforces they stay in sync.
+The top-level files and `src/` files are identical — the repo eats its own dog food. CI enforces they stay in sync (except `release.yaml`, which uses template variables in `src/` and hardcoded defaults at the top level).
 ## Prerequisites
-The release workflow expects the following GitHub org-level vars and secrets:
+By default, the release workflow uses these GitHub org-level vars and secrets:
-| Name | Type | Purpose |
+| Name | Type | Default | Purpose |
-|---|---|---|
+|---|---|---|---|
-| `CHRISTMAS_ISLAND_APP_ID` | Variable | GitHub App ID for generating tokens |
+| `CHRISTMAS_ISLAND_APP_ID` | Variable | — | GitHub App ID for generating tokens |
-| `CHRISTMAS_ISLAND_PRIVATE_KEY` | Secret | GitHub App private key |
+| `CHRISTMAS_ISLAND_PRIVATE_KEY` | Secret | — | GitHub App private key |
 These are used by `actions/create-github-app-token` to generate a token with write permissions for creating releases and pushing tags/changelogs.
 ### Using a different GitHub App
 Override the template variables in your consumer config to use your own app credentials:
 ```yaml
 - repo:
    url: https://github.com/christmas-island/cr-semantic-release
    ref: v2.0.0
    with:
      - template-vars:
          GH_APP_ID_VAR: MY_APP_ID          # GitHub vars name
          GH_APP_KEY_SECRET: MY_APP_KEY      # GitHub secrets name
          GH_APP_OWNER: my-org               # App installation owner
 ```
 This renders the workflow with `${{ vars.MY_APP_ID }}`, `${{ secrets.MY_APP_KEY }}`, and `owner: my-org`.
 ## Customization
 ### Release workflow
--- a/commitlint.config.cjs
+++ b/commitlint.config.cjs
--- a/src/.github/workflows/commitlint.yml
+++ b/src/.github/workflows/commitlint.yml
@@ -17,4 +17,4 @@ jobs:
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
        with:
          fetch-depth: 0
-      - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548c61b7286b4ffe7cb3d # v6
+      - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6
--- a/src/.github/workflows/release.yaml
+++ b/src/.github/workflows/release.yaml
@@ -32,9 +32,9 @@ jobs:
        id: app-token
        uses: actions/create-github-app-token@v1
        with:
-          app-id: ${{ vars.CHRISTMAS_ISLAND_APP_ID }}
+          app-id: ${{ vars.${GH_APP_ID_VAR:-CHRISTMAS_ISLAND_APP_ID} }}
-          private-key: ${{ secrets.CHRISTMAS_ISLAND_PRIVATE_KEY }}
+          private-key: ${{ secrets.${GH_APP_KEY_SECRET:-CHRISTMAS_ISLAND_PRIVATE_KEY} }}
-          owner: christmas-island
+          owner: ${GH_APP_OWNER:-christmas-island}
      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
        with:
          fetch-depth: 0
--- a/src/commitlint.config.cjs
+++ b/src/commitlint.config.cjs