docs(changelog): add CHANGELOG.md to close OpenSSF release_notes (RAN-52)#97
Merged
Conversation
…AN-52)
Per the board's 03:55Z autofill diagnosis on RAN-52: the bestpractices.dev
project sits at 91% with a single Unmet — `release_notes` ("No release notes
file found"). bestpractices.dev's autofill looks for a CHANGELOG-style file
at repo root; per-tag GitHub Releases are not enough on their own.
Adds keep-a-changelog format CHANGELOG.md covering:
- [Unreleased] — RAN-46/RAN-52 OpenSSF wiring, OSS-CLI security stack,
removed Sonar/CodeQL/OWASP DC per path-B ruling, signed-commit branch
protection, top-level `permissions: read-all`.
- [0.1.0] - 2026-03-28 — GA cut summary; defers per-tag detail to the
GitHub Release.
- Beta line summary — points to the GitHub Releases pre-release filter
for the full v0.0.1-beta.0 … v0.0.1-beta.46 sequence.
Once the board re-clicks 🤖 on https://www.bestpractices.dev/projects/12650
the autofill will pick up `CHANGELOG.md` at root, `release_notes` flips to
`Met`, and badge_level → `passing`.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Co-Authored-By: Paperclip <noreply@paperclip.ing>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes the single Unmet criterion the board identified on https://www.bestpractices.dev/projects/12650 in the RAN-52 03:55Z correction.
Live state per the board's autofill probe:
tiered_percentage = 91%release_notes— "No release notes file found"?are silver/gold tier criteria — not blockers forpassingbestpractices.dev's autofill looks for a CHANGELOG-style file at repo root; per-tag GitHub Releases are not enough on their own. This PR adds
CHANGELOG.mdin keep-a-changelog format:[Unreleased]— captures the cross-cutting OpenSSF / supply-chain hardening from RAN-46 + RAN-52 + RAN-57 (Best Practices project, Scorecard workflow, OSS-CLI security stack per path-B ruling, signed-commit branch protection, top-levelpermissions: read-all).[0.1.0] - 2026-03-28— GA cut summary, defers per-commit detail to the v0.1.0 GitHub Release.v0.0.1-beta.0…v0.0.1-beta.46sequence (no need to enumerate 47 tags inline).After this lands, the board re-clicks 🤖 on https://www.bestpractices.dev/projects/12650 → autofill picks up
CHANGELOG.mdat root →release_notes_status: "Met"→badge_level: "passing".Test plan
chore/ran-52-changelog/releases,/releases/tag/v0.1.0,engineering-standards.md, bestpractices.dev project page)release_notes→Met,badge_level→passing🤖 Generated with Claude Code