Skip to content

Releases: skills-lock/skil-lock-action

v0.2.1

Choose a tag to compare

@skil-lock skil-lock released this 12 Jun 16:15
6c2fd7c

v0.2.1

  • New input: verify-signature — when enabled, the Action cosign-verifies checksums.txt against the release workflow's OIDC identity before trusting any downloaded binary (keyless, no key management). Requires a pin-binary of v0.2.0 or later; warns and falls back to checksum-only verification otherwise.
  • Installs cosign via SHA-pinned sigstore/cosign-installer (GitHub runners no longer ship cosign).
  • Docs: usage examples bumped to pin-binary: v0.2.1.

Full CLI changes in skil-lock v0.2.1.

v0.2.0

Choose a tag to compare

@skil-lock skil-lock released this 08 Jun 09:09
c7a3b9f

v0.2.0 — integrity hardening

Pairs with skil-lock CLI v0.2.0. Closes an integrity gap surfaced by an external security review: a bundled script's body could previously be rewritten without moving the lockfile.

What's new (CLI v0.2.0)

  • Per-bundled-script content digests — a rewritten script body (e.g. scripts/extract.sh) now produces a blocking diff instead of slipping past an unchanged content_hash. Approvals are bound to the new digest, so a stale approval can't be replayed.
  • Signed releases — cosign keyless signatures + SLSA build provenance + SBOMs (verify with cosign verify-blob; see SECURITY.md).
  • Documented detection boundary — the README states exactly what is and isn't gated.
  • Hardening: symlinked/irregular bundle files no longer abort a scan; CI blocks when a skill fails to parse.

Action usage

- uses: skills-lock/skil-lock-action@v0.2.0
  with:
    pin-binary: v0.2.0
    sarif: true   # optional; requires security-events: write

No breaking changes to Action inputs.

v0.1.2

Choose a tag to compare

@skil-lock skil-lock released this 22 May 06:53
6ec32f1

v0.1.2 — PR comment now renders cleanly

Bug-fix release. The Action's PR-comment step now posts the actual capability-delta markdown body instead of a literal file path. SARIF upload (the v0.1.1 feature) is unchanged and was verified live on a real PR (skills-lock/example-claude-code-skills#1).

Upgrade

- uses: skills-lock/skil-lock-action@v0.1.2
  with:
    pin-binary: v0.1.1
    sarif: true   # optional; requires security-events: write

pin-binary stays at v0.1.1 — the CLI binary itself did not change. Workflows currently using @v0.1.0 or @v0.1.1 should bump to @v0.1.2.

Notes

  • No breaking changes.
  • No new inputs.

Details (for the curious)

The PR-comment upsert step was passing gh api -f body=@$BODY, relying on a curl-style file-reference syntax that gh CLI does not implement. As a result, comments posted by v0.1.0 and v0.1.1 contained the literal string @/home/runner/work/_temp/skil-lock-pr-comment.md instead of the markdown body.

Fix: the body file is round-tripped through jq -Rs '{body: .}' and piped to gh api --input -. jq is preinstalled on the only platforms the composite supports.

Test coverage for the PR-comment path is tracked at #3.

Changes

  • #2 — fix: PR comment body posted as literal '@/path' instead of file contents

v0.1.1

Choose a tag to compare

@skil-lock skil-lock released this 21 May 07:38
1e9cf3a

Adds: optional sarif: true input. When enabled, runs skil-lock ci --format sarif and uploads the report to GitHub Code Scanning so capability deltas appear inline in the PR diff and in the repo's Security tab.

Requires the calling workflow to grant security-events: write permission.

Pairs with skills-lock/skil-lock@v0.1.1.

- uses: skills-lock/skil-lock-action@v0.1.1
  with:
    pin-binary: v0.1.1
    sarif: true

See README for full inputs and the SkilLock CI Marketplace listing.

v0.1.0 - first public release

Choose a tag to compare

@skil-lock skil-lock released this 20 May 17:57

First public release. Composite GitHub Action wrapping the skil-lock CLI.

What it does

On every pull request, this Action:

  1. Downloads a pinned skil-lock release binary and verifies its SHA-256 against checksums.txt.
  2. Runs skil-lock ci against the repo's committed skills.lock and .skil-lock.yaml.
  3. Posts (or updates) a single PR comment showing every capability delta — new shell commands, new URLs, new file paths.
  4. Fails the check when policy is mode: block and any delta is at severity ≥ medium.

Quick start

name: SkilLock
on: pull_request
permissions:
  contents: read
  pull-requests: write
jobs:
  skil-lock:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6
      - uses: skills-lock/skil-lock-action@v0.1.0
        with:
          pin-binary: v0.1.0

Inputs

Input Required Default Description
pin-binary yes skil-lock release tag (e.g. v0.1.0). No floating refs.
comment no true Post or update a PR comment with the capability diff.
path no . Repository root containing .claude/skills/ or .codex/skills/.

Worked example

See skills-lock/example-claude-code-skills for a runnable demo, including an example/drift branch that shows what SkilLock catches when a skill grows risky behavior.

Related

License

Apache 2.0. Not affiliated with Skil power tools, Anthropic, or OpenAI.