Changelog¶
7.2.0.dev0 (unreleased)¶
Warning
This version is not released yet and is under active development.
Breaking: the
release-prepcommand is renamedprepare-release, matching the job, template, and PR branch it drives; its module moves torepomatic.prepare_release.Breaking: the
version-checkcommand is renamedcheck-version.Breaking: the vulnerability audit domain moves from
repomatic.uvinto the newrepomatic.vulnerable_depsmodule, which also absorbsrepomatic.github.advisories.Add
cancel-runs: cancels a branch’s in-progress and queued workflow runs, replacing the bash block incancel-runs.yaml; run listings now paginate past the first page.Breaking: the PR-body helpers (
generate_pr_metadata_block,generate_refresh_tip,build_pr_body) now take their CI context as arguments andcurrent_repo_urlis removed, ending thepr_body→metadataimport cycle.Breaking:
build_expected_bodymoves fromrepomatic.github.release_synctorepomatic.changelog.Breaking: the five
check_pat_*probe functions are replaced by thePAT_PERMISSION_PROBEStable andprobe_pat_permission.Breaking: the workflow generation API (
generate_thin_caller,generate_workflow_header,generate_workflows) drops its legacysource_pathsargument; pass aPathsSpecinstead.Dialect,ArchiveFormat, andWorkflowFormatnow carry their dispatch as enum methods (serialize,extract,write_workflow).Add a test suite for the notification-unsubscribe engine, which had no coverage.
The unsubscribe workflow’s GraphQL phase now re-validates each item’s staleness client-side instead of trusting the search index’s day-granular
updated:<filter, and reports the items it holds back.Move
repomatic.sponsorunderrepomatic.github, and share one GraphQL cursor paginator (iter_graphql_nodes) between the sponsors and unsubscribe lookups.Extract the setup guide,
.gitignoregeneration, and Sphinx docs orchestration from the CLI module into newrepomatic.setup_guide,repomatic.gitignore, andrepomatic.docsmodules.Add
repomatic.http, the JSON fetch shared by the PyPI, npm, and GitHub API clients; npm and GitHub tag lookups now retry once on a truncated response like PyPI lookups already did.GitHub Releases API reads now resolve their token like every other GitHub access (
REPOMATIC_PATfirst), instead of skipping it and hitting the anonymous 60 requests/hour rate limit.The release freeze and unfreeze steps now cover
.ymlworkflow files alongside.yaml, so a downstream-authored.ymlworkflow can no longer ship with unfrozen refs.Remove the dead
get_default_repoandlist_open_issueshelpers and the unusedREQUIRED_PAT_PERMISSIONSconstant.Rename cross-module internals to public names:
COMPONENTS_BY_NAME,is_source_repo,current_repo_url,format_released,format_upload_date,date_to_utc_cutoff.Add
[tool.repomatic] binaries.sync: set tofalseto stop the release pipeline from pushing the binaries catalog and scan records to the default branch, while binaries still get scanned on VirusTotal.Add
sync-dep-sources, a fifthsync-depsupdater: once the release named by a git-tracked dependency’s.devversion floor ships on PyPI, it drops the[tool.uv.sources]override, tightens the floor, and freezes the adopted release through the cooldown. Disable with[tool.repomatic] dep-sources.sync.The
Cooldown bypassesPR section is now a single table: entries the run cleared or froze become🧹 cleared:and📌 frozen:rows instead of prose lines, and cleared rows keep the held version and expiry date.The bypass table’s expiry column is renamed
Held until, and a freeze holding an unreleased version (git or path source) is labelled🚧 unreleased:with a needs release expiry instead of empty cells.Diff tables label added and removed packages with
🆕 new:and🗑️ removed:prefixes ahead of the version.Generated PR and issue bodies now use
##section headings instead of###, exceptRelease notes, which is now a###subsection nested under the update table.Upstream release bodies embedded in
Release notesdropdowns get their markdown headings demoted below the per-version heading, so they no longer collide with the PR’s own sections.Remove the boilerplate
Descriptionsection from generated PR bodies.The
Workflow metadatablock is now a compact list instead of a table, led by aDocumentationentry deep-linking the job’s section of the workflows reference.Drop the “Each becomes lockable on its eligible date” sentence from the held-back cooldown notes.
update-deps-graphnow keeps only directly-declared dependencies inside the--groupand--extraboxes; transitive dependencies render outside as plain ovals, like around the primary dependencies box.With
--level, an extra’s transitive dependencies now count as depth 2 instead of 1.Consolidate the
repomatic.deps_graphAPI aroundSubgraphandSubgraphKindtypes; the unusedparse_bom_refhelper is removed.The
unsubscribe.yamlworkflow now streams per-thread progress to the job log; runs were previously silent until the report landed in the step summary.sync-action-pinsandsync-workflow-pinsPR bodies now report an action or package pinned at several versions as a single row spanning from the oldest pin, with the compare link and release-notes dropdown covering that widest range.lint-changelog’s PyPI and GitHub lookups now retry once on a truncated response body instead of crashing withIncompleteRead.The
run typosguidance now recommendsextend-ignore-reguards for encoded hashes and intentional-typo examples, which the unattendedfix-typospull request would otherwise corrupt.sync-action-pinsno longer rewritesuses:pins inside filesrepomatic initdeploys verbatim (thepublish-pypicomposite action), ending the pull-request ping-pong where it bumped a pin that the nextsync-repomaticreset.The
update-docsjob now re-formatspyproject.tomlfiles withpyproject-fmtafter running the project’s update script, ending the pull-request ping-pong whereformat-pyprojectreformatted the sections the update script had just regenerated.Document the scan job contract and the release-lane direct-commit exception: why
scan-virustotalrecords its results with a direct push to the default branch instead of a pull request.
7.1.0 (2026-07-08)¶
Breaking:
scan-virustotalno longer writes scan tables into GitHub release notes; the--update-releaseand--repooptions are removed, and--binaries-diris now required.Add
sync-binaries: regeneratesdocs/assets/binaries.csvand itsdocs/binaries.mdpage, a catalog of every released binary with download links, VirusTotal analyses, and a detection trend chart.sync-binaries --backfill-recordsrecovers detection snapshots from the VirusTotal tables of legacy release notes into the scan history file.The release pipeline now records each binary’s
flagged / totalsnapshot indocs/assets/virustotal-scans.jsonand refreshes the binaries page instead of editing release notes.The documentation build gains
sphinx-datatables, rendering the binaries catalog as a searchable, sortable table; downstream repos can opt in with the same extension.Add
git-commit-push: commits files and pushes them, rebasing and retrying on rejection, for release jobs publishing generated files to the default branch.Add a global
--jobsoption controlling how many parallel workers commands may use, defaulting to one fewer than the host’s logical CPUs.update-checksums,sync-tool-versions, andsync-depsnow download artifacts and resolve updates concurrently, sized by--jobs; Ctrl+C aborts the fan-out promptly and--verbosity DEBUGcollapses it to sequential.sync-uv-lockPR bodies gain aCooldown bypassessection: each activeexclude-newer-packagefreeze with the date it expires and is cleared frompyproject.toml, plus the entries the run froze or pruned.The
Held back by cooldowntable now also lists releases blocked by anexclude-newer-packagefreeze, not only those inside the globalexclude-newerwindow.update-docsgains a fourth phase refreshing self-updating{matrix}directive blocks indocs/andreadme.md; the Python compatibility matrix in the installation docs now renders from those markers instead of an in-repo generator.The CLI, configuration, and tool-runner references in the docs render live through the
click:tree,click:config, and{python:render}directives; the checked-in generated tables anddocs/docs_update.pyare removed.Each tool section in the tool-runner reference shows Stars and Last release badges; the separate
Comparisontable is removed.Require
click-extra >= 8.3, adding the--export-configoption,--theme autoterminal-background detection, and theclick:configSphinx directive.Label added and removed packages in dependency report tables consistently after the version, with 🆕 and 🗑️ status emoji.
sync-workflow-pinsnow aligns the inlinerepomaticpin to the newestuses:ref version, bypassing the release-age cooldown.sync-action-pinsnow converges actions pinned at several versions onto the highest pin, even when no newer release clears the cooldown.Trim oversized PR and issue bodies to GitHub’s 65536-character limit, preserving the refresh tip, metadata block, and attribution footer.
Add the humanized age next to
Releaseddates infix-vulnerable-depsreports, matching the other dependency updaters.update-deps-graphnow places a package declared by several groups or extras in the box where most of its dependents live, drawing the duplicates with a dashed border and a dotted identity link to the real node.The setup guide and
lint-reponow flag a missingREPOMATIC_NOTIFICATIONS_PATsecret whennotification.unsubscribeis enabled.Exclude VirusTotal analysis links from lychee broken-link checks.
Update the
av-false-positiveskill to start from the scan history file and to record post-submission re-scans into it.The
babysit-ciandrepomatic-shipskills now mandate sleeps between CI polls and document GitHub API rate-limit exhaustion, whose symptoms masquerade as PAT permission errors.Fix
sync-uv-lockreportingNo dependency changesand writing no PR body when a run only prunes or freezes cooldown bypasses inpyproject.toml.Fix downstream manual dispatches of the
unsubscribeworkflow ignoring their inputs and always running live: generated thin callers now forwardworkflow_dispatchinputs to the reusable workflow.The
publish-pypicomposite action and theunsubscribeworkflow no longer trigger setup-uv’s cache-invalidation andEmpty workdir detectedwarnings on downstream runs, which execute without a checkout.The PR-creation steps of the changelog workflow now time out after 10 minutes instead of hanging when the GitHub API is rate-limit starved.
Fix the binary cache purging fresh entries whose release archive carries an old build date: cached binaries are now aged by their store time, not the archive’s mtime.
repomatic runnow reports a truncated tool download asgot X of Y bytesinstead of a SHA-256 mismatch, which read as a stale checksum or a tampered artifact.Rebuild binaries on pushes that only touch
.github/workflows/_release-engine.yaml: the release workflow split left the engine lane outside the binary-affecting paths.Disable mouse zoom on the class inheritance diagrams of the documentation’s API sections, so they no longer hijack page scrolling; the fullscreen viewer keeps zoom.
Move the per-command
--helpchecks from the Python tests into the CLI test suite TOML, so they also run against the compiled binaries during releases.
7.0.0 (2026-07-02)¶
Breaking: Remove the Renovate integration: the
renovate.yamlworkflow, the bundledrenovate.json5, thecheck-renovatecommand, and the Dependabot-to-Renovate migration are gone, replaced by self-hosted dependency updates (below). Downstream repos prune the orphaned files on their nextrepomatic init.Breaking:
repomatic update-checksumsis now registry-only: the workflow-file argument and the--registryflag are removed, so it only refreshes the binary tool checksums.Add
sync-deps, the single entry point for dependency updates: runs every enabled updater or a named subset in parallel and applies them in order, with a--dry-runpreview.Add
sync-tool-versions: bumps eachrepomatic runtool to its latest release past the cooldown and refreshes the binary tool checksums in the same pass.Add
sync-action-pins: bumps SHA-pinned GitHub Actions to their latest release past the cooldown, resolving each release tag to its commit SHA.Add
sync-workflow-pins: bumps the npm and PyPI version literals embedded in workflow YAML past the cooldown.Add
[tool.repomatic] minimum-release-age(default8 days), the shared stabilization cooldown for the sync updaters, plus per-updatertool-versions.sync,action-pins.sync, andworkflow-pins.synctoggles.repomatic runnow runs npm-backed tools, starting withawesome-lint, installed from the npm registry with per-tarball integrity and theminimum-release-agecooldown; thelint-awesomejob now callsrepomatic run awesome-lint.Add a
[tool.repomatic] changelog.archive-locationoption pointing at an archive file for older release sections, solint-changelogtreats archived versions as documented instead of flagging them as orphans.Dependency-updater PR bodies now share
sync-uv-lock’s format: a cooldown cutoff date, aHeld back by cooldownsection, and aRelease notesdropdown between them.repomatic runnow applies theminimum-release-agecooldown to the transitive dependencies of itsuvx-installed tools; binary anduv runtools stay pinned as before.The autofix workflow now runs the dependency updaters weekly on a schedule, so quiet repositories still pick up dependency, tool, and action-pin updates.
REPOMATIC_PATno longer requires theCommit statusespermission;lint-reponow warns when a token still grants it so it can be tightened.Drop the
pydrillerdependency: Git history operations now invoke thegitCLI directly, shrinking the install and compiled-binary footprint.repomatic runnow animates a spinner while downloading a tool whose server omits aContent-Length, where it previously showed nothing.The generated Python compatibility matrix in
install.mdnow covers pre-classifier releases, falling back torequires-python, Poetry, orsetup.pymetadata to infer supported versions.Fix
update-deps-graphrendering only one of several extras or dependency groups that share a directly-declared dependency; each now gets its own subgraph.Fix broken documentation links: the standalone-binary downloads (versionless 404s), the
pipxinstallation guide, and the GitHub matrix-strategy reference.
6.31.0 (2026-06-27)¶
sync-uv-lockPRs now list newer releases held back by theexclude-newercooldown, with the date each ages out of the window.sync-uv-lockpackage tables now annotate each release date with a relative hint (2 days ago,in 3 days).Autofix PR bodies now document every relevant
[tool.repomatic]option in their Configuration section.The test workflow uploads coverage to Codecov from one runner per OS, not from every matrix cell.
Drop the Codecov Test Analytics (test results) upload and the
junit.xmlfile it generated.update-checksums --registrynow maintains binary tool checksums in a dedicatedrepomatic/tool_checksums.pymodule.Update
pyproject-fmtto2.25.1, which keeps comments inside inline tables whenformat-pyprojectreorders their keys.Fix the PyPI availability admonition missing from GitHub release notes.
Fix
repomatic run biomefailing with a SHA-256 mismatch: Biome2.5.0’s binary checksums were stale, breaking JSON, JavaScript, and TypeScript format jobs.Fix
[tool.repomatic] workflow.sync = falsebeing ignored: it now skips workflow sync like the other*.synctoggles.
6.30.0 (2026-06-24)¶
Breaking: The test and release workflows now run
click-extra test-suite(thetest-planengine renamed in click-extra8.1), reading the suite from./tests/cli-test-suite.toml. Requiresclick-extra >= 8.1.repomatic lint-reponow fails when a workflow’s inlinerepomatic==X.Y.Zpin lags the version of itsuses:ref.The test workflow skips the Codecov upload on free-threaded Python (
3.14t), where codecov-cli cannot build itstest-results-parserextension.In generated dependency graphs, thick arrows now mark only the root package’s direct dependencies; a transitive edge that points at a primary dependency stays thin, so optional extras no longer read as a primary dependency chain.
The release workflow now cancels superseded runs on rapid non-release pushes to
main, so intermediate commits no longer pile up redundant binary builds; release commits still run to completion.
6.29.0 (2026-06-22)¶
Breaking: Remove the
repomatic test-plancommand and[tool.repomatic] test-planconfig. The declarative test-plan engine moved upstream to click-extra; runclick-extra test-planinstead, configured via[tool.click-extra.test-plan].Add
repomatic show-test-matrixto render the CI test matrix as a Python-version by OS grid in any--table-format.Add
repomatic init uvto sync the canonical[tool.uv]pins (required-version,exclude-newer) intopyproject.toml;sync-uv-lockapplies the same sync, so every machine resolvesuv.lockwith the same uv.Require
click-extra >= 8; themanpagesrelease job now usesclick-extra wrap --manto generate man pages.The binary download progress bar now respects
--no-progressand--accessible, hiding it when progress output is turned off.Move the Sphinx linkcheck output to
docs/_linkcheck/(mirroringdocs/_build/);broken-links --output-jsonnow defaults there and the generated.gitignoreexcludes it.repomatic runnow warns when--checktargets a post-processed formatter (currentlymdformat): check mode bypasses the fixup, so its exit status can mislead.sync-uv-locknow reverts a re-lock that changed no package versions, so uv’s machine-dependent re-spelling of equivalentuv.lockenvironment markers no longer opens empty sync PRs that ping-pong between contributors and CI.Documentation pages that cover a Python module now end with that module’s API reference.
Test the free-threaded
3.14tbuild as a stable single-runner smoke test instead of across the full cross-platform matrix;3.15stayscontinue-on-error.
6.28.1 (2026-06-19)¶
Fix
test-matrix.full-includematrices emitting combinations thatexcludeshould have removed; they now follow GitHub’s documented include/exclude algorithm.
6.28.0 (2026-06-19)¶
repomatic test-planruns its cases in parallel by default (one fewer than the CPU count); pass--jobs 1for sequential execution.Add
[tool.repomatic] test-matrix.full-includeconfig: declare full-matrix-only job rows as explicit combinations (each merged onto the shipped-config defaults), a readable alternative to a longtest-matrix.excludelist.Run the pull-request test matrix on
ubuntu-24.04-armfor faster Linux CI; the full test matrix still covers x86 Linux.repomatic metadatano longer prints spurious--overwriteor$GITHUB_OUTPUTwarnings when writing to stdout.Add a test-matrix guide to the docs: choosing matrix targets, a GitHub-runner speed inventory, and a worked example.
6.27.0 (2026-06-18)¶
Breaking: Replace
fix-vulnerable-depswithaudit.repomatic auditreports vulnerable dependencies read-only;repomatic audit --fixperforms the previous upgrade behavior.Stop forcing
pyproject-fmttable expansion:project.urls,project.scripts, and similar sections now use its default compact (dotted-key) form.Recognize each bundled tool’s native config files more accurately (
biome,gitleaks,ruff,typos,zizmor, and others) and their config-file CLI flags.Preserve comments when materializing a
[tool.X]section frompyproject.tomlto a tool’s native TOML config file (like.gitleaks.toml), instead of dropping them.Update
pyproject-fmtto2.25.0, fixing theformat-pyprojectjob writing invalid TOML when it reformats[tool.repomatic.labels]rule tables.Align the bundled
[tool.bumpversion]and[tool.lychee]templates withpyproject-fmt’s canonical output, ending the reformatting pull-request loops they triggered.Fix cooldown bypasses (
[tool.uv] exclude-newer-package) never expiring:sync-uv-locknow freezes each one at its locked version instead of a latest-tracking"0 day"span, and prunes it once that version ages pastexclude-newer.Fix
uv.lockping-ponging on everysync-uv-lockrun:exclude-newer-packagefreezes are now explicit UTC timestamps, not bare dates that uv re-expands in the locking machine’s timezone.Fix the
repomatic.myst_docstringsSphinx extension corrupting two adjacent inline-code spans in a docstring when the second span starts with an underscore.Fix the
manpagesrelease job: attach the man-page tarball to the release draft before publishing, so it no longer fails under GitHub immutable releases.
6.26.0 (2026-06-17)¶
Add
[tool.repomatic] nuitka.extrasconfig to sync listed[project.optional-dependencies]extras into the venv before the Nuitka build, so optional features land in the binary.Add
[tool.repomatic.labels]extra,file-rules, andcontent-rulesconfig for inline label definitions and labeller rules, replacing the silently-ignoredextra-file-rulesandextra-content-rulesfields.Stop version-bump PRs from upgrading dependencies: the bump and release jobs now run plain
uv lock, leaving dependency refreshes to thesync-uv-lockjob.Add a
[tool.repomatic] changelog.bullet-word-thresholdconfig:lint-changelogwarns (non-fatally) about unreleased changelog bullets longer than the threshold (40 words by default).
6.25.1 (2026-06-13)¶
Fix
uvx repomatic@X.Y.Zfailing for end users withNo solution foundby dropping thebump-my-versiondependency and reading the current version natively from.bumpversion.tomlor[tool.bumpversion].Remove the
uv-overrides.txtfile and allUV_OVERRIDEworkflow env blocks.Render the Mermaid dependency graph in
docs/install.mdunder a newDefault dependenciessection.
6.25.0 (2026-06-13)¶
Add man page generation to the release and docs pipelines via a
manpagesjob, activated by[tool.repomatic.manpages]config keys (script,asset-name); requiresclick-extra>=7.19.Validate
[project.scripts]entries when building the Nuitka matrix, rejecting path-shaped, empty, or malformed script names up front with a clear error.Replace the
tomlkitandtomlidependencies withtomlrtfor all TOML reads and comment-preserving writes.Annotate
ghand PAT permission check failures with the current githubstatus.com summary, and surface raw stderr on non-403 failures instead of misreporting missing scopes.Recognize friendly durations (
24 hours,30 minutes) and ISO 8601 durations (PT24H,P7D) in[tool.uv].exclude-newerwhen computing therepomatic sync-uv-lockcooldown.Fix
UV_OVERRIDEnot reaching Renovate’s child processes duringupdate-checksums.Add
[tool.repomatic] abandoned-versionstolint-changelog, reporting listed versions as skipped instead of warning that they are missing from PyPI.Tighten
/repomatic-ship’s pre-push gate withruff format --checkand arepomatic --versiondependency-resolution smoke run.
6.24.0 (2026-05-28)¶
Publish to PyPI right after the wheel builds instead of waiting for the full release engine, by splitting the build into a
_release-build.yamllane thatrelease.yaml’spublish-pypijob depends on.
6.23.0 (2026-05-28)¶
Split
release.yamlinto a thin entry workflow and a new reusable_release-engine.yamlengine; the entry keepspublish-pypiso PyPI Trusted Publisher OIDC resolves to each repo’s ownrelease.yaml.Remove the
release-publish-pypi-job.yamldata fragment;release.yamlis now the single source for thepublish-pypijob.Require
uv>=0.11.15for the vulnerability scan and parseuv audit --output-format jsondirectly, raising a clear error on unsupporteduvversions and deduplicating advisories across sources by alias.Refine
/repomatic-shipto re-consolidate the changelog after the babysit phase and re-dispatchchangelog.yamlafter a code-only fix push so the release PR stays current.Extend
/babysit-cito also monitorautofix.yaml, diagnosing and fixing crashed mechanical-fix jobs instead of leaving them red onmain.Fix
release.yaml’scompile-binariesandtest-binariesjobs aborting every non-release run withUnexpected value ''on projects withnuitka.enabled = false.
6.22.0 (2026-05-25)¶
repomatic initnow prunes downstream orphans of renamed or removed skills, agents, and workflows; locally modified copies are reported for manual review, never deleted. Pass--keep-removedto report without deleting, or--delete-removed-modifiedto also delete modified ones./repomatic-shipnow closes with a reflect step that reviews the session for friction and proposes fixes to the upstreamrepomaticsource.Fix the downstream caller’s
publish-pypijob aborting every non-releaserelease.yamlrun withUnexpected value ''when itsstrategy.matrixis empty.Fix
/repomatic-shipand/babysit-cidropping theCo-Authored-By: Claudetrailer on their autonomous commits; both skills now require it self-containedly./babysit-cinow treats a workflow run that fails with no individual job failure as a real workflow-level error to investigate.Fix the documentation site’s live CLI-help and example blocks rendering empty since
click-extra7.15.0 made execution directives opt-in.Seed each tool section in the tool-runner docs with a runnable
repomatic runexample and a minimal[tool.X]snippet.
6.21.0 (2026-05-25)¶
Replace the
repomatic-releaseskill withrepomatic-ship, a release orchestrator that reconciles changelog, code, and docs, then commits, pushes, and babysits CI until the release PR is ready. Review-gated by default, fully autonomous under--dangerously-skip-permissions.Add a
modernizemode to therepomatic-depsskill that reads upgraded dependencies’ changelogs and refactors code to adopt their new features, gating each change on the test suite.Extend the
babysit-ciskill to also monitor and triage the Nuitkacompile-binariesjob inrelease.yaml.Decouple the downstream caller’s
publish-pypijob from the run’s overall result: it now runs underalways()and gates on a newpackage_builtoutput, so a cleanly built wheel publishes even when an unrelated job fails.Remove the
repomatic-sync,repomatic-lint, andrepomatic-testskills, which only wrapped CLI commands CI already runs on every push.Fix the
bump-versionjob inchangelog.yamlleaving an orphan version-bump PR open after a competing bump merged intomain.Switch
pytest-xdistto--dist=loadgroupso@pytest.mark.xdist_group("git")markers are honored, fixing.git/config.lockcontention on Windows.Enable myst-parser’s
alertextension so GitHub-style alerts (> [!NOTE],> [!IMPORTANT]) render as admonitions on the documentation site.Give each tool section in the tool-runner docs a hand-maintained extra-docs region preserved across regenerations, seeded for Nuitka, and add Nuitka to the page’s
[tool.X]-support table.
6.20.0 (2026-05-24)¶
Breaking: remove
[tool.repomatic] nuitka.extra-args. Configure Nuitka flags through[tool.nuitka]inpyproject.tomlinstead (--include-data-files=SRC=DESTbecomesinclude-data-files = ["SRC=DEST"]).repomatic run nuitkanow installs the pinned Nuitka, reads[tool.nuitka]frompyproject.toml, and passes the section as CLI flags; Nuitka appears inrepomatic run --list.Build Nuitka binaries on Python 3.14.
Switch
[tool.typos]sync toONGOING: canonical proper-noun identifiers merge into a pre-existing[tool.typos]section instead of skipping it, preserving local keys and entries.Add
[[tool.bumpversion.files]]rules to the bundled template so downstream Python repos sync[tool.nuitka]’s numeric version keys without rewriting them on[project]bumps.Add
test-matrix.unstableconfig: matrix-key dicts (like{click-version = "main"}) that mark matching full-matrix combinationscontinue-on-errorin CI.Add a
lint-repocheck warning when a[tool.repomatic.test-matrix] excludeentry references a runner or Python version absent from the live matrix axes.Add
workflow_dispatchtriggers torelease.yamlandupdate-checksums.yamlfor manual re-runs.
6.19.0 (2026-05-21)¶
Add
repomatic close-stale-bump-pr --part minor|majorto close orphan version-bump PRs left by races between thechangelog.yamlschedule and a competing push.Expand sponsor benefits in the awesome template’s
contributing.md: sponsors get a dedicated entry in the matching section and a waiver on the licensing-marker requirement.Switch the
Sync uv.locksteps inchangelog.yamlfromuv synctouv lock --upgrade, folding pending transitive refreshes into the bump commit.Make
lint-changelog --fixrefuse to rewrite admonitions when an upstream GitHub or PyPI lookup looks unhealthy, instead of applying a corrupted view.Skip CI for automated version-bump operations across
tests.yaml,lint.yaml,labels.yaml, andrelease.yamlvia a unifiedmetadatagate.Reduce CI scheduling with
paths-ignore/paths:filters and per-job gates that skip lint jobs when no relevant files changed.Bump Biome from
2.4.14to2.4.15.
6.18.4 (2026-05-14)¶
Replace
RepoScope.NON_AWESOMEwithPYTHON_ONLY, gating Python-flavored components on a PEP 621[project].nameso dotfiles repos carryingpyproject.tomlonly for[tool.*]config skip them by default.The bundled
release-publish-pypi-job.yamlfragment now participates in the@mainto@vX.Y.Zrewrite, so wheels built from a freeze commit ship with the pinned action ref.Bump Biome from
2.4.13to2.4.14and Lychee from0.24.1to0.24.2.Fix
fix-vulnerable-depsplacingexclude-newer-packageat the end of[tool.uv], which triggered a spuriousformat-pyprojectPR on the next run.
6.18.3 (2026-05-11)¶
Fix
autofix.yaml’ssetup-guidejob being skipped onworkflow_dispatchre-runs.Fix
release.yaml’spublish-pypijob running against downstream callers and failing PyPI trusted publishing with ajob_workflow_refmismatch.Switch the
compile-binariesjob from--onefileto--mode=onefile, the documented spelling since Nuitka 4.0.
6.18.2 (2026-05-08)¶
Fix
release.yamluploading distributions to PyPI without PEP 740 attestations; the build job now signs each dist file and ships the.publish.attestationsidecars alongside it.
6.18.1 (2026-05-08)¶
Fix the
publish-pypicomposite action verifying build attestations on every workspace file instead of just the downloaded distribution artifacts.
6.18.0 (2026-05-07)¶
Note
6.18.0 is available on 🐙 GitHub.
Warning
6.18.0 is not available on 🐍 PyPI.
Breaking: drop
PYPI_TOKENfrom therelease.yamlworkflow_call.secrets:interface. Regenerate the thin-caller workflow withrepomatic init workflowsand register a PyPI Trusted Publisher for your ownrelease.yaml.Add the
publish-pypicomposite action that publishes via OIDC Trusted Publishing with build-attestation verification; each downstream thin-caller now runs a generatedpublish-pypijob.Add a
check_pypi_trusted_publisherprobe tolint-repoand asetup-guide-pypi-trusted-publisherstep that points to a pre-filled PyPI publisher settings URL and stays open until the first OIDC-attested upload.Add
release_commits_matrixandpackage_nameoutputs to the reusablerelease.yamlso callers can drive their own matrix and gate jobs on a release commit.New composite actions under
.github/actions/now participate in@main↔@vX.Y.Zref freeze/unfreeze without code changes.Fix
sync-repomaticproposing to delete.github/actions/publish-pypi/action.yamlwhen it matched the bundled default; the file must stay on disk for GitHub Actions to resolve theuses:path.
6.17.0 (2026-05-04)¶
Add
--template-file <path>and--template-arg KEY=VALUEflags torepomatic pr-bodyso downstream repos can render project-specific PR templates without forking.--templateand--template-fileare mutually exclusive.Fix backslash-escaped brackets rendering literally in
docs/configuration.md**Type:**lines (likelist\[dict[str, str]\]).Fix doubled heading anchors on
docs/configuration.htmlanddocs/workflows.html(like#dev-release-sync-dev-release-sync).Collapse the most recent Python compatibility matrix row in
docs/install.mdto a major-version wildcard (like6.x) so the table stays stable across minor releases.
6.16.0 (2026-04-29)¶
Add the
sphinx-docsagent to theagentscomponent, deployed byrepomatic init agentsor via[tool.repomatic] include = ["agents"].Add three
[tool.repomatic.workflow]knobs for customizingpaths:filters in generated thin callers:extra-pathsappends repo-specific entries,ignore-pathsstrips canonical entries absent downstream, andpathsreplaces a filter wholesale per workflow.Add a Python compatibility matrix to
docs/install.md, auto-generated from theProgramming Language :: Pythonclassifiers declared at every release tag.Render each command’s
--helplive indocs/cli.mdvia{click:run}directives instead of captured plain-text help blocks.Replace the
Typecolumn in thedocs/configuration.mdsummary table with a one-line description derived from each option’s docstring, and lead each per-option section with that one-liner.Detect vulnerable dependencies from the GitHub Advisory Database alongside the PyPA database:
fix-vulnerable-depsnow unionsuv auditwith Dependabot alerts and credits each entry’s source. Configurable via[tool.repomatic] vulnerable-deps.sources.Fix generated thin-caller fidelity: triggers mirror the canonical workflow verbatim instead of always injecting
workflow_dispatch, universal path entries are preserved, andrepomatic workflow lintnow flags extra triggers absent upstream.Fix
sync-uv-lockandfix-vulnerable-depsPR bodies showing1-01-01as theexclude-newercutoff whenpyproject.tomlconfigures a relative span like"1 week".Fix broken documentation links in all 18 PR body templates, now pointing at the published
configuration.htmlandworkflows.htmlanchors with each option name linked to its own anchor.Fix
release.yamldiscarding healthy binaries when one matrix cell crashed: thecompile-binariesmatrix setsfail-fast: falseandpublish-releaseuploads whatever built.Fix
update-docs↔format-markdownping-pong ondocs/cli.mdanddocs/configuration.md.Bump pinned
uvto0.11.8andmdformat-pelicanto1.0.0, fixing non-ASCII anchor links being percent-encoded on everyformat-markdownrun.
6.15.0 (2026-04-27)¶
Decode percent-encoded non-ASCII characters in Markdown link destinations back to their original form, so non-ASCII anchors no longer get rewritten to
%XXon everyformat-markdownrun.Add 💸/🆓 licensing markers to the awesome-list contributing guide, issue template, and PR template (English and Chinese mirrors): 💸 for a paid version atop an OSS core, 🆓 for fully open-source.
Add the
agentscomponent torepomatic initfor deploying Claude Code agents (grunt-qa,qa-engineer) downstream. Excluded by default; opt in via[tool.repomatic] include = ["agents"]. Destination set by[tool.repomatic] agents.location.Add
docs/benchmark.mdcomparing repomatic against ten alternatives across template sync, repo governance, release automation, and changelog lifecycle.Switch MyST admonitions to backtick fences (
```{note}) instead of colon fences project-wide somdformatpreserves them; theconvert-to-mystcommand now emits backtick fences.Expand the
myst_docstringsSphinx extension: convert plain triple-backtick code fences and footnotes to reST, and run MyST-to-reST conversion beforesphinx_autodoc_typehints.Upgrade lychee to
0.24.1, which reads its[tool.lychee]config directly frompyproject.tomlso repomatic drops the TOML translation bridge.Fix
repomatic initreporting unchanged files as updated; re-running against an unchanged tree is now a true no-op.Fix
update-docs↔format-markdownping-pong ondocs/tool-runner.md.
6.14.0 (2026-04-20)¶
Add a Sphinx documentation site (Furo theme, MyST-Parser) splitting the monolithic
readme.mdinto focused pages: installation, configuration, CLI parameters, reusable workflows, security, skills, and a tool runner tutorial. Deployed viadocs.yaml.Add the
repomatic.myst_docstringsSphinx extension andrepomatic.myst_converterutility, converting MyST markdown in docstrings to reST at build time sosphinx.ext.autodocworks unmodified.convert-to-mystrewrites source files in place.Add a
--sort-byoption to theshow-config,metadata --list-keys,run --list, andcache showcommands; each defaults to a natural sort column and accepts any column name.Add an incremental mode to the
brand-assetsskill: when base SVGs already exist, skip the design menu and fill gaps directly.Add a
check_stale_gh_pages_branchlint check and setup-guide instructions for deleting leftovergh-pagesbranches after switching to GitHub Actions deployment.Fix
Matrix.prune()keeping exclude directives that reference keys absent from the matrix axes, which GitHub Actions rejects.Fix the setup-guide Pages step for Sphinx projects: reopen the issue when Pages is unconfigured, and offer both first-time-enable and update commands.
Fix the
sponsor-labeljob inlabels.yamlmissing anactions/checkoutstep, which caused it to fail.
6.13.0 (2026-04-15)¶
Breaking:
Confignow uses nested dataclasses, so fields are accessed asconfig.cache.dirinstead ofconfig.cache_dir; the[tool.repomatic]TOML key structure is unchanged.Add
nuitka.entry-pointsconfig option to select which[project.scripts]entries produce Nuitka binaries; aliases pointing to the same callable are deduplicated by default.Add two-phase VirusTotal scanning: an initial table with scan links, then a
--pollpass that fills in a Detections column offlagged / totalengine counts.Add
av-false-positiveskill to scan release binaries on VirusTotal and generate per-vendor false-positive submission files for flagged artifacts.Add
update-checksums.yamlworkflow that recomputes SHA-256 checksums for binary tools bumped by Renovate and commits the fix to the PR branch.Include release notes for every intermediate version in
sync-uv-lockPR bodies, not just the target version.Config
includeentries now bypassRepoScopefiltering, matching explicit CLI component naming; qualified entries likeskills/awesome-triageimplicitly select their parent component.Add baseline criteria for GitHub repositories in awesome list contributing guidelines: minimum 50 stars, not archived, and updated within 3 years.
Add
--min-savings-bytesoption toformat-images(default 1024) to skip images whose absolute byte savings are negligible.Add cross-platform binary support (macOS arm64/x64, Linux arm64/x64, Windows x64) for actionlint, biome, gitleaks, labelmaker, lychee, shfmt, and typos, plus ZIP archive extraction.
Show a progress bar during binary tool downloads when the server reports
Content-Length; interactive terminals only, silent in CI.Verify cached binaries with a two-layer integrity model: the registry checksum at download time and a
.sha256sidecar on every cache hit.Enable
[tool.actionlint]config support, translating it to.github/actionlint.yamlat invocation time.Cache downloaded tool binaries across CI runs with
actions/cache, keyed per tool, OS, and architecture.Replace
peaceiris/actions-gh-pageswith GitHub’s nativeactions/upload-pages-artifactandactions/deploy-pagesfor documentation deployment, plus alint-repocheck that the Pages source is set to GitHub Actions.Add
benchmark-updateskill to create and maintain competitive benchmark pages (docs/benchmark.md) withaudit,init,add, andrefresh-badgesmodes.Add
upstream-auditskill to create and maintain upstream contribution tracking pages (docs/upstream.md) withaudit,init,refresh, andsync-gitmodes.Upgrade the macOS Intel runner from
macos-15-inteltomacos-26-intelacross binary builds, the test matrix, and Nuitka compilation.Run the
lint-repoworkflow job on all repositories, not just Python projects, so generic checks apply to awesome lists too.Centralize GitHub token resolution with priority
REPOMATIC_PAT>GH_TOKEN>GITHUB_TOKENand automatic fallback toGITHUB_TOKENon an expired PAT;--has-patonsetup-guideandlint-reponow auto-detects fromREPOMATIC_PAT.Fix
exclude-newer-packagepruning inpyproject.tomlto remove orphaned comments and emitpyproject-fmt-compatible inline tables.Give a clear error when exiftool is not installed instead of a bare
FileNotFoundError, and verify it is on PATH after the Windows install step.Create parent directories for
--outputfile paths inrepomatic run, fixing lychee write errors when the output directory is missing.Sanitize
@mentions,#issuereferences, andgithub.comURLs in Lychee and Sphinx linkcheck output before embedding them in the broken-links issue.
6.12.0 (2026-04-13)¶
Breaking: rename the
shell_filesmetadata key toshfmt_files, and exclude Zsh files and.shfiles with a Zsh shebang fromshfmtprocessing.Add
repomatic cachesubcommands (show,clean,path) and a global binary cache for downloaded tools; cached binaries are re-verified against their checksum and auto-purged after 30 days (configurable viaREPOMATIC_CACHE_MAX_AGE). Add--no-cachetorepomatic runto bypass it.Add an HTTP response cache for PyPI metadata and GitHub release bodies to avoid redundant API calls, plus
--namespaceonrepomatic cache cleanfor targeted cleanup.Route generated tool configs through the cache directory and pass them explicitly via
--config, instead of writing to/tmpor the repository root.Add
--version,--checksum, and--skip-checksumoptions torepomatic runto override the pinned tool version and SHA-256 verification at invocation time.Add structured logging to
repomatic run:--verbosity INFOreports config precedence, the full command, and exit code;DEBUGadds parsed config details.Add
skills.locationconfig option to override the Claude Code skills directory (default./.claude/skills/).Add
changelog.locationconfig option to override the changelog file path (default./changelog.md), honored by all CLI commands.Add
.claude/package-skills.shto package each Claude Code skill as a ZIP for manual upload to Claude Desktop.Sanitize
@mentions,#issuereferences, andgithub.comURLs in upstream release notes embedded insync-uv-lockPR bodies to prevent auto-linking and backlink cross-references.Use the
REPOMATIC_PATtoken in allpeter-evans/create-pull-requeststeps so created PRs trigger other workflows.Make the
uv syncstep inlint-typesconditional onis_python_project, so repos with Python files but no lockfile can still be type-checked.Fix
format-jsonfailing with a--config-patherror when a[tool.biome]section exists.Improve the
file-bug-reportskill to check organization-level community health files before per-repo files.
6.11.3 (2026-04-09)¶
Add a
lint-repocheck warning when the GitHub Actions fork PR approval policy is weaker thanfirst_time_contributors, with a setup guide step to fix it.Add a
readme.mdsupply chain security section mapping Astral’s security practices to concrete repomatic implementations.Fix
rst_to_mystconversion leaving RST backslash escapes in headings and not wrapping dotted module names in backticks.Fix the
format-pyprojectautofix job failing with exit code 123.Disable the uv cache in the
publish-pypirelease job, which has no checkout and emitted spurious cache-miss warnings.
6.11.2 (2026-04-08)¶
Add the
shfmtshell formatter to the tool runner (repomatic run shfmt).Add a
format-shellautofix job to auto-format shell scripts withshfmt.Replace the
crazy-max/ghaction-virustotalaction with a nativerepomatic scan-virustotalcommand, fixing the silently skipped release-body update.Deduplicate release attestations: Python packages are now attested once in
build-packageinstead of three times, and.gitignoreis no longer accidentally attested.
6.11.1 (2026-04-08)¶
Parallelize the release workflow:
compile-binariesstarts right aftermetadata, andpublish-pypiruns concurrently withcreate-tagandcreate-release, with binary and attestation uploads deferred topublish-release.Fall back to the PyPI
project_urlschangelog link when a package has no GitHub Release, so release notes render a[Changelog]link instead of omitting the package.Fix the release workflow uploading the attestation bundle before the GitHub release draft existed.
Skip
exclude-newer-packageexemptions for packages whose fixed version already falls within theexclude-newercooldown window.Fix
--delete-excludednot detecting scope-excluded component files that still exist on disk.Fix awesome-template sync overwriting
pyproject.tomlinstead of merging, which stripped user-managed[tool.*]sections.Fix
repomatic init <component>silently ignoring an explicitly requested component when its scope did not match the repo.Fix
--delete-excludedremoving opt-in workflow files in the source repo by skipping config-key exclusions there.Fix the
format-pyprojectautofix step running with no input files and masking tool errors.
6.11.0 (2026-04-07)¶
Note
6.11.0 is available on 🐍 PyPI.
Warning
6.11.0 is not available on 🐙 GitHub.
Preserve extra downstream jobs when syncing thin-caller workflows; the managed job is regenerated in place while project-specific jobs, comments, and blank lines are kept.
Add a VirusTotal scanning job to the release workflow that uploads compiled binaries to seed AV databases. Requires the optional
VIRUSTOTAL_API_KEYrepository secret.Verify each attestation in CI right after
actions/attestwithgh attestation verify.Upload Sigstore attestation bundles (
.jsonl) as GitHub release assets for compiled binaries and Python packages, enabling offline verification.Add a
lint-repowarning whenVIRUSTOTAL_API_KEYis missing and Nuitka binary compilation is active.Add a VirusTotal API key setup step to the setup guide issue, shown only when Nuitka compilation is active.
Remove the one-time bumpversion dev-versioning migration code now that all downstream repos use PEP 440 dev versioning.
6.10.0 (2026-04-03)¶
Breaking: Remove the
-oshort option frompr-bodyandformat-images; use--output.Add
brand-assetsskill to create and export project logo/banner SVG assets to light/dark PNG variants.Add
babysit-ciskill to monitor CI test workflows, diagnose failures, fix code, and loop until stable jobs pass.Add
file-bug-reportskill to write upstream bug reports from contribution guidelines, issue templates, and community norms.Add
test-matrix.replaceandtest-matrix.removeconfig to swap or drop axis values in the test matrices.Add
sync_mode=ONGOINGfor tool configs to repeatedly sync while preserving local additions, starting withsync-bumpversionkeeping local[[tool.bumpversion.files]]entries.Add
--output-format [markdown|github-actions]tosync-uv-lock,fix-vulnerable-deps,pr-body, andformat-images, replacing implicit$GITHUB_OUTPUTdetection.Add
.claude/scheduled_tasks.lockto the default.gitignoreextra content.Add a collapsible workflow metadata table (trigger, actor, commit, job, workflow, run link) to issue lifecycle comments.
Make the
setup-guideissue body a set of collapsible per-step sections with status indicators, and close it only once PAT, permissions, vulnerability alerts, and branch protection are all verified.Add
--release-notes/--no-release-notesand--table/--no-tableflags tosync-uv-lock, defaulting to a terminal table and reserving markdown for--output.Prune stale
exclude-newer-packageentries frompyproject.tomlbefore relocking insync-uv-lock.Make the
renovatecomponent opt-in, and excluderenovateandcodecovfrom awesome-list repositories.Remove Python
3.15t(free-threaded) from the default test matrix.Warn instead of crashing on unknown
[tool.repomatic]configuration keys.Echo
metadataoutput to stderr when--outputtargets a file, so computed matrices stay visible in CI logs.Add the
repomatic update-docscommand to runsphinx-apidoc, RST-to-MyST conversion, anddocs/docs_update.pyin one step.Add
docs.apidoc-extra-args,docs.apidoc-exclude, anddocs.update-scriptconfiguration options.Move the
sync-uv-lockjob fromrenovate.yamltoautofix.yamlso it runs on every push tomain.Fix a CLI crash when
test-matrix.variationsortest-matrix.replacecontain nested keys.
6.9.0 (2026-03-31)¶
Breaking: Rename the
configsubcommand toshow-config(it now resolves typed[tool.repomatic]config via click-extra).Breaking: Remove the
prebake-versionandprebake-tag-shacommands; useclick-extra prebakeinstead.Add per-project test matrix configuration via
[tool.repomatic.test-matrix], supportingexclude,include, andvariations.Replace the
audit-depslint job with afix-vulnerable-depsautofix job that opens PRs upgrading vulnerable packages.Add a
codecovbundled component that syncs.github/codecov.yamlto suppress noisy PR comments.Support tool-runner config for tools that discover config from the working directory rather than a
--configflag.Move the mdformat
numberdefault to a bundledmdformat.tomlso downstream repos can override it.Expand PAT validation in
lint-repoandcheck-renovatewith repository scope, tag ruleset, and permission checks.Auto-exclude
changelog.mdfor awesome-list repositories.Migrate from
actions/attest-build-provenancetoactions/attest.Run granular PAT permission checks in
setup-guide, keeping the issue open with a diagnostic table when permissions are incomplete.Fix the
setup-guidejob so PAT detection works everywhere.Fix an infinite cycle between the
migrate-to-renovateandsync-repomaticjobs.Include git stderr in
git-tagCLI error messages.
6.8.0 (2026-03-27)¶
Breaking: Rename
repomatic init --delete-redundantto--delete-unmodified, which now also removes config files identical to bundled defaults.Breaking: Remove the deprecated
WORKFLOW_UPDATE_GITHUB_PATsecret and its fallbacks; downstream repos must useREPOMATIC_PAT.Breaking: Stop persisting
[tool.ruff]defaults into downstreampyproject.toml; bundled ruff config is now injected at runtime when none exists.Breaking: Remove the
sync-renovatecommand, autofix job,renovate.syncconfig toggle, and PR body template;sync-repomaticand runtime materialization replace them.Breaking: Merge
/repomatic-deps-reviewinto/repomatic-deps, which now supportsgraphandreviewmodes.Move the test matrix definition into
repomatic metadataso it is available in job-levelif:conditions.Reduce CI jobs on pull requests by skipping release builds, experimental Python versions, and redundant verification tests; the full matrix still runs on push to
main.Make
excludeconfig additive to the default exclusions (labels,skills), and add anincludeconfig to force-include default-excluded components.Auto-exclude the
awesome-triageskill for non-awesome repositories.Add
--delete-excludedtorepomatic initto remove excluded files that still exist on disk.Replace the
sync-workflowsandclean-unmodified-configsautofix jobs with a singlesync-repomaticjob that syncs and prunes managed files in one PR.Add PAT capability and repo configuration checks to
lint-repo(Renovate config, Dependabot security updates off, vulnerability alerts on, PAT permissions).Add stale draft release detection to
lint-repo, warning about draft releases whose tag does not end with.dev0.Relax the abandoned-dependency threshold from 1 year to 2 years in the Renovate config.
Fix thin-caller generation rendering
workflow_dispatchinputs as Python dicts instead of YAML.Add the
/sphinx-docs-syncskill for cross-project Sphinx documentation comparison and synchronization.Add the
/translation-syncskill to detect and draft fixes for stalereadme.*.mdandcontributing.*.mdtranslations; auto-excluded for non-awesome repos.Streamline Dependabot guidance in the setup-guide issue.
Allow
repomatic initto accept qualifiedcomponent/fileselectors (likerepomatic init skills/repomatic-topics).Only auto-include the
awesome-templatecomponent forawesome-*repos when no explicit components are given.Add a package version diff table to
sync-uv-lockPRs, listing updated, added, and removed packages with PyPI links and collapsible release notes.Document file naming conventions in
claude.md: prefer.yamlover.ymland lowercase filenames, with a table of GitHub exceptions.Fix awesome-template URL rewriting to also process
.ymlfiles in.github/.Auto-exclude the
changelog.yaml,debug.yaml, andrelease.yamlworkflows forawesome-*repositories.Materialize the bundled
renovate.json5at runtime when absent, so downstream repos can safely delete their own copy.Pin GitHub Actions to SHA digests via Renovate’s
helpers:pinGitHubActionDigestsToSemverpreset.Add top-level
permissions: {}to all workflow files, requiring each job to declare its own minimal permissions.Fix
sync-repomaticdeleting the upstream repo’s own skills.Generalize the
opt_in_keyconfig option intoconfig_key/config_default.
6.7.0 (2026-03-24)¶
Breaking: Remove the
sync-skills,workflow create, andworkflow synccommands;repomatic inithandles all three.Bundle awesome-template boilerplate files in
repomaticinstead of cloningkdeldycke/awesome-templateat runtime.Format every
pyproject.tomlin the repo in theformat-pyprojectjob, not just the root file.Add a branch protection checklist to the setup-guide issue, linking to a pre-filled ruleset creation form.
Add an opt-in
unsubscribe.yamlreusable workflow for scheduled cleanup of closed notification threads, enabled vianotification.unsubscribe = trueand requiringREPOMATIC_NOTIFICATIONS_PAT.Surface actual
ghCLI error messages inunsubscribe-threadswarnings.Enable
delete-branch: trueon allpeter-evans/create-pull-requestinvocations so stale automation PRs auto-close.Add
gitleaksto the tool runner with binary download and[tool.gitleaks]config bridge, and migratelint-secretstorepomatic run gitleaks.Move lychee config from
lychee.tomlto[tool.lychee]inpyproject.toml.Fix the
format-imagesjob by installingoxipngfrom its GitHub release.debso it runs onubuntu-slim.
6.6.0 (2026-03-23)¶
Breaking: downstream repos with
yamllintorzizmorin their[tool.repomatic] excludelist must remove those entries.Remove
yamllintandzizmorinit components; the tool runner falls back to bundled default configs at runtime. Defaultexcludeis now["labels", "skills"].Add
repomatic clean-redundant-configscommand and autofix job that removes native config files identical to bundled defaults;repomatic initwarns about redundant configs on disk.Rename the
WORKFLOW_UPDATE_GITHUB_PATsecret toREPOMATIC_PAT; workflows accept both names. Old-name repos get a migration issue that auto-closes onceREPOMATIC_PATis detected.Add a
setup-guidetoggle to[tool.repomatic]to suppress the setup guide issue.Pre-fill the fine-grained PAT creation form via URL and provide
ghCLI commands for adding the secret, configuring Dependabot, and triggering a verify run.Add a
lint-repocheck that warns when the owner has GitHub Sponsors enabled but.github/FUNDING.ymlis missing.
6.5.0 (2026-03-23)¶
Breaking: the old
init.excludeandworkflow.sync-excludekeys are no longer recognized and raise a hard error.Breaking: remove legacy
[tool.gha-utils]and[tool.repokit]config migration; rename old sections to[tool.repomatic]manually.Replace
init.excludeandworkflow.sync-excludewith a unifiedexcludekey: bare names exclude whole components,component/identifierentries exclude specific files.Add
repomatic run <tool>for unified tool invocation with managed config resolution (native file,[tool.X], bundled default, bare); use--listto see managed tools and their active config source.Register actionlint, autopep8, biome, bump-my-version, labelmaker, lychee, mdformat, mypy, pyproject-fmt, ruff, typos, yamllint, and zizmor with
repomatic run, and migrate all workflow tool invocations to it.Add a
yamllintinit component, excluded from init by default likezizmor.Add
repomatic update-checksums --registryto refresh SHA-256 hashes for binary tools.Add
[tool.lychee]and[tool.biome]config translation, so downstream repos can configure lychee and biome frompyproject.tomlwithout separate config files.
6.4.1 (2026-03-11)¶
Add a
github-jsonoutput dialect torepomatic metadatathat bundles all keys into a singlemetadataoutput, accessed viafromJSON(needs.metadata.outputs.metadata).key_name.Add key filtering to
repomatic metadata: pass key names as arguments to output only those values.Add a
--list-keysflag torepomatic metadatato list all available keys with descriptions.Rename the
project-metadatajob and step IDs tometadataacross all workflows.Rename the
lintersinit component tozizmor; defaultinit.excludeis now["labels", "skills", "zizmor"].Remove the
sync-zizmorjob, CLI command, andzizmor.synctoggle;zizmor.yamlis now user-owned and created byrepomatic init zizmorif missing.Rename the
bump-versionsjob tobump-versioninchangelog.yaml.Upgrade zizmor to
1.23.0and re-enable thetemplate-injectionaudit.Fix
repomatic metadatalist values breaking GitHub Actions${{ }}interpolation: lists are now pre-formatted (file lists as quoted strings, plain lists space-separated, dict lists as JSON).Fix
repomatic workflow sync --format header-onlyerroring when a target workflow file is absent downstream; missing default files are skipped and named missing files warn instead.Enable parallel test execution by default via
--numprocesses=auto.
6.4.0 (2026-03-10)¶
Rename
optimize-imagestoformat-images, aligning it with theformat-*naming convention, and add a matching PR body template.Allow
--prefixand--templateto be combined inrepomatic pr-body; the prefix is prepended before the rendered template.Add
awesome-template-sync,bumpversion-sync,dev-release-sync,gitignore-sync,labels-sync,mailmap-sync,uv-lock-sync, andzizmor-synctoggles to[tool.repomatic], so each sync operation can be individually disabled.Rename
sync-linter-configstosync-zizmor(andlinter-synctozizmor-sync), naming the sync job after the tool it syncs.Add a
repomatic sync-labelscommand wrappinglabelmakerwith toggle check, profile detection, and extra label file handling.Replace
AndreasAugustin/actions-template-syncwith a nativerepomatic sync-awesome-templatecommand.Add
repomatic init typosto sync the shared typos spell-checker config intopyproject.toml, with proper-noun corrections and<!-- typos:off -->/<!-- typos:on -->block markers.Skip Ruff config injection in
format-pythonfor non-Python projects, and skipsync-bumpversionfor non-Python projects.Use TOML sub-keys for grouped
[tool.repomatic]options (likenuitka.enabled,gitignore.location,test-plan.file); onlypypi-package-historystays flat.Add a
workflow-source-pathsoption to[tool.repomatic]: thin-caller and header-only workflows gainpaths:filters for the project’s source directory, auto-derived from[project.name].Add a
repomatic configcommand that renders the[tool.repomatic]reference table.Add
### Configurationsections to PR body templates listing the relevant[tool.repomatic]options.
6.3.2 (2026-03-08)¶
Add
--all-extrasto theuv syncstep intests.yamlto catch incompatibilities between optional dependency groups.Add a
test-package-installjob totests.yamlthat verifies every[project.scripts]entry point installs and runs viauvx,uv run --with, module invocation,uv tool install, andpipx run, from PyPI and GitHub. Add acli_scriptsmetadata output.Sync
customManagersto downstreamrenovate.json5so Renovate can update inline version pins in workflow files.Fix thin-caller generation stripping
pathsandpaths-ignorefilters, which incorrectly restricted CI triggers downstream.Fix the
optimize-imagesjob failing onubuntu-slimwhereoxipngis unavailable.Add a
citation.cffdate-releasedupdate to the bundledbumpversion.tomltemplate so downstream repos keep their release date in sync on version bumps.
6.3.1 (2026-03-07)¶
Sync the
repomatic-auditskill to downstream repos.
6.3.0 (2026-03-06)¶
repomatic initnow always overwrites managed files (workflows, configs, skills) by default; remove the--overwriteflag.changelog.mdis never overwritten once it exists.repomatic initoutput now distinguishes created, updated, and skipped files, and warns about excluded files still on disk.Auto-remove legacy
.claude/skills/gha-*/skill directories duringrepomatic init, completing thegha-utilstorepomaticrename.sync-bumpversion,sync-linter-configs, andsync-skillsnow report both created and updated files.sync-bumpversionnow replaces the whole[tool.bumpversion]section from the bundled template instead of applying incremental migrations.Use the short SHA in release workflow job names instead of the full commit hash.
6.2.1 (2026-03-06)¶
Fix
actions/checkoutwiping downloaded Python package artifacts beforegh release createcould attach them, so release drafts now include the distribution files.Fix
fix-changelogmarking releases as not available on GitHub while the release was still a draft.
6.2.0 (2026-03-05)¶
Add the
repomatic optimize-imagesCLI command (losslessoxipngfor PNG,jpegoptimfor JPEG), replacingcalibreapp/image-actions.Add the
sync-dev-releaseCLI command and workflow job to maintain a rolling dev pre-release on GitHub with the latest binaries and Python package.Add the
repomatic-topicsskill for optimizing GitHub repository topics for discoverability.Add a
lint-repocheck that warns when GitHub topics are not a subset ofpyproject.tomlkeywords.Add the
init-excludeconfig option to skip components duringrepomatic init, defaulting to["labels", "linters", "skills"];workflow-sync-excludenow also applies torepomatic init.Add
rename-fromrules to migrate all 9 default GitHub labels.Add the package version to compiled binary filenames (
repomatic-6.2.0-linux-arm64.bin).Automatically migrate
[tool.gha-utils]and[tool.repokit]config sections to[tool.repomatic]duringrepomatic init; commands fall back to legacy section names when[tool.repomatic]is absent.Support GitHub immutable releases by drafting releases then publishing them.
Replace
softprops/action-gh-releasewithgh release create; all release operations now use theghCLI.Freeze readme binary download URLs to versioned
/releases/download/vX.Y.Z/paths during releases.GitHub releases now include PyPI and GitHub availability links at creation time.
Fix Nuitka-compiled binaries silently producing no output when the entry point is a
__main__.pyinside a package.Fix
update-checksumsleaving stale SHA-256 hashes when the hash andsha256sum --checkkeyword span multiple lines.Fix Windows ARM64 test runners using x86_64 emulation by forcing native ARM64 Python via
UV_PYTHON.Fix
fix-changelogproducing a trailing blank line when the last changelog section is modified.
6.1.0 (2026-02-27)¶
Add the
unsubscribe-threadsCLI command to unsubscribe from closed, inactive GitHub notification threads.Add the
prebake-versionCLI command to inject the Git commit hash into__version__before Nuitka compilation, so binaries report the exact commit they were built from (e.g.,6.1.0.dev0+abc1234).Add the
list-skillsCLI command to display all available Claude Code skills grouped by lifecycle phase.Add the
sync-github-releasesCLI command to sync GitHub release notes fromchangelog.md.Add the
pypi-package-historyconfig option solint-changelogfetches releases from former package names and generates correct PyPI URLs for renamed projects.lint-changelognow detects orphaned versions (git tags, GitHub releases, or PyPI packages with no changelog entry) and inserts placeholder sections in--fixmode.Rename the
lint-changelogworkflow job tofix-changelog; the CLI command remainslint-changelog.Make changelog entries and GitHub release bodies template-driven via
release-notes.mdandgithub-releases.md, so editing one template affects only its destination.Group CLI commands into sections (Project setup, Release & versioning, Sync, Linting & checks, GitHub issues & PRs) in help output.
Add next-step handoff suggestions to all Claude Code skills, and document skills with a grouped table and walkthrough in
readme.md.Generate thin caller workflows with explicit secret forwarding instead of
secrets: inherit.Move zizmor config from
.github/zizmor.ymltozizmor.yamlat repo root.
6.0.1 (2026-02-24)¶
Note
First release under the repomatic name on PyPI, after repokit was rejected for typo-squatting (see 6.0.0 below). The GitHub repository is kdeldycke/repomatic.
Rename project from
repokittorepomatic. Rename GitHub repository fromkdeldycke/repokittokdeldycke/repomatic.
6.0.0 (2026-02-24)¶
Caution
This release was deleted from PyPI. It was supposed to be published as repokit, but PyPI flagged the name as typo-squatting the pre-existing repo-kit package.
Note
6.0.0 is available on 🐙 GitHub.
Warning
6.0.0 is not available on 🐍 PyPI.
Rename project from
gha-utilstorepokit. Rename GitHub repository fromkdeldycke/workflowstokdeldycke/repokit.
Earlier releases¶
Note
Releases 5.14.1 and earlier are recorded in the changelog archive.