feat: enhance release notes with ISMS badges and Node 24 migration#279
Merged
feat: enhance release notes with ISMS badges and Node 24 migration#279
Conversation
- Add comprehensive badges (SLSA, OpenSSF, ISMS policies, test reports) - Add Hack23 ISMS policy badges (Information Security, Open Source, Secure Development) - Add compliance framework badges (ISO 27001, NIST CSF, CIS Controls) - Add detailed security & supply chain protection section - Improve release artifacts table with verification instructions - Update Node.js requirement from >=20 to >=24 across all files - Update README prerequisites and technical architecture sections - Update agent documentation (data-pipeline-specialist, devops-engineer) - Update skill documentation (containerization, GitHub Actions integration) - Update FUTURE_ARCHITECTURE.md Lambda references - Align with CIA repository release notes best practices Co-authored-by: pethers <[email protected]>
- Validate release-drafter.yml and labeler.yml syntax (both valid) - Verify 14 badges added with 34+ URLs - Verify all ISMS policy badges present (4 total) - Verify all test report badges present (4 total) - Verify compliance framework badges (3 total) - Verify attestation and security badges (2 total) - Complete Node 24 migration (8 files, 18 occurrences) - All changes tested and validated Co-authored-by: pethers <[email protected]>
Copilot
AI
changed the title
[WIP] Update release notes with badges and attestations
feat: enhance release notes with ISMS badges and Node 24 migration
Feb 18, 2026
github-actions
bot
added
documentation
Contributor
🔍 Lighthouse Performance Audit
📥 Download full Lighthouse report Budget Compliance: Performance budgets enforced via |
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request enhances release notes with comprehensive ISMS policy badges, test artifacts, and security attestation links while migrating the entire codebase from Node.js 20 to Node.js 24. The changes follow the established pattern from the CIA repository and align with the stored memory for Node.js version consistency requirements.
Changes:
- Enhanced
.github/release-drafter.ymlwith 14 badges across 6 structured sections (Release Metrics & Evidence, Security & Supply Chain Protection, ISMS Compliance & Policies, Release Artifacts, Deployment, Built With) - Updated Node.js version from 20 to 24 across package.json, package-lock.json, documentation files, agent definitions, and skill guides (18 occurrences across 8 files)
- Added comprehensive verification instructions for SLSA attestations and SBOM
Reviewed changes
Copilot reviewed 8 out of 9 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| package.json | Updated Node.js engine requirement from >=20 to >=24 |
| package-lock.json | Updated Node.js engine constraint and cleaned up peer dependencies (added "peer: true" flags, removed duplicate enquirer entry) |
| README.md | Added Node.js 24.x and npm 10.x prerequisites, updated technical architecture runtime reference |
| FUTURE_ARCHITECTURE.md | Updated AWS Lambda runtime from Node.js 20 to Node.js 24 |
| .github/skills/gh-aw-github-actions-integration/SKILL.md | Updated 8 workflow examples to use node-version: '24' |
| .github/skills/gh-aw-containerization/SKILL.md | Updated 6 Dockerfile examples to use node:24-alpine base images |
| .github/agents/devops-engineer.md | Updated 4 workflow examples to use node-version: '24' |
| .github/agents/data-pipeline-specialist.md | Updated 1 workflow example to use node-version: '24' |
| .github/release-drafter.yml | Added 14 badges with 34+ URLs linking to test reports, security attestations, ISMS policies, and compliance frameworks; restructured into 6 sections with tables and verification commands |
Contributor
🔍 Lighthouse Performance Audit
📥 Download full Lighthouse report Budget Compliance: Performance budgets enforced via |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Release notes lacked visibility into ISMS policies, test artifacts, and attestations. Node version inconsistent across documentation (20 vs 24).
Release Drafter Enhancements
Added 14 badges with 34+ URLs to
.github/release-drafter.yml:riksdagsmonitor.com/docs/New sections:
gh attestation verifyinstructions)All badges link to actual artifacts—no decorative badges.
Node 24 Migration
Updated 8 files (18 occurrences):
package.jsonengines field:">=24"README.mdprerequisites and technical architecturedata-pipeline-specialist.md,devops-engineer.mdgh-aw-containerization/SKILL.md,gh-aw-github-actions-integration/SKILL.mdFUTURE_ARCHITECTURE.mdLambda referencesLabel Sync Verification
Confirmed compatibility between
release-drafter.yml(11 categories) andlabeler.yml(30+ labels). No conflicts.Preview
Next release will show:
Pattern follows CIA repository: https://github.com/Hack23/cia/blob/master/.github/release-drafter.yml
✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.