From 01a32b884f64d6be5ec8ab626346c42b8138dd99 Mon Sep 17 00:00:00 2001 From: Niek Otten Date: Tue, 14 Jul 2026 16:11:34 +0200 Subject: [PATCH] chore(release): 2026.07.0 (refs #80) First CalVer release, marking the end of Iteration 1 (Walking Skeleton). CHANGELOG.md regenerated from Conventional Commits via git-cliff for tag v2026.07.0. Co-Authored-By: Claude Opus 4.8 (1M context) --- CHANGELOG.md | 113 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 112 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9330697..0d5c67a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,19 +2,130 @@ All notable changes to this project. Generated from Conventional Commits by git-cliff. -## Unreleased +## v2026.07.0 — 2026-07-14 + +### Architecture +- ADR-0005 adopt Stryker.NET for mutation testing (refs #47) +- ADR-0006 — provision the ACL integration test against the compose stack (refs #46) +- ADR-0007 + runbooks for the OZ→NRC notification wiring (refs #56) +- ADR-0009 external-task job-worker pattern (refs #6, #60) +- ADR-0010 BFF OIDC validation + downstream boundaries (refs #8, #63) + +### Bug Fixes +- Pin OpenZaak/NRC image tags; add smoke log capture on failure (refs #30) +- Harden oz-db healthcheck and raise compose-up timeout (refs #30) +- Bake config into images so compose-smoke passes on CI (refs #30) +- Nrc-init runs migrations only, not setup_configuration (refs #30) +- Smoke waits on durable services, not the whole project (refs #30) +- Portable health poll instead of compose --wait (refs #30) +- Pin upload-artifact to @v3 — @v4 refuses to run on Gitea (refs #47) +- Buffer the zaak POST body so OpenZaak accepts it (refs #46) +- Keep dotnet format green under the shared .editorconfig (refs #65) +- Re-export the full Utrecht package from libs/ui (refs #67) +- Run checkAuth() at startup to end the login redirect loop (refs #67) +- Health-check nginx over IPv4 (127.0.0.1) (refs #68) +- Treat the http portal origin as secure so DigiD PKCE login works (refs #68) +- Attach the DigiD token to relative BFF calls (refs #68) + +### Build +- Pin Stryker.NET as a local dotnet tool (refs #47) ### CI - Gitea Actions pipeline + runner runbook (refs #30) (#37) +- ACL Dockerfile + full compose stack for smoke test (refs #30) +- Switch runner label to ubuntu-latest (refs #30) +- Run the mutation ratchet as a parallel CI job (refs #47) +- Publish the Stryker HTML report as a CI artifact (refs #47) +- Run the ACL integration test as a Gitea Actions job (refs #46) +- Keep the integration lane local-only; document the runner gap (refs #46) +- Run the ACL integration test in CI inside the compose network (closes #55) (refs #46) +- Run the Event Subscriber + projection-api in compose and verify end-to-end (refs #7) +- Containerize, wire into compose, and verify end-to-end (refs #6) +- Make Stryker report upload best-effort (refs #62) +- Retrigger after runner cleanup (refs #6) +- Retrigger CI (refs #6) +- Retrigger CI after gitea restart (refs #6) +- Compose wiring, verify-bff live check, mutation baseline (refs #8) +- Nx frontend lane (lint/test/build) (refs #65) +- Serve the self-service app in compose (refs #68) +- Run Vitest ahead of the production build to stop worker-start timeout (refs #68) +- Cache the NuGet package store across the .NET jobs (refs #73) +- Run Playwright from the prebuilt image instead of downloading browsers (refs #73) ### Chores - Add idempotent Gitea backlog seeder - Remove bootstrap scripts from main (#35) +- Contributor workflow — templates, git-cliff, gitea-workflow doc (closes #31) (#38) ### Documentation - Split S-00 into sub-slices (refs #1) (#33) +- MkDocs scaffold + ADR-0001 + README quickstart (closes #32) (#39) +- Tighten gitea-actions-gotchas, add local compose (refs #30) +- ADR-0008 read projection store + demo note for the event path (refs #7) +- Demo note for submitting a registration (S-05) (refs #6) +- Demo note for the BFF front door (S-07) (refs #8) +- Split S-08 into S-08a-d (refs #65) +- Frontend-decisions + demo note for S-08a (refs #65) +- Record the orval generator choice (refs #66) +- Record NL DS + DigiD decisions and demo note (refs #67) +- Serving/e2e decisions + walking-skeleton demo note (refs #68) ### Features - Placeholder BFF + /health endpoint (closes #28) (#34) - Containerize BFF + compose-up smoke (closes #29) (#36) +- OpenZaak + Postgres + Redis up in compose (refs #10) (#40) +- Seed BIG catalogus + JWT client for OpenZaak (refs #2) (#41) +- Open Notificaties up + shared network (closes #2) (#42) +- Keycloak with four mock realms (closes #3) (#43) +- Flowable + registratie.bpmn external task (closes #4) (#44) +- ACL skeleton — OpenZaak default-fill (refs #5) (#45) +- Add bind-mount local compose for no-make/Windows dev (refs #30) +- Publish the BIG zaaktype on demand via OZ_PUBLISH (refs #46) +- Wire OpenZaak → Open Notificaties notifications (refs #56) +- Project zaak-created notifications into the read projection (refs #7) +- Persist the read projection and expose webhook + read APIs (refs #7) +- Enforce the callback bearer before reading the body (refs #7) +- Implement the Registration aggregate invariants (refs #6) +- Implement SubmitRegistration and OpenZaakWorker (refs #6) +- Implement the Flowable Workflow Client and ACL client (refs #6) +- Expose POST /registrations and the read endpoint (refs #6) +- Implement self-service submit and openbaar lookup (refs #8) +- Committed OpenAPI contract + drift guard (refs #8) +- Self-service portal placeholder page (refs #65) +- Expose the generated BFF client + repeatable generate target (refs #66) +- Implement the DigiD registration submit page (refs #67) +- Runtime config + nginx serve/proxy image (refs #68) +- Surface submit failures with a retryable alert (refs #68) +- One citizen reference across self-service and the openbaar register (#79) + +### Other +- Openbaar Register portal — public lookup (#76) +- Approval flow — temp admin endpoint + status transition to projection (#77) + +### Refactor +- Bake config via dockerfile_inline, drop Dockerfile files (refs #30) +- Use upstream images verbatim, seed config via docker cp (refs #30) +- One verify-stack stage for all live-stack checks (closes #58) (refs #46 #56) + +### Tests +- BDD acceptance scenario for opening a zaak (closes #5) (#49) +- Kill surviving mutants — assert CRS headers, guards, error paths, JWT claims (refs #47) +- Add Stryker config + mutation make target recording the 95% baseline (refs #47) +- Integration test opens a real zaak against OpenZaak (refs #46) +- Verify-notifications smoke + CI job for the OZ→NRC path (refs #56) +- Project zaak-created notifications into the read projection (refs #7) +- Ratchet projector mutation baseline to 100% (refs #7) +- Registration aggregate invariants (refs #6) +- SubmitRegistration + OpenZaakWorker use cases (refs #6) +- Workflow Client, ACL client, store and job processor (refs #6) +- Acceptance scenario for submitting a registration (refs #6) +- Mutation baseline 90 (achieved 97.7%) + CI/Makefile wiring (refs #6) +- Endpoints, JWT auth and public-safe projection (refs #8) +- Acceptance scenario for BFF access (valid/invalid tokens) (refs #8) +- Self-service portal placeholder renders (refs #65) +- Generated BFF client is exposed and calls the endpoints (refs #66) +- DigiD-guarded registration submit page (refs #67) +- Walking-skeleton Playwright happy path + verify-e2e lane (refs #68) +- Submit surfaces BFF failures instead of swallowing them (refs #68) +- Guard that the DigiD token attaches to relative BFF calls (refs #68) -- 2.49.1