Release 0.12.2 — similarity labels, README accuracy, release pipeline hardening#1
Merged
Conversation
Install embedded-Python deps from a pinned, hash-verified lock (requirements-bundle.lock) via `pip install --require-hashes`, with SHA-256 verification of the Python embeddable zip and get-pip.py. Fix the VSIX size leak: Prune-Folder used `Get-ChildItem -Include` without a `\*` path — a silent no-op that shipped ~12 MB of __pycache__/.pyc. Rewrite with Where-Object and run it as the final step (after the smoke test regenerates .pyc). Strip the build-only license tooling (pip-licenses/prettytable/wcwidth) after extraction; the embedded interpreter's ._pth ignores PYTHONPATH/--target, so it must be installed into site-packages and removed afterwards. Add update_lockfile.ps1 to regenerate the lock via pip-compile. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- .vscodeignore: exclude scripts/, .vscode/, build-only pkgs and __pycache__/.pyc; fix `*.map`/`*.ts` globs (root-only, so source maps were shipping). - CHANGELOG: add 0.12.1 and 0.12.0 (Marketplace tab stuck at 0.11.1). - Remove dead diffinite.batesPrefix setting (nothing read it). - manifest: homepage/bugs/qna, richer keywords, Visualization category. - runner: Phase-2 report read via await fs.promises.readFile (sync read of large html_diff froze the UI). - webviews: hoist escHtml + CSPRNG getNonce into webviewUtils.ts; add payload-shape guards to message handlers. - compareCommand: fix comment wrongly claiming the promise covers Phase 2. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The example/ rules only ignored subdirectories (example/*/), so timestamped
CLI report files written to the example/ root (e.g. left_right_*.{csv,html,md,pdf})
were untracked-but-not-ignored and would be swept in by `git add example/`.
Honors the section's stated intent: track only *.py and benchmark/*.md.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…tions GitHub README: - Rewrite comment-stripping table from the authoritative language registry (45+ extensions; was an incomplete subset); "30+" -> "45+". - Add PDF Font / CJK Rendering section (--pdf-lang, --pdf-font, expansion pack). - Document previously-undocumented flags: --sort-by/--sort-order, --bundle, --dir-alias-a/b, --ignore-file, --binary-handling, --max-diff-html-size, --metrics-only, --filter-json, --unreadable-log. VS Code extension README (marketplace): - Fix "5-state FSM" -> "6-state" (matches parser; was self-contradictory). - Fix License/NOTICE links blob/main -> blob/master (default branch; were 404). - Fix GUI "Threshold (Deep)" 0.05 -> 5 (0-100 scale; matches code default). - Document missing settings diffinite.pdfLang (default ko) / diffinite.pdfFont. - Add sample report images and the Deep Compare "Shared Hashes" column. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…l outputs Filename similarity (rapidfuzz, 0-100) and content match (difflib ratio) were rendered under ambiguous/single labels in several outputs, so a 100% filename match could be misread as identical file content. - CSV: split "Similarity (%)" into "Name Sim. (%)" + "Content Match (%)". - Markdown: "Match" -> "Content Match". - HTML index.html: add a "Name Sim." column and relabel "Similarity" -> "Content Match" (it was showing content ratio with no name column). - Diff pages (PDF + HTML): "Match ratio:" -> "Content match:". - Binary pairs report SHA-256 status (Binary match/mismatch) consistently, since difflib ratio is meaningless for them. merge_with_bookmarks() and index_entries now carry ratio/binary/hash_match so every tabular output shows the same two distinct figures. PDF cover and JSON already separated the values and are unchanged. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
PyPI and the VS Code Marketplace are both still at 0.11.1 (0.12.0/0.12.1 were tagged/prepared but never published). Ship a single 0.12.2 that carries the filename-vs-content similarity label fix, README corrections, and gitignore cleanup on top of the unreleased 0.12.0/0.12.1 work. Bumps pyproject.toml, package.json, and package-lock.json; adds the 0.12.2 CHANGELOG entry. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Marketplace publish no longer uses continue-on-error, and the retry loop now records success and exits non-zero when all 3 attempts fail (previously the trailing Start-Sleep made the step exit 0 even on failure — an expired VSCE_PAT would publish nothing yet the job stayed green). - Add a version gate to both publish jobs: the release tag must match package.json (vsce) and pyproject.toml (pypi), else fail fast. - Add an opt-in Open VSX publish step (Cursor/VSCodium/Windsurf/Theia), skipped unless an OVSX_PAT secret is configured so it never blocks a release before the namespace/token exist. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
A step's own step-level env is not visible to that same step's `if`, so `env.OVSX_PAT != ''` always evaluated false and the Open VSX publish would be skipped even with the secret set. Hoist OVSX_PAT to job-level env so the gate works. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- .vscodeignore now excludes *.log as a backstop so a stray build log never leaks into the VSIX (observed while packaging locally). - Regenerate DEPENDENCY_LICENSES.md for the 0.12.2 bundle (diffinite's own entry 0.12.1 -> 0.12.2; normalized to LF to keep the diff to one line). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
pip-licenses --with-license-file also emitted a LicenseFile column with absolute paths. For packages also present in the builder's %APPDATA%\Python, those paths resolved to the home dir, leaking the local username into the public VSIX (and the committed file). Add --no-license-path: keep the license TEXT, drop the path column. Regenerate the file (now path-free). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The committed lock carried a stale pip-compile auto-header with an absolute build path (C:\Users\<user>\...), leaking the local username. Replace it with a generic relative invocation. (update_lockfile.ps1 already uses --no-header for future regens.) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
nash-dir
force-pushed
the
portfolio-polish
branch
from
0f3f541 to
2bc910b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bundles the
portfolio-polishwork for the 0.12.2 release. PyPI and the VS Code Marketplace are both still at 0.11.1 (0.12.0/0.12.1 were tagged/prepared but never published), so this ships as a single consolidated release.Highlights
Fix — filename vs. content similarity (user-facing)
Every report format now shows filename similarity and content match as two clearly-labelled, distinct figures, so a 100% filename match is no longer mistaken for identical content.
Name Sim. (%)+Content Match (%)Match→Content MatchName Sim.column, relabelledSimilarity→Content MatchMatch ratio:→Content match:Docs — README accuracy (GH + VSCE)
5-state→6-state, brokenblob/main→masterlinks (were 404), GUI deep-threshold0.05→5, addedpdfLang/pdfFontsettings + sample imagesCI — release pipeline hardening
continue-on-error; retry loop now exits non-zero on failure (an expiredVSCE_PATpreviously left the job green while publishing nothing)package.json+pyproject.tomlOVSX_PATis set)Chore
.gitignoreignores generated CLI report outputs inexample/rootVerified
Release steps after merge (manual, require credentials)
VSCE_PAT(last updated 2026-03-17 — may be expired):npx @vscode/vsce verify-pat nash-dirOVSX_PAT+ovsx create-namespace nash-dirv0.12.2on master → publish a GitHub Release (this triggers the pipeline)🤖 Generated with Claude Code