From a74b889804752a59a997c1210aa17eeca4612633 Mon Sep 17 00:00:00 2001
From: Mondo Diaz <armando.m.diaz@boeing.com>
Date: Thu, 15 Jan 2026 21:01:32 +0000
Subject: [PATCH] Update CHANGELOG for #63

---
 CHANGELOG.md | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 17172b8..8aca96b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 ### Added
+- Added production deployment job triggered by semantic version tags (v1.0.0) with manual approval gate (#63)
+- Added production Helm values file with persistence enabled (20Gi PostgreSQL, 100Gi MinIO) (#63)
+- Added integration tests for production deployment (#63)
 - Added GitLab CI pipeline for feature branch deployments to dev namespace (#51)
 - Added `deploy_feature` job with dynamic hostnames and unique release names (#51)
 - Added `cleanup_feature` job with `on_stop` for automatic cleanup on merge (#51)
@@ -16,6 +19,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Added internal proxy configuration for npm, pip, helm, and apt (#51)
 
 ### Changed
+- Deploy jobs now require all security scans to pass before deployment (added test_image, app_deps_scan, cve_scan, cve_sbom_analysis, app_sbom_analysis to dependencies) (#63)
+- Increased deploy job timeout from 5m to 10m (#63)
 - Added `--atomic` flag to Helm deployments for automatic rollback on failure
 - Adjusted dark mode color palette to use lighter background tones for better readability and reduced eye strain (#52)
 - Replaced project card grid with sortable data table on Home page for better handling of large project lists
@@ -26,6 +31,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Improved pod naming: Orchard pods now named `orchard-{env}-server-*` for clarity (#51)
 
 ### Fixed
+- Fixed deploy jobs running even when tests or security scans fail (changed rules from `when: always` to `when: on_success`) (#63)
+- Fixed python_tests job not using internal PyPI proxy (#63)
 - Fixed `cleanup_feature` job failing when branch is deleted (`GIT_STRATEGY: none`) (#51)
 - Fixed gitleaks false positives with fingerprints for historical commits (#51)
 - Fixed integration tests running when deploy fails (`when: on_success`) (#51)