From 017e74d558fbde0d46aed4c59528ae6f05a070e4 Mon Sep 17 00:00:00 2001 From: NWarila <33955773+NWarila@users.noreply.github.com> Date: Mon, 4 May 2026 19:25:13 +0000 Subject: [PATCH] ci: add release-please for automated version + changelog management Add the release-please workflow + config + manifest, mirroring the same pattern used in nwarila-platform/proxmox-packer-framework and the nwarila-platform/secure-rockylinux9-template consumer repo. Update the allowlist-style .gitignore so the new files are tracked. How it works: - On push to main, the release-please action scans new conventional commits since the last tagged release. - For feat: / fix: / security: / refactor: / ci: / docs: it opens or updates a release PR titled "chore: release X.Y.Z" that bumps the manifest, regenerates CHANGELOG.md, and proposes the next version. - Merging that release PR creates the corresponding tag (with v prefix per include-v-in-tag), which in turn triggers Release Artifact (already wired on push: tags: v*) to build, attest, and publish the GitHub release with the bundle assets. Manifest baseline is 1.0.0 -- the existing tag. Next release is computed from conventional commits merged after the v1.0.0 tag (only chore(codeowners) right now, which is hidden from the changelog and does not bump versions, so no release PR will open until a feat/fix lands). This standardizes release management across all three repos in the secure Packer / Proxmox toolchain (framework, bootstrapper, consumer template). Co-Authored-By: Claude Opus 4.7 (1M context) --- .github/workflows/release-please.yaml | 24 ++++++++++++++++++++++++ .gitignore | 3 +++ .release-please-manifest.json | 3 +++ release-please-config.json | 20 ++++++++++++++++++++ 4 files changed, 50 insertions(+) create mode 100644 .github/workflows/release-please.yaml create mode 100644 .release-please-manifest.json create mode 100644 release-please-config.json diff --git a/.github/workflows/release-please.yaml b/.github/workflows/release-please.yaml new file mode 100644 index 0000000..a06af13 --- /dev/null +++ b/.github/workflows/release-please.yaml @@ -0,0 +1,24 @@ +name: Release Please + +on: + push: + branches: + - main + +permissions: + contents: write + pull-requests: write + issues: write + +jobs: + release-please: + name: Release Please + runs-on: ubuntu-latest + timeout-minutes: 10 + + steps: + - name: Run release-please + uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4.4.0 + with: + release-type: simple + target-branch: main diff --git a/.gitignore b/.gitignore index 106b959..5a49f81 100644 --- a/.gitignore +++ b/.gitignore @@ -11,12 +11,15 @@ !/.github/dependabot.yml !/.github/workflows/ !/.github/workflows/release-artifact.yml +!/.github/workflows/release-please.yaml !/.github/workflows/verify.yml !/.gitignore +!/.release-please-manifest.json !/LICENSE !/Makefile !/README.md !/SECURITY.md +!/release-please-config.json !/bin/ !/bin/secure-packer-bootstrapper diff --git a/.release-please-manifest.json b/.release-please-manifest.json new file mode 100644 index 0000000..37fcefa --- /dev/null +++ b/.release-please-manifest.json @@ -0,0 +1,3 @@ +{ + ".": "1.0.0" +} diff --git a/release-please-config.json b/release-please-config.json new file mode 100644 index 0000000..04f58ce --- /dev/null +++ b/release-please-config.json @@ -0,0 +1,20 @@ +{ + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json", + "release-type": "simple", + "target-branch": "main", + "changelog-sections": [ + { "type": "feat", "section": "Features" }, + { "type": "fix", "section": "Bug Fixes" }, + { "type": "security", "section": "Security" }, + { "type": "refactor", "section": "Refactoring" }, + { "type": "ci", "section": "CI/CD" }, + { "type": "docs", "section": "Documentation" }, + { "type": "chore", "section": "Chores", "hidden": true }, + { "type": "test", "section": "Tests", "hidden": true } + ], + "pull-request-title-pattern": "chore: release ${version}", + "include-v-in-tag": true, + "packages": { + ".": {} + } +}