Update Clojure package and the base Docker image versions (#145)

pilosus · Apr 14, 2023 · eab6fc5 · eab6fc5
1 parent a3c505d
commit eab6fc5
Show file tree

Hide file tree

Showing 4 changed files with 90 additions and 4 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,16 @@ This change log follows the conventions of [keepachangelog.com](http://keepachan
 
 ## [Unreleased]
 
+## [0.47.0] - 2023-04-14
+
+### Changed
+- Docker base image's pinned sha256 digest removed for quicker and
+  easier security updates
+
+### Fixed
+- Clojure package `org.pilosus/pip-license-checker` to be updated
+  since the release `0.45.0`
+
 ## [0.46.1] - 2023-03-20
 
 ### Fixed
@@ -450,7 +460,8 @@ weak copyleft types.
 ### Added
 - Structure for Leiningen app project
 
-[Unreleased]: https://github.com/pilosus/pip-license-checker/compare/0.46.1...HEAD
+[Unreleased]: https://github.com/pilosus/pip-license-checker/compare/0.47.0...HEAD
+[0.47.0]: https://github.com/pilosus/pip-license-checker/compare/0.46.1...0.47.0
 [0.46.1]: https://github.com/pilosus/pip-license-checker/compare/0.46.0...0.46.1
 [0.46.0]: https://github.com/pilosus/pip-license-checker/compare/0.45.0...0.46.0
 [0.45.0]: https://github.com/pilosus/pip-license-checker/compare/0.44.0...0.45.0

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,75 @@
+## Contributing
+
+### General rules
+
+1. Before writing any *code* take a look at the existing
+   [issues](https://github.com/pilosus/pip-license-checker/issues?q=).
+   If none of them is about the changes you want to contribute, open
+   up a new issue. Fixing a typo requires no issue though, just submit
+   a Pull Request.
+
+2. If you're looking for an open issue to fix, check out
+   labels `help wanted` and `good first issue` on GitHub.
+
+3. If you plan to work on an issue open not by you, write about your
+   intention in the comments *before* you start working.
+
+
+### Development rules
+
+1. Follow the GitHub [fork & pull request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) flow.
+
+2. Install [Leiningen](https://leiningen.org/)
+
+3. Make changes to the code.
+
+4. Make sure code formatters, linters, tests and code coverage pass locally:
+
+```
+# Code formatting
+$ lein cljfmt fix
+
+# Linters
+$ lein clj-kondo
+
+# Tests with a code coverage report
+$ lein cloverage
+```
+Code coverage *is not expected to be lower than in the main branch*
+(unless you have very solid grounds to let it drop a bit - to be
+dicussed on the code review).
+
+5. Open a pull request, refer to the issue you solve.
+
+6. Make sure GitHub Checks (Actions) pass. They should if you followed
+   p.4.
+
+### Release management
+
+#### Checlist
+
+1. Follow the [SemVer](https://semver.org/) conventions for the release number.
+2. Update the [project version](https://github.com/pilosus/pip-license-checker/blob/main/project.clj).
+3. Update the [CHANGELOG](https://github.com/pilosus/action-pip-license-checker/blob/main/CHANGELOG.md).
+4. Update the [README](https://github.com/pilosus/action-pip-license-checker/blob/main/README.md) if needed.
+5. Merge the changes to the `main` branch.
+6. Push a version-specific tag, e.g. `2.1.9`:
+
+```
+$ git tag 2.1.9
+$ git push origin 2.1.9
+```
+
+7. Draft a new release on the
+   [GitHub](https://github.com/pilosus/pip-license-checker/releases/new). Make
+   sure the version-specific tag and the changelog are used for the
+   release notes. Start a discussion thread for the release. Publish
+   links to the testing if needed (may be a good idea for release
+   candidates).
+
+#### Artifacts
+
+1. Clojars package is to be uploaded automatically as a part of the GitHub Actions CI/CD
+2. Docker image is built and uploaded to the [Docker Hub](https://hub.docker.com/r/pilosus/pip-license-checker/)
+   using its `Automated Builds` triggers for SemVer tags and the `main`
+   branch pushes.
diff --git a/Dockerfile b/Dockerfile
@@ -10,7 +10,7 @@
 ### Build stage ###
 ###################
 
-FROM clojure:temurin-17-lein-alpine@sha256:994b6ff1c2bccb6925dda35844ed4aeaf8141f0929d25cf03a5da5a04f4f191e AS build
+FROM clojure:temurin-17-lein-alpine AS build
 
 # Create a working directory
 RUN mkdir -p /usr/src/app
@@ -28,7 +28,7 @@ RUN mv "$(lein uberjar | sed -n 's/^Created \(.*standalone\.jar\)/\1/p')" app.ja
 ### Run stage ###
 #################
 
-FROM eclipse-temurin:17-jre-alpine@sha256:02c04793fa49ad5cd193c961403223755f9209a67894622e05438598b32f210e AS run
+FROM eclipse-temurin:17-jre-alpine AS run
 
 # Create app directory for unpriviledged user
 RUN mkdir -p /usr/src/app

diff --git a/project.clj b/project.clj
@@ -1,4 +1,4 @@
-(defproject org.pilosus/pip-license-checker "0.45.0"
+(defproject org.pilosus/pip-license-checker "0.47.0"
   :description "License compliance tool to identify dependencies license names and types: permissive, copyleft, proprietory, etc."
   :url "https://github.com/pilosus/pip-license-checker"
   :license {:name "Eclipse Public License 2.0 OR GNU GPL v2+ with Classpath exception"