diff --git a/CHANGELOG.md b/CHANGELOG.md index 2622287..c5d5186 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,16 @@ This change log follows the conventions of [keepachangelog.com](http://keepachan ## [Unreleased] +## [0.47.0] - 2023-04-14 + +### Changed +- Docker base image's pinned sha256 digest removed for quicker and + easier security updates + +### Fixed +- Clojure package `org.pilosus/pip-license-checker` to be updated + since the release `0.45.0` + ## [0.46.1] - 2023-03-20 ### Fixed @@ -450,7 +460,8 @@ weak copyleft types. ### Added - Structure for Leiningen app project -[Unreleased]: https://github.com/pilosus/pip-license-checker/compare/0.46.1...HEAD +[Unreleased]: https://github.com/pilosus/pip-license-checker/compare/0.47.0...HEAD +[0.47.0]: https://github.com/pilosus/pip-license-checker/compare/0.46.1...0.47.0 [0.46.1]: https://github.com/pilosus/pip-license-checker/compare/0.46.0...0.46.1 [0.46.0]: https://github.com/pilosus/pip-license-checker/compare/0.45.0...0.46.0 [0.45.0]: https://github.com/pilosus/pip-license-checker/compare/0.44.0...0.45.0 diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..b994a51 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,75 @@ +## Contributing + +### General rules + +1. Before writing any *code* take a look at the existing + [issues](https://github.com/pilosus/pip-license-checker/issues?q=). + If none of them is about the changes you want to contribute, open + up a new issue. Fixing a typo requires no issue though, just submit + a Pull Request. + +2. If you're looking for an open issue to fix, check out + labels `help wanted` and `good first issue` on GitHub. + +3. If you plan to work on an issue open not by you, write about your + intention in the comments *before* you start working. + + +### Development rules + +1. Follow the GitHub [fork & pull request](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) flow. + +2. Install [Leiningen](https://leiningen.org/) + +3. Make changes to the code. + +4. Make sure code formatters, linters, tests and code coverage pass locally: + +``` +# Code formatting +$ lein cljfmt fix + +# Linters +$ lein clj-kondo + +# Tests with a code coverage report +$ lein cloverage +``` +Code coverage *is not expected to be lower than in the main branch* +(unless you have very solid grounds to let it drop a bit - to be +dicussed on the code review). + +5. Open a pull request, refer to the issue you solve. + +6. Make sure GitHub Checks (Actions) pass. They should if you followed + p.4. + +### Release management + +#### Checlist + +1. Follow the [SemVer](https://semver.org/) conventions for the release number. +2. Update the [project version](https://github.com/pilosus/pip-license-checker/blob/main/project.clj). +3. Update the [CHANGELOG](https://github.com/pilosus/action-pip-license-checker/blob/main/CHANGELOG.md). +4. Update the [README](https://github.com/pilosus/action-pip-license-checker/blob/main/README.md) if needed. +5. Merge the changes to the `main` branch. +6. Push a version-specific tag, e.g. `2.1.9`: + +``` +$ git tag 2.1.9 +$ git push origin 2.1.9 +``` + +7. Draft a new release on the + [GitHub](https://github.com/pilosus/pip-license-checker/releases/new). Make + sure the version-specific tag and the changelog are used for the + release notes. Start a discussion thread for the release. Publish + links to the testing if needed (may be a good idea for release + candidates). + +#### Artifacts + +1. Clojars package is to be uploaded automatically as a part of the GitHub Actions CI/CD +2. Docker image is built and uploaded to the [Docker Hub](https://hub.docker.com/r/pilosus/pip-license-checker/) + using its `Automated Builds` triggers for SemVer tags and the `main` + branch pushes. diff --git a/Dockerfile b/Dockerfile index e29eaa9..caba289 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ ### Build stage ### ################### -FROM clojure:temurin-17-lein-alpine@sha256:994b6ff1c2bccb6925dda35844ed4aeaf8141f0929d25cf03a5da5a04f4f191e AS build +FROM clojure:temurin-17-lein-alpine AS build # Create a working directory RUN mkdir -p /usr/src/app @@ -28,7 +28,7 @@ RUN mv "$(lein uberjar | sed -n 's/^Created \(.*standalone\.jar\)/\1/p')" app.ja ### Run stage ### ################# -FROM eclipse-temurin:17-jre-alpine@sha256:02c04793fa49ad5cd193c961403223755f9209a67894622e05438598b32f210e AS run +FROM eclipse-temurin:17-jre-alpine AS run # Create app directory for unpriviledged user RUN mkdir -p /usr/src/app diff --git a/project.clj b/project.clj index 0b40090..7eedb08 100644 --- a/project.clj +++ b/project.clj @@ -1,4 +1,4 @@ -(defproject org.pilosus/pip-license-checker "0.45.0" +(defproject org.pilosus/pip-license-checker "0.47.0" :description "License compliance tool to identify dependencies license names and types: permissive, copyleft, proprietory, etc." :url "https://github.com/pilosus/pip-license-checker" :license {:name "Eclipse Public License 2.0 OR GNU GPL v2+ with Classpath exception"