Skip to content

Latest commit

 

History

History
136 lines (95 loc) · 3.35 KB

RELEASE.md

File metadata and controls

136 lines (95 loc) · 3.35 KB
Raw

Release Guidelines

If you need to release a new version of the JavaScript Regex Security Scanner, follow the guidelines found in this document.

Automated Releases (Preferred)

To release a new version follow these steps:

  1. Manually trigger the release workflow from the main branch; Use an update type in accordance with Semantic Versioning. This will create a Pull Request that start the release process.
  2. Follow the instructions in the description of the created Pull Request.

Manual Releases (Discouraged)

If it's not possible to use automated releases, or if something goes wrong with the automatic release process, follow these steps to release a new version (using v0.1.2 as an example):

  1. Make sure that your local copy of the repository is up-to-date, sync:

    git checkout main
git pull origin main

    Or clone:

    git clone git@github.com:ericcornelissen/js-regex-security-scanner.git

  2. Update the version label in the Containerfile using:

    node scripts/bump-version.js [patch|minor|major]

    If that fails, manually update the version label in the Containerfile:

    -  version="0.1.1" \
+  version="0.1.2" \

  3. Update the changelog:

    node scripts/bump-changelog.js

    If that fails, manually add the following text after the ## [Unreleased] line:

    - _No changes yet_

## [0.1.2] - YYYY-MM-DD

    The date should follow the year-month-day format where single-digit months and days should be prefixed with a 0 (e.g. 2022-01-01).

  4. Commit the changes to a new release branch and push using:

    git checkout -b release-$(sha1sum Containerfile | awk '{print $1}')
git add CHANGELOG.md Containerfile
git commit --message "Version bump"
git push origin release-$(sha1sum Containerfile | awk '{print $1}')

  5. Create a Pull Request to merge the release branch into main.

  6. Merge the Pull Request if the changes look OK and all continuous integration checks are passing.

  7. Immediately after the Pull Request is merged, sync the main branch:

    git checkout main
git pull origin main

  8. Create a git tag for the new version:

    git tag v0.1.2

    and push it:

    git push origin v0.1.2

    NOTE: At this point, the continuous delivery automation may kick in and complete the release process. If not, or only partially, continue following the remaining steps.

  9. Update the v0 branch to point to the same commit as the new tag:

    git checkout v0
git merge main

    and push it:

    git push origin v0

  10. Publish to Docker Hub, first with a version tag:

    make build TAG=v0.1.2
docker push ericornelissen/js-re-scan:v0.1.2

    then the latest tag:

    make build TAG=latest
docker push ericornelissen/js-re-scan:latest