From bae282b2315b31d3f5a40b4d1383a07c06068563 Mon Sep 17 00:00:00 2001
From: Daniel Mader <daniel.mader@impierce.com>
Date: Tue, 19 Nov 2024 13:52:21 +0100
Subject: [PATCH] ci: introduce semantic versioning (#97)

* refactor: undo unnecessary changes

* docs: list all config values

* refactor: rename config file

* refactor: remove example files from docker image

* refactor: merge config files

* refactor: update .dockerignore to include all Dockerfiles and .env files

* WIP: migrate from config macro to config function

* refactor: configs for `log_format` and `event_store`

* refactor: remove unused macros calls

* refactor: migrate `url` config

* refactor: `secret_manager` config

* refactor: `credential_configurations` config

* refactor: rename `DidMethodOptions`, add config for `signing_algorithms_supported`

* refactor: determine default DID method

* refactor: remove comments, load env variables

* WIP: refactor `event_publishers` config

* refactor: remove `metadata`

* refactor: remove `config!` macro

* refactor: rename `config_2` to `config`

* chore: change example logo, disable `event_publisher`, respect `default_did_method`

* chore: resolve clippy issues

* refactor: remove `set_metadata_configuration`

* refactor: remove `TEST_METADATA`

* WIP

* test: fix tests

* ci: update docker-compose

* fix: replace `localhost` with container name

* refactor: clean up code

* chore: fix unused import

* feat: install `@commitlint` and `semantic-release`

* feat: check PR title with `commitlint`

* refactor: move `commitlint` to separate workflow

* refactor: only check PR title for `dev`

* chore: disable `types` (temporarily)

* ci: add default `semantic-release` workflow (for Node projects)

* docs: add reference to "Twelve-Factor App"

* docs: add badge for DockerHub pulls

* refactor: remove unused node dependencies

* docs: describe branches and tags

* ci: trigger release on push

---------

Co-authored-by: Nander Stabel <nander.stabel@impierce.com>
---
 .github/workflows/lint-pr-title.yaml | 35 ++++++++++++++++++++++++++
 .github/workflows/release.yaml       | 37 ++++++++++++++++++++++++++++
 .releaserc.yaml                      |  4 +++
 README.md                            | 27 ++++++++++++++++++++
 commitlint.config.mjs                |  3 +++
 5 files changed, 106 insertions(+)
 create mode 100644 .github/workflows/lint-pr-title.yaml
 create mode 100644 .github/workflows/release.yaml
 create mode 100644 .releaserc.yaml
 create mode 100644 commitlint.config.mjs

diff --git a/.github/workflows/lint-pr-title.yaml b/.github/workflows/lint-pr-title.yaml
new file mode 100644
index 00000000..67fa5425
--- /dev/null
+++ b/.github/workflows/lint-pr-title.yaml
@@ -0,0 +1,35 @@
+# The title of the pull request is used as the commit message when working with a squash-based merging style.
+# This project also follows semantic versioning, so it is important that the title follows conventional commits and should therefore be checked.
+
+name: Lint PR title
+
+on:
+  pull_request:
+    branches:
+      - main
+      - next
+      - beta
+      - alpha
+    # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
+    # types: [opened, synchronize, reopened, edited]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "lts/*"
+
+      - run: npm ci
+
+      - run: echo $TITLE | npx commitlint
+        env:
+          # Security: we mitigate script injections by using an intermediate environment variable
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TITLE: ${{ github.event.pull_request.title }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 00000000..20f05c02
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,37 @@
+name: Release
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - next
+      - beta
+      - alpha
+
+permissions:
+  contents: read # for checkout
+
+jobs:
+  release:
+    name: release
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version: "lts/*"
+
+      - name: Release
+        run: npx semantic-release@24
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.releaserc.yaml b/.releaserc.yaml
new file mode 100644
index 00000000..4e9b8f63
--- /dev/null
+++ b/.releaserc.yaml
@@ -0,0 +1,4 @@
+plugins:
+  - "@semantic-release/commit-analyzer"
+  - "@semantic-release/release-notes-generator"
+  - "@semantic-release/github"
diff --git a/README.md b/README.md
index 92d9857e..94a8256e 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,15 @@
 # SSI Agent
 
+[![semantic-release: angular](https://img.shields.io/badge/semantic--release-angular-e10079?logo=semantic-release)](https://github.com/semantic-release/semantic-release)
+[![GitHub License](https://img.shields.io/github/license/impierce/ssi-agent)](https://github.com/impierce/ssi-agent/blob/HEAD/LICENSE)
+[![Docker Pulls](https://img.shields.io/docker/pulls/impiercetechnologies/ssi-agent)](https://hub.docker.com/r/impiercetechnologies/ssi-agent)
+
+<!-- This is a playful reference to the "Twelve-Factor App" conventions that we try to follow. -->
+
+[![twelve-factor-app](https://img.shields.io/badge/factors-twelve-blue)](https://12factor.net)
+
+---
+
 ## API specification
 
 [Follow these instructions](./agent_api_rest/README.md) to inspect the REST API.
@@ -161,3 +171,20 @@ OpenID4VCI Pre-Authorized Code Flow
 30-31: See steps 4-5.
    32: The API returns a `200 OK` response with the credential(s) in the response body.
 ```
+
+## Releases
+
+This project uses [semantic-release](https://semantic-release.gitbook.io) - plain and simple, without noteworthy custom configuration.
+
+### Branches
+
+| Branch name | Description                                                                                                  | Example tag      |
+| ----------- | ------------------------------------------------------------------------------------------------------------ | ---------------- |
+| `main`      | Current stable releases. Default version when pulling the `latest` Docker image.                             | `v1.2.1`         |
+| `next`      | Upcoming major version (containing breaking changes). Can be considered a stable preview of coming features. | `v2.0.8`         |
+| `beta`      | Pre-releases that are fully implemented, but require testing, validation and feedback.                       | `v2.0.8-beta.2`  |
+| `alpha`     | Experimental early-stage testing and development.                                                            | `v2.1.2-alpha.4` |
+
+### Merging strategy
+
+All PRs to any of the branches defined above are squashed to preserve a clean history. Since the PR title is used as the commit message, it is important to follow a conventional commit style in order to allow semantic releases (next version is determined by the commits since the last version). Therefore, the PR title is automatically linted by a GitHub Action.
diff --git a/commitlint.config.mjs b/commitlint.config.mjs
new file mode 100644
index 00000000..ba5c66fb
--- /dev/null
+++ b/commitlint.config.mjs
@@ -0,0 +1,3 @@
+export default {
+  extends: ["@commitlint/config-angular"],
+};