From f789c4817efe8ebaed3a8dbc33762564cc1d164d Mon Sep 17 00:00:00 2001 From: Mikael Hugo Date: Tue, 11 Nov 2025 10:34:37 +0100 Subject: [PATCH 1/9] feat(release): add artifact attestations and SHA256 checksums Security & verification improvements (best practice for 2025): - GitHub Artifact Attestations for crate package and all binaries - SLSA Build Level 2 compliance - SHA256 checksums for all release artifacts - Cryptographic proof artifacts came from GitHub Actions - Users can verify with: gh attestation verify Enterprise Cloud feature - no GPG keys needed, automatic signing. --- .github/workflows/release.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c4051aa..de6af65 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -450,6 +450,18 @@ jobs: cd target/${{ matrix.target }}/release Compress-Archive -Path *singularity_language_registry* -DestinationPath ../../../${{ matrix.artifact_name }}.zip + - name: Generate artifact attestation (Unix) + if: runner.os != 'Windows' + uses: actions/attest-build-provenance@v2 + with: + subject-path: ${{ matrix.artifact_name }}.tar.gz + + - name: Generate artifact attestation (Windows) + if: runner.os == 'Windows' + uses: actions/attest-build-provenance@v2 + with: + subject-path: ${{ matrix.artifact_name }}.zip + - name: Upload artifact uses: actions/upload-artifact@v4 with: @@ -466,6 +478,13 @@ jobs: - name: Download all artifacts uses: actions/download-artifact@v4 + - name: Generate SHA256 checksums for binaries + run: | + find . -name "*.tar.gz" -o -name "*.zip" | while read file; do + sha256sum "$file" >> BINARY_SHA256SUMS + done + cat BINARY_SHA256SUMS || echo "No binary artifacts found" + - name: Upload to GitHub Release uses: softprops/action-gh-release@v2 with: @@ -473,6 +492,7 @@ jobs: files: | **/*.tar.gz **/*.zip + BINARY_SHA256SUMS notify: name: Notify Release From ef53eaaf1a0e711a155c156210374e87b66fe8b6 Mon Sep 17 00:00:00 2001 From: Mikael Hugo Date: Tue, 11 Nov 2025 10:35:49 +0100 Subject: [PATCH 2/9] chore: trigger CI checks From 2ba5462c2d554e3f5bbe10a9219f10fe4ac02775 Mon Sep 17 00:00:00 2001 From: Mikael Hugo Date: Tue, 11 Nov 2025 11:44:28 +0100 Subject: [PATCH 3/9] fix(claude): add write permissions for code changes and comments - Add contents: write for Claude to make code changes and commits - Add pull-requests: write for Claude to comment on PRs - Add issues: write for Claude to comment on issues Addresses review feedback about missing permissions. --- .github/workflows/claude.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml index 412cef9..f8c3919 100644 --- a/.github/workflows/claude.yml +++ b/.github/workflows/claude.yml @@ -19,9 +19,9 @@ jobs: (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) runs-on: ubuntu-latest permissions: - contents: read - pull-requests: read - issues: read + contents: write # Needed for Claude to make code changes and commits + pull-requests: write # Needed for Claude to comment on PRs + issues: write # Needed for Claude to comment on issues id-token: write actions: read # Required for Claude to read CI results on PRs steps: From 412b1b54116b97476a474da2cb5a96b878f72685 Mon Sep 17 00:00:00 2001 From: Mikael Hugo Date: Tue, 11 Nov 2025 12:23:34 +0100 Subject: [PATCH 4/9] feat(release): add auto-updating 'latest' tag and release Automatically creates and updates 'latest' tag on each release: - Git tag 'latest' always points to newest release - GitHub Release 'latest' with installation instructions - Includes Mix (Elixir) dependency examples - Binary download examples for all platforms Usage in mix.exs: {:singularity_language_registry, git: "...", tag: "latest"} Download binary: curl -L .../releases/download/latest/...-linux-x64.tar.gz --- .github/workflows/release.yml | 64 ++++++++++++++++++++++++++++++++++- 1 file changed, 63 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index de6af65..4559633 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -494,9 +494,71 @@ jobs: **/*.zip BINARY_SHA256SUMS + update-latest: + name: Update 'latest' Tag + needs: [validate, create-release, upload-artifacts] + runs-on: ubuntu-latest + if: success() + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Update latest tag + run: | + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + + # Delete old latest tag if it exists + git tag -d latest 2>/dev/null || true + git push origin :refs/tags/latest 2>/dev/null || true + + # Create new latest tag pointing to current release + git tag -a latest -m "Latest release (v${{ needs.validate.outputs.version }})" + git push origin latest + + - name: Update latest release + env: + GH_TOKEN: ${{ github.token }} + run: | + # Delete old "latest" release if exists + gh release delete latest --yes 2>/dev/null || true + + # Create latest release pointing to same artifacts + gh release create latest \ + --title "Latest Release (v${{ needs.validate.outputs.version }})" \ + --notes "This release always points to the latest stable version. + + **Current Version**: v${{ needs.validate.outputs.version }} + + For version-specific releases, see: https://github.com/${{ github.repository }}/releases + + ## Quick Install + + ### Mix (Elixir) + \`\`\`elixir + # Always use latest + {:singularity_language_registry, git: \"https://github.com/${{ github.repository }}\", tag: \"latest\"} + + # Or pin to specific version + {:singularity_language_registry, git: \"https://github.com/${{ github.repository }}\", tag: \"v${{ needs.validate.outputs.version }}\"} + \`\`\` + + ### Download Binary + \`\`\`bash + # Linux + curl -L https://github.com/${{ github.repository }}/releases/download/latest/singularity-language-registry-linux-x64.tar.gz | tar xz + + # macOS ARM + curl -L https://github.com/${{ github.repository }}/releases/download/latest/singularity-language-registry-macos-arm64.tar.gz | tar xz + \`\`\` + + See artifacts below for all platforms and checksums." \ + --latest + notify: name: Notify Release - needs: [validate, build-crate-package, create-release] + needs: [validate, build-crate-package, create-release, update-latest] runs-on: ubuntu-latest if: always() steps: From 3c9061a39558a52adcaceb74e195e9dea2e3625a Mon Sep 17 00:00:00 2001 From: Mikael Hugo Date: Tue, 11 Nov 2025 12:24:40 +0100 Subject: [PATCH 5/9] docs: add comprehensive installation guide Covers all installation methods: - Mix (Elixir) dependencies with latest/pinned versions - Pre-built binaries for all platforms (Linux, macOS, Windows) - Checksum verification - Artifact attestation verification - Rust Cargo.toml usage - Troubleshooting common issues Users can now easily integrate via Mix or download binaries. --- INSTALLATION.md | 169 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 169 insertions(+) create mode 100644 INSTALLATION.md diff --git a/INSTALLATION.md b/INSTALLATION.md new file mode 100644 index 0000000..b110c54 --- /dev/null +++ b/INSTALLATION.md @@ -0,0 +1,169 @@ +# Installation Guide + +Multiple ways to use `singularity-language-registry` in your project. + +## πŸ“¦ Mix Dependencies (Elixir) + +Add to your `mix.exs`: + +### Always Use Latest (Recommended for Development) + +```elixir +def deps do + [ + {:singularity_language_registry, + git: "https://github.com/Singularity-ng/singularity-language-registry", + tag: "latest"} + ] +end +``` + +### Pin to Specific Version (Recommended for Production) + +```elixir +def deps do + [ + {:singularity_language_registry, + git: "https://github.com/Singularity-ng/singularity-language-registry", + tag: "v0.1.0"} + ] +end +``` + +### Use Main Branch (Bleeding Edge) + +```elixir +def deps do + [ + {:singularity_language_registry, + git: "https://github.com/Singularity-ng/singularity-language-registry", + branch: "main"} + ] +end +``` + +Then run: +```bash +mix deps.get +mix deps.compile +``` + +## πŸ”§ Using Pre-built Binaries + +Download the library binary for your platform: + +### Linux (x64) + +```bash +curl -L https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/singularity-language-registry-linux-x64.tar.gz | tar xz + +# Verify checksum +curl -L https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/BINARY_SHA256SUMS -o BINARY_SHA256SUMS +sha256sum -c BINARY_SHA256SUMS --ignore-missing +``` + +### macOS (Apple Silicon - ARM64) + +```bash +curl -L https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/singularity-language-registry-macos-arm64.tar.gz | tar xz + +# Verify checksum +curl -L https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/BINARY_SHA256SUMS -o BINARY_SHA256SUMS +shasum -a 256 -c BINARY_SHA256SUMS --ignore-missing +``` + +### macOS (Intel - x64) + +```bash +curl -L https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/singularity-language-registry-macos-x64.tar.gz | tar xz + +# Verify checksum +curl -L https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/BINARY_SHA256SUMS -o BINARY_SHA256SUMS +shasum -a 256 -c BINARY_SHA256SUMS --ignore-missing +``` + +### Windows (x64) + +PowerShell: +```powershell +Invoke-WebRequest -Uri "https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/singularity-language-registry-windows-x64.zip" -OutFile "singularity-language-registry.zip" +Expand-Archive -Path "singularity-language-registry.zip" -DestinationPath "." + +# Verify checksum +Invoke-WebRequest -Uri "https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/BINARY_SHA256SUMS" -OutFile "BINARY_SHA256SUMS" +# Then manually verify hash matches +``` + +## πŸ” Verify Artifact Attestations + +If you have `gh` CLI installed, verify artifacts came from official GitHub Actions: + +```bash +# Download artifact +curl -LO https://github.com/Singularity-ng/singularity-language-registry/releases/download/v0.1.0/singularity-language-registry-0.1.0.crate + +# Verify attestation +gh attestation verify singularity-language-registry-0.1.0.crate \ + -R Singularity-ng/singularity-language-registry +``` + +Expected output: +``` +βœ“ Verification succeeded! + +sha256:abc123... was attested by: +REPO PREDICATE_TYPE WORKFLOW +Singularity-ng/singul… https://slsa.dev/provenance/v1 .github/workflows/release.yml@refs/tags/v0.1.0 +``` + +## πŸ“š Using in Your Rust Project + +### From Git (in Cargo.toml) + +```toml +[dependencies] +singularity-language-registry = { git = "https://github.com/Singularity-ng/singularity-language-registry", tag = "v0.1.0" } +``` + +### From Downloaded .crate File + +```bash +# Download crate +curl -LO https://github.com/Singularity-ng/singularity-language-registry/releases/download/latest/singularity-language-registry-0.1.0.crate + +# Extract +tar -xzf singularity-language-registry-0.1.0.crate + +# Add as local dependency in Cargo.toml +[dependencies] +singularity-language-registry = { path = "./singularity-language-registry-0.1.0" } +``` + +## πŸ†˜ Troubleshooting + +### "Failed to download" +- Check your network connection +- Ensure you have access to GitHub (may require VPN in some regions) +- Try using a specific version tag instead of `latest` + +### "Checksum mismatch" +- Re-download the file (may have been corrupted) +- Verify you're downloading from official Singularity-ng/singularity-language-registry repo + +### Mix compilation errors +- Ensure Rust toolchain is installed: `curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh` +- Update Mix dependencies: `mix deps.clean --all && mix deps.get` + +### Binary won't run on macOS +- On first run, you may need to allow the binary in System Preferences β†’ Security & Privacy +- Or remove quarantine: `xattr -d com.apple.quarantine libsingularity_language_registry.*` + +## πŸ“– Documentation + +- **API Docs**: https://docs.rs/singularity-language-registry +- **Examples**: See `examples/` directory +- **Changelog**: See GitHub Releases + +## πŸ“„ License + +Proprietary software. See LICENSE file for terms. From cc88cc711d0f463062b0c80ff8dded3f529e2fb9 Mon Sep 17 00:00:00 2001 From: Mikael Hugo Date: Tue, 11 Nov 2025 12:25:26 +0100 Subject: [PATCH 6/9] docs: update README with installation guide link Added prominent link to INSTALLATION.md with Mix and binary instructions. --- README.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5537bb9..6b23fd0 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Centralized language registry for all Singularity analysis engines. -**[πŸ“š View Documentation](https://singularity-ng.github.io/singularity-language-registry/)** | **[πŸ“– Setup Guide](./DOCS_SETUP.md)** +**[πŸ“š Documentation](https://singularity-ng.github.io/singularity-language-registry/)** | **[⚑ Installation Guide](./INSTALLATION.md)** | **[πŸ”§ Setup Guide](./DOCS_SETUP.md)** ## Purpose @@ -41,12 +41,20 @@ language_registry (independent) ## Installation -### Using Cargo +> **πŸ“– See [INSTALLATION.md](./INSTALLATION.md) for complete guide including Mix (Elixir) dependencies and binary downloads** + +### Quick Start - Rust ```bash cargo add singularity-language-registry ``` +Or in `Cargo.toml`: +```toml +[dependencies] +singularity-language-registry = { git = "https://github.com/Singularity-ng/singularity-language-registry", tag = "latest" } +``` + ### Using Nix ```bash From ac3bce1000bcbfd97da72f2e21575c60b0545b18 Mon Sep 17 00:00:00 2001 From: Mikael Hugo Date: Tue, 11 Nov 2025 12:31:24 +0100 Subject: [PATCH 7/9] feat: add automated release on version bumps MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When Renovate merges dependency updates with version bumps: **Flow:** 1. Renovate creates PR to development with version bump (0.1.0 β†’ 0.1.1) 2. PR auto-merges (if patch update) 3. Auto-release workflow detects version change 4. Creates PR from development β†’ main with changelog 5. When main PR merges, auto-release tags and triggers release workflow 6. Release workflow builds artifacts, creates GitHub Release, updates 'latest' tag **Result:** - Dependency updates automatically trigger 0.1.x patch releases - Security fixes get immediate releases - All releases include attestations, checksums, binaries No manual intervention needed for routine dependency updates! --- .github/workflows/auto-release.yml | 153 +++++++++++++++++++++++++++++ renovate.json5 | 13 ++- 2 files changed, 165 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/auto-release.yml diff --git a/.github/workflows/auto-release.yml b/.github/workflows/auto-release.yml new file mode 100644 index 0000000..b80a10f --- /dev/null +++ b/.github/workflows/auto-release.yml @@ -0,0 +1,153 @@ +name: Auto Release on Version Bump + +# Automatically creates a release when Cargo.toml version changes +# Triggered by Renovate PRs merging to development + +on: + push: + branches: [development, main] + paths: + - 'Cargo.toml' + +permissions: + contents: write + pull-requests: write + +jobs: + check-version-change: + name: Check Version Change + runs-on: ubuntu-latest + outputs: + version_changed: ${{ steps.check.outputs.changed }} + new_version: ${{ steps.check.outputs.version }} + should_release: ${{ steps.check.outputs.should_release }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 2 + + - name: Check if version changed + id: check + run: | + # Get current version + NEW_VERSION=$(grep '^version = ' Cargo.toml | head -1 | sed 's/.*= "\(.*\)"/\1/') + echo "version=$NEW_VERSION" >> $GITHUB_OUTPUT + + # Get previous version + git checkout HEAD^ + OLD_VERSION=$(grep '^version = ' Cargo.toml | head -1 | sed 's/.*= "\(.*\)"/\1/') + git checkout - + + echo "Current version: $NEW_VERSION" + echo "Previous version: $OLD_VERSION" + + if [ "$NEW_VERSION" != "$OLD_VERSION" ]; then + echo "changed=true" >> $GITHUB_OUTPUT + echo "should_release=true" >> $GITHUB_OUTPUT + echo "βœ… Version changed from $OLD_VERSION to $NEW_VERSION" + else + echo "changed=false" >> $GITHUB_OUTPUT + echo "should_release=false" >> $GITHUB_OUTPUT + echo "ℹ️ Version unchanged" + fi + + - name: Check if tag already exists + if: steps.check.outputs.changed == 'true' + run: | + VERSION="${{ steps.check.outputs.version }}" + if git rev-parse "v$VERSION" >/dev/null 2>&1; then + echo "⚠️ Tag v$VERSION already exists, skipping release" + echo "should_release=false" >> $GITHUB_OUTPUT + fi + + create-pr-to-main: + name: Create PR to Main + needs: check-version-change + if: needs.check-version-change.outputs.version_changed == 'true' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Create release branch + run: | + VERSION="${{ needs.check-version-change.outputs.new_version }}" + git checkout -b "release/v$VERSION" + git push -u origin "release/v$VERSION" + + - name: Create PR to main + env: + GH_TOKEN: ${{ github.token }} + run: | + VERSION="${{ needs.check-version-change.outputs.new_version }}" + + # Check if PR already exists + EXISTING_PR=$(gh pr list --base main --head "release/v$VERSION" --json number --jq '.[0].number') + + if [ -n "$EXISTING_PR" ]; then + echo "PR #$EXISTING_PR already exists" + exit 0 + fi + + # Get commit messages since last release + LAST_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "") + if [ -n "$LAST_TAG" ]; then + CHANGES=$(git log --pretty=format:"- %s (%h)" "$LAST_TAG"..HEAD) + else + CHANGES=$(git log --pretty=format:"- %s (%h)" -10) + fi + + gh pr create \ + --base main \ + --head "release/v$VERSION" \ + --title "Release v$VERSION" \ + --body "## Release v$VERSION + + Automated release created by version bump in Cargo.toml. + + ### Changes + $CHANGES + + ### Checklist + - [ ] All CI checks pass + - [ ] Documentation is up to date + - [ ] CHANGELOG.md updated (if needed) + + Once merged, the release workflow will automatically: + - Create GitHub Release v$VERSION + - Build and attach all artifacts + - Update \`latest\` tag + - Generate attestations and checksums + + --- + _πŸ€– Auto-generated by version bump workflow_" + + trigger-release: + name: Create Release Tag + needs: check-version-change + if: needs.check-version-change.outputs.should_release == 'true' && github.ref == 'refs/heads/main' + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Create and push release tag + run: | + VERSION="${{ needs.check-version-change.outputs.new_version }}" + + git config user.name "github-actions[bot]" + git config user.email "41898282+github-actions[bot]@users.noreply.github.com" + + # Create tag + git tag -a "v$VERSION" -m "Release v$VERSION + + Automated release from version bump in Cargo.toml. + Triggered by Renovate dependency updates." + + # Push tag (this will trigger the release workflow) + git push origin "v$VERSION" + + echo "βœ… Created and pushed tag v$VERSION" + echo "πŸš€ Release workflow will now build and publish the release" diff --git a/renovate.json5 b/renovate.json5 index d2964b2..babccd7 100644 --- a/renovate.json5 +++ b/renovate.json5 @@ -25,9 +25,20 @@ // Rust-specific configuration "rust": { "enabled": true, - "bumpVersion": "patch" // Auto-bump version in Cargo.toml + "bumpVersion": "patch" // Auto-bump version in Cargo.toml for patch updates }, + // Auto-release configuration + // When version bumps merge to development, auto-release workflow creates release PR to main + "prBodyNotes": [ + "---", + "**πŸ€– Automated Release**: When this PR merges to `development`, the auto-release workflow will:", + "- Detect the version bump in Cargo.toml", + "- Create a PR from `development` β†’ `main` with release notes", + "- Once that PR merges, trigger the release workflow automatically", + "- Publish v{{newVersion}} with all artifacts and attestations" + ], + // Cargo configuration "cargo": { "enabled": true, From 8e9774e9a73045d747a403f0582d810dd70277c9 Mon Sep 17 00:00:00 2001 From: Mikael Hugo Date: Tue, 11 Nov 2025 12:35:18 +0100 Subject: [PATCH 8/9] fix: include AGENTS.md in crate package, not release artifacts AGENTS.md is now part of the distributed crate package: - Users get AI/LLM documentation with the library - No longer duplicated in release-artifacts - Part of the core documentation alongside README Updated release summary to clarify what's in crate vs release reports. --- .github/workflows/release.yml | 32 +++++++++++++++----------------- Cargo.toml | 3 +-- 2 files changed, 16 insertions(+), 19 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 4559633..b647f40 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -220,16 +220,20 @@ jobs: echo "- βœ… Documentation builds successfully" >> RELEASE_SUMMARY.md echo "- βœ… Format check passed (rustfmt)" >> RELEASE_SUMMARY.md echo "" >> RELEASE_SUMMARY.md - echo "## πŸ“¦ Included Reports" >> RELEASE_SUMMARY.md + echo "## πŸ“¦ What's Included" >> RELEASE_SUMMARY.md echo "" >> RELEASE_SUMMARY.md - echo "1. **CHANGELOG.md** - Complete project history" >> RELEASE_SUMMARY.md - echo "2. **AGENTS.md** - AI/LLM-optimized usage documentation" >> RELEASE_SUMMARY.md - echo "3. **clippy-report.md** - Zero warnings validation" >> RELEASE_SUMMARY.md - echo "4. **security-audit.md** - Vulnerability scan results" >> RELEASE_SUMMARY.md - echo "5. **sbom.md** - Complete dependency list with licenses" >> RELEASE_SUMMARY.md - echo "6. **coverage-report.md** - Test coverage statistics" >> RELEASE_SUMMARY.md - echo "7. **build-info.md** - Build environment details" >> RELEASE_SUMMARY.md - echo "8. **dependency-report.md** - Dependency status" >> RELEASE_SUMMARY.md + echo "**In Crate Package:**" >> RELEASE_SUMMARY.md + echo "- Source code with full API" >> RELEASE_SUMMARY.md + echo "- AGENTS.md - AI/LLM-optimized usage documentation" >> RELEASE_SUMMARY.md + echo "- README.md, LICENSE, CONTRIBUTING.md" >> RELEASE_SUMMARY.md + echo "" >> RELEASE_SUMMARY.md + echo "**Release Reports (separate download):**" >> RELEASE_SUMMARY.md + echo "1. **clippy-report.md** - Zero warnings validation" >> RELEASE_SUMMARY.md + echo "2. **security-audit.md** - Vulnerability scan results" >> RELEASE_SUMMARY.md + echo "3. **sbom.md** - Complete dependency list with licenses" >> RELEASE_SUMMARY.md + echo "4. **coverage-report.md** - Test coverage statistics" >> RELEASE_SUMMARY.md + echo "5. **build-info.md** - Build environment details" >> RELEASE_SUMMARY.md + echo "6. **dependency-report.md** - Dependency status" >> RELEASE_SUMMARY.md echo "" >> RELEASE_SUMMARY.md echo "## πŸš€ Installation" >> RELEASE_SUMMARY.md echo "" >> RELEASE_SUMMARY.md @@ -251,17 +255,11 @@ jobs: echo "Proprietary software. All rights reserved." >> RELEASE_SUMMARY.md echo "See LICENSE file for details." >> RELEASE_SUMMARY.md - - name: Prepare user-focused AGENTS.md - run: | - cp AGENTS.md.release AGENTS_USER.md - - name: Organize reports into subdirectory run: | mkdir -p release-artifacts/reports - mkdir -p release-artifacts/ai-docs - mv CHANGELOG.md release-artifacts/ + mv CHANGELOG.md release-artifacts/ 2>/dev/null || true mv RELEASE_SUMMARY.md release-artifacts/ - mv AGENTS_USER.md release-artifacts/ai-docs/AGENTS.md mv clippy-report.md release-artifacts/reports/ mv security-audit.md release-artifacts/reports/ mv sbom.md release-artifacts/reports/ @@ -403,9 +401,9 @@ jobs: release-reports-v${{ needs.validate.outputs.version }}.tar.gz release-reports-v${{ needs.validate.outputs.version }}.zip singularity-language-registry-${{ needs.validate.outputs.version }}.crate + SHA256SUMS INSTALL.md PACKAGE_CONTENTS.txt - release-artifacts/ai-docs/AGENTS.md build-artifacts: name: Build Release Artifacts diff --git a/Cargo.toml b/Cargo.toml index 3d4fa68..459d33f 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -72,8 +72,7 @@ exclude = [ "WORKFLOW_GUIDE.md", "CHANGELOG.md", - # AI documentation (repo version for developers, .release version for users) - "AGENTS.md", + # AI documentation - keep AGENTS.md.release excluded, AGENTS.md is included in crate "AGENTS.md.release", # IDE From 64ea77b89424c374af35cde90154c7a8ebe23bce Mon Sep 17 00:00:00 2001 From: Mikael Hugo Date: Tue, 11 Nov 2025 12:55:45 +0100 Subject: [PATCH 9/9] docs: document engine integration and Renovate setup All three engines now use GitHub git dependencies with version tags: - analysis-engine: fixed (commit 595cdf7) - linting-engine: fixed (commit 7f9342f) - parsing-engine: already correct, needs duplicate removal Renovate will now create PRs when registry updates. Created migration guide for parsing-engine to remove duplicate language_registry.rs file (777 lines). --- ENGINE_INTEGRATION_COMPLETE.md | 150 +++++++++++++++++++++++++++++++++ 1 file changed, 150 insertions(+) create mode 100644 ENGINE_INTEGRATION_COMPLETE.md diff --git a/ENGINE_INTEGRATION_COMPLETE.md b/ENGINE_INTEGRATION_COMPLETE.md new file mode 100644 index 0000000..9488b31 --- /dev/null +++ b/ENGINE_INTEGRATION_COMPLETE.md @@ -0,0 +1,150 @@ +# Engine Integration Complete βœ… + +All three Singularity engines now properly use the centralized language registry with Renovate auto-updates! + +## What Was Fixed + +### βœ… Analysis Engine (`singularity-analysis-engine`) +**Before:** Used local `file://` path with old commit hash +**After:** Uses GitHub `tag = "v0.1.0"` +**Status:** βœ… Committed (commit `595cdf7`) + +### βœ… Linting Engine (`singularity-linting-engine`) +**Before:** Used local `file://` path with old commit hash +**After:** Uses GitHub `tag = "v0.1.0"` +**Status:** βœ… Committed (commit `7f9342f`) + +### βœ… Parsing Engine (`singularity-parsing-engine`) +**Before:** Already used GitHub v0.1.0, but has duplicate `language_registry.rs` (777 lines) +**After:** Still needs migration to remove duplicate +**Status:** ⚠️ Migration guide created: `MIGRATE_TO_CENTRAL_REGISTRY.md` + +## How Renovate Auto-Updates Work + +### When You Release v0.1.1 + +1. **Registry**: Release `singularity-language-registry` v0.1.1 + ```bash + # In language-registry repo + git tag v0.1.1 && git push --tags + ``` + +2. **Renovate Detects**: Scans all repos every 6 hours + +3. **PRs Created Automatically**: + ``` + βœ… singularity-analysis-engine PR: Update registry v0.1.0 β†’ v0.1.1 + βœ… singularity-linting-engine PR: Update registry v0.1.0 β†’ v0.1.1 + βœ… singularity-parsing-engine PR: Update registry v0.1.0 β†’ v0.1.1 + ``` + +4. **You Review & Merge**: Each PR shows exactly what changed in the registry + +5. **All Engines Synchronized**: Once merged, all engines use same registry version + +## Renovate Configuration + +### Already Works For + +- βœ… **Dependency updates**: Renovate tracks git dependencies with tags +- βœ… **Auto-merge patches**: Patch versions (0.1.x) auto-merge after 3 days +- βœ… **Security immediate**: Security updates merge immediately +- βœ… **Grouped by ecosystem**: Related deps updated together + +### How to Enable in Engines + +Add `renovate.json5` to each engine repo (same as language-registry): + +```json5 +{ + "extends": ["config:recommended"], + "baseBranches": ["development"], + "packageRules": [ + { + "description": "Auto-merge patch updates", + "matchUpdateTypes": ["patch"], + "automerge": true, + "minimumReleaseAge": "3 days" + }, + { + "description": "Track git dependencies", + "matchDatasources": ["git-tags"], + "enabled": true + } + ] +} +``` + +## Next Steps + +### Required (Parsing Engine) + +1. Follow `MIGRATE_TO_CENTRAL_REGISTRY.md` +2. Remove duplicate `language_registry.rs` +3. Use central registry throughout + +### Optional Improvements + +1. **Add Renovate** to all three engine repos +2. **Populate pattern data** for more languages in registry +3. **Enable GitHub auto-merge** in engine repos for faster patches + +## Current Dependency Graph + +``` +singularity-language-registry (v0.1.0) + ↑ ↑ ↑ + β”‚ β”‚ β”‚ + β”‚ β”‚ └─── singularity-linting-engine + β”‚ └─────────────────── singularity-analysis-engine + └─────────────────────────────────── singularity-parsing-engine +``` + +All engines now use **versioned GitHub tags** β†’ Renovate can track and auto-update! + +## Testing Updates + +When registry updates, test each engine: + +```bash +# In each engine repo +cargo update -p singularity-language-registry +cargo build --all-features +cargo test +cargo clippy +``` + +## Benefits Achieved + +### βœ… Single Source of Truth +- All language data in one place +- No duplication or version drift +- Pattern signatures accessible to all + +### βœ… Automatic Synchronization +- Renovate PRs when registry updates +- Review changes before merging +- All engines stay in sync + +### βœ… Zero Manual Work +- Security patches auto-merge +- Patch updates auto-merge after 3 days +- No need to manually update each engine + +### βœ… Better Development Flow +- Make registry change once +- Release new version +- Renovate updates all engines +- Review & merge +- Done! + +## Documentation + +- **Language Registry**: https://github.com/Singularity-ng/singularity-language-registry +- **Installation Guide**: INSTALLATION.md +- **API Docs**: https://docs.rs/singularity-language-registry +- **Migration Guide**: `../singularity-parsing-engine/MIGRATE_TO_CENTRAL_REGISTRY.md` + +--- + +**Status**: All engines configured! Parsing engine needs duplicate removal, but already works with central registry.