How maintainers ship semver tags for CVE Radar.
- Green CI on the commit you will tag (
make checklocally) - CHANGELOG.md updated under
[X.Y.Z] package.jsonversionmatches the tag (withoutvprefix)
-
Bump version
npm version 1.2.0 --no-git-tag-version # or edit package.json manually -
Edit CHANGELOG — move items from
[Unreleased]to the new section with date. -
Commit
git add package.json CHANGELOG.md git commit -m "chore: release v1.2.0" git push origin main -
Tag and push (triggers Release / GitHub and Release / Docker Hub)
git tag v1.2.0 git push origin v1.2.0
-
Verify
- GitHub Releases — assets:
cve-radar-vX.Y.Z-dist.tar.gz,CHANGELOG.md - Docker Hub — tags
X.Y.Zandlatest(on git tagv*) - GitHub Pages — Deploy / GitHub Pages (dispatched on
mainafter release; or pushextended-docs/tomain) curl -s https://your-host/api/health | jq .versionmatchesX.Y.Z
- GitHub Releases — assets:
Same gate as CI app job:
- ESLint, Prettier, TypeScript, tests, OpenAPI sync
npm run build && npm run build:server- Tag ↔
package.jsonversion check
It does not rebuild extended-docs; run Pages workflow or push doc changes separately if the public site must update.
For user-facing changes, before tagging:
- All six
extended-docs/docs/content/{en,fa,ar,ru,zh,fr}/chapters -
extended-docs/docs/glossary.md - Six root
README*.mdfiles (Features / env sections) -
src/i18n/messages/*.ts(six locales) -
ARCHITECTURE.md,SECURITY.md,CONTRIBUTING.mdas needed
| Change | Bump |
|---|---|
| Bug fix, docs-only | PATCH |
| New features (wizard, API fields) | MINOR |
| Breaking API or storage migration | MAJOR |
Current release: v1.2.1 — hardened Docker image (no runtime manifest/npm), Trivy OS gate, SonarCloud Quality Gate green, branch protection ruleset.