Skip to content

feat: v1-release-readiness — versioning, dry-run, CI, repo hygiene, cooldown doc#2

Merged
MWest2020 merged 2 commits into
mainfrom
change/v1-release-readiness
May 18, 2026
Merged

feat: v1-release-readiness — versioning, dry-run, CI, repo hygiene, cooldown doc#2
MWest2020 merged 2 commits into
mainfrom
change/v1-release-readiness

Conversation

@MWest2020
Copy link
Copy Markdown
Owner

@MWest2020 MWest2020 commented May 18, 2026

Summary

Bundles A2 + C1-C5 from openspec/changes/v1-release-readiness/. C6 (release tag + blogpost) blijft expliciet handmatig.

  • C1 Versioning — VERSION file + ws_version()/ws_handle_version() in common/lib.sh; --version/-V op alle 9 user-facing entrypoints.
  • C5 Dry-run — --dry-run flag + WS_DRY_RUN=1 env-var propagation; helpers ws_is_dry_run(), ws_run_or_print(), ws_write_unit(). Geen side effects, output copy-paste-baar.
  • A2 Cooldown doc split — docs/supply-chain-cooldown.md staat-op-zichzelf; README-sectie 2 verkort tot 3-4 zinnen + link.
  • C3+C4 Repo hygiene + README — LICENSE (EUPL-1.2 canoniek), CONTRIBUTING.md, .github/ISSUE_TEMPLATE/*, README herstructureerd (badges, scope vooraan, drie lagen elk eigen H2, License-sectie onderaan), clone-URL gecorrigeerd naar MWest2020/.
  • C2 CI matrix — .github/workflows/smoke.yml met alma9 + ubuntu2404 + archlatest (officiële Docker Hub images).

Niet bij deze PR

  • C6 release (tag + blogpost) — pas wanneer alles gemerged en CI groen.
  • .claude/ — gitignored op verzoek.
  • Bats-tests (taak 2.6) — handmatige smoke gedaan; bats-suite opzetten is een aparte change.
  • Doc-reviews (1.4, 4.9) — menselijke read-cold-test, komt later.

Design keuzes

Vastgelegd in openspec/changes/v1-release-readiness/design.md:

ID Trade-off Saaie variant
D1 VERSION-file at-runtime lezen geen build-pipeline nodig; één file, cat VERSION als bewijs
D2 --dry-run propageert via env-var én flag breed patroon (NO_COLOR, CI, DEBIAN_FRONTEND)
D3 Dry-run output naar stdout, copy-paste-baar CI-logs en audit-screenshots zijn plain-text
D4 Officiële Docker Hub images, rolling tot het breekt community-standaard; pin op concreet signaal
D5 EUPL-1.2 met volledige LICENSE-file consistent met SPDX-headers, OSI-approved
D6 --version op CLIs, niet op libraries GNU-CLI-conventie
D7 Eén bundled change i.p.v. zeven splits consistent met delta-tekst

Pre-flight checks

  • bash common/check-shell-headers.sh --all . → 17 files conform ✓
  • shellcheck --severity=warning -x over alle .sh files → clean ✓
  • openspec validate v1-release-readiness --strict → groen ✓
  • /security-review op deze branch → no findings above confidence threshold ✓
  • Smoke handmatig op deze host: bootstrap.sh --version/--dry-run, edge case VERSION ontbreekt, env-var-only propagatie via WS_DRY_RUN=1 — alle exit 0, geen side effects ✓

Test plan

  • CI smoke workflow groen op alle 3 matrix-distros (alma9, ubuntu2404, archlatest)
  • Doc-review: lees docs/supply-chain-cooldown.md cold — begrijpt een lezer zonder context het mechanisme en de overrides? (taak 1.4)
  • Doc-review: kan een nieuwe lezer in 60s zien of dit voor hem relevant is + welke license/contributing-policy geldt? (taak 4.9)
  • gh pr checks groen voor merge

After merge (C6 — handmatig)

  1. VERSION1.0.0, CHANGELOG-entry onder ## v1.0.0 (YYYY-MM-DD)
  2. git tag -a v1.0.0 -m "v1.0.0 — initial public release" + push
  3. gh release create v1.0.0 met CHANGELOG-fragment als body
  4. Blogpost-draft, eventueel cross-post

🤖 Generated with Claude Code

MWest2020 and others added 2 commits May 18, 2026 16:00
@MWest2020 @claude
feat: v1-release-readiness — versioning, dry-run, CI, repo hygiene, c…
e344753 
…ooldown doc split

Bundles A2 + C1-C5 from openspec/changes/v1-release-readiness/.
C6 (release tag + blogpost) blijft expliciet handmatig.

C1 — Versioning
  - VERSION (0.9.0) + ws_version()/ws_handle_version() in common/lib.sh
  - --version/-V op alle 9 user-facing entrypoints; incident-token-revoke.sh
    houdt self-contained inline-variant

C5 — Dry-run
  - --dry-run + WS_DRY_RUN=1 propagation; helpers ws_is_dry_run() en
    ws_run_or_print() in lib.sh; ws_write_unit() in install-timers.sh
  - install-base.sh helpers (require_root, freshclam_safe, rkhunter_init,
    enable_clamav_services) zijn dry-run-aware
  - bootstrap.sh skip't root-check in dry-run zodat CI/audit zonder sudo werkt

A2 — Cooldown doc-split
  - docs/supply-chain-cooldown.md staat-op-zichzelf; README-sectie 2
    verkort tot 3-4 zinnen + link

C3+C4 — Repo hygiene + README
  - LICENSE (volledige EUPL-1.2 van SPDX license-list-data)
  - CONTRIBUTING.md, .github/ISSUE_TEMPLATE/{bug,distro_support,config}
  - README herstructureerd (badges, scope vooraan, drie lagen elk eigen H2
    met wat/voor wie/snelle start, License-sectie onderaan)
  - clone-URL gecorrigeerd naar MWest2020/

C2 — CI matrix
  - .github/workflows/smoke.yml met alma9 + ubuntu2404 + archlatest
  - bootstrap.sh --dry-run, check.sh, install-pm-cooldown.sh --dry-run

OpenSpec
  - openspec/ scaffolding + proposal + design + tasks + 3 spec-deltas
  - design.md vangt zeven trade-offs (boring/auditable per cluster)
  - openspec validate --strict groen

Niet bij deze commit: .claude/ (gitignored), C6 release, bats tests, doc-review.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@MWest2020 @claude
ci: align shellcheck workflow with local pre-commit severity (warning)
d7273a2 
Pre-existing failure on main since 2026-05-13: ludeeus/action-shellcheck@2.0.0
defaults to severity=style, which flags SC1091 (un-followable source notes)
and SC2016 (literal $HOME in user-facing PATH-hint strings — intentional).
Both are filtered at warning-level, which matches what local pre-commit uses
(.pre-commit-config.yaml: --severity=warning).

Boring + auditable: CI mirrors local. Geen drift, geen verbergen — als
shellcheck warning-of-hoger vindt, faalt CI én pre-commit.

Ook: README shellcheck-badge was statisch ("clean") en daarom misleidend
zolang het workflow rood stond. Vervangen door dynamische workflow-badge.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@MWest2020 MWest2020 merged commit d163653 into main May 18, 2026
5 checks passed
@MWest2020 MWest2020 deleted the change/v1-release-readiness branch May 18, 2026 15:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MWest2020