test: Quality assurance (#1)

Author: slothkong

.github/workflows/release.yml

@@ -0,0 +1,36 @@
+name: Semantic Release
+
+on:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "lts/*"
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Verify dependency signatures
+        run: npm audit signatures || echo "Some dependency signatures could not be verified!"
+
+      - name: Run semantic-release
+        run: npx semantic-release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.releaserc

@@ -1,33 +1,33 @@
 {
-  "branches": [
-    "main"
-  ],
-  "tagFormat": "${version}",
-  "plugins": [
-    [
-      "@semantic-release/commit-analyzer",
-      {
-        "preset": "angular"
-      }
+    "branches": [
+        "main"
     ],
-    [
-      "@semantic-release/release-notes-generator",
-      {
-        "preset": "angular"
-      }
-    ],
-    [
-      "@semantic-release/changelog",
-      {
-        "changelogTitle": "# Changelog\n\nAll notable changes to this project are documented in this file. See\n[Conventional Commits](https://conventionalcommits.org) for commit guidelines."
-      }
-    ],
-    [
-      "@semantic-release/git",
-      {
-        "assets": ["CHANGELOG.md"],
-        "message": "chore: Release ${nextRelease.version}\n\n${nextRelease.notes}"
-      }
-    ]
+    "tagFormat": "${version}",
+    "plugins": [
+        [
+            "@semantic-release/commit-analyzer",
+            {
+                "preset": "angular"
+            }
+        ],
+        [
+            "@semantic-release/release-notes-generator",
+            {
+                "preset": "angular"
+            }
+        ],
+        [
+            "@semantic-release/changelog",
+            {
+                "changelogTitle": "# Changelog\n\nAll notable changes to this project are documented in this file. See\n[Conventional Commits](https://conventionalcommits.org) for commit guidelines."
+            }
+        ],
+        [
+            "@semantic-release/git",
+            {
+                "assets": ["CHANGELOG.md"],
+                "message": "chore: ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
+            }
+        ]
   ]
 }

CONTRIBUTING.md

@@ -7,20 +7,19 @@ it easier to get your contribution accepted.
 
 ## Getting Started
 
-* Fork the repository on GitHub.
+* Fork the repository.
 * Read the [README.md](./README.md) for usage/test instructions.
 * Play with the project, submit bugs or patches.
 
 ### Contribution Flow
 
->💡 The private upstream of this repository uses [GitLab CI](.gitlab-ci.yml) 
+>💡 This repository uses [GitHub Actions](.github/workflows) 
 for automation. Changes merged into the main branch trigger the creation of 
-new tag and auto-generated [CHANGELOG.md](./CHANGELOG.md) updates.
+new tag and an auto-generated [CHANGELOG.md](./CHANGELOG.md).
 
 On the contributors' side:
 1. Create a topic branch from the main brach to base your work on.
-2. Make commits of logical units (checkout 
-[commit guidelines](#commit-guidelines) below).
+2. Make commits of logical units.
 3. Push changes to a topic branch in your GitHub fork of this
 repository.
 4. Make sure to validate changes by running tests on a 
@@ -31,24 +30,22 @@ review/approval.
 
 On the maintainers' side:
 
-1. Review, validate/test internally, and provide feedback prior to porting the
-changes into a topic branch in the private GitLab project upstream.
-2. Upon approval, squash-merge changes in the upstream, making sure to write a 
-conventional commit message title during said squashing operation and
-including full acknowledgement of the contributors (i.e. list their GitHub handles)
-in the commit body.
-3. Verify the CI automation updates the [CHANGELOG.md](./CHANGELOG.md) and
-creates a new `git tag` on the main branch.
-4. Verify the latest changes are mirrored downstream and mark the relevant GitHub
-issue as resolved.
+1. Review, validate/test internally, and provide feedback prior to approving
+the pull request.
+2. Upon approval, squash-merge the changes, making sure to provide a relevant
+conventional commit message title (checkout 
+[commit guidelines](#commit-guidelines) below).
+3. Verify the CI automation updates the [CHANGELOG.md](./CHANGELOG.md),
+and creates a new `git tag` on the main branch.
+
 
 ### Commit Guidelines
 
 This repository enforces
 [conventional commits](https://www.conventionalcommits.org/en/v1.0.0/)
 to mark breaking, major and minor code changes in accordance with the
 [Semantic Versioning](https://semver.org/) standard:
-- Commits that are merged to the main branch should always be prefixed by 
+- Commits that land on the main branch should always be prefixed by a
 specific keyword (i.e. `docs`, `style`, `feat`, `fix`, `refactor`, `ci`, 
 `chore` or `test`)
 - Value is communicated to the end-users by three of the prefixes:
@@ -64,4 +61,3 @@ for reporting vulnerabilities. If you suspect you have found a security
 vulnerability, please do not file a GitHub issue, but instead email 
 [[email protected]](mailto:[email protected]) with the 
 full details, including steps to reproduce the issue.
-