consentos

kunthawat/consentos

Fork 0

Commit Graph

Author	SHA1	Message	Date
James Cottrill	80dfc15319	ci: release workflow — build + push container images to GHCR on release (#6 ) * feat: add release workflow to build and push container images to GHCR Triggers on GitHub Release publish. Builds three container images (consentos-api, consentos-scanner, consentos-admin-ui) and pushes them to ghcr.io/consentos/ tagged with the semver release version (e.g. v1.0.0, 1.0), plus ``latest``. Release flow: 1. Merge PRs to master. 2. Tag: ``git tag v1.0.0 && git push origin v1.0.0`` 3. Create a GitHub Release from the tag. 4. Workflow fires, images land on GHCR. 5. Deploy by pointing Helm values or docker-compose at the tag. Uses ``docker/metadata-action`` for tag derivation and ``docker/build-push-action`` for the builds. Auth uses the default ``GITHUB_TOKEN`` with ``packages: write`` — no extra secrets needed. The admin-ui image uses the repo root as the build context (same as ``docker-compose.prod.yml``) so the Dockerfile can pull in ``apps/banner/`` alongside ``apps/admin-ui/`` and bundle the banner output at the nginx root. * chore: auto-graduate changelog on release + CI path filters CI workflow (``ci.yml``): - Uses ``dorny/paths-filter`` to detect which apps changed. Each job group (api, scanner, banner, admin-ui) now has an ``if: needs.changes.outputs.<app> == 'true'`` guard so it only runs when files under its ``apps/<app>/`` directory were modified. A docs-only or infra-only PR no longer triggers the full lint + test + build matrix.	2026-04-18 16:14:40 +01:00
James Cottrill	fbf26453f2	feat: initial public release ConsentOS — a privacy-first cookie consent management platform. Self-hosted, source-available alternative to OneTrust, Cookiebot, and CookieYes. Full standards coverage (IAB TCF v2.2, GPP v1, Google Consent Mode v2, GPC, Shopify Customer Privacy API), multi-tenant architecture with role-based access, configuration cascade (system → org → group → site → region), dark-pattern detection in the scanner, and a tamper-evident consent record audit trail. This is the initial public release. Prior development history is retained internally. See README.md for the feature list, architecture overview, and quick-start instructions. Licensed under the Elastic Licence 2.0 — self-host freely; do not resell as a managed service.	2026-04-14 09:18:18 +00:00

Author

SHA1

Message

Date

James Cottrill

80dfc15319

ci: release workflow — build + push container images to GHCR on release (#6 )

* feat: add release workflow to build and push container images to GHCR

Triggers on GitHub Release publish. Builds three container images
(consentos-api, consentos-scanner, consentos-admin-ui) and pushes
them to ghcr.io/consentos/ tagged with the semver release version
(e.g. v1.0.0, 1.0), plus ``latest``.

Release flow:
  1. Merge PRs to master.
  2. Tag: ``git tag v1.0.0 && git push origin v1.0.0``
  3. Create a GitHub Release from the tag.
  4. Workflow fires, images land on GHCR.
  5. Deploy by pointing Helm values or docker-compose at the tag.

Uses ``docker/metadata-action`` for tag derivation and
``docker/build-push-action`` for the builds. Auth uses the
default ``GITHUB_TOKEN`` with ``packages: write`` — no extra
secrets needed.

The admin-ui image uses the repo root as the build context (same
as ``docker-compose.prod.yml``) so the Dockerfile can pull in
``apps/banner/`` alongside ``apps/admin-ui/`` and bundle the
banner output at the nginx root.

* chore: auto-graduate changelog on release + CI path filters

CI workflow (``ci.yml``):
  - Uses ``dorny/paths-filter`` to detect which apps changed. Each
    job group (api, scanner, banner, admin-ui) now has an
    ``if: needs.changes.outputs.<app> == 'true'`` guard so it only
    runs when files under its ``apps/<app>/`` directory were
    modified. A docs-only or infra-only PR no longer triggers the
    full lint + test + build matrix.

2026-04-18 16:14:40 +01:00

James Cottrill

fbf26453f2

feat: initial public release

ConsentOS — a privacy-first cookie consent management platform.

Self-hosted, source-available alternative to OneTrust, Cookiebot, and
CookieYes. Full standards coverage (IAB TCF v2.2, GPP v1, Google
Consent Mode v2, GPC, Shopify Customer Privacy API), multi-tenant
architecture with role-based access, configuration cascade
(system → org → group → site → region), dark-pattern detection in
the scanner, and a tamper-evident consent record audit trail.

This is the initial public release. Prior development history is
retained internally.

See README.md for the feature list, architecture overview, and
quick-start instructions. Licensed under the Elastic Licence 2.0 —
self-host freely; do not resell as a managed service.

2026-04-14 09:18:18 +00:00

2 Commits