kunthawat/consentos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Activity
Files
7680b0eb91efac6efd2b10a5dc4e8022c91c0ce5
consentos/CHANGELOG.md
James Cottrill 80dfc15319 ci: release workflow — build + push container images to GHCR on release (#6) 
* feat: add release workflow to build and push container images to GHCR

Triggers on GitHub Release publish. Builds three container images
(consentos-api, consentos-scanner, consentos-admin-ui) and pushes
them to ghcr.io/consentos/ tagged with the semver release version
(e.g. v1.0.0, 1.0), plus ``latest``.

Release flow:
  1. Merge PRs to master.
  2. Tag: ``git tag v1.0.0 && git push origin v1.0.0``
  3. Create a GitHub Release from the tag.
  4. Workflow fires, images land on GHCR.
  5. Deploy by pointing Helm values or docker-compose at the tag.

Uses ``docker/metadata-action`` for tag derivation and
``docker/build-push-action`` for the builds. Auth uses the
default ``GITHUB_TOKEN`` with ``packages: write`` — no extra
secrets needed.

The admin-ui image uses the repo root as the build context (same
as ``docker-compose.prod.yml``) so the Dockerfile can pull in
``apps/banner/`` alongside ``apps/admin-ui/`` and bundle the
banner output at the nginx root.

* chore: auto-graduate changelog on release + CI path filters

CI workflow (``ci.yml``):
  - Uses ``dorny/paths-filter`` to detect which apps changed. Each
    job group (api, scanner, banner, admin-ui) now has an
    ``if: needs.changes.outputs.<app> == 'true'`` guard so it only
    runs when files under its ``apps/<app>/`` directory were
    modified. A docs-only or infra-only PR no longer triggers the
    full lint + test + build matrix.
2026-04-18 16:14:40 +01:00

1.2 KiB
Raw Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[0.1.0] - 2026-03-18

Initial public release of ConsentOS.

Added

  • API: FastAPI backend with JWT authentication, org/site CRUD, consent recording, analytics, and compliance checking
  • Banner: Lightweight consent banner script (~2KB loader + ~25KB bundle) with Shadow DOM isolation, auto-blocking, IAB TCF v2.2, and Google Consent Mode v2
  • Scanner: Playwright-based cookie crawler with auto-categorisation and dark pattern detection
  • Admin UI: React dashboard with site management, cookie manager, banner builder, compliance checker, and analytics
  • Known cookies: Seeded from the Open Cookie Database (2,200+ patterns)
  • Compliance: Rule-based engine covering GDPR, CNIL, CCPA/CPRA, ePrivacy, and LGPD
  • Infrastructure: Docker Compose (dev/test/prod), Helm chart, Ansible playbooks
  • CI: GitHub Actions pipeline with linting, testing, type checking, and bundle size checks
Reference in New Issue View Git Blame Copy Permalink