From 9d5e0f605703d255797f4bb32449699c35e75381 Mon Sep 17 00:00:00 2001
From: Michael Primeaux <michael.primeaux@mac.com>
Date: Wed, 30 Oct 2024 11:48:45 -0500
Subject: [PATCH] debt: Update changlog generation logic

---
 .github/workflows/release.yaml | 16 ++++---
 .goreleaser.yaml               | 84 +++++++++++++++++++++++-----------
 CONTRIBUTING.md                | 20 ++++++++
 SECURITY.md                    |  9 ++++
 4 files changed, 96 insertions(+), 33 deletions(-)
 create mode 100644 SECURITY.md

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 7206f9c..7188db6 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -10,6 +10,7 @@ permissions:
   contents: write
   id-token: write
   packages: write
+  pull-requests: read
 
 jobs:
   release:
@@ -17,10 +18,7 @@ jobs:
     env:
       flags: ""
     steps:
-      - if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
-        run: echo "flags=--snapshot" >> $GITHUB_ENV
-
-      - name: Preamble
+      - name: "Preamble"
         run: |
           whoami
           echo github ref $GITHUB_REF
@@ -35,19 +33,23 @@ jobs:
           sudo DEBIAN_FRONTEND=noninteractive apt-get install -y software-properties-common ca-certificates gnupg-agent curl build-essential make
 
       # Ref: https://github.com/actions/setup-go
-      - name: Install Go
+      - name: "Install Go"
         uses: actions/setup-go@v5
         with:
           go-version: ">= 1.23"
 
       # Ref: https://github.com/actions/checkout
-      - name: Checkout Source
+      - name: "Checkout Source"
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
+      - name: "Compute Release Flags"
+        if: ${{ !startsWith(github.ref, 'refs/tags/v') }}
+        run: echo "flags=--snapshot" >> $GITHUB_ENV
+
       # Ref: https://github.com/goreleaser/goreleaser-action
-      - name: Release
+      - name: "Release"
         uses: goreleaser/goreleaser-action@v6
         with:
           version: latest
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index d9c9215..465f290 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -12,39 +12,71 @@ builds:
   # Ref: https://goreleaser.com/errors/no-main/#if-you-are-building-a-library
   - skip: true
 
+# Ref: https://goreleaser.com/customization/changelog/
 changelog:
+  # Sorts the changelog by the commit's messages.
+  # Could either be asc, desc or empty
+  # Empty means 'no sorting', it'll use the output of `git log` as is.
   sort: asc
+
+  # Changelog generation implementation to use.
+  #
+  # Valid options are:
+  # - `git`: uses `git log`;
+  # - `github`: uses the compare GitHub API, appending the author username to the changelog.
+  # - `gitlab`: uses the compare GitLab API, appending the author name and email to the changelog (requires a personal access token).
+  # - `gitea`: uses the compare Gitea API, appending the author username to the changelog.
+  # - `github-native`: uses the GitHub release notes generation API, disables the groups feature.
+  #
+  # Default: 'git'.
   use: github
+
+  # Max commit hash length to use in the changelog.
+  #
+  # 0: use whatever the changelog implementation gives you
+  # -1: remove the commit hash from the changelog
+  # any other number: max length.
+  abbrev: 0
+
   filters:
-    exclude:
-      - "^test:"
-      - "^test\\("
-      - "merge conflict"
-      - Merge pull request
-      - Merge remote-tracking branch
-      - Merge branch
-      - go mod tidy
+    # Commit messages matching the regexp listed here will be the only ones
+    # added to the changelog
+    #
+    # If include is not-empty, exclude will be ignored.
+    #
+    # Matches are performed against the first line of the commit message only,
+    # prefixed with the commit SHA1, usually in the form of
+    # `<abbrev-commit>[:] <title-commit>`.
+    include:
+      - "^feature:"
+      - "^defect:"
+      - "^debt:"
+      - "^risk:"
+
+  # Group commits messages by given regex and title.
+  # Order value defines the order of the groups.
+  # Providing no regex means all commits will be grouped under the default group.
+  #
+  # Matches are performed against the first line of the commit message only,
+  # prefixed with the commit SHA1, usually in the form of
+  # `<abbrev-commit>[:] <title-commit>`.
+  # Groups are disabled when using github-native, as it already groups things by itself.
+  # Regex use RE2 syntax as defined here: https://github.com/google/re2/wiki/Syntax.
   groups:
     - title: "Features"
-      regexp: '^.*?feature(\(.+\))??!?:.+$'
-      order: 100
-    - title: "Risk"
-      regexp: '^.*?risk(\(.+\))??!?:.+$'
-      order: 150
+      regexp: '^.*?feature(\([[:word:]]+\))??!?:.+$'
+      order: 0
     - title: "Defects"
-      regexp: '^.*?defect(\(.+\))??!?:.+$'
-      order: 200
-    - title: "Debt"
-      regexp: '^.*?debt(\(.+\))??!?:.+$'
-      order: 250
-    - title: "Documentation"
-      regexp: ^.*?docs?(\(.+\))??!?:.+$
-      order: 400
-    - title: "Build"
-      regexp: ^.*?(build|ci)(\(.+\))??!?:.+$
-      order: 400
-    - title: Other work
-      order: 9999
+      regexp: '^.*?defect(\([[:word:]]+\))??!?:.+$'
+      order: 1
+    - title: "Technical Debt"
+      regexp: '^.*?debt(\([[:word:]]+\))??!?:.+$'
+      order: 1
+    - title: "Technical Risk"
+      regexp: '^.*?risk(\([[:word:]]+\))??!?:.+$'
+      order: 1
+    - title: Others
+      order: 999
 
 sboms:
   - artifacts: archive
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 648db67..49e9fb7 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -21,6 +21,20 @@ This project adheres to the [Contributor Covenant Code of Conduct](CODE_OF_CONDU
 
 ---
 
+## Versioning
+
+This software adheres to the [Semantic Versioning 2.0](https://semver.org/spec/v2.0.0.html) standard for version numbering as quoted here:
+
+Given a version number MAJOR.MINOR.PATCH, increment the:
+
+1.	MAJOR version when you make incompatible API changes
+2.	MINOR version when you add functionality in a backward compatible manner
+3.	PATCH version when you make backward compatible bug fixes
+
+Additional labels for pre-release and build metadata are available as extensions to the MAJOR.MINOR.PATCH format.
+
+---
+
 ## 🤝 How to Contribute
 
 There are several ways you can contribute to NanoID for Go:
@@ -114,11 +128,15 @@ Adhering to consistent coding standards ensures the codebase remains clean, read
 * **Documentation**: Document public functions, types, and methods using Go's standard documentation conventions. 
 * **Error Handling**: Handle errors gracefully and consistently. Use the predefined error types where applicable.
 
+---
+
 ## 🔒 Security Considerations
 
 * **Randomness**: Ensure that all randomness sources use cryptographically secure methods (crypto/rand). 
 * **Data Sanitization**: Avoid exposing sensitive data through IDs or logs.
 
+---
+
 ## 🚀 Pull Request Process
 
 Follow these steps to create a successful pull request (PR):
@@ -132,6 +150,8 @@ Follow these steps to create a successful pull request (PR):
 4. Merge the PR 
    * Once approved and all checks pass, your PR will be merged by a maintainer.
 
+---
+
 ## 📝 Additional Resources
 
 * [Go Documentation](https://go.dev/doc/) 
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..9bb4fe3
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Supported Versions
+
+Patches will be released to the latest major version.
+
+## Reporting a Vulnerability
+
+Please report (suspected) security vulnerabilities to security@sixafter.com. If the issue is confirmed, we will release a patch as soon as possible depending on complexity.