train-k8s-container-mitre 2.0.0 → 2.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d3fb5eed626b5b0237f0b191baf0a6d9044c41c768a1fcf144e28163bb53e489
-  data.tar.gz: 33208b23e20238d127a60db0e7165a6a4aa405a31b59ed66a80472d467755647
+  metadata.gz: 011c11460782897e0ec2e1a3eb0e1e010ed46a3f87ebd53a695af49b81b40147
+  data.tar.gz: 2db778c2cb5c06e4409a100ab98a4c0d3522bc712de613b4c6128d13cb587933
 SHA512:
-  metadata.gz: b5bd3221b2ca510b600c75994a777fa37eccec5fc4b208f0f1f03bac2f6f849a3bfcef4bef4d4c5fdc9d8abc35927430772cea1b64f20d848fc81f90944251be
-  data.tar.gz: 9b1c7f1b4b4f96f87ab6eeeaad58f5f22a70476c3c659b5dae02f4b6b6e210ed67cef01809674c91d4b76c8e81593b66bdd2cd6607eba5015aec8ae4645dcb57
+  metadata.gz: 11e3dd39351a35f2c8c0c872bfb05bfaa9c2500ec6fe7deeadf25028c9f4ceb375b6d15f800cbc09a75a22d1baef18a23f037002d88c2ed0afa0a58b167d3da0
+  data.tar.gz: 67eaa24b6d076b134138e7a50b41deb73c00443b032cc05e5e1184c568f367b67aa38ff0b131be367fb819ddfff48c60162c3ee61569d013cac4a4890cab820f

data/.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "2.0.2"
+}

data/CHANGELOG.md

@@ -5,154 +5,169 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
+## [2.0.2](https://github.com/mitre/train-k8s-container/compare/v2.0.1...v2.0.2) (2025-12-12)
 
-### Added
 
-- **ci**: Real STIG profile execution (canonical-ubuntu-22.04-lts-stig-baseline)
-- **ci**: Same-pod container-to-container scanning test
-- **ci**: Pod-to-pod scanning with cinc-scanner Docker image
+### Bug Fixes
+
+* Add post-install warning for correct plugin installation ([832e1c3](https://github.com/mitre/train-k8s-container/commit/832e1c36920d59e51ca34fce786fea4749fc4fc4))
+* Configure release-please to use simple v* tags ([aefc7ba](https://github.com/mitre/train-k8s-container/commit/aefc7baa4f86608dcfe91479491b150850989d43))
+
 
 ### Documentation
 
-- MITRE standards documentation (LICENSE.md, NOTICE.md, CODE_OF_CONDUCT.md)
-- CONTRIBUTING.md with development workflow
-- DEVELOPMENT.md with local testing guide (kind cluster setup)
-- README.md rewrite with MITRE branding and comprehensive usage docs
-- SECURITY.md with MITRE SAF contact info
+* Update CHANGELOG for v2.0.1 release ([2237873](https://github.com/mitre/train-k8s-container/commit/2237873cc5142f48ca416242f985be0f41550e4d))
+* Update installation instructions and add post-install warning ([8649575](https://github.com/mitre/train-k8s-container/commit/86495758a6794ae00505e50391f109442487d72a))
+* Update release process documentation for release-please ([a9f4fd3](https://github.com/mitre/train-k8s-container/commit/a9f4fd3ce1da48557aa3442d62ca97ab983b3d21))
+
+## [2.0.1] - 2025-12-05
 
 ### Fixed
 
-- **ci**: Use pre-built cinc-scanner:local image for same-pod testing
-- **platform**: Detect+Context pattern for accurate OS detection
+- Add shim file for train-k8s-container-mitre gem name compatibility
+- Reset version tracking for release-please integration
 
 ### Miscellaneous Tasks
 
-- Switch from InSpec to Cinc Auditor (open source, license-free)
-- Add git-cliff configuration for automated changelog generation
-- Add release-tag.yml workflow for RubyGems publication
+- Add release-please for automated versioning and changelog
+- Bump version to 2.0.1 for first MITRE RubyGems release
 
-## [2.0.0] - 2025-10-04
+## [2.0.0] - 2025-12-05
 
-### Breaking Changes
+### Added
 
-- **BREAKING**: Namespace changed from `Train::K8s::Container` to `TrainPlugins::K8sContainer` (Train v2 standard)
-- **BREAKING**: File structure changed from `lib/train/k8s/container/*` to `lib/train-k8s-container/*`
-- Ruby requirement: >= 3.1
+- Migrate to Train plugin v2 with multi-platform support and security improvements ([#1](https://github.com/mitre/train-k8s-container/issues/1))
+- Migrate to Train plugin v2 with multi-platform support and security improvements
+- Fix platform detection using Detect + Context pattern
+- **ci**: Add real STIG profile and same-pod container-to-container tests
 
-### Added
+### Documentation
 
-- **Platform Detection**: Detect+Context pattern using `Train::Platforms::Detect.scan(self)`
-  - Returns actual OS (ubuntu, alpine, centos) so InSpec resources work correctly
-  - Adds `kubernetes` and `container` families for transport awareness
-  - Fallback platform for distroless/minimal containers
-- **Shell Detection**: Tiered detection with automatic fallback
-  - Unix: bash → sh → ash → zsh
-  - Windows: cmd.exe → powershell.exe → pwsh.exe (scaffolded, not tested)
-  - Linux family detection from /etc/os-release
-- **Security Hardening**:
-  - ANSI escape sequence sanitization (CVE-2021-25743 mitigation)
-  - Command injection prevention with Shellwords.escape
-  - RFC 1123 validation for pod/container names
-- **Error Handling**:
-  - Custom error classes (ConnectionError, CommandError, ValidationError)
-  - Retry logic with exponential backoff for transient failures
-- **CI/CD Pipeline**:
-  - GitHub Actions with kind cluster integration tests
-  - Multi-version Ruby (3.1, 3.2, 3.3) and Kubernetes (1.29, 1.30, 1.31) matrix
-  - Security scanning (TruffleHog, bundler-audit, SBOM generation)
-  - Pod-to-pod testing with InSpec running inside cluster
-- **Code Quality**:
-  - Cookstyle linting (replaced deprecated chefstyle)
-  - 95%+ test coverage with SimpleCov
-  - Unit tests (mocked) and integration tests (real kubectl)
-
-### Changed
-
-- Transport: Proper Train v2 plugin API implementation
-- Connection: Lazy initialization of kubectl client
-- Platform: Uses Train's built-in detection instead of force_platform!
+- Add MITRE standards documentation and release workflow
+- Update CHANGELOG.md with git-cliff format
+- Rewrite CHANGELOG with accurate v2.0.0 content
 
 ### Fixed
 
-- Shell detection command escaping
-- Platform detection accuracy (returns real OS, not generic k8s-container)
-- Thread safety in session management
+- **ci**: Fix distroless test, Dockerfile, and shellcheck warnings
+- **ci**: Fix kubectl cp glob pattern for same-pod test
+- **ci**: Use pre-built cinc-scanner:local for same-pod testing
+- Remove gemspec warnings for RubyGems publishing
+
+### Miscellaneous Tasks
+
+- Switch from InSpec to Cinc Auditor (license-free)
+- Add git-cliff configuration for changelog generation
+- Add git-cliff to release workflow for automated changelog
+- Use official git-cliff-action for changelog generation
+- Rename gem to train-k8s-container-mitre for RubyGems publishing
 
-### Security
+### Refactor
 
-- ANSI injection prevention (sanitizes terminal escape sequences)
-- Command escaping with Shellwords
-- Input validation for Kubernetes resource names
+- DRY improvements, CI enhancements, and distroless support
 
-### Components
+### Testing
 
-| File | Purpose |
-|------|---------|
-| `transport.rb` | Train v2 plugin registration |
-| `connection.rb` | URI parsing, connection management |
-| `kubectl_exec_client.rb` | kubectl command execution |
-| `platform.rb` | Detect+Context platform detection |
-| `shell_detector.rb` | Shell availability detection |
-| `ansi_sanitizer.rb` | CVE-2021-25743 mitigation |
-| `kubernetes_name_validator.rb` | RFC 1123 validation |
-| `retry_handler.rb` | Exponential backoff retry logic |
+- **integration**: Update platform tests for Detect+Context pattern
 
 ## [1.3.1] - 2024-03-05
 
 ### Fixed
 
-- Fix run command to use Bourne shell for OS resource commands ([#21](https://github.com/inspec/train-k8s-container/pull/21))
+- Fix run command to be run with Bourne shell to execute commands
+
+This is to make sure we are able to run all OS resource commands
+
+Signed-off-by: Sathish Babu <sbabu@progress.com>
 
 ## [1.3.0] - 2024-01-31
 
-### Added
+### Testing
 
-- Add support for file connections ([#19](https://github.com/inspec/train-k8s-container/pull/19))
+- Test file connections
+
+Signed-off-by: Sathish Babu <sbabu@progress.com>
 
 ## [1.2.1] - 2024-01-18
 
-### Fixed
+## [1.2.0] - 2024-01-16
 
-- Fix for undefined method presence ([#17](https://github.com/inspec/train-k8s-container/pull/17))
+## [1.1.2] - 2024-01-16
 
-## [1.2.0] - 2024-01-16
+### Fixed
 
-### Changed
+- Fix connection spec
 
-- Update README and InSpec compatibility ([#15](https://github.com/inspec/train-k8s-container/pull/15))
+Signed-off-by: Sathish Babu <sbabu@progress.com>
+- Fix specs to use mocks over real connections
 
-## [1.1.2] - 2024-01-16
+Signed-off-by: Sathish Babu <sbabu@progress.com>
+
+## [1.1.1] - 2024-01-15
 
 ### Fixed
 
-- Connection to container improvements ([#14](https://github.com/inspec/train-k8s-container/pull/14))
+- Fix typo with spec
 
-## [1.1.1] - 2024-01-15
+Signed-off-by: Sathish Babu <sbabu@progress.com>
 
 ### Testing
 
-- Specs for transporter ([#13](https://github.com/inspec/train-k8s-container/pull/13))
+- Test connection
+
+Signed-off-by: Sathish Babu <sbabu@progress.com>
 
 ## [1.1.0] - 2024-01-11
 
-### Added
+### Testing
+
+- Test kubectl exec client
 
-- kubectl exec client implementation ([#10](https://github.com/inspec/train-k8s-container/pull/10))
+Signed-off-by: Sathish Babu <sbabu@progress.com>
+- Test connection and platform
+
+Signed-off-by: Sathish Babu <sbabu@progress.com>
 
 ## [1.0.0] - 2024-01-11
 
-### Added
+## [0.0.7] - 2024-01-11
+
+## [0.0.6] - 2024-01-09
+
+## [0.0.5] - 2024-01-02
+
+## [0.0.4] - 2023-11-20
+
+## [0.0.3] - 2023-11-15
+
+### DELETE
+
+- Remove files not required for the library
+
+### ENHANCE
+
+- Minor improvement with gemspec and rakefile
+
+### GEM
+
+- Initialize repo with bundle gem train-k8s-container
+
+### Miscellaneous Tasks
+
+- Add doc dir with a sample readme
+
+## [0.0.2] - 2023-11-15
+
+### CONFIG
 
-- Initial transporter for k8s container ([#9](https://github.com/inspec/train-k8s-container/pull/9))
+- Add basic expeditor config
+- Add basic verify pipeline
+- Add subscriptions to expeditor config
+- Add basic coverage pipeline template
+- Add configurations for sonarscanner in verify and update coverage pipeline
 
-## Pre-1.0 Releases
+### DOC
 
-- **0.0.7** - Pipeline updates
-- **0.0.6** - Version bumper
-- **0.0.5** - Apache v2.0 license
-- **0.0.4** - SonarQube integration
-- **0.0.3** - Initial repo setup
-- **0.0.2** - Expeditor configuration
+- Add empty changelog required for expeditor
 
 <!-- generated by git-cliff -->

data/CONTRIBUTING.md

@@ -137,12 +137,58 @@ open coverage/index.html
 
 ## Release Process
 
-Releases are managed by project maintainers:
+Releases are automated using [release-please](https://github.com/googleapis/release-please) and managed by project maintainers.
 
-1. Version bump in `VERSION` file
-2. Update `CHANGELOG.md`
-3. Create release tag (e.g., `v2.0.0`)
-4. GitHub Actions automatically publishes to RubyGems.org
+### How It Works
+
+1. **Commit with Conventional Commits**: Use prefixes like `feat:`, `fix:`, `docs:`, `chore:`
+   - `feat:` triggers a minor version bump (e.g., 2.0.0 → 2.1.0)
+   - `fix:` triggers a patch version bump (e.g., 2.0.0 → 2.0.1)
+   - `feat!:` or `BREAKING CHANGE:` triggers a major version bump
+
+2. **Release PR Created Automatically**: When commits are pushed to `main`, release-please creates/updates a Release PR that:
+   - Bumps the version in `VERSION` file
+   - Updates `CHANGELOG.md` with commit messages
+   - Shows the proposed version change
+
+3. **Merge to Release**: When maintainers merge the Release PR:
+   - A git tag is created (e.g., `v2.1.0`)
+   - GitHub Actions builds and publishes the gem to RubyGems.org
+   - A GitHub Release is created with auto-generated notes
+
+### Example Workflow
+
+```bash
+# Make changes with conventional commit messages
+git commit -m "feat: add support for Windows containers"
+git push origin main
+
+# release-please automatically creates a PR like:
+# "chore(main): release 2.1.0"
+
+# After review, maintainer merges the PR
+# → Tag v2.1.0 is created
+# → Gem is published to RubyGems.org
+```
+
+### Manual Releases (Emergency Only)
+
+For hotfixes that need immediate release without waiting for release-please:
+
+```bash
+# Update VERSION manually
+echo "2.0.2" > VERSION
+
+# Update CHANGELOG.md manually
+
+# Commit, tag, and push
+git add VERSION CHANGELOG.md
+git commit -m "chore: release v2.0.2"
+git tag v2.0.2
+git push origin main --tags
+```
+
+**Note:** Manual releases should be rare. Prefer the automated release-please flow.
 
 ## Getting Help
 

data/DEVELOPMENT.md

@@ -295,21 +295,59 @@ See `.github/workflows/ci.yml` for details.
 
 ## Releasing
 
-Releases are automated via GitHub Actions when a tag is pushed:
+Releases are automated using [release-please](https://github.com/googleapis/release-please).
+
+### Automated Release Process (Recommended)
+
+1. **Make commits using Conventional Commits format**:
+   ```bash
+   git commit -m "feat: add Windows container support"
+   git commit -m "fix: handle empty shell response"
+   git commit -m "docs: update installation instructions"
+   ```
+
+2. **Push to main** - release-please will automatically create a Release PR:
+   ```bash
+   git push origin main
+   # release-please creates PR: "chore(main): release 2.1.0"
+   ```
+
+3. **Review and merge the Release PR** - this triggers:
+   - Version bump in `VERSION` file
+   - `CHANGELOG.md` update
+   - Git tag creation (e.g., `v2.1.0`)
+   - Gem build and publish to RubyGems.org
+   - GitHub Release creation
+
+### Conventional Commits Cheat Sheet
+
+| Prefix | Version Bump | Example |
+|--------|-------------|---------|
+| `feat:` | Minor (2.0.0 → 2.1.0) | `feat: add retry logic` |
+| `fix:` | Patch (2.0.0 → 2.0.1) | `fix: handle nil response` |
+| `docs:` | Patch | `docs: update README` |
+| `chore:` | Patch | `chore: update dependencies` |
+| `feat!:` | Major (2.0.0 → 3.0.0) | `feat!: change URI format` |
+
+### Manual Release (Emergency Only)
+
+For hotfixes that can't wait for the release-please flow:
 
 ```bash
 # Update VERSION file
-echo "2.1.0" > VERSION
+echo "2.0.2" > VERSION
+
+# Update CHANGELOG.md manually
 
 # Commit and tag
 git add VERSION CHANGELOG.md
-git commit -m "Release v2.1.0"
-git tag v2.1.0
+git commit -m "chore: release v2.0.2"
+git tag v2.0.2
 git push origin main --tags
 ```
 
-The `release-tag.yml` workflow will:
+The `release-tag.yml` workflow triggers on tag push and will:
 1. Run tests
 2. Build gem
-3. Publish to RubyGems.org
+3. Publish to RubyGems.org (via OIDC trusted publishing)
 4. Create GitHub release

data/README.md

@@ -26,12 +26,14 @@ This plugin allows InSpec/Cinc Auditor to scan containers running in Kubernetes
 
 ### From RubyGems (Recommended)
 
+**Important:** Always install Train plugins using `inspec plugin install` or `cinc-auditor plugin install`. Do NOT use `gem install` directly, as this can cause issues with plugin discovery and management.
+
 ```bash
 # Using Cinc Auditor (recommended - open source, license-free)
-cinc-auditor plugin install train-k8s-container
+cinc-auditor plugin install train-k8s-container-mitre
 
 # Or using Chef InSpec
-inspec plugin install train-k8s-container
+inspec plugin install train-k8s-container-mitre
 ```
 
 ### From Source
@@ -40,7 +42,7 @@ inspec plugin install train-k8s-container
 git clone https://github.com/mitre/train-k8s-container.git
 cd train-k8s-container
 gem build train-k8s-container.gemspec
-cinc-auditor plugin install train-k8s-container-*.gem
+cinc-auditor plugin install train-k8s-container-mitre-*.gem
 ```
 
 ## Prerequisites

data/lib/train-k8s-container/version.rb

@@ -2,6 +2,6 @@
 
 module TrainPlugins
   module K8sContainer
-    VERSION = File.read(File.expand_path('../../VERSION', __dir__)).strip
+    VERSION = '2.0.2'
   end
 end

data/lib/train-k8s-container-mitre.rb

@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+# Shim file for gem name compatibility
+# The gem is named 'train-k8s-container-mitre' for RubyGems publishing,
+# but the internal library structure uses 'train-k8s-container'.
+# This allows `require 'train-k8s-container-mitre'` to work when
+# InSpec/Cinc loads the plugin by gem name.
+
+require_relative 'train-k8s-container'

data/release-please-config.json

@@ -0,0 +1,27 @@
+{
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
+  "release-type": "ruby",
+  "include-component-in-tag": false,
+  "packages": {
+    ".": {
+      "package-name": "train-k8s-container-mitre",
+      "changelog-path": "CHANGELOG.md",
+      "bump-minor-pre-major": true,
+      "bump-patch-for-minor-pre-major": true,
+      "version-file": "lib/train-k8s-container/version.rb"
+    }
+  },
+  "changelog-sections": [
+    {"type": "feat", "section": "Features"},
+    {"type": "fix", "section": "Bug Fixes"},
+    {"type": "perf", "section": "Performance Improvements"},
+    {"type": "revert", "section": "Reverts"},
+    {"type": "docs", "section": "Documentation"},
+    {"type": "style", "section": "Styles"},
+    {"type": "chore", "section": "Miscellaneous Chores"},
+    {"type": "refactor", "section": "Code Refactoring"},
+    {"type": "test", "section": "Tests"},
+    {"type": "build", "section": "Build System"},
+    {"type": "ci", "section": "Continuous Integration"}
+  ]
+}

data/train-k8s-container.gemspec

@@ -36,6 +36,28 @@ Gem::Specification.new do |spec|
 
   spec.require_paths = ['lib']
 
+  spec.post_install_message = <<~MESSAGE
+
+    ╔════════════════════════════════════════════════════════════════════╗
+    ║  train-k8s-container-mitre installed successfully!                 ║
+    ╠════════════════════════════════════════════════════════════════════╣
+    ║                                                                    ║
+    ║  WARNING: If you installed this gem using 'gem install', you       ║
+    ║  may experience issues with 'inspec plugin list'.                  ║
+    ║                                                                    ║
+    ║  RECOMMENDED: Install using the InSpec/Cinc plugin system:         ║
+    ║                                                                    ║
+    ║    gem uninstall train-k8s-container-mitre                         ║
+    ║    cinc-auditor plugin install train-k8s-container-mitre           ║
+    ║                                                                    ║
+    ║  Or for Chef InSpec:                                               ║
+    ║                                                                    ║
+    ║    inspec plugin install train-k8s-container-mitre                 ║
+    ║                                                                    ║
+    ╚════════════════════════════════════════════════════════════════════╝
+
+  MESSAGE
+
   # NOTE: Do not list 'train' or 'inspec' as dependencies.
   # Train plugins are loaded within InSpec's environment, which already provides
   # train, train-core, and all their dependencies. Declaring train as a dependency

metadata

@@ -1,13 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: train-k8s-container-mitre
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.0.2
 platform: ruby
 authors:
 - MITRE SAF Team
+autorequire:
 bindir: bin
 cert_chain: []
-date: 1980-01-02 00:00:00.000000000 Z
+date: 2025-12-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: base64
@@ -45,6 +46,7 @@ files:
 - ".expeditor/coverage.pipeline.yml"
 - ".expeditor/update_version.sh"
 - ".expeditor/verify.pipeline.yml"
+- ".release-please-manifest.json"
 - ".rspec"
 - ".rubocop.yml"
 - CHANGELOG.md
@@ -57,9 +59,8 @@ files:
 - README.md
 - Rakefile
 - SECURITY.md
-- VERSION
-- cliff.toml
 - docs/README.md
+- lib/train-k8s-container-mitre.rb
 - lib/train-k8s-container.rb
 - lib/train-k8s-container/ansi_sanitizer.rb
 - lib/train-k8s-container/connection.rb
@@ -75,6 +76,7 @@ files:
 - lib/train-k8s-container/shell_detector.rb
 - lib/train-k8s-container/transport.rb
 - lib/train-k8s-container/version.rb
+- release-please-config.json
 - sonar-project.properties
 - train-k8s-container.gemspec
 homepage: https://github.com/mitre/train-k8s-container
@@ -86,6 +88,26 @@ metadata:
   changelog_uri: https://github.com/mitre/train-k8s-container/blob/main/CHANGELOG.md
   bug_tracker_uri: https://github.com/mitre/train-k8s-container/issues
   documentation_uri: https://github.com/mitre/train-k8s-container#readme
+post_install_message: |2+
+
+  ╔════════════════════════════════════════════════════════════════════╗
+  ║  train-k8s-container-mitre installed successfully!                 ║
+  ╠════════════════════════════════════════════════════════════════════╣
+  ║                                                                    ║
+  ║  WARNING: If you installed this gem using 'gem install', you       ║
+  ║  may experience issues with 'inspec plugin list'.                  ║
+  ║                                                                    ║
+  ║  RECOMMENDED: Install using the InSpec/Cinc plugin system:         ║
+  ║                                                                    ║
+  ║    gem uninstall train-k8s-container-mitre                         ║
+  ║    cinc-auditor plugin install train-k8s-container-mitre           ║
+  ║                                                                    ║
+  ║  Or for Chef InSpec:                                               ║
+  ║                                                                    ║
+  ║    inspec plugin install train-k8s-container-mitre                 ║
+  ║                                                                    ║
+  ╚════════════════════════════════════════════════════════════════════╝
+
 rdoc_options: []
 require_paths:
 - lib
@@ -100,8 +122,10 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.7.2
+rubygems_version: 3.5.22
+signing_key:
 specification_version: 4
 summary: Train transport plugin for scanning Kubernetes containers with InSpec/Cinc
   Auditor.
 test_files: []
+...

data/VERSION

@@ -1 +0,0 @@
-2.0.0

data/cliff.toml

@@ -1,80 +0,0 @@
-# git-cliff configuration for train-k8s-container
-# See: https://git-cliff.org/docs/configuration
-
-[changelog]
-# changelog header
-header = """
-# Changelog
-
-All notable changes to this project will be documented in this file.
-
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
-
-"""
-# template for the changelog body
-body = """
-{% if version %}\
-    ## [{{ version | trim_start_matches(pat="v") }}] - {{ timestamp | date(format="%Y-%m-%d") }}
-{% else %}\
-    ## [Unreleased]
-{% endif %}\
-{% for group, commits in commits | group_by(attribute="group") %}
-    ### {{ group | striptags | trim | upper_first }}
-    {% for commit in commits %}
-        - {% if commit.scope %}**{{ commit.scope }}**: {% endif %}{{ commit.message | upper_first }}\
-    {% endfor %}
-{% endfor %}\n
-"""
-# remove the leading and trailing whitespace from the template
-trim = true
-# changelog footer
-footer = """
-<!-- generated by git-cliff -->
-"""
-
-[git]
-# parse the commits based on https://www.conventionalcommits.org
-conventional_commits = true
-# filter out the commits that are not conventional
-filter_unconventional = false
-# process each line of a commit as an individual commit
-split_commits = false
-# regex for preprocessing the commit messages
-commit_preprocessors = [
-    # Extract issue numbers from commit messages
-    { pattern = '\((\w+\s)?#([0-9]+)\)', replace = "([#${2}](https://github.com/mitre/train-k8s-container/issues/${2}))"},
-]
-# regex for parsing and grouping commits
-commit_parsers = [
-    { message = "^feat", group = "Added" },
-    { message = "^fix", group = "Fixed" },
-    { message = "^doc", group = "Documentation" },
-    { message = "^perf", group = "Performance" },
-    { message = "^refactor", group = "Refactor" },
-    { message = "^style", group = "Styling" },
-    { message = "^test", group = "Testing" },
-    { message = "^chore\\(release\\): prepare for", skip = true },
-    { message = "^chore\\(deps\\)", skip = true },
-    { message = "^chore\\(pr\\)", skip = true },
-    { message = "^chore\\(pull\\)", skip = true },
-    { message = "^chore|^ci", group = "Miscellaneous Tasks" },
-    { body = ".*security", group = "Security" },
-    { message = "^revert", group = "Revert" },
-]
-# protect breaking changes from being skipped due to matching a skipping commit_parser
-protect_breaking_commits = false
-# filter out the commits that are not matched by commit parsers
-filter_commits = false
-# glob pattern for matching git tags
-tag_pattern = "v[0-9]*"
-# regex for skipping tags
-skip_tags = ""
-# regex for ignoring tags
-ignore_tags = ""
-# sort the tags topologically
-topo_order = false
-# sort the commits inside sections by oldest/newest order
-sort_commits = "oldest"
-# limit the number of commits included in the changelog.
-# limit_commits = 42